Infosecurity News
CISA Warns of Backdoor Vulnerability in Contec Patient Monitors
CISA has identified a backdoor in Contec CMS8000 devices that could allow unauthorized access to patient data and disrupt monitoring functions
High-profile X Accounts Targeted in Phishing Campaign
Hackers hijack high-profile X accounts with phishing scams to steal credentials and promote fraudulent cryptocurrency schemes
768 CVEs Exploited in the Wild in 2024
VulnCheck observed 768 public reports of CVEs exploited in the wild for the first time in 2024, a 20% rise compared to 2023
European Police: Data Volumes and Deletion Hindering Investigations
A new Europol report warns of major challenges accessing and analyzing data for cybercrime investigations
UK Announces “World-First” AI Security Standard
The UK government has launched a new AI security code of practice it believes will become an ETSI standard
Threat Actors Target Public-Facing Apps for Initial Access
Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques
Tata Technologies Hit by Ransomware Attack
The Indian tech giant temporarily suspended some of its IT services, which have now been restored
DeepSeek's Flagship AI Model Under Fire for Security Vulnerabilities
Cyber reports exposed major security flaws in DeepSeek’s R1 LLM
International Operation Dismantles Cracked and Nulled Cybercrime Hubs
A global law enforcement operation has taken down infrastructure used by Cracked.io and Nulled.io, which provide cybercriminal tools and services
Google Blocked 2.36 Million Policy-Violating Apps
Google Play blocked 2.36 million policy-violating apps and banned 158,000 harmful developer accounts in 2024
Attackers Increase Use of HTTP Clients for Account Takeovers
HTTP client tools used to compromise Microsoft 365 environments with 78% of tenants targeted in 2024
Syncjacking Attack Enables Full Browser and Device Takeover
SquareX researchers warn that browser syncjacking could lead to full browser and device hijacking
DeepSeek Exposed Database Leaks Sensitive Data
Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history
Ransomware Attack Disrupts Blood Donation Services in US
New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country
UK Organizations Boost Cybersecurity Budgets
UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year
NCSC Calls on Vendors to Eradicate “Unforgivable” Vulnerabilities
The UK’s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable”
AI Surge Drives Record 1205% Increase in API Vulnerabilities
AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm
Nation-State Hackers Abuse Gemini AI Tool
Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development
New Hellcat Ransomware Gang Employs Humiliation Tactics
Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims
Threat Actors Exploit Government Websites for Phishing
Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections
