Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion
Cyber‑criminals are increasingly abandoning encryption‑based ransomware in favor of pure data‑theft extortion. Symantec and Carbon Black report a jump from 28 incidents in 2024 to nearly 1,500 in 2025, while traditional ransomware remained flat at about 4,700 attacks. The surge is driven by exploitation of unpatched zero‑day flaws and software‑supply‑chain weaknesses, exemplified by ShinyHunters’ Salesforce attacks on firms like Allianz and Google. Experts warn that this new threat vector demands stronger credential hygiene and supply‑chain oversight.
Cyber Threat Actors Ramp Up Attacks on Industrial Environments
Cybercriminals and hacktivists sharply increased attacks on industrial control systems in 2025, with vulnerability disclosures nearly doubling to 2,451 across 152 vendors. Siemens was the most affected vendor, reporting 1,175 flaws, while Schneider Electric faced a higher proportion of critical...
CodeBuild Flaw Put AWS Console Supply Chain At Risk
Security researchers at Wiz uncovered a critical misconfiguration in AWS CodeBuild that let unauthenticated attackers inject malicious code into core AWS open‑source repositories, including the widely used AWS SDK for JavaScript. The flaw stemmed from an unanchored regular‑expression filter on...
CISO Role Reaches “Inflexion Point” With Executive-Level Titles
The 2026 State of the CISO Report shows a structural shift, with 46% of North American CISOs now holding executive titles such as EVP or SVP. Over half of respondents say their role has expanded to cover SecOps, architecture, GRC,...
Data Privacy Teams Face Staffing Shortages and Budget Constraints, ISACA Warns
ISACA’s State of Privacy 2026 report reveals that median privacy team size dropped to five members, down from eight the previous year, while technical privacy roles face the steepest shortages. Budget pressures persist, with only 36% of respondents feeling adequately...
G7 Sets 2034 Deadline for Finance to Adopt Quantum-Safe Systems
The G7 Cyber Expert Group has issued a recommended roadmap urging financial institutions and public entities to fully adopt post‑quantum cryptography by 2034. The plan outlines six phases—from awareness and inventory to migration, testing and validation—spanning 2025‑2035. While advisory, it...
Microsoft Fixes Three Zero-Days on Busy Patch Tuesday
Microsoft released its latest Patch Tuesday update, fixing 114 CVEs including three critical zero‑day bugs. The zero‑days are CVE‑2026‑20805 (information disclosure in Desktop Window Manager), CVE‑2026‑21265 (secure‑boot certificate bypass), and CVE‑2023‑31096 (elevation of privilege in legacy Agere modem drivers). The...
Parliament Asks Security Pros to Shape Cyber Security and Resilience Bill
The UK Parliament’s Public Bill Committee has opened a consultation for the Cyber Security and Resilience Bill (CSRB), the successor to the 2018 NIS Regulations and a NIS2‑style overhaul for critical infrastructure. After its second reading, the bill now enters...
Global Magecart Campaign Targets Six Card Networks
Security firm Silent Push uncovered a long‑running Magecart skimming operation that has been active since 2022. The campaign injects malicious JavaScript into e‑commerce sites, targeting six major payment networks – American Express, Diners Club, Discover, JCB, Mastercard and UnionPay. Victims see a...
World Economic Forum: Cyber-Fraud Overtakes Ransomware as Business Leaders' Top Cyber-Security Concern
The World Economic Forum’s Global Cybersecurity Outlook for 2026 reveals that phishing attacks have eclipsed ransomware as the chief concern for business leaders. Seventy‑seven percent of respondents reported a rise in cyber‑enabled fraud, and 73 percent said they or a...
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrested
Europol coordinated a multi‑national operation that led to the arrest of 34 members of the Black Axe cyber‑crime gang across Spain and Germany. Spanish police detained suspects in Seville, Madrid, Málaga and Barcelona, while German authorities assisted in the raids....
World Economic Forum: Deepfake Face-Swapping Tools Are Creating Critical Security Risks
The World Economic Forum’s Cybercrime Atlas report warns that advanced deep‑fake face‑swapping tools are now capable of bypassing know‑your‑customer (KYC) and remote verification processes. Researchers examined 17 commercial face‑swap applications and eight camera‑injection tools, finding that low‑latency, high‑fidelity swaps can...
AI-Powered Truman Show Operation Industrializes Investment Fraud
Security firm Check Point uncovered an AI‑driven investment fraud that stages a "Truman Show"‑style reality for victims. The operation uses unsolicited SMS and ads to lure targets into WhatsApp groups populated by AI‑generated experts and fake members who showcase fabricated...
New Zero-Click Attack Lets ChatGPT User Steal Data
Researchers at Radware disclosed a new prompt‑injection method called ZombieAgent that lets ChatGPT exfiltrate data from integrated services such as Gmail, Outlook, Google Drive, and GitHub. The technique sidesteps OpenAI’s recent URL‑modification guardrails by using pre‑built static URLs, leaking information...
China-Linked UAT-7290 Targets Telecom Networks in South Asia
Cisco Talos has identified a long‑running cyber‑espionage campaign, designated UAT‑7290, targeting high‑value telecommunications infrastructure across South Asia since at least 2022. The group compromises public‑facing edge devices using one‑day vulnerabilities and SSH brute‑force techniques, deploying a suite of Linux‑based tools...
Fifth of Breaches Take Two Weeks to Recover From
A new Absolute Security report, based on a poll of 750 CISOs in the US and UK, finds that endpoint disruptions from cyber‑attacks often require 3‑6 days to remediate, with 19% taking up to two weeks. The average cost to...
US To Leave Global Forum on Cyber Expertise
The Trump administration signed an executive order on Jan. 7 withdrawing the United States from 66 international bodies, including the Global Forum on Cyber Expertise (GFCE) and the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE). Both organizations coordinate...
Versatile Malware Loader Pkr_mtsi Delivers Diverse Payloads
ReversingLabs identified a Windows packer named pkr_mtsi that serves as a versatile malware loader in large‑scale malvertising and SEO‑poisoning campaigns. First seen in April 2025, it disguises fake installers for popular tools like PuTTY, Rufus and Microsoft Teams, then delivers...
Ghost Tap Malware Fuels Surge in Remote NFC Payment Fraud
Group‑IB uncovered a new Android malware family, dubbed Ghost Tap, that enables criminals to perform unauthorized tap‑to‑pay transactions by remotely relaying NFC card data. Over 54 malicious APKs, disguised as legitimate finance apps, are sold on Chinese‑language Telegram channels where...
High-Severity Flaw in Open WebUI Affects AI Connections
A high‑severity vulnerability (CVE‑2025‑64496) was found in Open WebUI versions 0.6.34 and earlier when the Direct Connections feature is enabled. The flaw lets a malicious AI endpoint send crafted server‑sent events that execute JavaScript in the user’s browser, stealing localStorage tokens and...
Jaguar Land Rover's Q3 Sales Crash Amid Cyber-Attack Fallout
Jaguar Land Rover reported a sharp sales decline in Q3 2025 after a late‑August cyber‑attack crippled its factories. Retail volumes fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Production stoppages in September and lingering...
VVS Stealer Uses Advanced Obfuscation to Target Discord Users
The VVS stealer, a Python‑based malware family distributed as a PyInstaller package, employs Pyarmor obfuscation to evade detection and specifically harvest Discord tokens and browser credentials. It injects malicious JavaScript into the Discord client, extracts data from Chromium‑based and Firefox...
