Category: Privacy/Governance Feed

A new Europol-led operation has dismantled infrastructure for key initial access malware used to launch ransomware attacks – Read More  –  

Operation Raptor also resulted in the seizure of $184m and a record amount of illegal drugs, firearms and drug trafficking proceeds – Read More  –  

Sophos has observed DragonForce attacking rival ransomware operators including RansomHub as it seeks to expand its reach in the cybercrime marketplace – Read More  –  

Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC – Read More  –  

Kettering Health is facing significant disruptions from a cyber-attack that impacted patient care – Read More  –  

The US cryptocurrency exchange claimed that the breach occurred in December 2024 – Read More  –  

The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass – Read More  –  

West Lothian Council confirmed that ransomware attackers have stolen personal and sensitive information held on its education network – Read More  –  

Law enforcers worldwide have teamed up with Microsoft to disrupt the infrastructure behind Lumma Stealer – Read More  –  

NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat – Read More  –  

UK businesses should start to plan for required changes to their cybersecurity programs ahead of the Cyber Security and Resilience Bill – Read More  –  

Patched privilege escalation flaw in Google Cloud Platform linked to wider cloud security concerns – Read More  –  

The 19-year-old and his accomplices obtained key data for the extortion scheme in a 2022 breach of a US telco – Read More  –  

ITRC report finds that 39% of American consumers believe biometric use should be banned – Read More  –  

An M&S trading update estimates the ongoing cyber-incident will cost £300m, largely from lost sales due to the suspension of online orders – Read More  –  

A new NCSC guide offers useful information on how to safely and securely dispose of end-of-life assets – Read More  –  

The Venice.ai chatbot gained traction in hacking forums for its uncensored access to advanced models – Read More  –  

A data breach at Nationwide Recovery Services compromised data of 200,000 Harbin Clinic patients – Read More  –  

Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities – Read More  –  

Thales found that 73% of organizations are investing in AI-specific security tools, amid surging takeup of GenAI tools in enterprises – Read More  –  

Around half of US and UK consumers have seen fraud ads and content on ‘refund hacks’ on social media – Read More  –  

Regeneron, which intends to acquire 23andMe for $256m, says data security and privacy will be a priority – Read More  –  

Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor – Read More  –  

RomethemeKit for Elementor has released a patch addressing an RCE vulnerability exposing 30,000 sites – Read More  –  

Civil society groups and academics are calling for the EU’s GDPR to remain unchanged following the EU Commission’s plans to revisit it – Read More  –  

An Alabama man has been sentenced to 14 months for hacking the SEC’s X account – Read More  –  

The UK government says that hackers accessed a “large amount” of personal information in attack on Legal Aid Agency – Read More  –  

Security experts tell Infosecurity about the cloud attack trends in the past year, and how CISOs can mitigate evolving techniques – Read More  –  

The FBI has warned about an ongoing smishing and vishing scheme using AI deepfakes to impersonate US officials – Read More  –  

An analysis by Robert Walters found there are around 17,000 cybersecurity vacancies in the UK currently, with organizations struggling to fill open positions – Read More  –  

In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim’s webmail page – Read More  –  

New data from Darktrace showed that cyber-attacks targeting healthcare organizations increased in intensity in 2024 – Read More  –  

Coinbase is offering a $20m reward to help catch the threat actor behind a cyber-attack that could cost it between $180-$400m – Read More  –  

A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory – Read More  –  

The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004 – Read More  –  

Dior confirmed a data breach compromising customer personal information, discovered on May 7 – Read More  –  

Researchers discovered over 3000 Linux vulnerabilities in 2024, the most of any category – Read More  –  

The voluntary cybersecurity charter asks NHS suppliers to commit to eight cybersecurity pledges, amid rising attacks on healthcare – Read More  –  

Most online merchants now believe customers pose as big a threat as professional fraudsters – Read More  –  

The ransomware landscape is more fragmented than ever, with no “market leader,” says William Lyne, Head of Intelligence at the NCA – Read More  –  

Android Enterprise introduced Device Trust to enhance mobile security on Android devices – Read More  –  

CISA paused plans to overhaul its advisory system after backlash from the infosec community – Read More  –  

Fortinet and Ivanti published advisories on the same day revealing that attackers are exploiting new zero days, one of which is rated critical – Read More  –  

While appearing unsophisticated on the surface, Chihuahua Stealer uses advanced methods – Read More  –  

Law enforcers from multiple countries team up to dismantle a multimillion-euro fraud gang – Read More  –  

Microsoft has patched seven zero-day bugs, five of which were exploited in the wild – Read More  –  

Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft – Read More  –  

Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities – Read More  –  

CISA won’t post standard cybersecurity updates on its website, shifting to email and social media – Read More  –