The phishing wave hasn’t stopped. It has only shifted. This week, PyPI users are the target. Attackers are sending emails that look official, asking recipients to “verify their email address” for “account maintenance and security procedures.” The message warns of suspension if ignored. The link, however, points to pypi-mirror.org, a domain unaffiliated with PyPI or the Python Software Foundation. If you clicked and entered your credentials, act fast: change your PyPI password and review your Security History for unusual activity. Any signs of compromise should be reported to [email protected]. The tactic isn’t new. Earlier this year, PyPI saw a nearly…
Kirsten Doyle
Kirsten Doyle
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Ransomware payments are down. Attacks are not. Ontinue’s 2025 half-year threat intelligence report shows a 35% decline in reported ransomware payments compared to last year, from $1.25 billion to $813 million. Yet the number of claimed breaches tells another story. In the first six months of 2025, 4,071 ransomware incidents were recorded across 109 countries. Ninety active groups drove that wave, led by CL0P, AKIRA, and QILIN. Services, manufacturing, IT and communications, and retail were hardest hit. Affiliate networks kept operating even after takedowns, rebranding, and resurfacing. LockBit, for example, re-emerged in updated 4.0 and 5.0 forms, showing how quickly…
Stellantis, the parent of Citroën, FIAT, Jeep, Chrysler, and Peugeot, has confirmed a data breach affecting customers in North America. The company said on Sunday it detected unauthorized access through a third-party service provider that supports its customer service operations. Stellantis did not disclose how many people were affected. The compromised data included customer names, addresses, phone numbers, and email addresses. Stellantis stressed that no financial details or other sensitive personal information were exposed. “Upon discovery, we immediately activated our incident response protocols … and are directly informing affected customers,” the company told Reuters. Federal authorities have been notified. Stellantis…
A cyberattack on a shared check-in and boarding system disrupted air travel across Europe on Saturday, grounding flights and pushing staff back to manual processes. The incident exposed just how dependent modern aviation has become on shared digital infrastructure, and how a single point of failure can ripple across borders. Brussels, Berlin’s Brandenburg, and London’s Heathrow airports were among the first to report problems, forcing staff to revert to manual check-in and boarding procedures. Other airports across Europe said they remained unaffected. “There was a cyberattack on Friday night 19 September against the service provider for the check-in and boarding…
APIs, the invisible engines powering modern mobile apps, are fast becoming one of the biggest security liabilities in enterprise technology. That’s the warning from Zimperium’s 2025 Global Mobile Threat Report, which describes mobile applications as an “attack surface hiding in plain sight.” The report shows just how exposed most apps really are. Nearly half still contain hardcoded secrets like API keys. A third of Android apps (and more than half of iOS apps) leak sensitive data. Even more worrying, 24% of Android and 60% of iOS apps lack protection against reverse engineering, making it easy for attackers to extract tokens,…
Children’s apps are supposed to entertain and educate. Instead, many quietly harvest data: names, locations, photos, voice recordings, purchase histories. The list keeps growing. A new analysis by SafetyDetectives shows the scale. Half of the most popular child-targeted apps collect broad personal data. Among 74 apps studied globally, 34 collect data. Twenty-one share it. On average, each app pulls 5.7 data points. Some apps are worse. Eleven of the most aggressive collect seven or more types of personal information. Together, these data-hungry apps account for more than half of all data points tracked. Developers often promise encryption and compliance with…
Cyberattacks no longer wait for office hours. According to Arctic Wolf’s new 2025 Security Operations Report, more than half (51%) of security alerts worldwide are now triggered outside traditional working hours. Seventeen percent fall on weekends, when defenses are particularly thin. The study analyzed more than 330 trillion security observations across Arctic Wolf’s Aurora platform and global SOCs, a 30% jump from the prior year. From that mountain of data, only one alert was generated for every 138 million observations, a sign of tighter filtering, but also a reflection of adversaries’ growing stealth. Identity compromise dominated the year. In investigations…
A routine package update turned dangerous this week. A malicious release of Tinycolor (a library downloaded millions of times each week) was found to carry code that quietly steals developer credentials and spreads itself to other packages. While tinycolor is the most visible package, with 2.2 million weekly downloads on npm, it did not originate these compromises, but is one package among dozens trojanized in this active campaign.esearchers first flagged the behavior on 15 September 15. Socket’s team has since traced the campaign across many maintainers and packages. “The issue was first noticed by Daniel dos Santos Pereira, who flagged suspicious…
Acronis’ Threat Research Unit has found something new and worrying: a FileFix campaign operating in the wild that does not stick to the original proof of concept. It is clever, quiet, and it hides its work inside pictures. The short version: attackers moved FileFix from lab note to live attack. They layered obfuscation, multilingual phishing, and steganography to keep one step ahead of defenders. The endgame is an infostealer called StealC. The path there is long and purpose-built. What the bad actors do, in plain terms, is ask the victim to do the work. That is the essence of these…
ReliaQuest saw it coming. In August, its analysts warned that Scattered Spider, the English-speaking actors tied to ShinyHunters, would soon look toward the finance sector. The signal was in the domains. Fake names, ticket portals, login pages. All set to harvest trust. Now the evidence is here. Domains tied to finance have multiplied. A U.S. bank has been breached. The way in was quiet. An executive’s account, reset through Azure’s self-service password tool. Once inside, the attackers spread. They read IT and security files. They moved through Citrix and VPNs. They reached VMware ESXi, dumped credentials, shifted virtual machines to…