Decline in UK Cyber Essentials Certification Numbers – Infosecurity Magazine
Over a decade after the establishment of the UK’s Cyber Essentials scheme, the government recognizes that the current number of certified UK organizations falls significantly short of expectations. Approximately…

Maximizing Control Effectiveness: The Key to Comprehensive Security Beyond Tools Alone
Recent surveys reveal that a significant 61% of cybersecurity leaders have experienced breaches due to poorly configured security controls within the past year, despite the deployment of an average…

Google Deploys On-Device AI Security Measures to Identify Scams in Chrome and Android Platforms
Google has announced the rollout of new artificial intelligence (AI)-powered measures designed to combat scams across its platforms, specifically Chrome, Search, and Android. The company will utilize Gemini Nano,…

Cisco Addresses Critical IOS XE Vulnerability Allowing Potential Device Hijacking
Cisco has addressed a high-severity vulnerability in IOS XE Software affecting Wireless LAN Controllers. This flaw, identified as CVE-2025-20188, involves a hard-coded JSON Web Token (JWT) which enables unauthenticated…

FBI Issues Warning Regarding Malicious Services Aiming at Outdated Router Systems
Edge devices, particularly routers that no longer receive security updates, have become prime targets for cyber threat actors. Recently, reports from law enforcement have indicated that known vulnerabilities in…

PowerSchool Pays Ransom; Cybercriminals Shift Focus to Educators for Additional Exploitation
In response to a significant data breach, PowerSchool has opted to meet the demands of ransomware perpetrators. This decision has resulted in heightened scrutiny concerning the security protocols of…

Elevating Security Posture: A Comprehensive Approach Beyond Vulnerability Management
The reactive nature of vulnerability management, along with the delays introduced by policy and process constraints, places considerable strain on security teams. Capacities are often limited, making immediate patching…

Pearson Experiences Cybersecurity Breach Resulting in Compromised Customer Data
Education provider Pearson has been compromised in a recent cyberattack that has exposed sensitive corporate and customer data. The company, which is based in the United Kingdom and serves…

UN Introduces Comprehensive Cyber-Attack Assessment Framework
The United Nations has introduced a new cyber-attack assessment framework to complement existing cybersecurity models like the MITRE ATT&CK framework. The United Nations Institute for Disarmament Research (UNIDR) Intrusion…

Targeting Brazilian Executives: Initial Access Brokers Exploit NF-e Spam and Authorized RMM Trials
Cybersecurity experts have raised alarms over a new campaign aimed at Portuguese-speaking users in Brazil, distributing trial versions of commercial remote monitoring and management (RMM) software since January 2025.…

Supply Chain Compromise Targets npm Package with 45,000 Weekly Downloads
An npm package, ‘rand-user-agent’, has been affected by a supply chain attack that resulted in the injection of obfuscated code designed to activate a remote access trojan (RAT) on…

Google Implements On-Device AI to Combat Scams on Chrome and Android
Google has initiated the integration of Gemini Nano, its on-device large language model (LLM), within the latest version of Chrome to enhance defenses against online spam, scams, and phishing…

Exploitation of Legacy Login in Microsoft Entra ID Compromises Cloud Account Security
A vulnerability identified in Microsoft Entra ID’s legacy authentication mechanism has raised significant concerns regarding the security of multi-factor authentication (MFA) for administrative accounts, particularly within the financial sector.…

Pearson Corporation Suffers Cybersecurity Breach compromising Customer Information
Education giant Pearson has experienced a significant cyberattack, resulting in the compromise of corporate data and personal information pertaining to customers. Based in the United Kingdom, Pearson is recognized…

Securing AI Agents: Proactive Measures to Protect Your Business from Cyber Threats
AI agents are significantly transforming business operations by enabling tasks such as answering queries, automating processes, and enhancing user experiences. However, this powerful capability introduces substantial security vulnerabilities, including…

Germany Conducts Operation to Dismantle eXch Cryptocurrency Exchange and Confiscate Servers
The Federal Criminal Police Office of Germany (BKA) has initiated a significant crackdown on the eXch cryptocurrency exchange by dismantling its server infrastructure amid accusations of facilitating money laundering…

PowerSchool Acknowledges Ransom Payment in Response to New Extortion Threats
Education technology provider PowerSchool has confirmed that it paid a ransomware demand to prevent cybercriminals from publishing stolen data belonging to teachers and students in the US and Canada.…

Masimo Manufacturing Facilities Targeted in Cybersecurity Incident
California-based Masimo Corporation, a health technology and consumer electronics firm, has experienced a cyberattack that affected its production facilities. In a disclosure to the Securities and Exchange Commission (SEC),…

Advanced Phishing Attack Exploits Blob URIs to Display Deceptive Login Pages in Browsers
Cofense Intelligence has identified an innovative phishing technique that employs blob URIs to generate fraudulent local login pages, effectively circumventing traditional email security measures. This method allows attackers to…

Security Breach: Over 3,200 Cursor Users Compromised by Malicious npm Packages with Backdoor Threats and Credential Theft
Cybersecurity experts have identified three malicious npm packages aimed specifically at the macOS version of Cursor, a widely used artificial intelligence (AI)-led source code editor. These packages masquerade as…

Chinese Cyber Actors Target SAP NetWeaver Servers in Coordinated Attack
Forescout Vedere Labs security researchers have identified a series of ongoing attacks exploiting a critical vulnerability in SAP NetWeaver servers, attributed to a Chinese threat actor. This unauthenticated file…