Information Security Magazine

Germany, the Netherlands and four of the Five Eyes countries share a common asset inventory for industrial cybersecurity

Cisco has issued a software update to address the vulnerability, which can allow an unauthenticated, remote attacker to inject arbitrary shell commands

A new Checkmarx study reveals that AI-generated code now accounts for over 60% of codebases in some companies, much of which contains known vulnerabilities

A RUSI report warned that money mules are exploiting inadequate security controls in smaller payment service providers to move fraudulent transactions about

A flaw in KernelSU 0.5.7 allows attackers to impersonate its manager app and gain root access to Android devices

An ongoing malware campaign has been observed using malvertising to deliver PS1Bot, a PowerShell-based framework

The Bureau’s Internet Crime Complaint Center has provided a list of indicators for potential cryptocurrency scam victims to avoid a double whammy

Abnormal AI said gaining access to such accounts provides opportunities for sophisticated fraud schemes that impersonate officials

Fortinet reveals details of a new critical-rated vulnerability in FortiSIEM circulating in the wild

The UK government has announced 10 new live facial recognition police vans to be deployed around the country

A critical RCE vulnerability in Erlang’s OTP SSH daemon has been identified that allows unauthenticated command execution

AI-powered trading platforms have been observed exploiting deepfake technology to trick investors with fake endorsements

The personal data of almost 145,000 people who were registered in Manpower’s systems was compromised

Mayor of St. Paul, Minnesota, Melvin Carter, confirmed that employee data was published online by the Interlock ransomware gang

The US Department of Justice has announced the seizure of domains, servers and $1m in proceeds from the BlackSuit ransomware group

Microsoft announced updates for 107 vulnerabilities on Patch Tuesday, including one zero-day

In a new investigation launched at DEFCON 33, Analyst1’s Jon DiMaggio revealed probable Russian government involvement in the Kaseya attack

A new technique has bypassed GPT-5’s safety systems via narrative-driven steering to elicit harmful output

Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments

The sophisticated campaign aims to steal credentials of sponsor license holders to facilitate immigration fraud, extortion and other monetization schemes