AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
2025 January(29) February(72) March(67) April(108) May(118) June(159) July(143) August(131) September(170) October(145) November(166) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 29.11.25 | ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab | ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint. | BotNet blog | FORTINET |
| 29.11.25 | Cyberthreats Targeting the 2025 Holiday Season: What CISOs Need to Know | Cybercriminal activity is surging ahead of the 2025 holiday season. Deceptive domains, stolen accounts, and e-commerce attacks are accelerating. Here’s what leaders need to know. | Cyber blog | FORTINET |
| 29.11.25 | Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks | Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access to victim networks. | APT blog | Google Threat Intelligence |
| 29.11.25 | How attackers infiltrated the npm ecosystem, what Check Point researchers uncovered, and how organizations can | Hacking blog | CHECKPOINT | |
| 29.11.25 | Check Point researchers uncover a large-scale Android adware campaign that silently drains resources and disrupts ... | Malware blog | CHECKPOINT | |
| 29.11.25 | The Week in Vulnerabilities: Cyble Urges Fortinet, Microsoft Fixes | We look at 15 high-priority IT and ICS vulnerabilities – 7 of which are under discussion by threat actors on the dark web. | Vulnerebility blog | Cyble |
| 29.11.25 | RelayNFC: The New NFC Relay Malware Targeting Brazil | CRIL uncovers RelayNFC, a malware leveraging Near-Field Communication (NFC) to intercept and relay contactless payment data. | Malware blog | Cyble |
| 29.11.25 | How Cyble is Empowering European Enterprises with AI-Powered Threat Intelligence | Europe’s cyber threat landscape is escalating fast, driven by ransomware, data leaks, and state-backed actors, marking 2025 as a decisive turning point. | AI blog | Cyble |
| 29.11.25 | Australia Releases 2025 Implementation Plan to Advance National Data and Digital Transformation | Australia’s 2025 Implementation Plan drives progress in AI, data, service delivery and cybersecurity to strengthen the nation’s digital future. | BigBrother blog | Cyble |
| 29.11.25 | The Week in Vulnerabilities: 3 Microsoft Flaws Among High-Priority Fixes | Cyble researchers tracked 971 vulnerabilities this week, with 60 rated critical . Key threats include a 9.8-severity Microsoft GDI+ heap buffer overflow, Firefox sandbox escape, QNAP SQL injection, and five CISA KEV additions. | Vulnerebility blog | Cyble |
| 29.11.25 | Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams. | Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams. Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – Pseudo-Polyglot... | APT blog | Seqrite |
| 29.11.25 | NORTH KOREAN CYBER CRIME AS A STATECRAFT TOOL | INTRODUCTION Russia’s March 2024 veto of the renewal of the UN Panel of Experts on North Korea ended 15 years of unanimous Security Council support for the sole independent | APT blog | Cyfirma |
| 29.11.25 | The Large-Scale AI-Powered Cyberattack : Strategic Assessment & Implications | Executive Summary In September 2025, the cybersecurity landscape crossed a pivotal threshold with the first widely verified case of an AI-powered, largely autonomous cyber- | AI blog | Cyfirma |
| 29.11.25 | CYFIRMA INDUSTRY REPORT : TELECOMMUNICATIONS & MEDIA | INTRODUCTION CYFIRMA’s ongoing threat monitoring has identified Tycoon 2FA as one of the most advanced and actively deployed Phishing-as-a-Service (PhaaS) platforms | Phishing blog | Cyfirma |
| 29.11.25 | Triofox Unauthenticated Access Control Vulnerability (CVE-2025-12480) | The SonicWall Capture Labs threat research team became aware of an Improper Access Control Vulnerability in Gladinet Triofox, assessed its impact, and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 29.11.25 | Underground Sharp Infostealer Dev Sells Modded Gremlin Source Code | The SonicWall Capture Labs Threat Research Team has recently been tracking infostealer malware stemming from the Sharp malware family. While analyzing a variant of Sharp infostealer, we came across a reference to a Telegram channel that leads to a person claiming to be the developer of this malware. | Malware blog | SonicWall |
| 29.11.25 | The Dual-Use Dilemma of AI: Malicious LLMs | A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. | AI blog | Palo Alto |
| 29.11.25 | "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) | Unit 42 researchers investigated a renewed npm-focused compromise, in a campaign dubbed Shai-Hulud 2.0. This was first reported in early November 2025. | Malware blog | Palo Alto |
| 29.11.25 | The Golden Scale: 'Tis the Season for Unwanted Gifts | In October 2025, we published two Insights blogs on threat activity affiliated with the cybercriminal alliance known as Scattered LAPSUS$ Hunters (SLSH). After a few weeks of apparent inactivity, the threat actors have returned with a vengeance based on open-source reporting and conversations obtained from a new Telegram channel (scattered LAPSUS$ hunters part 7). | Hacking blog | Palo Alto |
| 29.11.25 | Care that you share | This holiday season, as teams run lean and cyber threats rise, being open with what — and how — you share can protect both information and relationships. | Cyber blog | CISCO TALOS |
| 29.11.25 | Bill Largent: On epic reads, lifelong learning, and empathy | Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. | Cyber blog | CISCO TALOS |
| 29.11.25 | Do robots dream of secure networking? Teaching cybersecurity to AI systems | This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. | AI blog | CISCO TALOS |
| 29.11.25 | Dell ControlVault, Lasso, GL.iNet vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX. The vulnerabilities men | Vulnerebility blog | CISCO TALOS |
| 29.11.25 | This month in security with Tony Anscombe – November 2025 edition | Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news | Cyber blog | Eset |
| 29.11.25 | What parents should know to protect their children from doxxing | Cyber blog | Eset | |
| 29.11.25 | Influencers in the crosshairs: How cybercriminals are targeting content creators | Cyber blog | Eset | |
| 29.11.25 | MDR is the answer – now, what’s the question? | Why your business needs the best-of-breed combination of technology and human expertise | Cyber blog | Eset |
| 29.11.25 | Analysis of a Large-Scale DDoS Attack Against a Payment Processing Platform | On Saturday, September 13, 2025, a major Distributed Denial-of-Service (DDoS) attack targeted a European payment processing platform, prompting response and mitigation efforts by the F5 Security Operations Center (SOC). | Attack blog | F5 LABS |
| 29.11.25 | The State of Post-Quantum Cryptography (PQC) on the Web | We analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web. | Cyber blog | F5 LABS |
| 29.11.25 | Fallacy Failure Attack | Welcome to our AI Security Insights for November 2025. These insights are drawn from F5 Labs’ Comprehensive AI Security Index (CASI) and Agentic Resistance Scoring (ARS), which together provide rigorous, empirical measurement of model security and agentic attack resilience. | Attack blog | F5 LABS |
| 22.11.25 | Arms Race: AI's Impact on Cybersecurity | New whitepaper explores how both attackers and defenders are using the latest AI technologies to achieve their goals. | AI blog | SECURITY.COM |
| 22.11.25 | Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites | Prolific threat actor delivering RMM packages using variety of lures, including seasonal party invites | Cyber blog | SECURITY.COM |
| 22.11.25 | Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence | Social blog | SOPHOS | |
| 22.11.25 | CISA’s New Guidance on Bulletproof Hosting: Why It Matters and What Comes Next | The Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. government agency responsible for protecting the nation’s critical infrastructure from cyber and physical threats. CISA works with public and private sector partners to improve resilience, share threat intelligence, and coordinate national-level cyber defense efforts. | Cyber blog | Silent Push |
| 22.11.25 | How Preemptive Cyber Defence Supports the UK's ACD Strategy | UK organisations are expanding their digital footprint, but reliance on reactive security is leaving them exposed. To align with the NCSC’s Active Cyber Defence (ACD) strategy, teams must shift to preemptive defence. | Cyber blog | Silent Push |
| 22.11.25 | Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group (GTIG) has identified a shift that occurred within the last year: adversaries are no longer leveraging artificial intelligence (AI) just for productivity gains, they are deploying novel AI-enabled malware in active operations. This marks a new operational phase of AI abuse, involving tools that dynamically alter behavior mid-execution. | AI blog | Google Threat Intelligence | |
| 22.11.25 | Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access to victim networks. | APT blog | Google Threat Intelligence | |
| 22.11.25 | The global appetite for GLP-1 medications like Ozempic, Wegovy and Mounjaro have created something far ... | AI blog | CHECKPOINT | |
| 22.11.25 | Key findings Malicious activity is rising, with 1 in 11 newly registered Black Friday themed ... | Cyber blog | CHECKPOINT | |
| 22.11.25 | Australia Releases 2025 Implementation Plan to Advance National Data and Digital Transformation | Australia’s 2025 Implementation Plan drives progress in AI, data, service delivery and cybersecurity to strengthen the nation’s digital future. | Cyber blog | Cyble |
| 22.11.25 | The Week in Vulnerabilities: 3 Microsoft Flaws Among High-Priority Fixes | Cyble researchers tracked 971 vulnerabilities this week, with 60 rated critical . Key threats include a 9.8-severity Microsoft GDI+ heap buffer overflow, Firefox sandbox escape, QNAP SQL injection, and five CISA KEV additions. | Vulnerebility blog | Cyble |
| 22.11.25 | Tycoon 2FA: A Technical Analysis of its Adversary-in-the-Middle Phishing Operation | INTRODUCTION CYFIRMA’s ongoing threat monitoring has identified Tycoon 2FA as one of the most advanced and actively deployed Phishing-as-a-Service (PhaaS) platforms | Phishing blog | Cyfirma |
| 22.11.25 | Rising Cybercrime During Black Friday & Cyber Monday : A 2025 Threat Intelligence Report | EXECUTIVE SUMMARY As the festive shopping season approaches, Black Friday and Cyber Monday bring a significant surge in online sales and, with it, a sharp increase in | Cyber blog | Cyfirma |
| 22.11.25 | OWASP Update Elevates Software Supply Chain and Misconfiguration Risk | The reputable and widely used Open Web Application Security Project (OWASP) Top 10 list just got its 8th update, and first update since 2021. One major and welcome change is that supply chain security has gone from not being a category at all to being the number three spot on the list. OWASP is shaking things up in other ways too, with one other new risk category and one consolidation. | Cyber blog | Eclypsium |
| 22.11.25 | Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses | In this blog entry, Trend™ Research explores how ransomware actors are shifting their focus to cloud-based assets, including the tactics used to compromise business-critical data in AWS environments. | Ransom blog | Trend Micro |
| 22.11.25 | Trend & AWS Partner on Cloud IPS: One-Click Protection | In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control. | Cyber blog | Trend Micro |
| 22.11.25 | Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise | Unit 42 recently assisted a global data storage and infrastructure company that experienced a destructive ransomware attack. This attack was orchestrated by Howling Scorpius, the distributors of Akira ransomware. What began with a single click on what appeared to be a routine website CAPTCHA evolved into a 42-day (yes, we see the irony, too!) compromise that exposed critical gaps. | Ransom blog | Palo Alto |
| 22.11.25 | It’s not personal, it’s just business | Martin muses on how agentic AI is bringing efficiency improvements to the business of cyber crime. | Cyber blog | CISCO TALOS |
| 22.11.25 | Bill Largent: On epic reads, lifelong learning, and empathy | Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. | Cyber blog | CISCO TALOS |
| 22.11.25 | The OSINT playbook: Find your weak spots before attackers do | Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots | Cyber blog | Eset |
| 22.11.25 | PlushDaemon compromises network devices for adversary-in-the-middle attacks | ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks | APT blog | Eset |
| 22.11.25 | What if your romantic AI chatbot can’t keep a secret? | Does your chatbot know too much? Here's why you should think twice before you tell your AI companion everything. | AI blog | Eset |
| 22.11.25 | License to Encrypt: “The Gentlemen” Make Their Move | Cybereason Threat Intelligence Team recently conducted an analysis of "The Gentlemen" ransomware group, which emerged around July 2025 as a ransomware threat actor group with relatively advanced methodologies. | Ransom blog | Cybereason |
| 22.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 22.11.25 | Today’s threat landscape demands a proactive OT security strategy | OT is increasingly targeted by cybercriminals, making it essential for organizations to prioritize proactive OT security defense. | Security blog | Trelix |
| 20.11.25 | New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare | The line between cyber warfare and traditional kinetic operations is rapidly blurring. Recent investigations by Amazon threat intelligence teams have uncovered a new trend that they’re calling cyber-enabled kinetic targeting in which nation-state threat actors systematically use cyber operations to enable and enhance physical operations. | APT blog | AWS |
| 18.11.25 | Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem | Last year, Mandiant published a blog post highlighting suspected Iran-nexus espionage activity targeting the aerospace, aviation, and defense industries in the Middle East. In this follow-up post, Mandiant discusses additional tactics, techniques, and procedures (TTPs) observed in incidents Mandiant has responded to. | APT blog | Google Threat Intelligence |
| 16.11.25 | Amazon discovers APT exploiting Cisco and Citrix zero-days | The Amazon threat intelligence teams have identified an advanced threat actor exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems. | APT blog | AWS |
| 15.11.25 | Advanced Threat Hunting: Four Techniques to Detect Phishing Infrastructure Before it Strikes | In cyber defense, reacting to a phishing attack means you’re already one step behind. A phishing email in an inbox is the end result of a long chain of attacker activity. The real win isn’t just analyzing the phish; it’s finding the infrastructure it came from before the attack is even launched using a proactive threat hunting model. | Phishing blog | Silent Push |
| 15.11.25 | The prevalence of obfuscation and multi-stage layering in today’s malware often forces analysts into tedious and manual debugging sessions. For instance, the primary challenge of analyzing pervasive commodity stealers like AgentTesla isn’t identifying the malware, but quickly cutting through the obfuscated delivery chain to get to the final payload. | Malware blog | Google Threat Intelligence | |
| 15.11.25 | Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. This now-patched n-day vulnerability, assigned CVE-2025-12480, allowed an attacker to bypass authentication and access the application configuration pages, enabling the upload and execution of arbitrary payloads. | Vulnerebility blog | Google Threat Intelligence | |
| 15.11.25 | Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare for those challenges. | Cyber blog | Google Threat Intelligence | |
| 15.11.25 | Global Overview In October 2025, the global volume of cyber attacks continued its upward trajectory. ... | Ransom blog | CHECKPOINT | |
| 15.11.25 | Cyber threats don’t always come with warning signs. Sometimes, they arrive as sponsored ads. Since .. | Hacking blog | CHECKPOINT | |
| 15.11.25 | Germany Urges Attack Surface Management Adoption as Routinely as Antivirus Protection | Germany’s Threat Landscape is growing at an unprecedented pace with attack surfaces expanding, APT actors dominating, and SMEs bearing the brunt of this offense. Here’s what you need to know. | APT blog | Cyble |
| 15.11.25 | October 2025 Attacks Soar 30% as New Groups Redefine the Cyber Battlefield | Near-record ransomware attacks and the rise of new threats like Sinobi highlight the need for rapid detection and response. | Cyber blog | Cyble |
| 15.11.25 | The Week in Vulnerabilities: From IT Systems to Airport Weather Monitoring | Vulnerabilities flagged by Cyble this week cover everything from IT and security products to critical airport weather systems. | Vulnerebility blog | Cyble |
| 15.11.25 | Multi-Brand themed Phishing Campaign Harvests Credentials via Telegram Bot API | CRIL analyzed an active phishing campaign leveraging HTML-based Telegram bot credential harvesters designed to mimic multiple prominent brands | Phishing blog | Cyble |
| 15.11.25 | Redis 8.2.2: Hardening the Lua Engine Against Four Critical Vulnerabilities | Introduction Redis is an open-source, in-memory data store widely used as a cache, message broker, and high-performance NoSQL database. It offers rich data structures like strings, hashes, lists, sets, sorted sets, bitmaps, HyperLogLogs, and streams, backed by atomic operations... | Vulnerebility blog | Seqrite |
| 15.11.25 | APT PROFILE – BRONZE BUTLER | BRONZE BUTLER, also known as Tick or REDBALDKNIGHT, is a sophisticated and persistent cyber espionage group believed to originate from China. The group primarily targets Japanese | APT blog | Cyfirma |
| 15.11.25 | Security brief: VenomRAT is defanged | VenomRAT is a commodity remote access trojan (RAT) used by multiple cybercriminal threat actors. Around since 2020 but first observed in Proofpoint data in 2022, VenomRAT was used most frequently by the hotel and hospitality targeting threat actor TA558. The malware is based on the open-source malware Quasar RAT. VenomRAT is essentially a clone of Quasar RAT with some extra components bolted on from other sources. | Malware blog | PROOFPOINT |
| 15.11.25 | Operation Endgame Quakes Rhadamanthys | Rhadamanthys is a prominent malware observed since 2022, used by multiple cybercriminal threat actors. | Malware blog | PROOFPOINT |
| 15.11.25 | Crossed wires: a case study of Iranian espionage and attribution | Between June and August 2025, Proofpoint began tracking a previously unidentified threat actor dubbed UNK_SmudgedSerpent targeting academics and foreign policy experts. | BigBrother blog | PROOFPOINT |
| 15.11.25 | Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics | In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data. | Malware blog | Trend Micro |
| 15.11.25 | Covert AutoIt Campaign Delivering Infostealers and RATs | Recently, the SonicWall Capture Labs threat research team has identified a new campaign delivering infostealer payloads using malicious AutoIt scripts along with the AutoIt interpreter. The campaign was observed delivering various payloads including Snake Stealer, XWorm, and Remcos RAT. | Malware blog | SonicWall |
| 15.11.25 | A Look At RondoDox ARM Malware | This week, the SonicWall Capture Labs Threat Research Team analyzed a sample of RondoDox, a Linux botnet infector. This malware is often paired with Mirai, and once installed on a victim system, it accepts C2 commands and can perform system reconnaissance while joining botnet DDoS activities. It has several methods of evading detection along with anti-debugging capabilities. | Malware blog | SonicWall |
| 15.11.25 | Microsoft Security Bulletin Coverage for November 2025 | Microsoft’s November 2025 Patch Tuesday has 63 vulnerabilities, of which 29 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2025 and has produced coverage for 5 of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 15.11.25 | Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236) | The SonicWall Capture Labs threat research team became aware of an Improper Input Validation Vulnerability in Adobe Commerce and Magento Open-Source Platforms, assessed its impact and developed mitigation measures. Adobe Commerce and Magento Open-Source Platforms are e-commerce platforms that empower businesses to scale efficiently. Expanding on the trusted foundation of Magento, Adobe Commerce offers enterprise scale and performance, modern, API-first development, and seamless integration. | Vulnerebility blog | SonicWall |
| 15.11.25 | Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE | The SonicWall Capture Labs threat research team would like to highlight the vulnerability listed under CVE-2024-9916, as it remains unpatched and poses a potential risk to customer environments. Below is an analysis of the vulnerability itself, along with the mitigation measures against exploits that may target this vulnerability. | Vulnerebility blog | SonicWall |
| 15.11.25 | You Thought It Was Over? Authentication Coercion Keeps Evolving | Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system. | Security blog | Palo Alto |
| 15.11.25 | The State of Ransomware – Q3 2025 | Record fragmentation and decentralization: The number of active extortion groups in Q3 2025 rose to a record of 85 groups, the highest number observed to date. The top 10 groups accounted only for 56% of all published victims, down from 71% in Q1. | Ransom blog | CHECKPOINT |
| 15.11.25 | Unleashing the Kraken ransomware group | In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. | Ransom blog | CISCO TALOS |
| 15.11.25 | Viasat and the terrible, horrible, no good, very bad day | In this week’s newsletter, Amy recounts her journey from Halloween festivities to unraveling the story of the 2022 Viasat satellite hack, with plenty of cybersecurity surprises along the way. | Hacking blog | CISCO TALOS |
| 15.11.25 | How password managers can be hacked – and how to stay safe | Hacking blog | Eset | |
| 15.11.25 | Why shadow AI could be your biggest security blind spot | From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company | AI blog | Eset |
| 15.11.25 | How Trellix Helix detects AS-REP Roasting in Active Directory | Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory (AD) accounts with Kerberos pre-authentication disabled, a misconfiguration that exposes credentials to offline brute force attacks. | Hacking blog | Trelix |
| 15.11.25 | Dark Web Roast - October 2025 Edition | Welcome to October 2025, where the cybercrime underground has officially become more absurd than a fever dream. | Cyber blog | Trelix |
| 8.11.25 | How PowerShell Gallery simplifies attacks | PowerShell Gallery’s Install-Module command presents one key link in the kill chain of a possible attack. | Hacking blog | REVERSINGLABS |
| 8.11.25 | China-linked Actors Maintain Focus on Organizations Influencing U.S. Policy | Recent compromise of a non-profit organization reflects continued interest in U.S. policy. | APT blog | SECURITY.COM |
| 8.11.25 | Mastering DORA’s Five Pillars with Preemptive Cyber Defense | The Digital Operational Resilience Act (DORA) represents a paradigm shift for the EU’s financial sector. No longer is a reactive security posture enough. DORA mandates a comprehensive, proactive, and testable framework for managing ICT risk and ensuring digital operational resilience. | Cyber blog | Silent Push |
| 8.11.25 | Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare for those challenges. | Cyber blog | Google Threat Intelligence | |
| 8.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience | Cyber blog | Google Threat Intelligence | |
| 8.11.25 | Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individuals in the digital advertising and marketing sectors. | APT blog | Google Threat Intelligence | |
| 8.11.25 | Key Highlights XLoader 8.0 malware is one of the most evasive and persistent information stealers ... | Malware blog | CHECKPOINT | |
| 8.11.25 | Trust alone isn’t a security strategy. That’s the key lesson from new research by Check ... | Exploit blog | CHECKPOINT | |
| 8.11.25 | Introduction Over the past few months, we identified an emerging online threat that combines fraud, ... | AI blog | CHECKPOINT | |
| 8.11.25 | Australia Strengthens Regional Cyber Partnerships to Bolster Security Across the Asia-Pacific | Australia, through ACSC and Cyber Affairs and Critical Technology, strengthens Asia-Pacific cybersecurity via PaCSON, APCERT, and regional threat-sharing initiatives. | BigBrother blog | Cyble |
| 8.11.25 | South Africa Launches Pilot for Secure Data Exchange Among Government Agencies | South Africa’s MzansiXchange initiative, led by the National Treasury, is pioneering secure data exchange across government. | BigBrother blog | Cyble |
| 8.11.25 | Software Supply Chain Attacks Surge to Record High in October 2025 | Software supply chain attacks in October were 32% above previous records, according to Cyble data. | Hacking blog | Cyble |
| 8.11.25 | The Week in Vulnerabilities: Cyble Urges Apache, Microsoft Fixes | This week’s vulnerability report examines 15 IT and ICS flaws at high risk of exploitation by threat actors. | Vulnerebility blog | Cyble |
| 8.11.25 | Securing India’s Financial Future: Why the DPDP Act is a Game-Changer for BFSI | India’s Banking, Financial Services, and Insurance (BFSI) industry stands at the intersection of innovation and risk. From UPI and digital wallets to AI-based lending and predictive underwriting, digital transformation is no longer a differentiator — it’s the operating model. | Cyber blog | Seqrite |
| 8.11.25 | Operation Peek-a-Baku: Silent Lynx APT makes sluggish shift to Dushanbe | Introduction Timeline Key Targets. Industries Affecte d. Geographical Focus. Infection Chain. Initial Findings. Technical Analysis. Campaign – I The LNK Way. Malicious SILENT LOADER Malicious LAPLAS Implant – TCP & TLS. Malicious .NET Implant – SilentSweeper Campaign –.. | APT blog | Seqrite |
| 8.11.25 | TRACKING RANSOMWARE : OCTOBER 2025 | EXECUTIVE SUMMARY In October 2025, ransomware activity surged globally, marking a significant resurgence after a period of mid-year stability. Victim counts climbed to 738, | Ransom blog | Cyfirma |
| 8.11.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products D-Link | Tenda | Jira Increase in | Vulnerebility blog | Cyfirma |
| 8.11.25 | Rising Cyber Threats to Rwanda : Hacktivists and Data Breaches | EXECUTIVE SUMMARY Between January and October 2025, Rwanda’s government infrastructure experienced a series of coordinated cyber incidents involving data leaks, credential | Cyber blog | Cyfirma |
| 8.11.25 | Cyber Threat Landscape – The United Republic of Tanzania | EXECUTIVE SUMMARY Tanzania’s cyber threat landscape has escalated in 2025, reflecting its growing digital transformation, expanding telecom sector, and increasing reliance on online platforms for governance, commerce, and public services.… | Cyber blog | Cyfirma |
| 8.11.25 | Survey of AFCEA Attendees Shows Government Shutdown Has Major Impact on Cybersecurity Readiness | The results are in from the Eclypsium survey of over 100 government employees and affiliated entities about cybersecurity risk to the U.S. Federal government and Department of Defense. | Cyber blog | Eclypsium |
| 8.11.25 | The Future of F5 Risk In The Enterprise | The major F5 security incident disclosed on October 15 is still sending ripples (or tsunamis) through the enterprises and governments worldwide. While F5 has issued patches for 44 vulnerabilities that were leaked to attackers during the breach, major concerns still linger about undiscovered or undisclosed risks to F5’s customers. | Cyber blog | Eclypsium |
| 8.11.25 | Crossed wires: a case study of Iranian espionage and attribution | In June, Proofpoint Threat Research began investigating a benign email discussing economic uncertainty and domestic political unrest in Iran. While coinciding with the escalations in the Iran-Israel conflict, there was no indication that the observed activity was directly correlated with Israel’s attacks on Iranian nuclear facilities or Iran’s actions in response. | BigBrother blog | PROOFPOINT |
| 8.11.25 | Insiders, AI, and data sprawl converge: essential insights from the 2025 Data Security Landscape report | Data security is at a critical inflection point. Organizations today are struggling with explosive data growth, sprawling IT environments, persistent insider risks, and the adoption of generative AI (GenAI). What’s more, the rapid emergence of AI agents is giving rise to a new, more complex agentic workspace, where both humans and agents interact with sensitive data. | AI blog | PROOFPOINT |
| 8.11.25 | Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint is tracking a cluster of cybercriminal activity that targets trucking and logistics companies and infects them with RMM tooling for financial gain. Based on our ongoing investigations paired with open-source information, Proofpoint assesses with high confidence that the threat actors are working with organized crime groups to compromise entities in the surface transportation industry — in particular trucking carriers and freight brokers — to hijack cargo freight, leading to the theft of physical goods. | Cyber blog | PROOFPOINT |
| 8.11.25 | SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. | AI blog | Microsoft blog |
| 8.11.25 | LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices | Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple mobile platforms. | Malware blog | Palo Alto |
| 8.11.25 | Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management | Cyber threat intelligence is often touted as a way to help defend an organization's IT environment. If we better understand the threats that might target our networks, we can better defend ourselves against those threats. This is true, but threat intelligence is only effective if an organization also properly manages its IT assets. | Cyber blog | Palo Alto |
| 8.11.25 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) | On Oct. 14, 2025, a critical, unauthenticated remote code execution (RCE) vulnerability was identified in Microsoft's Windows Server Update Services (WSUS), a core enterprise component for patch management | Vulnerebility blog | Palo Alto |
| 8.11.25 | Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed | Check Point Research uncovered four vulnerabilities in Microsoft Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video and audio calls. | Exploit blog | CHECKPOINT |
| 8.11.25 | Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure | Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025. | Vulnerebility blog | CHECKPOINT |
| 8.11.25 | Beating XLoader at Speed: Generative AI as a Force Multiplier for Reverse Engineering | XLoader remains one of the most challenging malware families to analyze. Its code decrypts only at runtime and is protected by multiple layers of encryption, each locked with a different key hidden somewhere else in the binary. Even sandboxes are no help: evasions block malicious branches, and the real C2 (command and control) domains are buried among dozens of fakes. With new versions released faster than researchers can investigate, analysis is almost always a (losing) race against time. | AI blog | CHECKPOINT |
| 8.11.25 | Do robots dream of secure networking? Teaching cybersecurity to AI systems | This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. | AI blog | CISCO TALOS |
| 8.11.25 | Remember, remember the fifth of November | This edition, Hazel explores the origins of Guy Fawkes Day and how heeding an anonymous warning prevented an assassination. | Cyber blog | CISCO TALOS |
| 8.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Hacking blog | CISCO TALOS |
| 8.11.25 | In memoriam: David Harley | Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security | Cyber blog | Eset |
| 8.11.25 | The who, where, and how of APT attacks in Q2 2025–Q3 2025 | ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report | APT blog | Eset |
| 8.11.25 | ESET APT Activity Report Q2 2025–Q3 2025 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 | APT blog | Eset |
| 8.11.25 | Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming | How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data | Social blog | Eset |
| 8.11.25 | How social engineering works | Unlocked 403 cybersecurity podcast (S2E6) | Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead | Cyber blog | Eset |
| 8.11.25 | Ground zero: 5 things to do after discovering a cyberattack | When every minute counts, preparation and precision can mean the difference between disruption and disaster | Cyber blog | Eset |
| 8.11.25 | Tycoon 2FA Phishing Kit Analysis | In this Threat Alert, Cybereason analyzes Tycoon 2FA phishing kit, a sophisticated phishing-as-a-service platform designed to bypass two-factor authentication. | Phishing blog | Cybereason |
| 8.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 1.11.25 | Tracking an evolving Discord-based RAT family | RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules. | Malware blog | REVERSINGLABS |
| 1.11.25 | Ukrainian organizations still heavily targeted by Russian attacks | Attackers are gaining access using a custom, Sandworm-linked webshell and are making heavy use of Living-off-the-Land tactics to maintain persistent access. | BigBrother blog | SECURITY.COM |
| 1.11.25 | BRONZE BUTLER exploits Japanese asset management software vulnerability | The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932) | APT blog | SOPHOS |
| 1.11.25 | Cloud Abuse at Scale | FortiGuard Labs analyzes TruffleNet, a large-scale campaign abusing AWS SES with stolen credentials and linked to Business Email Compromise (BEC). | Spam blog | FORTINET |
| 1.11.25 | Stolen Credentials and Valid Account Abuse Remain Integral to Financially Motivated Intrusions | FortiGuard IR analysis of H1 2025 shows financially motivated actors increasingly abusing valid accounts and legitimate remote access tools to bypass detection, emphasizing the need for identity-centric defenses. | Hacking blog | FORTINET |
| 1.11.25 | Silent Push Unearths AdaptixC2's Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads | Silent Push Threat Analysts have uncovered threat actors using AdaptixC2, a free and open-source Command and Control (C2) framework commonly used by penetration testers, to deliver malicious payloads. | Hacking blog | Silent Push |
| 1.11.25 | Silent Push 2026 Predictions | The Silent Push Threat Intelligence team discussed what we see as some of the greatest threats and motivators the global community will encounter in the New Year. Here are our 2026 predictions: | Security blog | Silent Push |
| 1.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience. | Security blog | Google Threat Intelligence | |
| 1.11.25 | A new ideologically-motivated threat actor has emerged and growing technical capabilities: Hezi Rash. This Kurdish ... | APT blog | CHECKPOINT | |
| 1.11.25 | Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector | Military-themed lure targeting using weaponized ZIPs and hidden tunneling infrastructure | Malware blog | Cyble |
| 1.11.25 | Hacktivist Attacks on Critical Infrastructure Surge: Cyble Report | Hacktivist attacks on industrial control systems (ICS) nearly doubled over the course of the third quarter. | Hacking blog | Cyble |
| 1.11.25 | The Week in Vulnerabilities: Oracle, Microsoft & Adobe Fixes Urged by Cyble | Critical vulnerabilities from Oracle, Microsoft and Adobe are just a few of the flaws meriting high-priority attention by security teams. | Vulnerebility blog | Cyble |
| 1.11.25 | When Money Moves, Hackers Follow: Europe’s Financial Sector Under Siege | Europe’s BFSI sector faces growing deepfake and ransomware threats. CISOs focus on intelligence, resilience, and rapid response to stay ahead. | Ransom blog | Cyble |
| 1.11.25 | APT-C-60 Escalates SpyGlace Campaigns Targeting Japan with Evolved Malware, Advanced Evasion TTPs | APT-C-60 intensified operations against Japanese organizations during Q3 2025, deploying three updated SpyGlace backdoor versions with refined tracking mechanisms, modified encryption, and sophisticated abuse of GitHub, StatCounter, and Git for stealthy malware distribution. | APT blog | Cyble |
| 1.11.25 | From Human-Led to AI-Driven: Why Agentic AI Is Redefining Cybersecurity Strategy | Agentic AI marks the next leap in cybersecurity—autonomous systems that detect, decide, and act in real time, transforming how organizations defend against threats. | AI blog | Cyble |
| 1.11.25 | Operation SkyCloak: Tor Campaign targets Military of Russia & Belarus | Authors: Sathwik Ram Prakki and Kartikkumar Jivani Contents Introduction Key Targets Industries Geographical Focus Infection and Decoys Technical Analysis PowerShell Stage Persistence Configuration Infrastructure and Attribution Conclusion SEQRITE Protection IOCs MITRE ATT&CK Introduction SEQRITE Labs has identified a campaign... | Hacking blog | Seqrite |
| 1.11.25 | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application packages (APKs) | Malware blog | Cyfirma |
| 1.11.25 | AI Security: NVIDIA BlueField Now with Vision One™ | Launching at NVIDIA GTC 2025 - Transforming AI Security with Trend Vision One™ on NVIDIA BlueField | AI blog | Trend Micro |
| 1.11.25 | Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C | Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines. | Hacking blog | Trend Micro |
| 1.11.25 | Oracle E-Business Suite Under Siege: Active Exploitation of Dual Zero-Days | The SonicWall Capture Labs threat research team became aware of multiple remote code execution vulnerabilities in Oracle E-Business Suite, assessed their impact and developed mitigation measures. | Exploit blog | SonicWall |
| 1.11.25 | HijackLoader Delivered via SVG files | The SonicWall Capture Labs threat research team has recently been monitoring new variants of the HijackLoader malware that are being delivered through SVG files. | Malware blog | SonicWall |
| 1.11.25 | Bots, Bread and the Battle for the Web | Meet Sarah, an artisanal baker who opens Sarah’s Sourdough. To improve her search engine optimization (SEO), she builds a beautiful website and shares authentic baking content. | BotNet blog | Palo Alto |
| 1.11.25 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack | We have discovered a new Windows-based malware family we've named Airstalk, which is available in both PowerShell and .NET variants. We assess with medium confidence that a possible nation-state threat actor used this malware in a likely supply chain attack. We have created the threat activity cluster CL-STA-1009 to identify and track any further related activity. | Hacking blog | Palo Alto |
| 1.11.25 | When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems | We discovered a new attack technique, which we call agent session smuggling. This technique allows a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent. | AI blog | Palo Alto |
| 1.11.25 | Cybersecurity on a budget: Strategies for an economic downturn | This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts. | Cyber blog | CISCO TALOS |
| 1.11.25 | Trick, treat, repeat | Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. | Vulnerebility blog | CISCO TALOS |
| 1.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Cyber blog | CISCO TALOS |
| 1.11.25 | Uncovering Qilin attack methods exposed through multiple cases | Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence. | Ransom blog | CISCO TALOS |
| 1.11.25 | Think passwordless is too complicated? Let's clear that up | We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. | Cyber blog | CISCO TALOS |
| 1.11.25 | Strings in the maze: Finding hidden strengths and gaps in your team | In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats. | Cyber blog | CISCO TALOS |
| 1.11.25 | This month in security with Tony Anscombe – October 2025 edition | From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now | Social blog | Eset |
| 1.11.25 | Fraud prevention: How to help older family members avoid scams | Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically | Spam blog | Eset |
| 1.11.25 | Cybersecurity Awareness Month 2025: When seeing isn't believing | Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams | Security blog | Eset |
| 1.11.25 | Recruitment red flags: Can you spot a spy posing as a job seeker? | Security blog | Eset | |
| 1.11.25 | How MDR can give MSPs the edge in a competitive market | With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs | Security blog | Eset |
| 1.11.25 | From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations | In this Threat Analysis Report, investigates the flow of a Tangerine Turkey campaign | Hacking blog | Cybereason |
| 1.11.25 | The Bug Report - October 2025 Edition | October's cybersecurity horror show is here! Zero-days in WSUS (CVE-2025-59287) and SessionReaper (Adobe) are under active attack. Patch these RCE and LPE monsters now or risk full possession of your network. | Vulnerebility blog | Trelix |
| 29.11.25 | ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab | ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint. | BotNet blog | FORTINET |
| 29.11.25 | Cyberthreats Targeting the 2025 Holiday Season: What CISOs Need to Know | Cybercriminal activity is surging ahead of the 2025 holiday season. Deceptive domains, stolen accounts, and e-commerce attacks are accelerating. Here’s what leaders need to know. | Cyber blog | FORTINET |
| 29.11.25 | Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks | Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access to victim networks. | APT blog | Google Threat Intelligence |
| 29.11.25 | How attackers infiltrated the npm ecosystem, what Check Point researchers uncovered, and how organizations can | Hacking blog | CHECKPOINT | |
| 29.11.25 | Check Point researchers uncover a large-scale Android adware campaign that silently drains resources and disrupts ... | Malware blog | CHECKPOINT | |
| 29.11.25 | The Week in Vulnerabilities: Cyble Urges Fortinet, Microsoft Fixes | We look at 15 high-priority IT and ICS vulnerabilities – 7 of which are under discussion by threat actors on the dark web. | Vulnerebility blog | Cyble |
| 29.11.25 | RelayNFC: The New NFC Relay Malware Targeting Brazil | CRIL uncovers RelayNFC, a malware leveraging Near-Field Communication (NFC) to intercept and relay contactless payment data. | Malware blog | Cyble |
| 29.11.25 | How Cyble is Empowering European Enterprises with AI-Powered Threat Intelligence | Europe’s cyber threat landscape is escalating fast, driven by ransomware, data leaks, and state-backed actors, marking 2025 as a decisive turning point. | AI blog | Cyble |
| 29.11.25 | Australia Releases 2025 Implementation Plan to Advance National Data and Digital Transformation | Australia’s 2025 Implementation Plan drives progress in AI, data, service delivery and cybersecurity to strengthen the nation’s digital future. | BigBrother blog | Cyble |
| 29.11.25 | The Week in Vulnerabilities: 3 Microsoft Flaws Among High-Priority Fixes | Cyble researchers tracked 971 vulnerabilities this week, with 60 rated critical . Key threats include a 9.8-severity Microsoft GDI+ heap buffer overflow, Firefox sandbox escape, QNAP SQL injection, and five CISA KEV additions. | Vulnerebility blog | Cyble |
| 29.11.25 | Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams. | Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams. Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – Pseudo-Polyglot... | APT blog | Seqrite |
| 29.11.25 | NORTH KOREAN CYBER CRIME AS A STATECRAFT TOOL | INTRODUCTION Russia’s March 2024 veto of the renewal of the UN Panel of Experts on North Korea ended 15 years of unanimous Security Council support for the sole independent | APT blog | Cyfirma |
| 29.11.25 | The Large-Scale AI-Powered Cyberattack : Strategic Assessment & Implications | Executive Summary In September 2025, the cybersecurity landscape crossed a pivotal threshold with the first widely verified case of an AI-powered, largely autonomous cyber- | AI blog | Cyfirma |
| 29.11.25 | CYFIRMA INDUSTRY REPORT : TELECOMMUNICATIONS & MEDIA | INTRODUCTION CYFIRMA’s ongoing threat monitoring has identified Tycoon 2FA as one of the most advanced and actively deployed Phishing-as-a-Service (PhaaS) platforms | Phishing blog | Cyfirma |
| 29.11.25 | Triofox Unauthenticated Access Control Vulnerability (CVE-2025-12480) | The SonicWall Capture Labs threat research team became aware of an Improper Access Control Vulnerability in Gladinet Triofox, assessed its impact, and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 29.11.25 | Underground Sharp Infostealer Dev Sells Modded Gremlin Source Code | The SonicWall Capture Labs Threat Research Team has recently been tracking infostealer malware stemming from the Sharp malware family. While analyzing a variant of Sharp infostealer, we came across a reference to a Telegram channel that leads to a person claiming to be the developer of this malware. | Malware blog | SonicWall |
| 29.11.25 | The Dual-Use Dilemma of AI: Malicious LLMs | A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. | AI blog | Palo Alto |
| 29.11.25 | "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) | Unit 42 researchers investigated a renewed npm-focused compromise, in a campaign dubbed Shai-Hulud 2.0. This was first reported in early November 2025. | Malware blog | Palo Alto |
| 29.11.25 | The Golden Scale: 'Tis the Season for Unwanted Gifts | In October 2025, we published two Insights blogs on threat activity affiliated with the cybercriminal alliance known as Scattered LAPSUS$ Hunters (SLSH). After a few weeks of apparent inactivity, the threat actors have returned with a vengeance based on open-source reporting and conversations obtained from a new Telegram channel (scattered LAPSUS$ hunters part 7). | Hacking blog | Palo Alto |
| 29.11.25 | Care that you share | This holiday season, as teams run lean and cyber threats rise, being open with what — and how — you share can protect both information and relationships. | Cyber blog | CISCO TALOS |
| 29.11.25 | Bill Largent: On epic reads, lifelong learning, and empathy | Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. | Cyber blog | CISCO TALOS |
| 29.11.25 | Do robots dream of secure networking? Teaching cybersecurity to AI systems | This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. | AI blog | CISCO TALOS |
| 29.11.25 | Dell ControlVault, Lasso, GL.iNet vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX. The vulnerabilities men | Vulnerebility blog | CISCO TALOS |
| 29.11.25 | This month in security with Tony Anscombe – November 2025 edition | Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news | Cyber blog | Eset |
| 29.11.25 | What parents should know to protect their children from doxxing | Cyber blog | Eset | |
| 29.11.25 | Influencers in the crosshairs: How cybercriminals are targeting content creators | Cyber blog | Eset | |
| 29.11.25 | MDR is the answer – now, what’s the question? | Why your business needs the best-of-breed combination of technology and human expertise | Cyber blog | Eset |
| 29.11.25 | Analysis of a Large-Scale DDoS Attack Against a Payment Processing Platform | On Saturday, September 13, 2025, a major Distributed Denial-of-Service (DDoS) attack targeted a European payment processing platform, prompting response and mitigation efforts by the F5 Security Operations Center (SOC). | Attack blog | F5 LABS |
| 29.11.25 | The State of Post-Quantum Cryptography (PQC) on the Web | We analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web. | Cyber blog | F5 LABS |
| 29.11.25 | Fallacy Failure Attack | Welcome to our AI Security Insights for November 2025. These insights are drawn from F5 Labs’ Comprehensive AI Security Index (CASI) and Agentic Resistance Scoring (ARS), which together provide rigorous, empirical measurement of model security and agentic attack resilience. | Attack blog | F5 LABS |
| 22.11.25 | Arms Race: AI's Impact on Cybersecurity | New whitepaper explores how both attackers and defenders are using the latest AI technologies to achieve their goals. | AI blog | SECURITY.COM |
| 22.11.25 | Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites | Prolific threat actor delivering RMM packages using variety of lures, including seasonal party invites | Cyber blog | SECURITY.COM |
| 22.11.25 | Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence | Social blog | SOPHOS | |
| 22.11.25 | CISA’s New Guidance on Bulletproof Hosting: Why It Matters and What Comes Next | The Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. government agency responsible for protecting the nation’s critical infrastructure from cyber and physical threats. CISA works with public and private sector partners to improve resilience, share threat intelligence, and coordinate national-level cyber defense efforts. | Cyber blog | Silent Push |
| 22.11.25 | How Preemptive Cyber Defence Supports the UK's ACD Strategy | UK organisations are expanding their digital footprint, but reliance on reactive security is leaving them exposed. To align with the NCSC’s Active Cyber Defence (ACD) strategy, teams must shift to preemptive defence. | Cyber blog | Silent Push |
| 22.11.25 | Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group (GTIG) has identified a shift that occurred within the last year: adversaries are no longer leveraging artificial intelligence (AI) just for productivity gains, they are deploying novel AI-enabled malware in active operations. This marks a new operational phase of AI abuse, involving tools that dynamically alter behavior mid-execution. | AI blog | Google Threat Intelligence | |
| 22.11.25 | Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PRC)-nexus threat actor. Spanning three years, APT24 has been deploying BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access to victim networks. | APT blog | Google Threat Intelligence | |
| 22.11.25 | The global appetite for GLP-1 medications like Ozempic, Wegovy and Mounjaro have created something far ... | AI blog | CHECKPOINT | |
| 22.11.25 | Key findings Malicious activity is rising, with 1 in 11 newly registered Black Friday themed ... | Cyber blog | CHECKPOINT | |
| 22.11.25 | Australia Releases 2025 Implementation Plan to Advance National Data and Digital Transformation | Australia’s 2025 Implementation Plan drives progress in AI, data, service delivery and cybersecurity to strengthen the nation’s digital future. | Cyber blog | Cyble |
| 22.11.25 | The Week in Vulnerabilities: 3 Microsoft Flaws Among High-Priority Fixes | Cyble researchers tracked 971 vulnerabilities this week, with 60 rated critical . Key threats include a 9.8-severity Microsoft GDI+ heap buffer overflow, Firefox sandbox escape, QNAP SQL injection, and five CISA KEV additions. | Vulnerebility blog | Cyble |
| 22.11.25 | Tycoon 2FA: A Technical Analysis of its Adversary-in-the-Middle Phishing Operation | INTRODUCTION CYFIRMA’s ongoing threat monitoring has identified Tycoon 2FA as one of the most advanced and actively deployed Phishing-as-a-Service (PhaaS) platforms | Phishing blog | Cyfirma |
| 22.11.25 | Rising Cybercrime During Black Friday & Cyber Monday : A 2025 Threat Intelligence Report | EXECUTIVE SUMMARY As the festive shopping season approaches, Black Friday and Cyber Monday bring a significant surge in online sales and, with it, a sharp increase in | Cyber blog | Cyfirma |
| 22.11.25 | OWASP Update Elevates Software Supply Chain and Misconfiguration Risk | The reputable and widely used Open Web Application Security Project (OWASP) Top 10 list just got its 8th update, and first update since 2021. One major and welcome change is that supply chain security has gone from not being a category at all to being the number three spot on the list. OWASP is shaking things up in other ways too, with one other new risk category and one consolidation. | Cyber blog | Eclypsium |
| 22.11.25 | Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses | In this blog entry, Trend™ Research explores how ransomware actors are shifting their focus to cloud-based assets, including the tactics used to compromise business-critical data in AWS environments. | Ransom blog | Trend Micro |
| 22.11.25 | Trend & AWS Partner on Cloud IPS: One-Click Protection | In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control. | Cyber blog | Trend Micro |
| 22.11.25 | Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise | Unit 42 recently assisted a global data storage and infrastructure company that experienced a destructive ransomware attack. This attack was orchestrated by Howling Scorpius, the distributors of Akira ransomware. What began with a single click on what appeared to be a routine website CAPTCHA evolved into a 42-day (yes, we see the irony, too!) compromise that exposed critical gaps. | Ransom blog | Palo Alto |
| 22.11.25 | It’s not personal, it’s just business | Martin muses on how agentic AI is bringing efficiency improvements to the business of cyber crime. | Cyber blog | CISCO TALOS |
| 22.11.25 | Bill Largent: On epic reads, lifelong learning, and empathy | Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. | Cyber blog | CISCO TALOS |
| 22.11.25 | The OSINT playbook: Find your weak spots before attackers do | Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots | Cyber blog | Eset |
| 22.11.25 | PlushDaemon compromises network devices for adversary-in-the-middle attacks | ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks | APT blog | Eset |
| 22.11.25 | What if your romantic AI chatbot can’t keep a secret? | Does your chatbot know too much? Here's why you should think twice before you tell your AI companion everything. | AI blog | Eset |
| 22.11.25 | License to Encrypt: “The Gentlemen” Make Their Move | Cybereason Threat Intelligence Team recently conducted an analysis of "The Gentlemen" ransomware group, which emerged around July 2025 as a ransomware threat actor group with relatively advanced methodologies. | Ransom blog | Cybereason |
| 22.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 22.11.25 | Today’s threat landscape demands a proactive OT security strategy | OT is increasingly targeted by cybercriminals, making it essential for organizations to prioritize proactive OT security defense. | Security blog | Trelix |
| 20.11.25 | New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare | The line between cyber warfare and traditional kinetic operations is rapidly blurring. Recent investigations by Amazon threat intelligence teams have uncovered a new trend that they’re calling cyber-enabled kinetic targeting in which nation-state threat actors systematically use cyber operations to enable and enhance physical operations. | APT blog | AWS |
| 18.11.25 | Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem | Last year, Mandiant published a blog post highlighting suspected Iran-nexus espionage activity targeting the aerospace, aviation, and defense industries in the Middle East. In this follow-up post, Mandiant discusses additional tactics, techniques, and procedures (TTPs) observed in incidents Mandiant has responded to. | APT blog | Google Threat Intelligence |
| 16.11.25 | Amazon discovers APT exploiting Cisco and Citrix zero-days | The Amazon threat intelligence teams have identified an advanced threat actor exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems. | APT blog | AWS |
| 15.11.25 | Advanced Threat Hunting: Four Techniques to Detect Phishing Infrastructure Before it Strikes | In cyber defense, reacting to a phishing attack means you’re already one step behind. A phishing email in an inbox is the end result of a long chain of attacker activity. The real win isn’t just analyzing the phish; it’s finding the infrastructure it came from before the attack is even launched using a proactive threat hunting model. | Phishing blog | Silent Push |
| 15.11.25 | The prevalence of obfuscation and multi-stage layering in today’s malware often forces analysts into tedious and manual debugging sessions. For instance, the primary challenge of analyzing pervasive commodity stealers like AgentTesla isn’t identifying the malware, but quickly cutting through the obfuscated delivery chain to get to the final payload. | Malware blog | Google Threat Intelligence | |
| 15.11.25 | Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. This now-patched n-day vulnerability, assigned CVE-2025-12480, allowed an attacker to bypass authentication and access the application configuration pages, enabling the upload and execution of arbitrary payloads. | Vulnerebility blog | Google Threat Intelligence | |
| 15.11.25 | Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare for those challenges. | Cyber blog | Google Threat Intelligence | |
| 15.11.25 | Global Overview In October 2025, the global volume of cyber attacks continued its upward trajectory. ... | Ransom blog | CHECKPOINT | |
| 15.11.25 | Cyber threats don’t always come with warning signs. Sometimes, they arrive as sponsored ads. Since .. | Hacking blog | CHECKPOINT | |
| 15.11.25 | Germany Urges Attack Surface Management Adoption as Routinely as Antivirus Protection | Germany’s Threat Landscape is growing at an unprecedented pace with attack surfaces expanding, APT actors dominating, and SMEs bearing the brunt of this offense. Here’s what you need to know. | APT blog | Cyble |
| 15.11.25 | October 2025 Attacks Soar 30% as New Groups Redefine the Cyber Battlefield | Near-record ransomware attacks and the rise of new threats like Sinobi highlight the need for rapid detection and response. | Cyber blog | Cyble |
| 15.11.25 | The Week in Vulnerabilities: From IT Systems to Airport Weather Monitoring | Vulnerabilities flagged by Cyble this week cover everything from IT and security products to critical airport weather systems. | Vulnerebility blog | Cyble |
| 15.11.25 | Multi-Brand themed Phishing Campaign Harvests Credentials via Telegram Bot API | CRIL analyzed an active phishing campaign leveraging HTML-based Telegram bot credential harvesters designed to mimic multiple prominent brands | Phishing blog | Cyble |
| 15.11.25 | Redis 8.2.2: Hardening the Lua Engine Against Four Critical Vulnerabilities | Introduction Redis is an open-source, in-memory data store widely used as a cache, message broker, and high-performance NoSQL database. It offers rich data structures like strings, hashes, lists, sets, sorted sets, bitmaps, HyperLogLogs, and streams, backed by atomic operations... | Vulnerebility blog | Seqrite |
| 15.11.25 | APT PROFILE – BRONZE BUTLER | BRONZE BUTLER, also known as Tick or REDBALDKNIGHT, is a sophisticated and persistent cyber espionage group believed to originate from China. The group primarily targets Japanese | APT blog | Cyfirma |
| 15.11.25 | Security brief: VenomRAT is defanged | VenomRAT is a commodity remote access trojan (RAT) used by multiple cybercriminal threat actors. Around since 2020 but first observed in Proofpoint data in 2022, VenomRAT was used most frequently by the hotel and hospitality targeting threat actor TA558. The malware is based on the open-source malware Quasar RAT. VenomRAT is essentially a clone of Quasar RAT with some extra components bolted on from other sources. | Malware blog | PROOFPOINT |
| 15.11.25 | Operation Endgame Quakes Rhadamanthys | Rhadamanthys is a prominent malware observed since 2022, used by multiple cybercriminal threat actors. | Malware blog | PROOFPOINT |
| 15.11.25 | Crossed wires: a case study of Iranian espionage and attribution | Between June and August 2025, Proofpoint began tracking a previously unidentified threat actor dubbed UNK_SmudgedSerpent targeting academics and foreign policy experts. | BigBrother blog | PROOFPOINT |
| 15.11.25 | Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics | In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data. | Malware blog | Trend Micro |
| 15.11.25 | Covert AutoIt Campaign Delivering Infostealers and RATs | Recently, the SonicWall Capture Labs threat research team has identified a new campaign delivering infostealer payloads using malicious AutoIt scripts along with the AutoIt interpreter. The campaign was observed delivering various payloads including Snake Stealer, XWorm, and Remcos RAT. | Malware blog | SonicWall |
| 15.11.25 | A Look At RondoDox ARM Malware | This week, the SonicWall Capture Labs Threat Research Team analyzed a sample of RondoDox, a Linux botnet infector. This malware is often paired with Mirai, and once installed on a victim system, it accepts C2 commands and can perform system reconnaissance while joining botnet DDoS activities. It has several methods of evading detection along with anti-debugging capabilities. | Malware blog | SonicWall |
| 15.11.25 | Microsoft Security Bulletin Coverage for November 2025 | Microsoft’s November 2025 Patch Tuesday has 63 vulnerabilities, of which 29 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2025 and has produced coverage for 5 of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 15.11.25 | Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236) | The SonicWall Capture Labs threat research team became aware of an Improper Input Validation Vulnerability in Adobe Commerce and Magento Open-Source Platforms, assessed its impact and developed mitigation measures. Adobe Commerce and Magento Open-Source Platforms are e-commerce platforms that empower businesses to scale efficiently. Expanding on the trusted foundation of Magento, Adobe Commerce offers enterprise scale and performance, modern, API-first development, and seamless integration. | Vulnerebility blog | SonicWall |
| 15.11.25 | Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE | The SonicWall Capture Labs threat research team would like to highlight the vulnerability listed under CVE-2024-9916, as it remains unpatched and poses a potential risk to customer environments. Below is an analysis of the vulnerability itself, along with the mitigation measures against exploits that may target this vulnerability. | Vulnerebility blog | SonicWall |
| 15.11.25 | You Thought It Was Over? Authentication Coercion Keeps Evolving | Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system. | Security blog | Palo Alto |
| 15.11.25 | The State of Ransomware – Q3 2025 | Record fragmentation and decentralization: The number of active extortion groups in Q3 2025 rose to a record of 85 groups, the highest number observed to date. The top 10 groups accounted only for 56% of all published victims, down from 71% in Q1. | Ransom blog | CHECKPOINT |
| 15.11.25 | Unleashing the Kraken ransomware group | In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. | Ransom blog | CISCO TALOS |
| 15.11.25 | Viasat and the terrible, horrible, no good, very bad day | In this week’s newsletter, Amy recounts her journey from Halloween festivities to unraveling the story of the 2022 Viasat satellite hack, with plenty of cybersecurity surprises along the way. | Hacking blog | CISCO TALOS |
| 15.11.25 | How password managers can be hacked – and how to stay safe | Hacking blog | Eset | |
| 15.11.25 | Why shadow AI could be your biggest security blind spot | From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company | AI blog | Eset |
| 15.11.25 | How Trellix Helix detects AS-REP Roasting in Active Directory | Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory (AD) accounts with Kerberos pre-authentication disabled, a misconfiguration that exposes credentials to offline brute force attacks. | Hacking blog | Trelix |
| 15.11.25 | Dark Web Roast - October 2025 Edition | Welcome to October 2025, where the cybercrime underground has officially become more absurd than a fever dream. | Cyber blog | Trelix |
| 8.11.25 | How PowerShell Gallery simplifies attacks | PowerShell Gallery’s Install-Module command presents one key link in the kill chain of a possible attack. | Hacking blog | REVERSINGLABS |
| 8.11.25 | China-linked Actors Maintain Focus on Organizations Influencing U.S. Policy | Recent compromise of a non-profit organization reflects continued interest in U.S. policy. | APT blog | SECURITY.COM |
| 8.11.25 | Mastering DORA’s Five Pillars with Preemptive Cyber Defense | The Digital Operational Resilience Act (DORA) represents a paradigm shift for the EU’s financial sector. No longer is a reactive security posture enough. DORA mandates a comprehensive, proactive, and testable framework for managing ICT risk and ensuring digital operational resilience. | Cyber blog | Silent Push |
| 8.11.25 | Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare for those challenges. | Cyber blog | Google Threat Intelligence | |
| 8.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience | Cyber blog | Google Threat Intelligence | |
| 8.11.25 | Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individuals in the digital advertising and marketing sectors. | APT blog | Google Threat Intelligence | |
| 8.11.25 | Key Highlights XLoader 8.0 malware is one of the most evasive and persistent information stealers ... | Malware blog | CHECKPOINT | |
| 8.11.25 | Trust alone isn’t a security strategy. That’s the key lesson from new research by Check ... | Exploit blog | CHECKPOINT | |
| 8.11.25 | Introduction Over the past few months, we identified an emerging online threat that combines fraud, ... | AI blog | CHECKPOINT | |
| 8.11.25 | Australia Strengthens Regional Cyber Partnerships to Bolster Security Across the Asia-Pacific | Australia, through ACSC and Cyber Affairs and Critical Technology, strengthens Asia-Pacific cybersecurity via PaCSON, APCERT, and regional threat-sharing initiatives. | BigBrother blog | Cyble |
| 8.11.25 | South Africa Launches Pilot for Secure Data Exchange Among Government Agencies | South Africa’s MzansiXchange initiative, led by the National Treasury, is pioneering secure data exchange across government. | BigBrother blog | Cyble |
| 8.11.25 | Software Supply Chain Attacks Surge to Record High in October 2025 | Software supply chain attacks in October were 32% above previous records, according to Cyble data. | Hacking blog | Cyble |
| 8.11.25 | The Week in Vulnerabilities: Cyble Urges Apache, Microsoft Fixes | This week’s vulnerability report examines 15 IT and ICS flaws at high risk of exploitation by threat actors. | Vulnerebility blog | Cyble |
| 8.11.25 | Securing India’s Financial Future: Why the DPDP Act is a Game-Changer for BFSI | India’s Banking, Financial Services, and Insurance (BFSI) industry stands at the intersection of innovation and risk. From UPI and digital wallets to AI-based lending and predictive underwriting, digital transformation is no longer a differentiator — it’s the operating model. | Cyber blog | Seqrite |
| 8.11.25 | Operation Peek-a-Baku: Silent Lynx APT makes sluggish shift to Dushanbe | Introduction Timeline Key Targets. Industries Affecte d. Geographical Focus. Infection Chain. Initial Findings. Technical Analysis. Campaign – I The LNK Way. Malicious SILENT LOADER Malicious LAPLAS Implant – TCP & TLS. Malicious .NET Implant – SilentSweeper Campaign –.. | APT blog | Seqrite |
| 8.11.25 | TRACKING RANSOMWARE : OCTOBER 2025 | EXECUTIVE SUMMARY In October 2025, ransomware activity surged globally, marking a significant resurgence after a period of mid-year stability. Victim counts climbed to 738, | Ransom blog | Cyfirma |
| 8.11.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products D-Link | Tenda | Jira Increase in | Vulnerebility blog | Cyfirma |
| 8.11.25 | Rising Cyber Threats to Rwanda : Hacktivists and Data Breaches | EXECUTIVE SUMMARY Between January and October 2025, Rwanda’s government infrastructure experienced a series of coordinated cyber incidents involving data leaks, credential | Cyber blog | Cyfirma |
| 8.11.25 | Cyber Threat Landscape – The United Republic of Tanzania | EXECUTIVE SUMMARY Tanzania’s cyber threat landscape has escalated in 2025, reflecting its growing digital transformation, expanding telecom sector, and increasing reliance on online platforms for governance, commerce, and public services.… | Cyber blog | Cyfirma |
| 8.11.25 | Survey of AFCEA Attendees Shows Government Shutdown Has Major Impact on Cybersecurity Readiness | The results are in from the Eclypsium survey of over 100 government employees and affiliated entities about cybersecurity risk to the U.S. Federal government and Department of Defense. | Cyber blog | Eclypsium |
| 8.11.25 | The Future of F5 Risk In The Enterprise | The major F5 security incident disclosed on October 15 is still sending ripples (or tsunamis) through the enterprises and governments worldwide. While F5 has issued patches for 44 vulnerabilities that were leaked to attackers during the breach, major concerns still linger about undiscovered or undisclosed risks to F5’s customers. | Cyber blog | Eclypsium |
| 8.11.25 | Crossed wires: a case study of Iranian espionage and attribution | In June, Proofpoint Threat Research began investigating a benign email discussing economic uncertainty and domestic political unrest in Iran. While coinciding with the escalations in the Iran-Israel conflict, there was no indication that the observed activity was directly correlated with Israel’s attacks on Iranian nuclear facilities or Iran’s actions in response. | BigBrother blog | PROOFPOINT |
| 8.11.25 | Insiders, AI, and data sprawl converge: essential insights from the 2025 Data Security Landscape report | Data security is at a critical inflection point. Organizations today are struggling with explosive data growth, sprawling IT environments, persistent insider risks, and the adoption of generative AI (GenAI). What’s more, the rapid emergence of AI agents is giving rise to a new, more complex agentic workspace, where both humans and agents interact with sensitive data. | AI blog | PROOFPOINT |
| 8.11.25 | Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint is tracking a cluster of cybercriminal activity that targets trucking and logistics companies and infects them with RMM tooling for financial gain. Based on our ongoing investigations paired with open-source information, Proofpoint assesses with high confidence that the threat actors are working with organized crime groups to compromise entities in the surface transportation industry — in particular trucking carriers and freight brokers — to hijack cargo freight, leading to the theft of physical goods. | Cyber blog | PROOFPOINT |
| 8.11.25 | SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. | AI blog | Microsoft blog |
| 8.11.25 | LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices | Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple mobile platforms. | Malware blog | Palo Alto |
| 8.11.25 | Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management | Cyber threat intelligence is often touted as a way to help defend an organization's IT environment. If we better understand the threats that might target our networks, we can better defend ourselves against those threats. This is true, but threat intelligence is only effective if an organization also properly manages its IT assets. | Cyber blog | Palo Alto |
| 8.11.25 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) | On Oct. 14, 2025, a critical, unauthenticated remote code execution (RCE) vulnerability was identified in Microsoft's Windows Server Update Services (WSUS), a core enterprise component for patch management | Vulnerebility blog | Palo Alto |
| 8.11.25 | Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed | Check Point Research uncovered four vulnerabilities in Microsoft Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video and audio calls. | Exploit blog | CHECKPOINT |
| 8.11.25 | Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure | Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025. | Vulnerebility blog | CHECKPOINT |
| 8.11.25 | Beating XLoader at Speed: Generative AI as a Force Multiplier for Reverse Engineering | XLoader remains one of the most challenging malware families to analyze. Its code decrypts only at runtime and is protected by multiple layers of encryption, each locked with a different key hidden somewhere else in the binary. Even sandboxes are no help: evasions block malicious branches, and the real C2 (command and control) domains are buried among dozens of fakes. With new versions released faster than researchers can investigate, analysis is almost always a (losing) race against time. | AI blog | CHECKPOINT |
| 8.11.25 | Do robots dream of secure networking? Teaching cybersecurity to AI systems | This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. | AI blog | CISCO TALOS |
| 8.11.25 | Remember, remember the fifth of November | This edition, Hazel explores the origins of Guy Fawkes Day and how heeding an anonymous warning prevented an assassination. | Cyber blog | CISCO TALOS |
| 8.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Hacking blog | CISCO TALOS |
| 8.11.25 | In memoriam: David Harley | Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security | Cyber blog | Eset |
| 8.11.25 | The who, where, and how of APT attacks in Q2 2025–Q3 2025 | ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report | APT blog | Eset |
| 8.11.25 | ESET APT Activity Report Q2 2025–Q3 2025 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 | APT blog | Eset |
| 8.11.25 | Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming | How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data | Social blog | Eset |
| 8.11.25 | How social engineering works | Unlocked 403 cybersecurity podcast (S2E6) | Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead | Cyber blog | Eset |
| 8.11.25 | Ground zero: 5 things to do after discovering a cyberattack | When every minute counts, preparation and precision can mean the difference between disruption and disaster | Cyber blog | Eset |
| 8.11.25 | Tycoon 2FA Phishing Kit Analysis | In this Threat Alert, Cybereason analyzes Tycoon 2FA phishing kit, a sophisticated phishing-as-a-service platform designed to bypass two-factor authentication. | Phishing blog | Cybereason |
| 8.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 1.11.25 | Tracking an evolving Discord-based RAT family | RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules. | Malware blog | REVERSINGLABS |
| 1.11.25 | Ukrainian organizations still heavily targeted by Russian attacks | Attackers are gaining access using a custom, Sandworm-linked webshell and are making heavy use of Living-off-the-Land tactics to maintain persistent access. | BigBrother blog | SECURITY.COM |
| 1.11.25 | BRONZE BUTLER exploits Japanese asset management software vulnerability | The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932) | APT blog | SOPHOS |
| 1.11.25 | Cloud Abuse at Scale | FortiGuard Labs analyzes TruffleNet, a large-scale campaign abusing AWS SES with stolen credentials and linked to Business Email Compromise (BEC). | Spam blog | FORTINET |
| 1.11.25 | Stolen Credentials and Valid Account Abuse Remain Integral to Financially Motivated Intrusions | FortiGuard IR analysis of H1 2025 shows financially motivated actors increasingly abusing valid accounts and legitimate remote access tools to bypass detection, emphasizing the need for identity-centric defenses. | Hacking blog | FORTINET |
| 1.11.25 | Silent Push Unearths AdaptixC2's Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads | Silent Push Threat Analysts have uncovered threat actors using AdaptixC2, a free and open-source Command and Control (C2) framework commonly used by penetration testers, to deliver malicious payloads. | Hacking blog | Silent Push |
| 1.11.25 | Silent Push 2026 Predictions | The Silent Push Threat Intelligence team discussed what we see as some of the greatest threats and motivators the global community will encounter in the New Year. Here are our 2026 predictions: | Security blog | Silent Push |
| 1.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience. | Security blog | Google Threat Intelligence | |
| 1.11.25 | A new ideologically-motivated threat actor has emerged and growing technical capabilities: Hezi Rash. This Kurdish ... | APT blog | CHECKPOINT | |
| 1.11.25 | Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector | Military-themed lure targeting using weaponized ZIPs and hidden tunneling infrastructure | Malware blog | Cyble |
| 1.11.25 | Hacktivist Attacks on Critical Infrastructure Surge: Cyble Report | Hacktivist attacks on industrial control systems (ICS) nearly doubled over the course of the third quarter. | Hacking blog | Cyble |
| 1.11.25 | The Week in Vulnerabilities: Oracle, Microsoft & Adobe Fixes Urged by Cyble | Critical vulnerabilities from Oracle, Microsoft and Adobe are just a few of the flaws meriting high-priority attention by security teams. | Vulnerebility blog | Cyble |
| 1.11.25 | When Money Moves, Hackers Follow: Europe’s Financial Sector Under Siege | Europe’s BFSI sector faces growing deepfake and ransomware threats. CISOs focus on intelligence, resilience, and rapid response to stay ahead. | Ransom blog | Cyble |
| 1.11.25 | APT-C-60 Escalates SpyGlace Campaigns Targeting Japan with Evolved Malware, Advanced Evasion TTPs | APT-C-60 intensified operations against Japanese organizations during Q3 2025, deploying three updated SpyGlace backdoor versions with refined tracking mechanisms, modified encryption, and sophisticated abuse of GitHub, StatCounter, and Git for stealthy malware distribution. | APT blog | Cyble |
| 1.11.25 | From Human-Led to AI-Driven: Why Agentic AI Is Redefining Cybersecurity Strategy | Agentic AI marks the next leap in cybersecurity—autonomous systems that detect, decide, and act in real time, transforming how organizations defend against threats. | AI blog | Cyble |
| 1.11.25 | Operation SkyCloak: Tor Campaign targets Military of Russia & Belarus | Authors: Sathwik Ram Prakki and Kartikkumar Jivani Contents Introduction Key Targets Industries Geographical Focus Infection and Decoys Technical Analysis PowerShell Stage Persistence Configuration Infrastructure and Attribution Conclusion SEQRITE Protection IOCs MITRE ATT&CK Introduction SEQRITE Labs has identified a campaign... | Hacking blog | Seqrite |
| 1.11.25 | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application packages (APKs) | Malware blog | Cyfirma |
| 1.11.25 | AI Security: NVIDIA BlueField Now with Vision One™ | Launching at NVIDIA GTC 2025 - Transforming AI Security with Trend Vision One™ on NVIDIA BlueField | AI blog | Trend Micro |
| 1.11.25 | Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C | Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines. | Hacking blog | Trend Micro |
| 1.11.25 | Oracle E-Business Suite Under Siege: Active Exploitation of Dual Zero-Days | The SonicWall Capture Labs threat research team became aware of multiple remote code execution vulnerabilities in Oracle E-Business Suite, assessed their impact and developed mitigation measures. | Exploit blog | SonicWall |
| 1.11.25 | HijackLoader Delivered via SVG files | The SonicWall Capture Labs threat research team has recently been monitoring new variants of the HijackLoader malware that are being delivered through SVG files. | Malware blog | SonicWall |
| 1.11.25 | Bots, Bread and the Battle for the Web | Meet Sarah, an artisanal baker who opens Sarah’s Sourdough. To improve her search engine optimization (SEO), she builds a beautiful website and shares authentic baking content. | BotNet blog | Palo Alto |
| 1.11.25 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack | We have discovered a new Windows-based malware family we've named Airstalk, which is available in both PowerShell and .NET variants. We assess with medium confidence that a possible nation-state threat actor used this malware in a likely supply chain attack. We have created the threat activity cluster CL-STA-1009 to identify and track any further related activity. | Hacking blog | Palo Alto |
| 1.11.25 | When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems | We discovered a new attack technique, which we call agent session smuggling. This technique allows a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent. | AI blog | Palo Alto |
| 1.11.25 | Cybersecurity on a budget: Strategies for an economic downturn | This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts. | Cyber blog | CISCO TALOS |
| 1.11.25 | Trick, treat, repeat | Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. | Vulnerebility blog | CISCO TALOS |
| 1.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Cyber blog | CISCO TALOS |
| 1.11.25 | Uncovering Qilin attack methods exposed through multiple cases | Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence. | Ransom blog | CISCO TALOS |
| 1.11.25 | Think passwordless is too complicated? Let's clear that up | We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. | Cyber blog | CISCO TALOS |
| 1.11.25 | Strings in the maze: Finding hidden strengths and gaps in your team | In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats. | Cyber blog | CISCO TALOS |
| 1.11.25 | This month in security with Tony Anscombe – October 2025 edition | From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now | Social blog | Eset |
| 1.11.25 | Fraud prevention: How to help older family members avoid scams | Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically | Spam blog | Eset |
| 1.11.25 | Cybersecurity Awareness Month 2025: When seeing isn't believing | Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams | Security blog | Eset |
| 1.11.25 | Recruitment red flags: Can you spot a spy posing as a job seeker? | Security blog | Eset | |
| 1.11.25 | How MDR can give MSPs the edge in a competitive market | With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs | Security blog | Eset |
| 1.11.25 | From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations | In this Threat Analysis Report, investigates the flow of a Tangerine Turkey campaign | Hacking blog | Cybereason |
| 1.11.25 | The Bug Report - October 2025 Edition | October's cybersecurity horror show is here! Zero-days in WSUS (CVE-2025-59287) and SessionReaper (Adobe) are under active attack. Patch these RCE and LPE monsters now or risk full possession of your network. | Vulnerebility blog | Trelix |