Infosecurity News

  1. Microsoft OneDrive Flaw Exposes Users to Data Overreach Risks

    A flaw in OneDrive File Picker has exposed millions to data overreach through excessive OAuth permissions

  2. Adidas Customer Data Stolen in Third-Party Attack

    Adidas revealed that customer contact information, including names, emails and phone numbers were accessed by an unauthorized party

  3. Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generator Websites

    A Vietnam-nexus hacking group distributes infostealers and backdoors via social media ads promoting fake AI generator websites

  4. New Russian State Hacking Group Hits Europe and North America

    A newly-discovered Russian group, Void Blizzard, has successfully compromised organizations in critical industries, Microsoft warned

  5. DragonForce Ransomware Leveraged in MSP Attack Using RMM Tool

    A targeted cyber-attack on an MSP exploited flaws in remote management tools, resulting in ransomware deployment and data theft

  6. Malicious Machine Learning Model Attack Discovered on PyPI

    A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware

  7. #Infosec2025: Rory Stewart and Paul Chichester to Headline at Infosecurity Europe 2025

    Former UK government minister Rory Stewart and NCSC Director of Operations Paul Chichester will explore the growing link between geopolitics and cybersecurity

  8. US Government Launches Audit of NIST’s National Vulnerability Database

    The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General

  9. Governments Urge Organizations to Prioritize SIEM/SOAR Adoption

    A joint advisory from the US, UK, Australia and others highlights the importance of SIEM/SOAR platforms and overcoming implementation challenges

  10. Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments

    Cisco Talos reported that a Chinese group has deployed web shells and malware in local government networks post-exploitation

  11. NIST Introduces New Metric to Measure Likelihood of Vulnerability Exploits

    The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV)

  12. Law Enforcement Busts Initial Access Malware Used to Launch Ransomware

    A new Europol-led operation has dismantled infrastructure for key initial access malware used to launch ransomware attacks

  13. Global Dark Web Sting Sees 270 Arrested

    Operation Raptor also resulted in the seizure of $184m and a record amount of illegal drugs, firearms and drug trafficking proceeds

  14. DragonForce Engages in "Turf War" for Ransomware Dominance

    Sophos has observed DragonForce attacking rival ransomware operators including RansomHub as it seeks to expand its reach in the cybercrime marketplace

  15. AI-Generated TikTok Videos Used to Distribute Infostealer Malware

    Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC

  16. Kettering Health Cyber-Attack Disrupts Services

    Kettering Health is facing significant disruptions from a cyber-attack that impacted patient care

  17. Coinbase Breach Affected Almost 70,000 Customers

    The US cryptocurrency exchange claimed that the breach occurred in December 2024

  18. Critical Vulnerabilities Found in Versa Networks SD-WAN/SASE Platform

    The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass

  19. Sensitive Personal Data Stolen in West Lothian Ransomware Attack

    West Lothian Council confirmed that ransomware attackers have stolen personal and sensitive information held on its education network

  20. Global Law Enforcers and Microsoft Seize 2300+ Lumma Stealer Domains

    Law enforcers worldwide have teamed up with Microsoft to disrupt the infrastructure behind Lumma Stealer

What’s hot on Infosecurity Magazine?