Infosec bits for 2025 week 26

Anele Siwela | June 27, 2025, 5:09 p.m.

Cybersecurity News:

The human factor in cybersecurity – the gap between policy and practice [LDN Guest Post, London Daily News]

Geopolitics, Quantum Risk, and AI Attacks: Why Cybersecurity Is Being Rewritten [USA News Group, PR Newswire]

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted [Ravie Lakshmanan, The Hacker News]

China breaks RSA encryption with a quantum computer, threatening global data security [Eric Ralls, Earth.com]

Malware:

OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors [Ravie Lakshmanan, The Hacker News]

Dangerous new malware can scan photos on both Android and iOS devices, report says [Chance Townsend, Mashable]

WinRAR patches bug letting malware launch from extracted archives [Bill Toulas, Bleeping computer]

Ransomware:

Fewer ransomware attacks encrypting data, report finds [Eric Geller, Cybersecurity Dive]

Fog Ransomware Group Uses Unconventional Toolset, New Research Finds [Jordyn Alger, Security Magazine]

Vulnerabilities & Patches:

Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released [Guru Baran, Cybersecurity News]

How to protect yourself after the 16-billion-password data breach of Google, Apple and Facebook [Janet Nguyen, Marketplace]

Apache fixes remote code execution bypass in Tomcat web server [Bill Toulas, Bleeping computer]

Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce [Ryan Naraine, Security Week]