Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
The Cybersecurity Communities of Support (CyCOS) pilot, launched by UK universities, is expanding from two to seven peer‑led communities for small and micro businesses. The growth adds five new SME‑facilitated groups and coincides with a handover of governance from academia to the Chartered Institute of Information Security (CIISec). CyCOS offers webinars, live AMA sessions and an online support‑broker platform to deliver practical, low‑cost cyber guidance. The initiative will be highlighted on a panel at Infosecurity Europe 2026.
Attackers Move Past Typosquatting to Realistic Package Impersonation
Sonatype’s latest research of 4,309 malicious open‑source packages reveals a dramatic shift away from classic typosquatting. Only 9% of the threats rely on misspelled names, while 91% use naming‑variant tactics such as suffixes, prefixes, and version mimicry. The most common...
GCHQ Chief Urges Action as AI Reshapes Cyber Threats
GCHQ director Anne Keast‑Butler warned that AI is rapidly reshaping cyber threats, turning attacks into machine‑speed assaults that outpace human defenses. She framed cybersecurity as a national‑defence issue and urged UK businesses to act now rather than wait for guidance....
CrowdStrike, Google Take Down Glassworm Botnet
A joint operation by CrowdStrike, Google and the Shadowserver Foundation has dismantled the Glassworm botnet by simultaneously disabling its four command‑and‑control channels, which included VPS servers, Google Calendar entries, peer‑to‑peer networks and Solana blockchain memo fields. Glassworm, active since early...
All Major LLMs Exposed to Multi-Turn Manipulation, Warn Researchers
Researchers at Cisco discovered that multi‑turn conversations can circumvent the safety guardrails of leading large language models, including ChatGPT, Claude, Gemini, Amazon Nova, and xAI’s Grok. By iteratively reframing requests, adopting personas, and exploiting configuration settings such as Grok’s reasoning...
PureLogs Variant Steals Data via Purchase Order Lures
A new PureLogs infostealer variant is being delivered via purchase‑order phishing emails that contain a RAR archive with malicious JavaScript. The script decrypts PowerShell code, bypasses execution policies and uses process hollowing to run the payload inside MsBuild.exe. The fileless...
BTMOB Android RAT Spreads Through No-Code Builder Tooling
Security firm ESET has identified BTMOB, an Android remote‑access trojan sold as a malware‑as‑a‑service kit that lets buyers create custom payloads without coding. The RAT spreads via phishing sites that mimic streaming services, crypto‑mining platforms, or tax agencies, and uses...
Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
Security researchers at EclecticIQ uncovered a coordinated campaign that masquerades as Google Gemini’s CLI and Anthropic’s Claude Code installation pages. By leveraging SEO‑poisoning, the fake domains rank above legitimate results, directing developers to PowerShell‑based installers that deploy an in‑memory infostealer....
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
GitHub confirmed that a malicious version of the Nx Console VS Code extension compromised 3,800 internal repositories after an attacker uploaded the poisoned package to the Visual Studio Marketplace. The extension, which had 2.2 million installs, fetched an obfuscated payload that harvested...
Three-Quarters of Firms Knowingly Ship Vulnerable Code
A new Checkmarx study finds 75% of organizations still ship code they know contains vulnerabilities, a slight improvement from 81% last year but still alarming. AI‑generated code is dramatically accelerating exploit timelines, shrinking the average time‑to‑exploit from 840 days in...
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
A nine‑year‑old logic flaw in the Linux kernel’s ptrace path (CVE‑2026‑46333) enables unprivileged local users to read sensitive files such as SSH host private keys and the /etc/shadow password hash on default Debian, Fedora and Ubuntu installations. The vulnerability resides...
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Zimperium’s zLabs uncovered a 10‑month Android malware campaign, dubbed Premium Deception, that deployed nearly 250 counterfeit apps mimicking popular brands to enroll victims in premium‑SMS services. The operation, active from March 2025 to January 2026, targeted users in Malaysia, Thailand, Romania and...
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
Security firm Barracuda has identified a new scareware called CypherLoc that has launched roughly 2.8 million attacks since early 2026. The malware is delivered via phishing emails that load a malicious web page which only activates under specific conditions, evading sandbox...
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
Microsoft’s Digital Crimes Unit filed a civil suit in New York to dismantle Fox Tempest, a cyber‑crime enabler that sold malware‑signing‑as‑a‑service. The group’s infrastructure, including the Signspace.cloud site and roughly 1,000 accounts, was sinkholed and hundreds of VPS instances were disabled....
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
AI-powered vulnerability scanners such as Claude Mythos and OpenAI’s GPT 5.5‑Cyber now enable firms to instantly locate and remediate software bugs. ENISA’s chief highlighted that under the EU Cyber Resilience Act, which takes full effect on 11 December 2027, security by design is...