Information Security Magazine

A new phishing attack uses corrupted Word docs to bypass security, luring victims with fake payroll and HR emails

Crypto.com has launched a massive $2m bug bounty program on HackerOne, the largest ever offered on the platform, to enhance platform security

SmokeLoader malware identified targeting Taiwanese firms via phishing, exploiting Microsoft Office vulnerabilities

Mikhail Matveev, aka WazaWaka, had worked with several ransomware groups, including Babuk, Conti, Darkside, Hive and LockBit

Bologna FC has revealed a ransomware attack, with data on players, fans and employees thought to have been stolen

Interpol’s Operation Haechi V has led to the arrest of over 5500 individuals and seizure of $400m obtained via online fraud

The NHS Trust is investigating the incident with the help of the National Crime Agency

Romania’s national security council suggested that Russia is behind these attacks, amid a court order for a recount of votes in the first round of the country’s presidential election

A report from the charity the Cyber Helpline found that 98% of cyber enabled crimes result in no further action from the police or justice system

A malicious PyPI package “aiocpa,” that stole crypto wallet data via obfuscated code, has been removed after being reported by Reversing Labs researchers

A new cyber-attack technique uses Godot Engine to deploy undetectable malware via GodLoader, infecting more than 17,000 devices

This vulnerability was patched in May 2024 but was only allocated a CVE in November after evidence of exploitation

Customers of Advantech’s EKI-6333AC-2G industrial-grade wireless access point have been urged to update their devices to new firmware versions

European police have arrested 21 individuals linked to a violent Albanian gang after decrypting their Sky ECC communications

The CSO of T-Mobile has clarified that no customer information was stolen by Chinese hacking group Salt Typhoon

APT-C-60 targets Japan with phishing emails, using job application ruse and malware via Google Drive

Bootkitty, the first Linux-targeting UEFI bootkit, bypassed kernel security in a proof-of-concept attack

One of the priorities of the newly-approved Von der Leyen Commission II will be to strengthen the healthcare sector’s cyber resilience

A pro-Russian hacktivist collective, CyberVolk, has launched its own ransomware-as-a-service operations, SentinelLabs has found

Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks