Infosecurity News
Ransomware Groups Favor Repeatable Access Over Mass Vulnerability Exploits
Travelers found that ransomware groups are focusing on targeting weak credentials on VPN and gateway accounts for initial access, marking a shift from 2023
Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags
AI-driven cyberattacks are rapidly escalating, with a vast majority of security professionals reporting encounters and anticipating a surge, while struggling with detection
Medusa Ransomware Claims 40+ Victims in 2025, Confirmed Healthcare Attacks
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
Vulnerability in Chaty Pro Plugin Exposes 18,000 WordPress Sites
An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites
Attackers Target Japanese Firms with Cobalt Strike
Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence
Cybersecurity Job Satisfaction Plummets, Women Hit Hardest
Layoffs and cutbacks have been cited as major factors in a significant drop in job satisfaction among women working in cybersecurity, according to ISC2
Six Critical Infrastructure Sectors Failing on NIS2 Compliance
Enisa identifies six sectors that it says must improve on NIS2 compliance
US Charges Members of Chinese Hacker-for-Hire Group i-Soon
The DoJ has charged Chinese government and i-Soon employees for a series of for-profit data theft campaigns
Silk Typhoon Shifts Tactics to Exploit Common IT Solutions
Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data
Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%
Nonprofits are facing a surge in cyber-attacks as email threats rise 35%, targeting donor data and transactions
Google Introduces New AI-Powered Scam Detection Features for Android
With Android Scam Detection for messages and calls, Google wants to push scam detection further than traditional spam detection
Stress and Burnout Impacting Vast Majority of IT Pros
ISACA identified factors such as heavy workload and long hours as the primary causes of stress, while there has been high turnover of IT professionals in the past two years
Over Half of Organizations Report Serious OT Security Incidents
New SANS Institute research finds that 50% of global organizations were hit by an OT security incident in the past year
Would-be Extortionists Send “BianLian” Ransom Notes in the Mail
GuidePoint Security has received reports of multiple organizations receiving ransom letters in the mail
Private 5G Networks Face Security Risks Amid AI Adoption
Private 5G networks face security risks amid AI adoption and a lack of specialized expertise
New Cyber-Espionage Campaign Targets UAE Aviation and Transport
A cyber-espionage campaign targeting UAE aviation and transport has been identified by researchers, using customized lures to deploy Sosano malware
VMware Warns Customers to Patch Actively Exploited Zero-Day Vulnerabilities
Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild
North Korean Fake IT Workers Leverage GitHub to Build Jobseeker Personas
Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US
CISO Liability Risks Spur Policy Changes at 93% of Organizations
Fastly found that organizations have introduced changes such as increasing CISO participation in strategic decisions in response to growing personal liability risks
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
CISA has added five more CVEs into its known exploited vulnerabilities catalog
