Information Security Magazine

Shona Lester, head of the Cyber Security and Resilience Bill team within the UK government, outlined some of the provisions that should be included in the future law

A cyber-attack claimed to be the resposibility of INC Ransom group and targeting the OnSolve CodeRED platform has disrupted emergency notification and exposed user data across the US

A new report from the UK Business and Trade Committee has called for accountability of software providers for cyber flaws amid rising attack costs

The FBI reports over $262m in losses from account takeover schemes since January 2025, as cybercriminals impersonate financial institutions to steal data and funds

The CEO of the customer support platform said “a handful of customers” saw their data exposed after the breach

A new vulnerability dubbed “HashJack” could enable attackers to booby trap websites when they interact with AI browsers

At least three London local authorities are dealing with a major cybersecurity incident

A cluster of fraudulent domains impersonating Egyptian providers have been identified linked to Smishing Triad operations

A new macOS malware chain using staged scripts and a Go-based backdoor has been attributed to FlexibleFerret, designed to steal credentials and maintain system access

In its latest annual identity fraud report, Sumsub observed a “sophistication shift” in global fraud trends

MPs in the UK want a new economic security regime to tackle cyber and related threats

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows

Critical flaws in Fluent Bit threaten telemetry across platforms according to an advisory published by Oligo Security researchers

Morphisec has observed a new operation embedding StealC V2 malware in Blender project files, targeting users via 3D assets and launching a multi-stage infection chain

The US cybersecurity agency has added the critical flaw to its Known Exploited Vulnerabilities list

Spanish airline Iberia has begun emailing its customers about a supplier data breach

The International Defence Esports Games (IDEG) will help sharpen cyber and battlefield skills for allied soldiers

Researchers at BlackFrog have uncovered Matrix Push C2, a malicious command-and-control system that abuses web browser push notifications to deliver malware

Salesforce believes there has been unauthorized access to its customers’ data through the Gainsight app’s connection to its platform

A multi-year ATM fraud campaign by UNC2891 targeted two Indonesian banks, cloning cards, recruiting money mules and coordinating cash withdrawals