Information Security Magazine

Microsoft announced updates for 107 vulnerabilities on Patch Tuesday, including one zero-day

In a new investigation launched at DEFCON 33, Analyst1’s Jon DiMaggio revealed probable Russian government involvement in the Kaseya attack

A new technique has bypassed GPT-5’s safety systems via narrative-driven steering to elicit harmful output

Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments

The sophisticated campaign aims to steal credentials of sponsor license holders to facilitate immigration fraud, extortion and other monetization schemes

Rapid7 found that threat actors are able to purchase low-cost initial access broker services, with many packages offering a variety of options

While “fairly primitive”, APT28’s LameHug was a testbed for future AI-powered attacks, said two MITRE experts during Black Hat USA 2025

New threat intelligence points to targeting of financial services and technology sectors by ShinyHunters group

Threat actors have stolen data on at least half a million cancer screening patients

A cyber-attack at Connex Credit Union has compromised data of 172,000 individuals, including sensitive information

A flaw in WinRAR, tracked as CVE-2025-8088, has been exploited by the RomCom group to deploy malware

Four senior members of a Ghana-based criminal network have been indicted for stealing over $100 million through romance scams and BEC frau

TRM Labs observed crypto payments worth $34.2m moved from victims addresses to a range of destinations likely associated with the group

Eight European countries have yet to transpose NIS2 into law, exposing them to regulatory action

Commercial red team experts believe AI’s current impact on cyber is overstated

The winners of the AI Cybersecurity Challenge (AIxCC), Team Atlanta, won a $4m prize

Leaders of the US Cybersecurity and Infrastructure Agency (CISA) pushed back on layoff concerns and highlighted new initiatives

The Information Commissioner has applied for a civil penalty against Optus following the 2022 data breach that exposed the personal details of 9.5 million Australians

The judiciary announced stronger protections for its case management system following reports of a major breach of sensitive court documents in multiple states

Bouygues Telecom revealed the attackers stole personal data of 6.4 million customers, including contact details, contractual data and international bank account numbers