The State of Ransomware in Manufacturing and Production 2025

Cybersecurity researchers are drawing attention to a new campaign that’s using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign. The activity involves the creation of lookalike sites imitating Brazil’s State

The fake human verification process led to infostealer and ransomware infections

David Swan reports: Optus is facing a potential mammoth fine after Australia’s privacy watchdog launched civil Federal Court proceedings over a September 2022 cyberattack in which the personal information of nearly 10 million Australians was stolen. During the cyberattack, which was one of the worst in the nation’s history, hackers gained unauthorised access to the…

Remember the old meme about how many <whatever your profession was> does it take to change a lightbulb?  This week felt like, “How many people does it take to get very sensitive data locked down?” But there was nothing funny about it. Spoiler alert: the answer for this week was:  2 researchers, 1 journalist, 1…

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a

A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. “In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well…