Infosecurity News
Over 80% of US Small Businesses Have Been Breached
ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year
LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk
The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites
Updated FakeCall Malware Targets Mobile Devices with Vishing
The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring
Apple Rolls Out Major Security Update to Patch macOS and iOS Vulnerabilities
In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services
CISA Launches First International Cybersecurity Plan
CISA’s 2025-2026 International Strategic Plan aims to strengthen external partnerships to reduce risks to critical infrastructure relied on in the US
Over Half of US County Websites “Could Be Spoofed”
Comparitech warns that voters could be misled as most local government sites are failing on basic security
Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files
Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise
New LightSpy Spyware Targets iOS with Enhanced Capabilities
ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality
Chenlun’s Evolving Phishing Tactics Target Trusted Brands
The phishing campaign targeted users via texts impersonating Amazon, linked to the threat actor Chenlun
Law Enforcement Operation Takes Down Redline and Meta Infostealers
Operation Magnus took down infrastructure used to run the Redline and Meta infostealers, widely used tools in cybercriminal activities
NIS2 Compliance Puts Strain on Business Budgets
A Veeam report found that businesses are prioritizing NIS2 compliance, with 95% of applicable firms diverting funds from other areas of the business
Suspicious Social Media Accounts Deployed Ahead of COP29
Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government
Five Eyes Agencies Launch Startup Security Initiative
The UK has joined forces with its Five Eyes peers to offer cybersecurity guidance to startups
ICO: 55% of UK Adults Have Had Data Lost or Stolen
The UK’s information commissioner claims most adults in the country have had their personal data exposed or compromised
Evasive Panda’s CloudScout Toolset Targets Taiwan
Evasive Panda’s CloudScout uses MgBot to steal session cookies, infiltrating and extracting cloud data from Taiwanese institutions
New Type of Job Scam Targets Financially Vulnerable Populations
The surge in job scams targets vulnerable individuals, mirroring pig butchering fraud tactics
Russian Malware Campaign Targets Ukrainian Recruits Via Telegram
Google researchers have observed Russian threat actor UNC5812 using a malware campaign via Telegram to access the devices of Ukrainian military recruits
Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland
Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws
AI-Powered BEC Scams Zero in on Manufacturers
Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts
Change Healthcare Breach Affects 100 Million Americans
Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack
