Information Security Magazine

Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites

Cyber-attacks by China-linked MirrorFace targeted Japan’s national security information in major campaigns operating since 2019

A school district said that PowerSchool paid a ransom to prevent the attackers releasing data it accessed of students and teachers in North America

A court has ruled the EU Commission infringed an individual’s right to the protection of their personal data by transferring their details to the US

The UK government has pledged nearly £2m to 30 new Cyber Local projects designed to enhance cyber resilience

Ivanti customers are urged to patch two new bugs in the security vendor's products, one of which is being actively exploited

The Green Bay Packers disclosed on Monday that their official online store was breached and customer information stolen

The voluntary Cyber Trust Mark labeling program will allow consumers to assess the cybersecurity of IoT devices when making purchasing decisions

A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients

Electronics firm Casio revealed that ransomware attackers have leaked the personal data of employees, customers and business partners

A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices

Group-IB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details

New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI

Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution

Netskope observed a 190% growth in enterprise users clicking phishing links as attackers become more creative in delivering effective lures

The UK government is cracking down on the generation of sexually explicit deepfakes in a bid to protect women and girls

The US Cybersecurity and Infrastructure Security Agency claims a recent China-linked breach was confined to the Treasury

A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data

The PhishWP plugin enables scammers to create fake payment pages, stealing sensitive data via Telegram

Taiwan’s security service said government networks faced 2.4 million attacks in 2024, most of which are attributed to Chinese state actors