2025

Attackers targeting unpatched Cisco kit notice malware implant removal, install it again

PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more Infosec in brief  Australia’s Signals Directorate (ASD) last Friday warned that attackers are installing an implant named “BADCANDY” on unpatched Cisco IOS XE devices and can detect…

Russia finally bites the cybercrooks it raised, arresting suspected Meduza infostealer devs

Rare case of the state turning on its own, but researchers say it may be doing so more often Russia's Interior Ministry says police have arrested three suspects it believes helped build and spread the Meduza infostealer.…

Attackers dig up $11M in Garden Finance crypto exploit

Bitcoin bridge biz offers 10 percent reward to attackers if they play nice Blockchain company Garden admits it was compromised and temporarily shut down its app after approximately $11 million worth of assets were stolen.…

Resilience, not sovereignty, defines OpenStack’s next chapter

Price hikes, politics, and platform fatigue drive organizations back toward open alternatives OpenInfra Summit  Sovereignty might be the word of the hour, but the OpenStack community has another – resilience.…

NHS left with sick PCs as suppliers resist Windows 11 treatment

Hospitals told to upgrade, but some medical device makers haven't prescribed compatibility yet NHS hospitals are being blocked from fully upgrading to Windows 11 by a small number of suppliers that have yet to make their medical devices compatible with Microsoft's latest operating system.…

Europe preps Digital Euro to enter circulation in 2029

Because fewer people like banknotes, and payment sovereignty is a problem The Governing Council of the European Central Bank (ECB) has decided the bloc needs a digital version of the Euro, and ordered work that could see it enter circulation in 2029.…

Docker Compose vulnerability opens door to host-level writes – patch pronto

Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity Docker Compose users are being strongly urged to upgrade their versions of the orchestration tool after a researcher uncovered a flaw that could allow attackers to stage path traversal attacks.…

Invisible npm malware pulls a disappearing act – then nicks your tokens

PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly difficult for security apps to identify.…

Cyberpunks mess with Canada’s water, energy, and farm systems

Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls Hacktivists have breached Canadian critical infrastructure systems to meddle with controls that could have led to dangerous conditions, marking the latest in a string of real-world intrusions driven by online activists rather than spies.…

Postcode Lottery’s lucky dip turns into data slip as players draw each other’s info

Biz says 'technical error' caused short-lived leak affecting small number of users A major UK lottery organization says it has resolved a technical error that exposed customer data to other users.…

Copyright © 2026 Lugapel