Security Stop Press : Microsoft Disrupts 240 Phishing Sites Amid Surge in AiTM Attacks
Microsoft’s Digital Crimes Unit (DCU) has reported dismantling 240 fraudulent websites linked to an Egypt-based cybercrime group, thereby disrupting a key operation within the expanding “Phishing-as-a-Service” (PhaaS) industry. Central to the threat is the rapid rise of “Adversary-in-The-Middle” (AiTM) phishing attacks, which allow attackers to intercept and manipulate communications, bypassing multifactor authentication (MFA) protections. Microsoft’s […]
Security Stop-Press : Microsoft Customer Data Found On Public Server
Researchers at cyber security company SOCRadar have reported finding sensitive data belonging to thousands of Microsoft customers on a on a misconfigured public server. The researchers have reported that the data includes over 335,000 emails, 133,000 projects, and that 548,000 exposed users and could be the most significant B2B data leak in the recent […]
Security Stop-Press : Microsoft 365 Loophole Could Allow Ransomware Attack
Proofpoint researchers have reported finding a way that attackers could use a Microsoft 365 loophole to launch ransomware attacks. The method involves using compromised SharePoint Online or OneDrive accounts to reduce the (user-configurable) setting for the number or saved versions in SharePoint Online or OneDrive. Attackers can then encrypt files in those drives so that […]
Security Stop-Press : Microsoft 365 Banned In German Schools
The German Data Protection Conference (DSK) has banned the use of Microsoft Office 365 in German schools over an alleged lack of transparency about how personal data is processed, and the potential for third-party access to it. The ban has also been issued because the DSK believes the use O365 is not legally compliant with […]
Security Stop-Press : Mic-Snooping Malware Added To Legit Google Play App
ESET researchers have reported finding mic-snooping hidden malware in the legitimate Android iRecorder – Screen Recorder (screen-and-audio recorder) app while it was still available in the Google Play Store. The malware was added as an update, and it’s thought that tens of thousands of people may have downloaded the app before Google was alerted and […]
Security Stop-Press : Meta Warns Of Rise In ChatGPT-Related Malware Across Its Platforms
Facebook’s parent company Meta has warned of a rise in ChatGPT-related malware across its platforms, designed to lure users into downloading malicious apps and browser extensions. Meta says that since March it has found around 10 malware families and more than 1,000 malicious links being promoted as tools featuring ChatGPT. Meta’s Chief Information Security Officer […]
Security Stop Press : Mass WS_FTP Exploitation Warning
Researchers at Rapid7 have reported a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server (a program that enables the upload and download files to and from a server). Rapid7 reported that from September 30, it has observed “multiple instances of WS_FTP exploitation in the wild”. With secure file transfer technologies continuing to be […]
Security Stop-Press : Malware Hidden In Space Telescope Photos
Security intelligence solutions company Securonix has warned that threat actors have been using the ‘Go’ programming language and a Microsoft Office attachment in a phishing email to launch malware attacks. If the recipient of the email opens it and has macros enabled, a photo from the James Webb Space Telescope is downloaded which then triggers […]
Security Stop Press : Malicious AI-Driven Bots Make Up Over a Third of Internet Traffic
Malicious bots now account for 37 per cent of all internet traffic, according to cybersecurity firm Imperva’s 2025 Bad Bot Report, with AI playing a central role in their rapid evolution. For the first time in a decade, automated traffic (51 per cent) has overtaken human activity online. The rise of accessible AI tools has […]
Security Stop Press : LLM Malicious “Prompt Injection” Attack Warning
The UK’s National Cyber Security Centre (NCSC) has warned of the susceptibility of existing Large Language Models (LLMs) to malicious “prompt injection” attacks. These are where a user creates inputs intended to cause an AI model to behave in an unintended way e.g., generating offensive content or disclosing confidential information. This means that businesses integrating […]