Infosecurity News

  1. Stripe API Skimming Campaign Unveils New Techniques for Theft

    A novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious scripts into pages

  2. Royal Mail Investigates Data Breach Affecting Supplier

    A cyber threat actor has claimed to have leaked 144GB of data from Royal Mail users

  3. Gray Bots Surge as Generative AI Scraper Activity Increases

    Gray bots surge as generative AI scraper activity increases, impacting web applications with millions of requests daily

  4. Bybit Heist Fuels Record Crypto-Theft Surge, Says CertiK

    Hackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase

  5. North Korea's Fake IT Worker Scheme Sets Sights on Europe

    Google has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion

  6. Steam Surges to Top of Most Spoofed Brands List in Q1

    Gaming community Steam appeared most often in phishing emails and texts detected by Guardio in Q1 2025

  7. ICO Apologizes After Data Protection Response Snafu

    The UK’s data protection regulator says it is overwhelmed with complaints from the public

  8. WP Ultimate CSV Importer Flaws Expose 20,000 Websites to Attacks

    WP Ultimate CSV Importer flaws expose 20,000 websites to attacks enabling attackers to achieve full site compromise

  9. Ukraine Blames Russia for Railway Hack, Labels It "Act of Terrorism"

    The CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services”

  10. New Phishing Attack Combines Vishing and DLL Sideloading Techniques

    A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor

  11. Google to Switch on E2EE for All Gmail Users

    Google is set to roll out end-to-end encryption for all Gmail users, boosting security, compliance and data sovereignty efforts

  12. Cybercriminals Expand Use of Lookalike Domains in Email Attacks

    BlueVoyant found that the use of lookalike domains in email-based attacks is allowing actors to extend the types of individuals and organizations being targeted

  13. Cyber Security and Resilience Bill Will Apply to 1000 UK Firms

    A thousand UK service providers will be expected to comply with the forthcoming Cyber Security and Resilience Bill

  14. New Malware Variant RESURGE Exploits Ivanti Vulnerability

    CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282

  15. ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers

    New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers

  16. EU Commission to Invest €1.3bn in Cybersecurity and AI

    The funding will go to several projects within the Digital Europe Programme (DIGITAL) work program for 2025 to 2027

  17. NCSC Urges Users to Patch Next.js Flaw Immediately

    The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927

  18. US Seizes $8.2m from Romance Baiting Scammers

    The DoJ has managed to recoup over $8m from scammers, stolen in romance baiting schemes

  19. Solar Power System Vulnerabilities Could Result in Blackouts

    Forescout researchers found multiple vulnerabilities in leading solar power system manufacturers, which could be exploited to cause emergencies and blackouts

  20. Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices

    Claroty revealed that 89% of healthcare organizations use the top 1% of riskiest Internet-of-Medical-Things (IoMT) devices

What’s hot on Infosecurity Magazine?