Infosecurity News

  1. CISA and NSA Publish Top 10 Misconfigurations

    Data was compiled from real-world read and blue team engagements

  2. Apple Issues Emergency Patches for More Zero-Day Bugs

    One is being exploited in the wild

  3. CISA and NSA Tackle IAM Security Challenges in New Report

    The document is authored by the Enduring Security Framework

  4. Critical Glibc Bug Puts Linux Distributions at Risk

    Qualys identified and exploited the vulnerability in Fedora 37/38, Ubuntu 22.04/23.04, Debian 12/13

  5. China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns

    Microsoft’s annual digital defense report found a rise in Chinese state-affiliated groups attempting to infiltrate sectors like medical infrastructure and telecommunication

  6. Record Numbers of Ransomware Victims Named on Leak Sites

    A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites

  7. Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

    CloudSEK warns 100,000 victims may have been impacted

  8. US Government Proposes SBOM Rules for Contractors

    Public comment open until December 4

  9. GoldDigger Android Trojan Drains Victim Bank Accounts

    Researchers warn of phishing links leading to spoofed Google Play pages

  10. LightSpy iPhone Spyware Linked to Chinese APT41 Group

    ThreatFabric found evidence that LighSpy is linked to Android spyware DragonEgg, attributed to the Chinese-sponsored group

  11. EvilProxy Phishing Attack Strikes Indeed, Targets Executives

    Menlo Labs brought this discovery to light in an advisory published on Tuesday

  12. Malware-Infected Devices Sold Through Major Retailers

    The BADBOX scheme deploys the Triada malware on various devices like smartphones and tablets

  13. Police Issue “Quishing” Email Warning

    Organizations urged to update staff awareness programs

  14. Arm and Qualcomm Chips Hit by Multiple Zero-Day Attacks

    Chip giants have released updates to fix the vulnerabilities

  15. Red Cross Issues Wartime Hacktivist Rules

    Non-profit warns of blurring between military and civilian attacks

  16. NSA Establishes AI Security Center

    NSA Director Gen. Nakasone made the announcement during a discussion in Washington last Thursday

  17. FortiGuard Uncovers Deceptive Install Scripts in npm Packages

    Fortinet said these packages can be categorized into nine sets based on their code and functions

  18. EU Cyber Resilience Act Could be Exploited for Surveillance, Experts Warn

    The open letter, signed by 50 leading cybersecurity figures, urges the EU to reconsider its proposals around vulnerability disclosure requirements

  19. Predator Spyware Linked to Madagascar's Government Ahead of Presidential Election

    Cybersecurity firm Sekoia has found new evidence that the Malagasy government has used Cytrox’s spyware ahead of the election

  20. Upstream Supply Chain Attacks Triple in a Year

    Sonatype detects over 245,000 malicious packages

Why Not Watch?

  1. Audit & Compliance in the Era of AI and Emerging Technology

  2. How To Enhance Security Operations with AI-Powered Defenses

  3. Securing M365 Data and Identity Systems Against Modern Adversaries

  4. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

What’s Hot on Infosecurity Magazine?