15 Oct 2025
By Mary

InfoSec News Nuggets 10/15/2025

New Pixnapping Attack Steals Signal Messages and 2FA Codes from Android Devices A new Android attack dubbed Pixnapping allows malicious apps to covertly capture sensitive data rendered on users' screens, including Signal messages, one-time 2FA codes, emails, location history, and financial information, without requiring a single permission. The attack affects nearly all modern Android phones and leverages a combination of legitimate system APIs and a GPU hardware side channel to reconstruct displayed pixels with surprising…
Read More
06 Jan 2025
By Mary

InfoSec News Nuggets 1/6/2025

US Treasury incident a clear warning on supply chain security in 2025 A major state-sponsored cyber incident that targeted the United States Department of the Treasury in the weeks prior to Christmas 2024 appears to have begun as the result of a compromise at a third-party tech support supplier, serving as a warning on the precarious security and vulnerable nature of technology supply chains for IT firms and their customers alike. The cyber attack was allegedly the…
Read More
01 Mar 2024
By Mary

InfoSec News Nuggets 3/1/2024

UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” said Tyler Mason, vice president at UnitedHealth, in a statement…
Read More