Information Security Magazine

Mimecast found that insider threats, credential misuse and user-driven errors were involved in most security incidents last year

The US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to its Known Exploited Vulnerabilities catalog

More than 14,500 girls from across the UK took part in this year’s CyberFirst Girls competition

Pro-Palestine Dark Storm Team group claims responsibility for major DDoS attacks on X

SIM swapping fraud surges in the Middle East as cybercriminals exploit websites mimicking legitimate services to steal personal data

A new report by Fortinet reveals techniques used by attackers to evade detection and compromise systems

The Alan Turing institute urged government and academia to address systemic cultural and structural security barriers in UK AI research

Starting April 2025, Swiss critical infrastructure organizations will have to report cyber-attacks to the country’s authorities within 24 hours of discovery

Software developer Davis Lu cost his employer hundreds of thousands after deploying malware that caused crashes and failed logins

Fortra claims the number of unauthorized Cobalt Strike licenses in the wild fell 80% over two years

Travelers found that ransomware groups are focusing on targeting weak credentials on VPN and gateway accounts for initial access, marking a shift from 2023

AI-driven cyberattacks are rapidly escalating, with a vast majority of security professionals reporting encounters and anticipating a surge, while struggling with detection

Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m

An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites

Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence

Layoffs and cutbacks have been cited as major factors in a significant drop in job satisfaction among women working in cybersecurity, according to ISC2

Enisa identifies six sectors that it says must improve on NIS2 compliance

The DoJ has charged Chinese government and i-Soon employees for a series of for-profit data theft campaigns

Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data

Nonprofits are facing a surge in cyber-attacks as email threats rise 35%, targeting donor data and transactions