Infosecurity News
Operation Endgame Continues with Smokeloader Customer Arrests
Police have made more arrests in the ongoing Operation Endgame, cracking down on malware customers
WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit
WK Kellogg breach exposed employee data after attackers exploited flaws in Cleo software
Precision-Validated Phishing Elevates Credential Theft Risks
New phishing method targets high-value accounts using real-time email validation
Ransomware Attacks Hit All-Time High as Payoffs Dwindle
While ransomware attack claims are at an all-time high, financial losses from actual attacks may be reducing
Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats
73% of respondents in an Armis survey said they worried about nation-state actors using AI for cyber-attacks
Microsoft Fixes Over 130 CVEs in April Patch Tuesday
Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day
NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora
The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities
Google Releases April Android Update to Address Two Zero-Days
Google’s latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks
NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog
NIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats
Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges
Armis survey reveals that the growing threat of nation-state cyber-attacks is disrupting digital transformation
CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog
Boards Urged to Follow New Cyber Code of Practice
The British government has launched a new code of practice designed to boost corporate cyber governance
Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign
Security researchers from ExtensionTotal have found nine malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK
A rise in smishing campaigns impersonating toll service providers has been linked to China’s Smishing Triad
Darknet’s Xanthorox AI Offers Customizable Tools for Hackers
Xanthorox AI, a self-contained system for offensive cyber operations, has emerged on darknet forums
Vodafone Urges UK Cybersecurity Policy Reforms as SME Cyber-Attack Costs Reach £3.4bn
Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax incentives for cybersecurity
Government Backs Britain’s First Cyber Seed Fund, Worth £50m
Osney Capital’s new fund is the first to focus exclusively on early-stage UK cybersecurity
Aussie Pension Savers Hit with Wave of Credential Stuffing Attacks
Cyber-attacks on Australian superannuation funds leave some savers out of pocket
Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses
A joint cybersecurity advisory warns organizations globally about the defense gap in detecting and blocking fast flux techniques, which are exploited for malicious activities
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise
The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo Alto Networks
