25 Jul 2025
By Mary

InfoSec News Nuggets 7/25/2025

Trump AI plan calls for cybersecurity assessments, threat info-sharing  The U.S. government will expand information sharing, cyber risk evaluations and guidance to the private sector to address the cybersecurity threats posed by artificial intelligence, according to an “AI action plan” that the Trump administration published on Wednesday. “As our global competitors race to exploit these technologies, it is a national security imperative for the United States to achieve and maintain unquestioned and unchallenged global technological dominance,” President Donald…
Read More
15 May 2024
By Mary

InfoSec News Nuggets 5/15/2024

Cybercriminal puts INC Ransom source code up for sale  A cybercriminal who has assumed the name "salfetka" is purportedly selling the source code for the INC Ransom ransomware-as-a-service operation, BleepingComputer reports. The sale was being advertised on the Exploit and XSS hacking forums for $300,000 and included both Windows and Linux/ESXi versions, with the seller restricting buyers to three. The legitimacy of the sale is bolstered by technical details and the inclusion of both old and new INC Ransom URLs in…
Read More
30 Sep 2022
By Mary

InfoSec News Nuggets 09/30/2022

Covert malware targets VMware for hypervisor-level espionage Emerging covert malware families that target VMware environments could allow criminals to gain persistent administrative access to the hypervisor, transfer files, and execute arbitrary commands between virtual machines, according to VMware and Mandiant, which discovered the software nasty earlier this year. The now-Google-owned threat intel team attributed the intrusions to an uncategorized group it calls UNC3886 and says it suspects the criminals' motivation to be espionage. It also asserts "with…
Read More
19 May 2022
By Mary

InfoSec News Nuggets 05/19/2022

Long lost @ symbol gets new life obscuring malicious URLs Threat actors have rediscovered an old and little-used feature of web URLs, the innocuous @ symbol we usually see in email addresses, and started using it to obscure links to their malicious websites. Researchers from Perception Point noticed it being used in a cyberattack against multiple organization recently. While the attackers are still unknown, Perception Point traced them to an IP in Japan. The attack started with a phishing…
Read More