Both cybercriminals and hacktivists have increased cyber-attacks against industrial technology environments, with vulnerability exploits in these systems almost doubling in 2025, according to Cyble. This according the Cyble Research & Intelligence Labs’ (CRIL) Annual Threat Landscape Report 2025, published on… Read More "Cyber Threat Actors Ramp Up Attacks on Industrial Environments"
A critical misconfiguration in AWS CodeBuild has allowed attackers to seize control of core AWS GitHub repositories, including the JavaScript SDK that underpins the AWS Console. The issue, dubbed CodeBreach by Wiz Research, exposed a weakness in the continuous integration… Read More "CodeBuild Flaw Put AWS Console Supply Chain At Risk"
There has been a significant rise in ransomware campaigns which do not rely on encryption as cybercriminal extortion groups shift their operations. An increasing number of cybercriminals are relying on data theft alone to extort ransom payments out of victims,… Read More "Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion"
A new set of security principles aimed at protecting operational technology (OT) environments has been released by the US Cybersecurity and Infrastructure Security Agency (CISA), the United Kingdom’s National Cyber Security Centre (NCSC) and the Federal Bureau of Investigation (FBI),… Read More "Global Agencies Release New Guidance to Secure Industrial Networks"
An active, coordinated exploitation campaign conducted by a botnet has been identified by Check Point Research which is targeting a critical vulnerability affecting HPE OneView. The activity has been attributed to the Linux-based RondoDox botnet and Check Point warned the… Read More "RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave"
Cyber threat actors went all in on credential theft in 2025, with eSentire reporting a 389% year-over-year rise in account compromise, making up 55% of all attacks observed by the cybersecurity firm. The firm’s 2025 Year in Review & 2026… Read More "Account Compromise Surged 389% in 2025, Says eSentire"
A long-running malvertising campaign is dropping backdoor malware onto the networks of organizations around the world through trojanized PDF documents. Dubbed TamperedChef, the malvertising campaign has previously been identified, but researchers at Sophos have detailed how targeting has become widespread… Read More "TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals"
Security researchers have detailed how they discovered and exploited a cross‑site scripting (XSS) vulnerability in a popular infostealer, allowing them to gather crucial evidence about its back-end operations. Ari Novick, a malware researcher at identity security specialist CyberArk, explained in… Read More "Researchers Exploit Bug in StealC Infostealer to Collect Evidence"
UK business leaders are most concerned about cybersecurity breaches over the coming year, but doubt their ability to manage related risk, according to a new study from Nardello & Co. The global investigations firm polled 250 business leaders at enterprises… Read More "Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns"
Law enforcement agencies from Ukraine and Germany have raided the house of two suspected members of the Black Basta ransomware group, seizing evidence of their involvement in cybercriminal activities. The raid took place on January 15 in Lviv and Ivano-Frankivsk,… Read More "Suspects Linked to Black Basta Ransomware Group Raided in Ukraine"
