Security

The UK government-backed Digital Security by Design (DSbD) initiative must succeed to systematically address rising cyber risks to the nation, according to the National Cyber Security Centre’s (NCSC) CTO, Ollie Whitehouse. Whitehouse made the remarks during an event showcasing the technological advances from the ambitious program, which aims to secure the underlying computer hardware used

A 25-year-old Alabama man has pleaded guilty to charges related to the January 2024 hacking of the US Securities and Exchange Commission’s (SEC) X (formerly Twitter) account. This incident briefly caused a spike in the value of Bitcoin. Eric Council Jr., of Athens, Alabama, admitted in court to conspiring with others to gain unauthorized access

A newly uncovered cyber campaign has been observed exploiting Internet Information Services (IIS) vulnerabilities to distribute malware known as BadIIS. The attack, affecting several Asian countries, manipulates search engine optimization (SEO) results to redirect users to illegal gambling sites or malicious servers. Widespread Impact and Financial Motivation According to Trend Micro’s findings, the attack is financially

Over half (58%) of large UK financial services firms suffered at least one third-party supply chain attack in 2024, according to a study by Orange Cyberdefense. Nearly a quarter (23%) of these companies were hit three or more times by third-party attacks. The research identified significant gaps in financial services third-party risk management strategies. Close

Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications. While these models contain malicious code, they were not flagged as “unsafe” by Hugging Face’s security scanning mechanisms. The Reversing Labs researchers saw that these malicious models exploit a novel

Most GDPR enforcement actions by the UK’s Information Commissioner’s Office (ICO) were against public sector organizations in 2024, an analysis by URM Consulting has revealed. A total of 27 UK public sector entities faced actions under the GDPR, compared to just four private companies. The actions took a range of forms, including fines, reprimands and

A global law enforcement effort has led to the arrest of two suspected leaders of an extremist online group accused of grooming and coercing minors into acts of violence and sexual exploitation. Authorities in the US arrested the individuals on January 30 as part of a broader Europol-coordinated crackdown on “The Com” organization, an international

A new phishing campaign orchestrated by the financially motivated threat group UAC-0006 has been discovered targeting customers of PrivatBank, Ukraine’s largest state-owned financial institution. Cybersecurity analysts from CloudSEK identified an ongoing attack that employs password-protected archives containing malicious JavaScript, VBScript or LNK files to evade detection. Attack Methods and Payloads UAC-0006 has been observed deploying

A new malware strain, ELF/Sshdinjector.A!tr, has been linked to the DaggerFly espionage group and used in the Lunar Peek campaign to target Linux-based network appliances. Its primary function is data exfiltration. How the Malware Works Uncovered by cybersecurity researchers at FortiGuard Labs, the malware operates using multiple binaries that work together to infect a system: Dropper: Checks if

A hidden backdoor function embedded in the firmware of the Contec CMS8000 patient monitor has been identified by the US Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, which includes a hard-coded IP address and the potential for unauthorized access to patient data, exists in all analyzed versions of the device’s firmware. The Contec CMS8000

R1, the latest large language model (LLM) from Chinese startup DeepSeek, is under fire for multiple security weaknesses. The company’s spotlight on the performance of its reasoning LLM has also brought scrutiny. A handful of security research reports released in late January have highlighted flaws in the model. Additionally, the LLM critically underperforms in a

Tata Technologies Limited, a subsidiary of the Indian conglomerate Tata Group, has been the victim of a ransomware attack affecting some of its IT assets. The publicly traded company informed the Bombay Stock Exchange (BSE) of the attack in a January 31 letter. The tech giant temporarily suspended some IT services as a precaution, but

Threat actors are increasing their focus on exploiting public-facing applications to achieve initial access, according to Cisco Talos’ Incident Response Trends in Q4 2024 report. The exploitation of public-facing applications was the most common method of gaining initial access in Q4 2024, making up 40% of incidents. The researchers said this marked a “notable shift”

Google Play has blocked 2.36 million policy-violating apps from being published and banned 158,000 developer accounts associated with harmful activities in 2024. More than 92% of Google’s human reviews for harmful apps are now AI-assisted, the tech giant said in a new report released on Wednesday. This allows faster and more accurate detection, helping prevent malicious apps from reaching

AI-driven API vulnerabilities have skyrocketed by 1205% in the past year. The figures come from the 2025 API ThreatStats Report by Wallarm, which highlights how AI has become the biggest driver of API security threats, with nearly 99% of AI-related vulnerabilities tied to API flaws. The study also found that 57% of AI-powered APIs were accessible externally,

US energy contractor ENGlobal has revealed that sensitive personal data was stolen after it was hit by a cyber-attack in November 2024. In an updated filing to the Securities and Exchange Commission (SEC) dated January 27, 2025, the engineering firm said the threat actor gained access to a portion of its IT system that contained

A new report has revealed a surge in the use of so-called “hidden text salting” techniques to evade email security measures in the latter half of 2024.  This method, also known as “poisoning,” allows cybercriminals to bypass spam filters, confuse email parsers and evade detection engines by embedding invisible elements in the HTML source code

The FBI has warned that North Korean IT worker schemes are stealing data to extort their victims as part of efforts to generate revenue for the Democratic People’s Republic of Korea (DPRK). The US intelligence agency confirmed it has observed North Korean IT workers engaging in this tactic over recent months. This involves exfiltrating stolen

A new report by Recorded Future has revealed new elements about the sophisticated techniques by which a well-known Russian crypto scamming group operates. The group, Crazy Evil, is a collective of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages – commonly called a ‘traffer team.’ Since 2021, the group has been

Amazon’s cloud branch, Amazon Web Services (AWS), is launching a £5m ($6.2m) grant to help strengthen the cybersecurity capabilities of educational institutions across the UK. According to a January 24 announcement, the AWS UK Cyber Education Grant Program aims to enhance security capabilities in UK educational institutions, advance ransomware protection, upskill the IT workforce in

Threat actors have been actively exploiting chained vulnerabilities in Ivanti Cloud Service Appliances (CSA), significantly amplifying the impact of their cyber-attacks. The vulnerabilities—CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380—were leveraged in September 2024 to breach systems, execute remote code (RCE), steal credentials and deploy webshells on victim networks. Exploiting Chained Vulnerabilities According to a joint advisory from

A cyber espionage operation targeting South Korean VPN software was conducted in 2023 by a previously undocumented advanced persistent threat (APT) group, PlushDaemon. According to new research by ESET, the attack involved the compromise of legitimate VPN installer files, embedding a malicious backdoor called SlowStepper alongside the original software. ESET reported that the malware-infected installer

A significant botnet campaign leveraging a new variant of the infamous Mirai malware, dubbed Murdoc_Botnet, has been observed targeting AVTECH cameras and Huawei HG532 routers, exploiting known vulnerabilities to infect devices and establish a vast network for malicious activities. Identified by researchers at Qualys, the Murdoc_Botnet campaign uses exploits such as CVE-2024-7029 and CVE-2017-17215 to

Hewlett Packard Enterprise (HPE) has launched an investigation into claims by prominent hacker, IntelBroker, who alleges to have stolen sensitive data from the tech giant. The hacker announced on January 16 on BreachForums that they are selling files purportedly taken from HPE systems. The data allegedly includes source code for products like Zerto and iLO, private

Russian nation-state group Star Blizzard has been targeting WhatsApp accounts, with the group shifting its focus following a law enforcement takedown of its infrastructure. Microsoft Threat Intelligence observed Star Blizzard undertake a social engineering campaign in mid-November 2024. This new campaign aimed to compromise the WhatsApp accounts of individuals working in government and other policy-related

Notorious North Korea state-sponsored Lazarus group is targeting software developers in an ongoing campaign, researchers from SecurityScorecard have revealed. The campaign, dubbed ‘Operation 99’, was identified on January 9. It is designed to steal sensitive data from developer environments, including source code, secrets and configuration files and cryptocurrency wallet keys. The researchers said the campaign

Latest action by the US Supreme Court has inched social media giant TikTok towards an outright ban in the US unless the platform is sold to a US firm.   On January 17, the US Supreme Court rejected a free speech challenge filed by ByteDance, the Chinese owner of TikTok, over a bill requiring ByteDance

Real estate scams have been rising across the Middle East as scammers exploit the trust associated with online listings and the urgency often felt when securing a property.  With the increasing use of digital platforms for property searches, many users skip essential verification steps, leaving them vulnerable to fraudsters. Group-IB’s latest analysis, published today, highlights

A new initiative aimed at improving collaboration on artificial intelligence (AI) cybersecurity across critical infrastructure has been introduced by the Cybersecurity and Infrastructure Security Agency (CISA) in the US. The JCDC AI Cybersecurity Collaboration Playbook provides detailed guidance for AI developers, providers and adopters on voluntarily sharing cybersecurity information with CISA and its Joint Cyber

The Biden-Harris Administration has introduced a new Interim Final Rule on Artificial Intelligence Diffusion aimed at enhancing US national security and preventing the misuse of advanced US technology by countries of concern. The rule strengthens protections against misuse of advanced AI technologies by countries of concern. Measures defined in the new rule include: Continuing restrictions on