Category: Privacy/Governance Feed

UK businesses should start to plan for required changes to their cybersecurity programs ahead of the Cyber Security and Resilience Bill – Read More  –  

Patched privilege escalation flaw in Google Cloud Platform linked to wider cloud security concerns – Read More  –  

The 19-year-old and his accomplices obtained key data for the extortion scheme in a 2022 breach of a US telco – Read More  –  

ITRC report finds that 39% of American consumers believe biometric use should be banned – Read More  –  

An M&S trading update estimates the ongoing cyber-incident will cost £300m, largely from lost sales due to the suspension of online orders – Read More  –  

A new NCSC guide offers useful information on how to safely and securely dispose of end-of-life assets – Read More  –  

The Venice.ai chatbot gained traction in hacking forums for its uncensored access to advanced models – Read More  –  

A data breach at Nationwide Recovery Services compromised data of 200,000 Harbin Clinic patients – Read More  –  

Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities – Read More  –  

Thales found that 73% of organizations are investing in AI-specific security tools, amid surging takeup of GenAI tools in enterprises – Read More  –  

Around half of US and UK consumers have seen fraud ads and content on ‘refund hacks’ on social media – Read More  –  

Regeneron, which intends to acquire 23andMe for $256m, says data security and privacy will be a priority – Read More  –  

Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor – Read More  –  

RomethemeKit for Elementor has released a patch addressing an RCE vulnerability exposing 30,000 sites – Read More  –  

Civil society groups and academics are calling for the EU’s GDPR to remain unchanged following the EU Commission’s plans to revisit it – Read More  –  

An Alabama man has been sentenced to 14 months for hacking the SEC’s X account – Read More  –  

The UK government says that hackers accessed a “large amount” of personal information in attack on Legal Aid Agency – Read More  –  

Security experts tell Infosecurity about the cloud attack trends in the past year, and how CISOs can mitigate evolving techniques – Read More  –  

The FBI has warned about an ongoing smishing and vishing scheme using AI deepfakes to impersonate US officials – Read More  –  

An analysis by Robert Walters found there are around 17,000 cybersecurity vacancies in the UK currently, with organizations struggling to fill open positions – Read More  –  

In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim’s webmail page – Read More  –  

New data from Darktrace showed that cyber-attacks targeting healthcare organizations increased in intensity in 2024 – Read More  –  

Coinbase is offering a $20m reward to help catch the threat actor behind a cyber-attack that could cost it between $180-$400m – Read More  –  

A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory – Read More  –  

The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004 – Read More  –  

Dior confirmed a data breach compromising customer personal information, discovered on May 7 – Read More  –  

Researchers discovered over 3000 Linux vulnerabilities in 2024, the most of any category – Read More  –  

The voluntary cybersecurity charter asks NHS suppliers to commit to eight cybersecurity pledges, amid rising attacks on healthcare – Read More  –  

Most online merchants now believe customers pose as big a threat as professional fraudsters – Read More  –  

The ransomware landscape is more fragmented than ever, with no “market leader,” says William Lyne, Head of Intelligence at the NCA – Read More  –  

Android Enterprise introduced Device Trust to enhance mobile security on Android devices – Read More  –  

CISA paused plans to overhaul its advisory system after backlash from the infosec community – Read More  –  

Fortinet and Ivanti published advisories on the same day revealing that attackers are exploiting new zero days, one of which is rated critical – Read More  –  

While appearing unsophisticated on the surface, Chihuahua Stealer uses advanced methods – Read More  –  

Law enforcers from multiple countries team up to dismantle a multimillion-euro fraud gang – Read More  –  

Microsoft has patched seven zero-day bugs, five of which were exploited in the wild – Read More  –  

Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft – Read More  –  

Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities – Read More  –  

CISA won’t post standard cybersecurity updates on its website, shifting to email and social media – Read More  –  

ENISA has officially launched the European Vulnerability Database as required by the NIS2 directive – Read More  –  

M&S Chief Executive, Stuart Machin, said that the firm has written to customers to inform them that some personal information was accessed by threat actors – Read More  –  

The UK government wants to hear feedback on a possible new standard or legislation to improve enterprise IoT security – Read More  –  

Hacktivist claims on Indian infrastructure raised alarms, but investigations showed minimal damage – Read More  –  

The criminal proxy network infected thousands of IoT and end-of-life devices, creating dangerous botnet – Read More  –  

During Infosecurity Europe 2025 experts will explore how to strengthen organizational resilience against persistent third-party risks – Read More  –  

She@Cyber training program is focused on improving the representation of women and other underrepresented groups in the cybersecurity industry – Read More  –  

A global cryptocurrency phishing operation likely based in India or Sri Lanka has been stealing digital assets since at least 2022 – Read More  –  

Hackers have compromised Japanese trading accounts in an apparent attempt to manipulate the stock market – Read More  –  

Germany’s BKA has seized the infrastructure behind the crypto swapping service eXch – Read More  –