The State of Ransomware in Retail 2025

Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. Described by Guardio Labs an “AI-era take on the ClickFix scam,” the attack technique demonstrates how AI-driven…

Anna Isaac reports: They call it “stopping the bleeding”: the vital window to prevent an entire database from being ransacked by criminals or a production line grinding to a halt. When a call comes into the cybersecurity firm S-RM, headquartered on Whitechapel High Street in east London, a hacked business or institution may have just……

Email-based attacks aren’t relics of the past. They’re active, sophisticated, and increasingly lucrative for attackers. 

For some perspective on the numbers affected by breaches over time,  Emma Woollacott reports: Around seven British user accounts were breached every minute during the second quarter of 2025 – more than three million in total. While data breaches dropped globally by 58% from the previous quarter, the number rose from 70 million to 94…

An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme. “This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads,” Bitdefender

Exposed database backups discovered and reported by researcher @JayelTee are now being reported in more mainstream news after OrthoMinds issued a press about the incident. Marianne Kolbasuk McGee reports: A vendor of cloud-based orthodontic practice software is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last…