Operation Lightning sees international law enforcement partners shut down ‘SocksEscort,’ a major malicious proxy service used by cybercriminals worldwide
PixRevolution Android trojan hijacks Brazil’s PIX payments in real time using accessibility abuse
The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited
CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product. The following versions of Trane Tracer SC, Tracer SC+, and Tracer Concierge are affected: Tracer SC Tracer SC+ Tracer Concierge CVSS Vendor Equipment Vulnerabilities v3 8.1 Trane Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of a Broken or Risky Cryptographic Algorithm, Memory Allocation with Excessive Size Value, Missing Authorization, Use of Hard-coded Credentials, Use of Hard-coded, Security-relevant Constants Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Ireland Vulnerabilities Expand All + CVE-2026-28252 A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. View CVE Details Affected Products Trane Tracer SC, Tracer SC+, and Tracer Concierge Vendor: Trane Product Version: Trane Tracer SC:
The ICO has fined Police Scotland after it shared the entire contents of a victim’s phone with her alleged attacker
The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker
French small and medium businesses remained the organizations most targeted by ransomware in 2025
Infosecurity Europe 2026 reveals its keynote line-up, featuring Jason Fox, Shlomo Kramer, Cynthia Kaiser and more, with sessions on AI, cloud security and post quantum threats
LeakyLooker flaws in Google Looker Studio let attackers run cross-tenant SQL attacks on cloud data
Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers
BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data
Palo Alto Networks’ Unit 42 has developed a successful attack to bypass safety guardrails in popular generative AI tools
Check Point data shows attack volumes are growing much faster in the UK than worldwide
March Patch Tuesday sees Microsoft release updates for 79 flaws
OpenAI’s latest acquisition addresses a security need Jamieson O’Reilly, security advisor at OpenClaw, raised during an exclusive interview with Infosecurity
Only 24% of organizations test identity disaster recovery plans every 6 months, Quest Software said
Google Cloud report details a sharp rise in attackers exploiting software vulnerabilities, including React2Shell
Ericsson data breach affects 15k employees/customers after third-party service provider compromise
Dutch intelligence reveals Russian state hackers are trying to hijack the Signal and WhatsApp accounts of key targets