Infosecurity News
Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform
The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass
Sensitive Personal Data Stolen in West Lothian Ransomware Attack
West Lothian Council confirmed that ransomware attackers have stolen personal and sensitive information held on its education network
Global Law Enforcers and Microsoft Seize 2300+ Lumma Stealer Domains
Law enforcers worldwide have teamed up with Microsoft to disrupt the infrastructure behind Lumma Stealer
Western Logistics and Tech Firms Targeted by Russia’s APT28
NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat
#Infosec2025: NCC Group Expert Warns UK Firms to Prepare for Cyber Security and Resilience Bill
UK businesses should start to plan for required changes to their cybersecurity programs ahead of the Cyber Security and Resilience Bill
Cybercriminals Mimic Kling AI to Distribute Infostealer Malware
A new malware campaign disguised as Kling AI used fake Facebook ads and counterfeit websites to distribute an infostealer
Flaw in Google Cloud Functions Sparks Broader Security Concerns
Patched privilege escalation flaw in Google Cloud Platform linked to wider cloud security concerns
US Teen to Plead Guilty in PowerSchool Extortion Campaign
The 19-year-old and his accomplices obtained key data for the extortion scheme in a 2022 breach of a US telco
Two-Fifths of Americans Want to Ban Biometric Use
ITRC report finds that 39% of American consumers believe biometric use should be banned
M&S Braces for £300 Million Cyber-Attack Costs
An M&S trading update estimates the ongoing cyber-incident will cost £300m, largely from lost sales due to the suspension of online orders
NCSC Helps Firms Securely Dispose of Old IT Assets
A new NCSC guide offers useful information on how to safely and securely dispose of end-of-life assets
Uncensored AI Tool Raises Cybersecurity Alarms
The Venice.ai chatbot gained traction in hacking forums for its uncensored access to advanced models
Debt Collector Data Breach Affects 200,000 Harbin Clinic Patients
A data breach at Nationwide Recovery Services compromised data of 200,000 Harbin Clinic patients
Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits and Wipers
Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities
Mounting GenAI Cyber Risks Spur Investment in AI Security
Thales found that 73% of organizations are investing in AI-specific security tools, amid surging takeup of GenAI tools in enterprises
Half of Consumers Targeted by Social Media Fraud Ads
Around half of US and UK consumers have seen fraud ads and content on ‘refund hacks’ on social media
New 23andMe Buyer Regeneron Promises to Prioritize Security
Regeneron, which intends to acquire 23andMe for $256m, says data security and privacy will be a priority
New Malware on PyPI Poses Threat to Open-Source Developers
Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor
RCE Vulnerability Found in RomethemeKit For Elementor Plugin
RomethemeKit for Elementor has released a patch addressing an RCE vulnerability exposing 30,000 sites
GDPR Changes Risk Undermining its Principles, Civil Society Groups Warn
Civil society groups and academics are calling for the EU's GDPR to remain unchanged following the EU Commission's plans to revisit it
