-
1 week ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
Threat actors ramped up credential theft over the past year, using AI-generated phishing emails and infostealer malware to improve their results, according to IBM. Published this morning, the tech giant’s IBM X-Force 2025 Threat Intelligence Index was compiled from the company’s own incident response engagements, as well as dark web and other threat intelligence sources.
-
1 week ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
Microsoft has blocked billions of dollars’ worth of fraud and scams over the course of the past year as threat actors increase their use of AI and automation. The tech giant said in a Cyber Signals report yesterday that it thwarted $4bn fraud attempts, rejected 49,000 fraudulent partnership enrolments and blocked 1.6 million bot signup attempts per hour. It pointed to three specific areas where AI is helping threat actors to improve outcomes.
-
1 week ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
A surge in the use of scalper bots is causing chaos for driving test applicants in the UK, new research from DataDome has revealed. The fraud prevention specialist claimed that scalpers are using automated programs to book in-demand driving tests when new slots are released every Monday morning. Because the bots are able to do so in under 10 seconds, versus four minutes for the average human, touts have an outsized advantage.
-
1 week ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
The cybersecurity community has reacted with shock and bewilderment at a decision by the US government not to renew MITRE’s contract to manage the Common Vulnerabilities and Exposures (CVE) database. The non-profit’s CVE program has for a quarter of a century helped the security community manage and mitigate software vulnerabilities, while providing critically important information to power threat intelligence, detection and response and other products.
-
1 week ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
Automated traffic now accounts for the majority of activity on the web, with the share of bad bot traffic surging from 32% to 37% annually last year, according to Thales. The French defense giant’s 2025 Imperva Bad Bot Report is now in its 12th year, and based as always on data collected by Imperva’s global network, which apparently blocked 13 trillion bad bot requests across thousands of domains and industries last year.
-
1 week ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
A Huddersfield man has been handed an eight-and-a-half-year sentence for masterminding what became one of the world’s largest phishing-as-a-service (PhaaS) platforms. Zak Coyne, 23, of Woodbine Road, Huddersfield, was sentenced in Manchester Crown Court on Monday after admitting his crimes in September 2024. These included: making or supplying articles for use in frauds; encouraging or assisting the commission of an offense believing it would be committed; and transferring criminal property.
-
3 weeks ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
Over three-fifths of US and British water and electricity firms were targeted by cyber-attacks in the past year, with a majority suffering serious disruption, according to Semperis. The security vendor polled IT and security professionals at 350 water treatment plants and electricity operators in both countries, to compile its report, The State of Critical Infrastructure Resilience. Of the 62% that said they suffered a cyber-attack in the past year, 80% were hit multiple times.
-
3 weeks ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
A large number of phishing campaigns emerged in the aftermath of the Bybit heist, designed to siphon cryptocurrency from its customers, according to BforeAI. The security vendor detected 596 suspicious domains originating from at least 13 different countries in the three weeks following news of the biggest crypto theft in history.
-
3 weeks ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
Steam was the most phished brand in the first quarter of 2025, marking a first for the gaming community, according to new data from Guardio. The security vendor’s analysis of customer emails and texts found Steam was the most spoofed brand “by a significant margin,” beating usual suspects Microsoft and Meta into second and third place respectively.
-
3 weeks ago | 
infosecurity-magazine.com | Phil Muncaster |Phil MuncasterUk
The UK’s data protection regulator has said it is committed to getting back on track after complaint response times plummeted in the past quarter. The Information Commissioner’s Office (ICO) admitted staff have been overwhelmed by a surge in data protection complaints from the public. It claimed to have received 746 more of these between October and December 2024 than in the same period a year previously. “Anyone who has felt the need to make a complaint to us deserves a timely response.
