DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials
Infosecurity Magazine
20 articles
Critical Citrix NetScaler Vulnerability Exploited in the Wild
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability
ICO Fines UK Nuisance Call Scammers £100,000
The UK Information Commissioner’s Office has handed a £100,000 fine to Birmingham-based TMAC
European Commission Confirms Cloud Data Breach
The European Commission has revealed details of a data breach impacting its AWS infrastructure
New Wave of AiTM Phishing Targets TikTok for Business
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google
‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration
UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code
Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns
PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients
OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws
Iran-Linked Pay2Key Ransomware Group Re-Emerges
Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns
The National Crime Agency has warned construction firms about surging invoice fraud
Cloud Phones Linked to Rising Financial Fraud Threat
Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts
Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
US: FCC Bans Foreign-Made Routers Over National Security Concerns
The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Expel has warned of malicious Chrome extensions stealing users’ AI conversations