Finastra, a leading provider of solutions to over 8,000 financial institutions, is investigating a breach of its internal file transfer platform, where hackers stole more than 400 gigabytes of data.

Cybersecurity experts are sounding alarms over a newly emerged tool called GoIssue, designed to facilitate mass phishing campaigns targeting GitHub users.

North Korean state-sponsored group BlueNoroff, a subgroup of the Lazarus Group, has launched a new malware campaign called "Hidden Risk," targeting cryptocurrency and DeFi businesses. SentinelLabs researchers found that the campaign, active since July 2024, employs phishing emails and PDF-based lures with fake crypto news headlines to trick victims into clicking on malicious links.

S&P Global Ratings has highlighted poor corporate vulnerability remediation as a significant risk factor. Analyzing data from over 7,000 rated companies, S&P found that 40% address known system flaws "infrequently," leaving them exposed.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day.

A report by the G7 Cyber Expert Group (CEG), chaired by the US Department of the Treasury and the Bank of England, addresses the cybersecurity risks posed by advancements in quantum computing and outlines essential steps for financial authorities and institutions to mitigate these risks.

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have issued a joint advisory warning about a year-long campaign by Iranian cyber actors aimed at infiltrating critical infrastructure organizations.