Information security

Information security

Security management positions are filled much less often in corporations compared to roles related to general business functions. Excluding guarding operations, security professionals are generally far outnumbered by members of other departments within companies. Consequently, in-house talent acquisition teams may find it challenging to identify strong candidates due to their infrequent recruitment for security roles. Hiring managers who effectively convey their requirements to recruiters, whether internal or external, often experience more successful hiring outcomes.

CrowdStrike has teamed up with Meta to launch a new open-source suite of benchmarks to test the performance of AI models within an organization's security operations center (SOC). Dubbed , the suite is designed to help businesses sift through a growing mountain of AI-powered cybersecurity tools to help them hone in on one that's ideally suited for their needs. "Without clear benchmarks, it's difficult to know which systems, use cases, and performance standards deliver a true AI advantage against real-world attacks," CrowdStrike wrote in a press release.

A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming solution to automate testing workflows.

In most scenarios, attackers don't think of themselves as attacking your web browser. Their end-goal is to compromise your business apps and data. That means going after the third-party services that are now the backbone of business IT. The most common attack path today sees attackers log into third-party services, dump the data, and monetize it through extortion. You need only look at last year's Snowflake customer breaches or the still-ongoing Salesforce attacks to see the impact.

Online gaming fraud prevention is more than a compliance requirement-it's central to how Roobet builds trust with players and protects its platform. In a high-velocity environment where fraud tactics evolve quickly, maintaining that trust takes more than reactive tools. That's why Roobet chose SEON. Its real-time fraud prevention and AML technology gives the platform the flexibility to adapt quickly, the visibility to detect emerging threats, and the control to stop fraud before it impacts gameplay or user experience.

Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character substitutions, they tricked victims into visiting spoofed pages and downloading malware."

Kimsuky, a notorious cybercrime squad believed to be sponsored by the North Korean government, used a deepfaked image of a military employee ID card in a July spear-phishing attack against a military-related organization, according to the Genians Security Center (GSC), a South Korean security institute. The file's metadata indicated it was generated with ChatGPT's image tools, according to Genians, despite OpenAI's efforts to block the creation of counterfeit IDs.

The Slack pings, welcome emails, and virtual coffee chats were a blur, but the moment that kept me awake came later that night: Did we actually capture every signature we need? That nagging question set me on a year‑long quest to remove guesswork- and 3 a.m. logins- from our onboarding compliance checklist. What follows is the distilled playbook I now trust to prove every legal box is ticked before a new starter even spots the Wi‑Fi password on their laptop sleeve.

Chinese censorship sprang a major leak on September 11, when researchers confirmed that more than 500GB of internal documents, source code, work logs, and internal communications from the so-called Great Firewall were dumped online, including packaging repos and operational runbooks used to build and maintain China's national traffic filtering system. The files appear to originate from Geedge Networks, a company that has long been linked to Fang Binxing - widely described as the "father" of the Great Firewall -

Two days later, Vigo received a text message from iCloud, Apple's cloud service: Find my iPhone 13 mini. It has been connected to the internet and located today. Last location. It included a link to a strange address: apple(.)device-maps.net. The text message was awful: typos, a suspicious domain, and iCloud, says Vigo. But as a hacker, and with his partner without her cell phone, Vigo wasn't going to let that message go unnoticed.

Two researchers reported finding serious vulnerabilities, including ones that expose employee information and drive-through orders, in systems run by Restaurant Brands International (RBI), which owns the Tim Hortons, Burger King and Popeyes brands. The vulnerabilities were reported to the vendor and quickly fixed. In addition, RBI said the system targeted by the researchers is still in early development. However, the company still sent a DMCA complaint to the researchers to force them to remove the blog post detailing their findings.

Healthcare organizations are increasingly being targeted in email attacks, research shows, and Microsoft 365 is often the weakest link. More than half (52%) of all healthcare email breaches last year involved the Microsoft 365 business email platform, up from 43% the year before. According to research from Paubox, there were 107 such attacks in the first half of this year.

A cyber attacker installed the Huntress endpoint security solution to protect himself. What he didn't realize was that this allowed Huntress to monitor his activities. Despite some controversy, the security company claims that valuable information was obtained. When a host signaled malware to Huntress, it turned out to be an old acquaintance: the same "machine name," or unique device identifier, had appeared in several previous incidents.

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part of highly-targeted attacks.

Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices. The vulnerability, tracked as CVE-2025-21043, affects Android OS versions 13, 14, 15, and 16.

CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact of risk clear to business decision-makers?

Since 2022, the ICO has investigated 215 hacks and breaches in education settings and says 57% were carried out by children. According to the new data, almost a third of the breaches involved students illegally logging into staff computer systems by guessing passwords or stealing details from teachers. In one incident, a seven-year-old was involved in a data breach and subsequently referred to the National Crime Agency's Cyber Choices programme to help them understand the seriousness of their actions.

Satellite networks are integral to myriad aspects of modern society, providing essential services that support both civilian and military operations. As our dependency on satellite networks has increased, so has the risk of cyber threats targeting these critical infrastructures. Any disruption of satellite services can negatively impact everything from emergency response systems to financial transactions to navigation. That makes ensuring the cybersecurity of satellite networks essential to maintaining global stability and security.

The Cybersecurity and Infrastructure Security Agency is exploring more diversified funding mechanisms to help cover the cost of a bedrock vulnerability cataloging program that's been relied upon by the cyber community for years. The Common Vulnerabilities and Exposures Program faced a near complete lapse in funding in April when MITRE, the research giant that funds much of the program's functions, warned of an imminent end to federal backing for the cornerstone cybersecurity project. The lapse was reversed within hours after outcry from the cybersecurity community.

The phishes target any Google and Microsoft accounts, from small businesses to large enterprises, we're told. And while Okta didn't have a confirmed victim count, "we have observed high-confidence account takeovers in multiple entities," the threat intel team told us. "By extension, we expect Microsoft and Google will have observed a larger number of ATO events, given that VoidProxy proxies non-federated users directly with Microsoft and Google servers."

According to Mosyle's analysis, ModStealer is being delivered to victims through malicious job recruiter ads targeting developers. It uses a heavily obfuscated JavaScript file written with NodeJS that remains completely undetectable by signature-based defenses. And this one isn't just targeting Mac users either; Windows and Linux environments are also at risk. The malware's main goal is data exfiltration, with a particular focus on cryptocurrency wallets, credential files, configuration details, and certificates.

After years of being dominated by outsiders, the computer surveillance software industry is booming in the United States as investors rush into the ethically dodgy but highly lucrative field. The Atlantic Council think tank reported that US investment in surveillanceware rocketed in the last year and identified 20 new US investors, and noted the number of resellers is also rapidly increasing.

DDoS detection tool FastNetMon detected a DDoS attack of 1.5 billion packets per second. The target: a European provider of DDoS scrubbing services. The attack is one of the largest DDoS attacks ever, but still falls far short of the 11.5 billion packets recently detected by Cloudflare. The choice of target is striking in any case: the DDoS attack was aimed at a service that protects other organizations against the consequences of such a "packet flood."