G7 countries ranked cyber-attacks as the top risk, while BICS members placed cyber threats only as the eighth most pressing risk

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX

Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns

Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle

New TrendAI report warns that most security tools can’t protect against attacks on AI skills artifacts

Flashpoint warns of a dramatic drop in the average time between vulnerability disclosure and exploitation

Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware

A federal court has sentenced crypto-scammer Daren Li to 20 years in absentia

This year should break all the records in terms of vulnerability disclosed, reaching or even surpassing 50,000 new CVEs disclosed

Six actively exploited zero-day bug have been patched by Microsoft

High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files

Picus Security warns of the increasingly sophisticated ways malicious activity is staying hidden

ZeroDayRAT is a new mobile spyware targeting Android and iOS, offering attackers persistent access

Operation Cyber Guardian was Singapore’s largest and longest running anti-cyber threat law enforcement operation

NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers

The European Commission and government agencies in Finland and the Netherlands have suffered potentially related breaches

Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution

Two Connecticut men face federal charges for a $3m scheme targeting online gambling platforms

VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds

The services of Florida-based payments platform BridgePay are offline due to a ransomware attack

Revolut claims social media sites make £3.8bn annually from scam ads targeting European users

SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack

CISA has issued a new directive requiring federal agencies to decommission all end of support edge devices within 12 months to reduce ongoing exploitation risks

DKnife is a Chinese made malware framework that targets Chinese-based users

Substack did not specify the number of users affected by the data breach

Infosecurity Europe 2026 will debut a new Cyber Startup Programme, featuring a dedicated show-floor zone for early-stage cybersecurity companies to showcase innovations, connect with investors and highlight emerging technologies

The UK government’s proposed ransomware payment ban for public sector and critical infrastructure will come with national security exemptions

A new WEF report reveals that AI-powered threats like disinformation are among executives’ biggest concerns

The Pall Mall Process begins outreach to define guidelines for private commercial intrusion industry

3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks

Infected 4.3 million Chrome and Edge users via extensions; ShadyPanda exploited browser marketplaces

Google said it found indications that two newly identified vulnerabilities affecting Android “may be under limited, targeted exploitation”

The UK Information Commissioner’s Office has launched an investigation into the mobile gaming sector

New IO study claims 88% of US and UK firms are concerned about state-sponsored cyber-attacks

Android malware Albiriox emerged as MaaS, offering device takeover and real-time fraud capabilities

The South Korean police are tracking the suspect behind a cyber-attack targeting e-commerce giant Coupang

Malicious npm package targets AI security with misleading prompts, exploiting automated analysis

November 2025 saw cybersecurity giants like Palo Alto Networks, Bugcrowd and Zscaler invest in AI-powered security solutions

Europol, alongside Swiss and German authorities, dismantled the illegal cryptocurrency mixing service ‘Cryptomixer’

A Western Australia man will spend seven years behind bars after stealing intimate data via Wi-Fi

At least one London council has had data compromised after a suspected ransomware attack last week

BitSight research has revealed how threat actors exploit calendar subscriptions to deliver phishing links, malware and social engineering attacks through hijacked domains

Darktrace observed a 620% spike in Black Friday-themed phishing in the weeks leading up to the 2025 edition of the sale day

The personal data of over two million amateur football players registered in France could be exposed

Hackers have been hijacking US radio equipment to broadcast false emergency alerts, prompting FCC warnings

A new Bloody Wolf campaign exploits legitimate remote-administration software for cyber-attacks on government targets in Central Asia

Almost two million people may have seen their personal data exposed following a large-scale cyberattack that hit Asahi in September 2025

The breach may have exposed OpenAI API customers’ data

Analysis of ICO records shows no surge in breaches during Q4 2024 with no seasonal spike in reported incidents

New phishing domains point to a campaign from the notorious Scattered Lapsus$ Hunters collective