Infosecurity News
Ransomware Attacks Hit All-Time High as Payoffs Dwindle
While ransomware attack claims are at an all-time high, financial losses from actual attacks may be reducing
Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats
73% of respondents in an Armis survey said they worried about nation-state actors using AI for cyber-attacks
Microsoft Fixes Over 130 CVEs in April Patch Tuesday
Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day
NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora
The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities
Google Releases April Android Update to Address Two Zero-Days
Google’s latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks
NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog
NIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats
Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges
Armis survey reveals that the growing threat of nation-state cyber-attacks is disrupting digital transformation
CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog
Boards Urged to Follow New Cyber Code of Practice
The British government has launched a new code of practice designed to boost corporate cyber governance
Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign
Security researchers from ExtensionTotal have found nine malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK
A rise in smishing campaigns impersonating toll service providers has been linked to China’s Smishing Triad
Darknet’s Xanthorox AI Offers Customizable Tools for Hackers
Xanthorox AI, a self-contained system for offensive cyber operations, has emerged on darknet forums
Vodafone Urges UK Cybersecurity Policy Reforms as SME Cyber-Attack Costs Reach £3.4bn
Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax incentives for cybersecurity
Government Backs Britain’s First Cyber Seed Fund, Worth £50m
Osney Capital’s new fund is the first to focus exclusively on early-stage UK cybersecurity
Aussie Pension Savers Hit with Wave of Credential Stuffing Attacks
Cyber-attacks on Australian superannuation funds leave some savers out of pocket
Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses
A joint cybersecurity advisory warns organizations globally about the defense gap in detecting and blocking fast flux techniques, which are exploited for malicious activities
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise
The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo Alto Networks
Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw
Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution
Major Online Platform for Child Exploitation Dismantled
An international law enforcement operation has shut down Kidflix, a platform for child sexual exploitation with 1.8m registered users
CrushFTP Vulnerability Exploited Following Disclosure Issues
A critical authentication bypass flaw in CrushFTP is under active exploitation following a mishandled disclosure process
