Infosecurity News
New WordPress Malware Masquerades as Plugin
New WordPress malware disguised as a plugin gives attackers persistent access and injects malicious code enabling administrative control
Phorpiex Botnet Delivers LockBit Ransomware with Automated Tactics
A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason
New Gremlin Infostealer Distributed on Telegram
Administrators of a Telegram channel named CoderSharp have been advertising Gremlin Stealer since March 2025
Infostealers Harvest Over 30,000 Australian Banking Credentials
Dvuln researchers highlighted the growing impact of infostealers on the cybercrime landscape, enabling attackers to bypass traditional defenses
Zero-Day Exploitation Figure Surges 19% in Two Years
Google claims 19% more zero-day bugs were exploited in 2024 than 2022 as threat actors focus on security products
Europol Creates “Violence-as-a-Service” Taskforce
Europol has launched a new initiative designed to combat recruitment of youngsters into violent organized crime groups
Uyghur Diaspora Group Targeted with Remote Surveillance Malware
Members of the World Uyghur Congress living in exile were targeted with a spear phishing campaign deploying surveillance malware, according to the Citizen Lab
Half of Mobile Devices Run Outdated Operating Systems
50% of mobile devices run outdated operating systems, increasing vulnerability to cyber-attacks, according to the latest report from Zimperium
Researchers Note 16.7% Increase in Automated Scanning Activity
According to the 2025 Global Threat Landscape Report from FortiGuard, threat actors are executing 36,000 scans per second
ISACA Highlights Critical Lack of Quantum Threat Mitigation Strategies
An ISACA survey found that just 5% of organizations have a defined strategy to defend against quantum-enabled threats
FBI Asks for Help Tracking Chinese Salt Typhoon Actors
The US authorities have asked the public to help them unmask China’s Salt Typhoon threat actors
Government Set to Ban SIM Farms in European First
The UK government says it will ban the possession or supply of SIM farms, in a fraud crackdown
Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes
Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models
SAP Fixes Critical Vulnerability After Evidence of Exploitation
A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors
M&S Shuts Down Online Orders Amid Ongoing Cyber Incident
British retailer M&S continues to tackle a cyber incident with online orders now paused for customers
Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input
Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol
US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures
Panaseer's latest cybersecurity study revealed that US companies have paid $155M in data breach lawsuit settlements over just six months
Popular LLMs Found to Produce Vulnerable Code by Default
Backslash Security found that naïve prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs
ELENOR-corp Ransomware Targets Healthcare Sector
ELENOR-corp ransomware, a new version of Mimic, is targeting healthcare organizations using advanced capabilities
Blue Shield of California Data Breach Affects 4.7 Million Members
A misconfigured tracking tool has exposed protected health information of 4.7 million Blue Shield members to Google Ads