Information Security Magazine

New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country

UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year

The UK’s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable”

AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm

Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development

Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims

Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections

Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns

ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024

The National Audit Office warns of major gaps in cyber resilience across UK government departments

Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks

Group-IB researchers have exposed the highly organized affiliate platform and sophisticated operations of the Lynx Ransomware-as-a-Service group

A Ponemon Institute survey highlighted the growing impact of ransomware attacks on victims’ revenue and reputation

An API supply-chain attack affecting a popular online travel booking service put millions of airline users at risk

The number of data breach victims increased 312% annually to exceed 1.7 billion in 2024, according to the ITRC 2024 Annual Data Breach Report

The three Russian hackers are believed to be part of Unit 29155 of the GRU, also known as Cadet Blizzard, Ember Bear and Ruinous Ursa

Three men have been sentenced after pleading guilty to running an account hijacking service for fraudsters

A new phishing tactic has been identified by Cisco Talos, using hidden text salting to evade email security measures

Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations' security measures not set up to deal with these attacks

A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials