2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(494) November(126) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 7.11.25 | Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation | A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. | Virus | The Hacker News |
| 7.11.25 | Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts | Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad | Cyber | The Hacker News |
| 7.11.25 | Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities | Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial | Ransom | The Hacker News |
| 7.11.25 | Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine | A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The | Virus | The Hacker News |
| 7.11.25 | Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 | Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software | Exploit | The Hacker News |
| 6.11.25 | From Tabletop to Turnkey: Building Cyber Resilience in Financial Services | Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. | Cyber | The Hacker News |
| 6.11.25 | ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More | Cybercrime has stopped being a problem of just the internet — it's becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and | Cyber | The Hacker News |
| 6.11.25 | Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection | The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According | Hack | The Hacker News |
| 6.11.25 | SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach | SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. | Incindent | The Hacker News |
| 6.11.25 | Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly | Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini | Virus | The Hacker News |
| 6.11.25 | Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data | Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal | AI | The Hacker News |
| 5.11.25 | Securing the Open Android Ecosystem with Samsung Knox | Raise your hand if you've heard the myth, "Android isn't secure." Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the | OS | The Hacker News |
| 5.11.25 | Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions | A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts | APT | The Hacker News |
| 5.11.25 | U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud | The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various | Cryptocurrency | The Hacker News |
| 5.11.25 | CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited | Vulnerebility | The Hacker News |
| 4.11.25 | A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces | The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, | CyberCrime | The Hacker News |
| 4.11.25 | Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep | Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 | Cryptocurrency | The Hacker News |
| 4.11.25 | Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks | Details have emerged about a now-patched critical security flaw in the popular " @react-native-community/cli " npm package that could be potentially exploited to run malicious | Exploit | The Hacker News |
| 4.11.25 | Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed | Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The | CyberCrime | The Hacker News |
| 4.11.25 | Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors | Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit | CyberCrime | The Hacker News |
| 4.11.25 | Google's AI 'Big Sleep' Finds 5 New Vulnerabilities in Apple's Safari WebKit | Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit | Vulnerebility | The Hacker News |
| 4.11.25 | U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks | Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 | Ransom | The Hacker News |
| 4.11.25 | Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel | Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) | Virus | The Hacker News |
| 4.11.25 | Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive | Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck . According to Secure Annex's John | Cryptocurrency | The Hacker News |
| 3.11.25 | Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks | Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial | Exploit | The Hacker News |
| 3.11.25 | The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations | Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules | Security | The Hacker News |
| 3.11.25 | Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data | Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised | Virus | The Hacker News |
| 3.11.25 | New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea | The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack | Virus | The Hacker News |
| 3.11.25 | Penn hacker claims to have stolen 1.2 million donor records in data breach | A hacker has taken responsibility for last week's University of Pennsylvania "We got hacked" email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents. | Incindent | |
| 3.11.25 | Open VSX rotates access tokens used in supply-chain malware attack | The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. | Virus | |
| 3.11.25 | Windows 11 Build 26220.7051 released with “Ask Copilot” feature | Windows 11 Build 26220.7051 is now rolling out to testers in the Windows Insider Program, and there are at least three new features, including Ask Copilot in the taskbar. | OS | |
| 3.11.25 | China-linked hackers exploited Lanscope flaw as a zero-day in attacks | China-linked cyber-espionage actors tracked as 'Bronze Butler' (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. | Exploit | |
| 3.11.25 | Windows 11 tests shared Bluetooth audio support, but only for AI PCs | If you have two headphones, speakers, earbuds, or any other Bluetooth hardware, you can now use both simultaneously on a Copilot+ PC. | OS | |
| 3.11.25 | ‘We got hacked’ emails threaten to leak University of Pennsylvania data | The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach. | Incindent | |
| 3.11.25 | ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability | The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented | Exploit | The Hacker News |
| 3.11.25 | Microsoft Edge gets scareware sensor for faster scam detection | Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. | Spam | |
| 3.11.25 | Australia warns of BadCandy infections on unpatched Cisco devices | The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. | Virus | |
| 3.11.25 | Why password controls still matter in cybersecurity | Passwords still matter — and weak policies leave the door wide open. Specops Software explains how longer passphrases, smarter banned-password lists, and adaptive rotation strategies can strengthen security without frustrating users. | Security | |
| 3.11.25 | Alleged Meduza Stealer malware admins arrested after hacking Russian org | The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. | Virus | |
| 3.11.25 | CISA: High-severity Linux flaw now exploited by ransomware gangs | CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks. | Ransom | |
| 3.11.25 | Google says Search AI Mode will know everything about you | Google wants 'AI mode' on Search to be as personal as possible, and it'll soon tap into services like Gmail or Drive to know more about you. | AI | |
| 3.11.25 | Windows zero-day actively exploited to spy on European diplomats | A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. | Exploit | |
| 3.11.25 | Ukrainian extradited from Ireland on Conti ransomware charges | A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison. | Ransom | |
| 3.11.25 | Massive surge of NFC relay malware steals Europeans’ credit cards | Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's payment card information in the past few months. | Virus | |
| 3.11.25 | CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers | CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024. | Exploit | |
| 3.11.25 | Major telecom services provider Ribbon breached by state hackers | Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. | Incindent | |
| 2.11.25 | BPO giant Conduent confirms data breach impacts 10.5 million people | American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General's offices. | Incindent | |
| 2.11.25 | WhatsApp adds passwordless chat backups on iOS and Android | WhatsApp is rolling out passkey-encrypted backups for iOS and Android devices, enabling users to encrypt their chat history using their fingerprint, face, or a screen lock code. | Social | |
| 2.11.25 | Ex-L3Harris exec guilty of selling cyber exploits to Russian broker | Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant, has pleaded guilty in U.S. District Court to stealing and selling confidential cybersecurity information to a Russian vulnerability exploit broker. | BigBrothers | |
| 2.11.25 | CISA and NSA share tips on securing Microsoft Exchange servers | The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. | BigBrothers | |
| 2.11.25 | LinkedIn phishing targets finance execs with fake board invites | Hackers are abusing LinkedIn to target finance executives with direct-message phishing attacks that impersonate executive board invitations, aiming to steal their Microsoft credentials. | Phishing | |
| 2.11.25 | Microsoft promises more Copilot features in Microsoft 365 companion apps | Microsoft 365 companion apps will be getting more Copilot features in the coming weeks. | Security | |
| 2.11.25 | Malicious NPM packages fetch infostealer for Windows, Linux, macOS | Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. | Virus | |
| 2.11.25 | WordPress security plugin exposes private data to site subscribers | The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. | Vulnerebility | |
| 2.11.25 | Canada says hacktivists breached water and energy facilities | The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions. | Incindent | |
| 2.11.25 | Microsoft fixes Media Creation Tool broken on some Windows PCs | Microsoft has confirmed that the Windows 11 Media Creation Tool (MCT) is working again on Windows 10 22H2 and Windows 11 25H2 systems. | OS | |
| 2.11.25 | Microsoft: DNS outage impacts Azure and Microsoft 365 services | Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. | Security | |
| 2.11.25 | PhantomRaven attack floods npm with credential-stealing packages | An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. | Hack | |
| 2.11.25 | Microsoft fixes 0x800F081F errors causing Windows update failures | Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. | OS | |
| 1.11.25 | Windows 11 KB5067036 update rolls out Administrator Protection feature | Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu. | OS | |
| 1.11.25 | Advertising giant Dentsu reports data breach at subsidiary Merkle | Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data. | Incindent | |
| 1.11.25 | Qilin ransomware abuses WSL to run Linux encryptors in Windows | The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. | Ransom | |
| 1.11.25 | CISA warns of two more actively exploited Dassault vulnerabilities | The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes' DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. | Exploit | |
| 1.11.25 | Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions | The Australian Competition and Consumer Commission (ACCC) is suing Microsoft for allegedly misleading 2.7 million Australians into paying for the Copilot AI assistant in the Microsoft 365 service. | Security | |
| 1.11.25 | Google Chrome to warn users before opening insecure HTTP sites | Google announced today that the Chrome web browser will load all public websites via secure HTTPS connections by default and ask for permission before connecting to public, insecure HTTP websites, beginning with Chrome 154 in October 2026. | Security | |
| 1.11.25 | TEE.Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs | Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel's SGX and TDX, and AMD's SEV-SNP. | Attack | |
| 1.11.25 | BiDi Swap: The bidirectional text trick that makes fake URLs look real | Attackers are abusing bidirectional text to make fake URLs look real, reviving a decade-old browser flaw now fueling new phishing tricks. Varonis reveals how the "BiDi Swap" technique works and what organizations need to watch out for. | Hack | |
| 1.11.25 | New Atroposia malware comes with a local vulnerability scanner | A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. | Virus | |
| 1.11.25 | New Herodotus Android malware fakes human typing to avoid detection | A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. | Virus | |
| 1.11.25 | Google disputes false claims of massive Gmail data breach | Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. | Incindent | |
| 1.11.25 | X: Re-enroll 2FA security keys by November 10 or get locked out | X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. | Social | |
| 1.11.25 | Ransomware profits drop as victims stop paying hackers | The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands. | Ransom | |
| 1.11.25 | Windows will soon prompt for memory scans after BSOD crashes | Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). | OS | |
| 1.11.25 | QNAP warns of critical ASP.NET flaw in its Windows backup software | QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. | Vulnerebility | |
| 1.11.25 | Italian spyware vendor linked to Chrome zero-day attacks | A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. | BigBrothers | |
| 1.11.25 | Google says everyone will be able to vibe code video games | Google AI Studio product lead teased that everyone will be able to vibe code video games by the end of the year. | Security | |
| 1.11.25 | Microsoft: New policy removes pre-installed Microsoft Store apps | Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. | Security | |
| 1.11.25 | CISA orders feds to patch Windows Server WSUS flaw used in attacks | The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog of security flaws exploited in attacks. | Vulnerebility | BleepingComputer |
| 1.11.25 | Tracking an evolving Discord-based RAT family | RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules. | Malware blog | REVERSINGLABS |
| 1.11.25 | Ukrainian organizations still heavily targeted by Russian attacks | Attackers are gaining access using a custom, Sandworm-linked webshell and are making heavy use of Living-off-the-Land tactics to maintain persistent access. | BigBrother blog | SECURITY.COM |
| 1.11.25 | BRONZE BUTLER exploits Japanese asset management software vulnerability | The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932) | APT blog | SOPHOS |
| 1.11.25 | Cloud Abuse at Scale | FortiGuard Labs analyzes TruffleNet, a large-scale campaign abusing AWS SES with stolen credentials and linked to Business Email Compromise (BEC). | Spam blog | FORTINET |
| 1.11.25 | Stolen Credentials and Valid Account Abuse Remain Integral to Financially Motivated Intrusions | FortiGuard IR analysis of H1 2025 shows financially motivated actors increasingly abusing valid accounts and legitimate remote access tools to bypass detection, emphasizing the need for identity-centric defenses. | Hacking blog | FORTINET |
| 1.11.25 | Silent Push Unearths AdaptixC2's Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads | Silent Push Threat Analysts have uncovered threat actors using AdaptixC2, a free and open-source Command and Control (C2) framework commonly used by penetration testers, to deliver malicious payloads. | Hacking blog | Silent Push |
| 1.11.25 | Silent Push 2026 Predictions | The Silent Push Threat Intelligence team discussed what we see as some of the greatest threats and motivators the global community will encounter in the New Year. Here are our 2026 predictions: | Security blog | Silent Push |
| 1.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience. | Security blog | Google Threat Intelligence | |
| 1.11.25 | A new ideologically-motivated threat actor has emerged and growing technical capabilities: Hezi Rash. This Kurdish ... | APT blog | CHECKPOINT | |
| 1.11.25 | Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector | Military-themed lure targeting using weaponized ZIPs and hidden tunneling infrastructure | Malware blog | Cyble |
| 1.11.25 | Hacktivist Attacks on Critical Infrastructure Surge: Cyble Report | Hacktivist attacks on industrial control systems (ICS) nearly doubled over the course of the third quarter. | Hacking blog | Cyble |
| 1.11.25 | The Week in Vulnerabilities: Oracle, Microsoft & Adobe Fixes Urged by Cyble | Critical vulnerabilities from Oracle, Microsoft and Adobe are just a few of the flaws meriting high-priority attention by security teams. | Vulnerebility blog | Cyble |
| 1.11.25 | When Money Moves, Hackers Follow: Europe’s Financial Sector Under Siege | Europe’s BFSI sector faces growing deepfake and ransomware threats. CISOs focus on intelligence, resilience, and rapid response to stay ahead. | Ransom blog | Cyble |
| 1.11.25 | APT-C-60 Escalates SpyGlace Campaigns Targeting Japan with Evolved Malware, Advanced Evasion TTPs | APT-C-60 intensified operations against Japanese organizations during Q3 2025, deploying three updated SpyGlace backdoor versions with refined tracking mechanisms, modified encryption, and sophisticated abuse of GitHub, StatCounter, and Git for stealthy malware distribution. | APT blog | Cyble |
| 1.11.25 | From Human-Led to AI-Driven: Why Agentic AI Is Redefining Cybersecurity Strategy | Agentic AI marks the next leap in cybersecurity—autonomous systems that detect, decide, and act in real time, transforming how organizations defend against threats. | AI blog | Cyble |
| 1.11.25 | Operation SkyCloak: Tor Campaign targets Military of Russia & Belarus | Authors: Sathwik Ram Prakki and Kartikkumar Jivani Contents Introduction Key Targets Industries Geographical Focus Infection and Decoys Technical Analysis PowerShell Stage Persistence Configuration Infrastructure and Attribution Conclusion SEQRITE Protection IOCs MITRE ATT&CK Introduction SEQRITE Labs has identified a campaign... | Hacking blog | Seqrite |
| 1.11.25 | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application packages (APKs) | Malware blog | Cyfirma |
| 1.11.25 | AI Security: NVIDIA BlueField Now with Vision One™ | Launching at NVIDIA GTC 2025 - Transforming AI Security with Trend Vision One™ on NVIDIA BlueField | AI blog | Trend Micro |
| 1.11.25 | Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C | Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines. | Hacking blog | Trend Micro |
| 1.11.25 | Oracle E-Business Suite Under Siege: Active Exploitation of Dual Zero-Days | The SonicWall Capture Labs threat research team became aware of multiple remote code execution vulnerabilities in Oracle E-Business Suite, assessed their impact and developed mitigation measures. | Exploit blog | SonicWall |
| 1.11.25 | HijackLoader Delivered via SVG files | The SonicWall Capture Labs threat research team has recently been monitoring new variants of the HijackLoader malware that are being delivered through SVG files. | Malware blog | SonicWall |
| 1.11.25 | Bots, Bread and the Battle for the Web | Meet Sarah, an artisanal baker who opens Sarah’s Sourdough. To improve her search engine optimization (SEO), she builds a beautiful website and shares authentic baking content. | BotNet blog | Palo Alto |
| 1.11.25 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack | We have discovered a new Windows-based malware family we've named Airstalk, which is available in both PowerShell and .NET variants. We assess with medium confidence that a possible nation-state threat actor used this malware in a likely supply chain attack. We have created the threat activity cluster CL-STA-1009 to identify and track any further related activity. | Hacking blog | Palo Alto |
| 1.11.25 | When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems | We discovered a new attack technique, which we call agent session smuggling. This technique allows a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent. | AI blog | Palo Alto |
| 1.11.25 | Cybersecurity on a budget: Strategies for an economic downturn | This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts. | Cyber blog | CISCO TALOS |
| 1.11.25 | Trick, treat, repeat | Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. | Vulnerebility blog | CISCO TALOS |
| 1.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Cyber blog | CISCO TALOS |
| 1.11.25 | Uncovering Qilin attack methods exposed through multiple cases | Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence. | Ransom blog | CISCO TALOS |
| 1.11.25 | Think passwordless is too complicated? Let's clear that up | We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. | Cyber blog | CISCO TALOS |
| 1.11.25 | Strings in the maze: Finding hidden strengths and gaps in your team | In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats. | Cyber blog | CISCO TALOS |
| 1.11.25 | This month in security with Tony Anscombe – October 2025 edition | From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now | Social blog | Eset |
| 1.11.25 | Fraud prevention: How to help older family members avoid scams | Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically | Spam blog | Eset |
| 1.11.25 | Cybersecurity Awareness Month 2025: When seeing isn't believing | Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams | Security blog | Eset |
| 1.11.25 | Recruitment red flags: Can you spot a spy posing as a job seeker? | Security blog | Eset | |
| 1.11.25 | How MDR can give MSPs the edge in a competitive market | With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs | Security blog | Eset |
| 1.11.25 | From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations | In this Threat Analysis Report, investigates the flow of a Tangerine Turkey campaign | Hacking blog | Cybereason |
| 1.11.25 | The Bug Report - October 2025 Edition | October's cybersecurity horror show is here! Zero-days in WSUS (CVE-2025-59287) and SessionReaper (Adobe) are under active attack. Patch these RCE and LPE monsters now or risk full possession of your network. | Vulnerebility blog | Trelix |
| 1.11.25 | OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically | OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable | AI | |
| 1.11.25 | Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack | A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's | Virus | The Hacker News |
| 1.11.25 | China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats | A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and | Exploit | The Hacker News |
| 1.11.25 | China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems | The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick . The vulnerability, | Exploit | The Hacker News |
| 1.11.25 | CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released | Exploit | |
| 1.11.25 | Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery | Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS | Vulnerebility | |
| 1.11.25 | CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its | Exploit | The Hacker News |
| 1.11.25 | A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do | A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. | Security | The Hacker News |
| 1.11.25 | Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month | Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every | AI | |
| 1.11.25 | Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks | The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware | Ransom | The Hacker News |
| 1.11.25 | New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL | A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, | Exploit | The Hacker News |