Infosecurity News
PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites
Vulnerability in PayU CommercePro plugin allows account hijacking on thousands of WordPress sites
New Wiper Malware Targets Ukrainian Infrastructure
New PathWiper malware targeted Ukrainian critical infrastructure, using legitimate tools for cyber-attacks
Trump Administration Revises Cybersecurity Rules, Replaces Biden and Obama Orders
A new Trump Executive Order limits the use of cybersecurity-related sanctions only against foreign malicious actors
US Tries to Claw Back $7m Taken by North Korean IT Workers
The Justice Department has filed a civil forfeiture complaint alleging North Korean IT workers amassed $7m+
FBI Warns Smart Home Users of Badbox 2.0 Botnet Threat
The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware
Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets
#Infosec2025: Top Six Cyber Trends CISOs Need to Know
Experts at Infosecurity Europe 2025 highlighted a range of major industry trends, from advanced social engineering techniques to vulnerability exploits
#Infosec2025: Cybersecurity Lessons From Maersk’s Former CISO
2017 ransomware attack on shipping company A P Moller Maersk marked a turning point for the cybersecurity industry, according to its former CISO Adam Banks
#Infosec2025: DNS Hijacking, A Major Cyber Threat for the UK Government
During Infosecurity Europe 2025, Nick Woodcraft, from the UK Government, shared his experience in implementing measures to protect domains within the .gov.uk DNS namespace
#Infosec2025: Ransomware Victims Urged to Engage to Take Back Control
Engagement with ransomware actors doesn’t necessarily mean payment; it’s about getting the best outcomes, a leading negotiator had argued
#Infosec2025: Know Your Audience to Make an Impact, CISOs Tell Their Peers
A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscape
#Infosec2025: Threat Actors Weaponizing Hardware Devices to Exploit Fortified Environments
Sophisticated nation-state and cybercriminal groups are using insiders to infect targets via hardware devices, despite a lack of reporting of this threat
#Infosec2025: Defenders and Attackers are Locked in an AI Arms Race
Malicious actors are making more use of AI in attacks, even as governments look to boost AI investments
#Infosec2025: Seven Steps to Building a Mature Vulnerability Management Program
At Infosecurity Europe 2025, Axonius’ Jon Ridyard proposed seven best practices to build mature vulnerability management processes
#Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats
Endpoint and network security is still essential, even as malicious actors turn to supply chains, identities and AI
#Infosec2025 Cloud-Native Technology Prompts New Security Approaches
Moving to cloud-native architecture and modern platforms is allowing enterprises to automate operations and improve security
#Infosec2025: Cybersecurity Support Networks Too Fragmented for SMBs, Say Experts
Experts argue the case for “communities of support” to boost SMB cyber-resilience
#Infosec2025: Simplicity Should Guide Cybersecurity Purchasing Decisions
Experts argue that CISOs should avoid product duplication and simplify their language to ensure budget is spent wisely
#Infosec2025: Concern Grows Over Agentic AI Security Risks
Agentic AI systems could threaten security and data privacy, unless organizations test each model and component
Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware
A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware
