Infosecurity Magazine - Latest News and Information
Technology Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
New ESET research shows 78% of UK manufacturers suffered a serious cyber incident in the past year, with 95% reporting direct business impact. Over half (53%) incurred financial losses, averaging six‑figure amounts, while 44% faced supply‑chain disruptions and 39% missed commitments. Shutdowns lasted 1‑7 days for most affected firms, and AI‑enabled attacks were identified as the top production threat. Yet only 22% place cyber‑risk accountability at the board level, leaving many organisations reactive.
Security researchers at Check Point uncovered a vulnerability in ChatGPT that allows a single crafted prompt to create a covert data‑exfiltration channel. The flaw leveraged a hidden DNS side‑channel from the model's isolated container, enabling both data leakage and remote...
Employee data breach reports to the UK Information Commissioner’s Office reached 3,872 incidents in 2025, the highest level in at least seven years. That marks a 5% rise from the previous year and a 29% increase versus 2019, when reporting...
On 26 March the UK government announced sanctions against Xinbi, the region’s largest illicit cryptocurrency marketplace that moved roughly $19.7 billion in fraudulent funds. Xinbi, based in China, is tied to the #8 Park scam compound in Cambodia, which houses up to 20,000...
Georgia Tech’s Vibe Security Radar identified 35 new AI‑generated code vulnerabilities in March 2026, raising the quarterly total to 74 confirmed CVEs linked to AI coding tools. The project tracks roughly 50 AI‑assisted development platforms, with Anthropic’s Claude Code accounting for...
Researchers at eSentire disclosed a new EtherRAT campaign that hides command‑and‑control (C2) addresses inside Ethereum smart contracts, a technique they call EtherHiding. The malware, delivered via Node.js backdoors after initial access through Teams support scams and ClickFix attacks, retrieves C2...
OpenAI announced a Safety Bug Bounty program on March 26, hosted on Bugcrowd, to solicit disclosures of AI abuse and safety risks beyond traditional security flaws. The initiative complements its existing Security Bug Bounty, which has already rewarded 409 vulnerabilities since...
UK’s National Crime Agency, together with the National Federation of Builders, has launched an awareness campaign targeting invoice‑fraud in the construction sector. In September 2025, fraudulent invoices cost the industry almost £4 million (≈$5.3 million) across 83 reported cases, and construction plus...
A Group‑IB report released on March 25 reveals that cloud phones—remote‑access Android devices hosted in data centres—are being weaponized for financial fraud. Because they replicate genuine smartphones, they bypass conventional device‑fingerprinting tools, allowing fraudsters to create and operate dropper accounts...
SentinelOne’s 2026 Annual Threat Report warns that identity‑based attacks have escalated to an industrial scale, with threat actors exploiting legitimate enterprise credentials to bypass traditional defenses. Attackers are using social‑engineering, MFA‑bypass kits, and brute‑force tactics to hijack high‑privilege accounts, even...
Security firm Expel reported a surge in malicious Chrome extensions that silently capture users’ AI conversations, a practice dubbed “prompt poaching.” The extensions monitor open tabs, intercept API calls or scrape the DOM, then transmit prompts and responses to external...
Silver Fox, a cyber intrusion group, shifted its tactics from 2025 to early 2026, blending espionage with financially motivated crime. The campaigns targeted finance staff across Taiwan, Japan, and eight South Asian nations using tax‑authority phishing lures. Attack vectors progressed...
Infosecurity Europe will feature former Ukrainian foreign minister Dmytro Kuleba as the headline keynote at its June 2‑4, 2026 conference in London. Kuleba will discuss “Ukraine’s Hybrid War and the New Cyber Frontline,” sharing lessons from Russia’s coordinated cyber‑attacks and the shift...
An affiliate known as ‘hastalamuerte’ disclosed internal details of the emerging ransomware‑as‑a‑service group The Gentlemen, revealing its dual‑extortion tactics, multi‑platform targets, and sophisticated evasion methods. Group‑IB’s March 19 report shows the group exploits FortiGate VPN devices, uses PowerShell, BYOVD drivers, and...
The UK Financial Conduct Authority has unveiled new cyber‑incident reporting rules that clarify what events firms must disclose and streamline the submission process via a single portal shared with the PRA and Bank of England. The guidance narrows reporting thresholds,...
