When OpenAI released ChatGPT to the public in November 2022, the world marvelled at the dawn of a new era in human-machine interaction. But as the broader public experimented with poetry and code snippets, another crowd watched quietly. They saw the potential for something darker. Threat actors quickly realized large language models could be weaponized. The problem, is that ChatGPT, and others like it, came with guardrails. They wouldn’t write ransomware, wouldn’t craft phishing lures, wouldn’t help you breach a firewall. Then came WormGPT. First spotted in June 2023 on Hack Forums, WormGPT was a defanged version of ChatGPT, censorship…
Kirsten Doyle
Kirsten Doyle
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
A new ransomware-as-a-service threat called Anubis has emerged. It combines file encryption, ruthless monetization tactics, and a rare wiper feature that can permanently delete data to prevent its recovery. Once active, Anubis renames encrypted files with the extension .anubis. It alters their system icons, standard fare for ransomware families trying to sow panic and confusion. Victims find a ransom note titled RESTORE FILES.html, attributed to the “ANUBIS team,” which outlines a double extortion scheme: pay up, or your stolen data goes public. This pressure tactic is fast becoming the norm in ransomware operations, but researchers at Trend Micro say Anubis…
Google threat analysts have warned that the malefactors behind the recent spate of attacks against the UK retail sector have turned their attention to the insurance sector. The cybercriminal group known as Scattered Spider, infamous for its fast-talking social engineering schemes and high-impact ransomware, appears to be expanding its hunting ground. This time, it’s targeting insurance firms. According to Mandiant’s Chief Analyst John Hultquist, attackers “bearing the hallmarks of Scattered Spider” are now probing the insurance industry. “They have a habit of working their way through a sector,” Hultquist posted. “Insurance companies should be on the lookout for social engineering…
The European Commission is rolling out €145.5 million to strengthen cybersecurity across Europe, targeting small and medium-sized enterprises (SMEs), public administrations, and healthcare providers. Two funding calls have been launched by the European Cybersecurity Competence Centre. The first, under the Digital Europe Programme, offers €55 million, €30 million of which is earmarked specifically for hospitals and healthcare providers. This investment aims to improve their ability to detect, monitor, and respond to cyber threats, with a focus on ransomware resilience. This move supports the EU’s broader cybersecurity action plan for healthcare, a critical priority amid today’s geopolitical tensions. The second call,…
A recent ransomware attack against a financial institution in Asia is raising eyebrows across the cybersecurity community, not just because of the ransomware, but because of how it was delivered. According to the Threat Hunter Team at Symantec and Carbon Black, Fog ransomware was first seen in May 2024. It saw the deployment of Fog, a ransomware strain first observed in 2024. But what makes this incident different is the eclectic toolset the attackers used, using legitimate employee monitoring software, rarely seen open-source tools, and persistence mechanisms that are usually associated with espionage campaigns. Ransomware Plus Surveillance? Among the most…
A new cybercrime campaign is preying on holidaymakers in a hurry, using fake Booking.com websites to trick users into downloading malware under the guise of a cookie consent banner. HP Wolf Security’s latest Threat Insights Report highlights a sharp rise in spoofed travel booking domains designed to deliver XWorm, a powerful remote access trojan that gives attackers full control of the victim’s device, including files, webcam, microphone, and security settings. Taking Advantage of Click Fatigue Disguised to mimic the familiar look of Booking.com, these malicious websites display a blurred-out interface with a standard-looking cookie prompt. But the moment a user…
Researchers at Aim Labs have uncovered a zero-click vulnerability in Microsoft 365 Copilot, dubbed “EchoLeak.” This flaw allows threat actors to extract sensitive data from a user’s environment without any user interaction, no clicks, no downloads, no warnings. The finding is the first known instance of a zero-click exploit in a major generative AI assistant, and could be the start of a shift in how malicious actors target AI systems. Researchers at Aim Labs discovered the attack and reported it to Microsoft. The company classified the issue as a critical information disclosure vulnerability, assigning it the identifier CVE-2025-32711. Microsoft resolved…
The Black Basta ransomware group, once a dominant force in the cyber extortion landscape, disbanded in February 2025 following an unexpected leak of its internal chat logs. The leak, attributed to a disgruntled member known online as “ExploitWhispers,” surfaced shortly after the group breached an unspoken norm: targeting Russian financial institutions. ReliaQuest’s latest research details the group’s sudden downfall and the enduring influence of its tactics. At its peak, Black Basta named up to 50 victims a month on its data-leak site. But by the end of February, that site had disappeared. The group’s infrastructure followed suit. Despite this apparent…
At a time where surveillance is synonymous with safety, the very tools designed to protect us are exposing a growing vulnerability. Internet-connected security cameras installed to monitor homes, businesses, and public spaces are increasingly being found wide open to the world. The consequences are no longer theoretical. From quiet residential streets to the heart of critical infrastructure, unsecured cameras are being co-opted, exploited, and in some cases, weaponized. Cameras as a Threat Vector At first glance, some of these exposures may seem trivial. Cameras streaming serene beachfronts or remote bird feeders are sometimes meant to be public. Services like EarthCam…
Security researchers at AppOmni have discovered five zero-day vulnerabilities and 15 severe but avoidable misconfiguration traps in Salesforce Industry Cloud. These issues, if unaddressed, expose sensitive data to unauthorized access and threaten compliance across industries relying on Salesforce’s low-code architecture. The findings affect core components used by tens of thousands of entites, many in regulated sectors such as healthcare, financial services, and government. The vulnerabilities were responsibly disclosed to Salesforce, which rapidly confirmed and remediated them. Three have been patched at the platform level. The remaining two require customer intervention. If organizations don’t follow the instructions sent by Salesforce, these…