Infosecurity News
Attackers Leverage Microsoft Teams and Quick Assist for Access
Phishing attack exploits social engineering techniques alongside Microsoft Teams and remote access software to deploy BackConnect malware
CISA Denies Reports of Shift in Cybersecurity Posture Amid Russian Threats
The US Cybersecurity and Infrastructure Security Agency confirmed it will keep defending against Russian cyber threats to US critical infrastructure
Phishing Campaign Uses Havoc Framework to Control Infected Systems
A new phishing campaign has been identified using Havoc to control infected systems, leveraging SharePoint and Microsoft Graph API
Vodafone Trials Quantum-Safe Tech to Protect Smartphone Browsing
Telecoms provider Vodafone has developed the new proof of concept with IBM, as it seeks to implement post-quantum cryptography ahead of anticipated quantum-based attacks
ICO Launches TikTok Investigation Over Use of Children’s Data
The Information Commissioner’s Office is now investigating how TikTok uses 13–17-year-olds’ personal information
BYOVD Attacks Exploit Zero-Day in Paragon Partition Manager
Threat actors are exploiting a zero-day bug in Paragon Partition Manager's BioNTdrv.sys driver during ransomware attacks
Third-Party Attacks Drive Major Financial Losses in 2024
Data from Resilience found that third-party attacks made up 23% of material cyber insurance claims in 2024, with ransomware attacks targeting vendors a major driver
Cybersecurity M&A Roundup: SolarWinds Acquired for $4.4bn
In February 2025, Sophos completed the Secureworks deal and SolarWinds went private
Old Vulnerabilities Among the Most Widely Exploited
Four in ten flaws exploited by threat actors in 2024 were from 2020 or earlier, with some dating back to the 1990s, according to a GreyNoise report
Prolific Data Extortion Actor Arrested in Thailand
A joint operation between the Thai and Singapore police has resulted in the arrest of a man allegedly responsible for over 90 data extortion attacks worldwide
DragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen
DragonForce ransomware attacks Saudi firms stealing 6TB data, escalating cyber threats in real estate
Winos 4.0 Malware Targets Taiwan With Email Impersonation
Winos 4.0 malware uses phishing emails to target organizations in Taiwan, Fortinet experts warn
Software Vulnerabilities Take Almost Nine Months to Patch
Veracode found a 47% increase in the average time taken to patch software vulnerabilities, driven by growing reliance on third-party code
Chinese Cyber Espionage Jumps 150%, CrowdStrike Finds
In its 2025 Global Threat Report, CrowdStrike observed a significant escalation in Chinese cyber espionage activities
OpenSSF Publishes Security Framework for Open Source Software
OpenSSF has released new baseline security best practices to improve open source software quality
FBI Confirms North Korea’s Lazarus Group as Bybit Crypto Hackers
FBI confirms North Korea’s Lazarus Group responsible for Bybit crypto heist
99% of Organizations Report API-Related Security Issues
99% of organizations report API-related security issues, highlighting risks from API growth
DISA Global Solutions Confirms Data Breach Affecting 3.3M People
DISA Global Solutions confirms data breach affecting 3.3M people, exposing sensitive personal info
Signal May Exit Sweden If Government Imposes Encryption Backdoor
Meredith Whittaker, Signal's CEO, has threatened to pull the company out of Sweden if a proposed government bill requiring encryption backdoors becomes law
HaveIBeenPwned Adds 244 Million Passwords Stolen By Infostealers
HaveIBeenPwned has added over 500 million new passwords and email addresses lifted via infostealers