2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(494) November(126) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 13.11.25 | Fake Chrome Extension "Safery" Steals Ethereum Wallet Seed Phrases Using Sui Blockchain | Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases. The | Cryptocurrency | The Hacker News |
| 13.11.25 | Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown | Malware families like Rhadamanthys Stealer , Venom RAT , and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. | Virus | The Hacker News |
| 13.11.25 | ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories | Behind every click, there's a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and | Cyber | The Hacker News |
| 13.11.25 | CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities ( | Exploit | The Hacker News |
| 13.11.25 | Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack | Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely | Spam | The Hacker News |
| 13.11.25 | Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform | Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service | Phishing | The Hacker News |
| 12.11.25 | Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws | Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) | Exploit | The Hacker News |
| 12.11.25 | Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack | Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, | OS | The Hacker News |
| 12.11.25 | Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy | Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company | AI | The Hacker News |
| 12.11.25 | WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks | Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via | Virus | The Hacker News |
| 12.11.25 | GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites | The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said | Virus | The Hacker News |
| 11.11.25 | Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories | Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " @actions/artifact " package with the | Virus | The Hacker News |
| 11.11.25 | Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers | Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a | Virus | The Hacker News |
| 11.11.25 | No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. | Vulnerebility blog | Google Threat Intelligence |
| 11.11.25 | Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature | Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The | Exploit | The Hacker News |
| 11.11.25 | Konni Hackers Turn Google's Find Hub into a Remote Data-Wiping Weapon | The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and | APT | The Hacker News |
| 10.11.25 | Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware | Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their | Virus | The Hacker News |
| 10.11.25 | GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs | Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the | Virus | The Hacker News |
| 9.11.25 | GlassWorm malware returns on OpenVSX with 3 new VSCode extensions | The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. | Virus | |
| 9.11.25 | Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday | With the first Patch Tuesday following Windows 10's end of support approaching next week, users who continue to run the operating system should enroll in the Extended Security Updates (ESU) program to remain protected against newly discovered security vulnerabilities. | OS | |
| 9.11.25 | Malicious NuGet packages drop disruptive 'time bombs' | Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. | Hack | |
| 9.11.25 | Microsoft testing faster Quick Machine Recovery in Windows 11 | Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. | OS | |
| 9.11.25 | QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own | QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. | Exploit | |
| 9.11.25 | New LandFall spyware exploited Samsung zero-day via WhatsApp messages | A threat actor exploited a zero-day vulnerability in Samsung's Android image processing library to deploy a previously unknown spyware called 'LandFall' using malicious images sent over WhatsApp. | Exploit | |
| 9.11.25 | Cisco: Actively exploited firewall flaws now abused for DoS attacks | Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. | Exploit | |
| 9.11.25 | ID verification laws are fueling the next wave of breaches | ID laws are forcing companies to store massive amounts of sensitive data, turning compliance into a security risk. Acronis explains how integrated backup and cybersecurity platforms help MSPs reduce complexity and close the gaps attackers exploit. | Incindent | |
| 9.11.25 | U.S. Congressional Budget Office hit by suspected foreign cyberattack | The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data. | Cyber | |
| 9.11.25 | AI-Slop ransomware test sneaks on to VS Code marketplace | A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft's official VS Code marketplace. | Ransom | |
| 9.11.25 | How a ransomware gang encrypted Nevada government's systems | The State of Nevada has completed its recovery from a ransomware attack it suffered on August 24, 2025, which impacted 60 state agencies, disrupting critical services related to health and public safety. | Ransom | |
| 9.11.25 | Continuous Purple Teaming: Turning Red-Blue Rivalry into Real Defense | Red and blue teams often operate independently, but attackers don't. Picus Security shows how continuous purple teaming and BAS turn red-blue rivalry into real defense, validating controls and closing gaps in real time. | Cyber | |
| 9.11.25 | ClickFix malware attacks evolve with multi-OS support, video tutorials | ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic detection of the operating system to provide the correct commands. | Virus | |
| 9.11.25 | Critical Cisco UCCX flaw lets attackers run commands as root | Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. | Vulnerebility | |
| 9.11.25 | Sandworm hackers use data wipers to disrupt Ukraine's grain sector | Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine's education, government, and the grain sector, the country's main revenue source. | Virus | |
| 9.11.25 | Gootloader malware is back with new tricks after 7-month break | The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. | Virus | |
| 9.11.25 | Hyundai AutoEver America data breach exposes SSNs, drivers licenses | Hyundai AutoEver America is notifying individuals that hackers breached the company's IT environment and gained access to personal information. | Incindent | |
| 9.11.25 | CISA warns of critical CentOS Web Panel bug exploited in attacks | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). | Exploit | |
| 9.11.25 | Windows 11 Store gets Ninite-style multi-app installer feature | The Microsoft Store on the web now lets you create a multi-app install package on Windows 11 that installs multiple applications from a single installer. | OS | |
| 9.11.25 | SonicWall says state-sponsored hackers behind September security breach | SonicWall's investigation into the September security breach that exposed customers' firewall configuration backup files concludes that state-sponsored hackers were behind the attack. | Incindent | |
| 9.11.25 | UK carriers to block spoofed phone numbers in fraud crackdown | Under a new partnership with the government aimed at combating fraud, Britain's largest mobile carriers have committed to upgrading their networks to eliminate scammers' ability to spoof phone numbers within a year. | CyberCrime | |
| 9.11.25 | University of Pennsylvania confirms data stolen in cyberattack | The University of Pennsylvania has confirmed that a hacker breached numerous internal systems related to the university's development and alumni activities and stole data in a cyberattack. | Incindent | |
| 9.11.25 | Cyber theory vs practice: Are you navigating with faulty instruments? | Security teams rely on dashboards and data feeds, but outdated or fragmented tools leave dangerous blind spots across assets, vulnerabilities, and credentials. Learn how Outpost24's CompassDRP unifies EASM and DRP to reveal what attackers see and what's already exposed. | Vulnerebility | |
| 9.11.25 | Google warns of new AI-powered malware families deployed in the wild | Google's Threat Intelligence Group (GTIG) has identified a major shift this year, with adversaries leveraging artificial intelligence to deploy new malware families that integrate large language models (LLMs) during execution. | AI | |
| 9.11.25 | Police busts credit card fraud rings with 4.3 million victims | International authorities have dismantled three massive credit card fraud and money laundering networks, linked to losses exceeding €300 million ($344 million) and affecting over 4.3 million cardholders across 193 countries. | CyberCrime | |
| 9.11.25 | US sanctions North Korean bankers linked to cybercrime, IT worker fraud | The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. | APT | |
| 9.11.25 | Microsoft: October Windows updates trigger BitLocker recovery | Microsoft has warned that some systems may boot into BitLocker recovery after installing the October 2025 Windows security updates. | OS | |
| 9.11.25 | Hackers exploit WordPress plugin Post SMTP to hijack admin accounts | Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. | Exploit | |
| 9.11.25 | Apache OpenOffice disputes data breach claims by ransomware gang | The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. | Ransom | |
| 9.11.25 | Malicious Android apps on Google Play downloaded 42 million times | Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. | Virus | |
| 8.11.25 | Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic | Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to | AI | The Hacker News |
| 8.11.25 | Microsoft removing Defender Application Guard from Office | Microsoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. | Security | |
| 8.11.25 | Data breach at major Swedish software supplier impacts 1.5 million | The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. | Incindent | |
| 8.11.25 | Media giant Nikkei reports data breach impacting 17,000 people | Japanese publishing giant Nikkei announced earlier today that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners. | Incindent | |
| 8.11.25 | Police arrests suspects linked to €600 million crypto fraud ring | European law enforcement authorities have arrested nine suspected money launderers who set up a cryptocurrency fraud network that stole over €600 million ($689 million) from victims across multiple countries. | CyberCrime | |
| 8.11.25 | The Top 3 Browser Sandbox Threats That Slip Past Modern Security Tools | Attackers exploit web browsers' built-in behaviors to steal credentials, abuse extensions, and move laterall, slipping past traditional defenses. Learn from Keep Aware how browser-layer visibility and policy enforcement stop these hidden threats in real time. | Safety | |
| 8.11.25 | Russian hackers abuse Hyper-V to hide malware in Linux VMs | The Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware. | Virus | |
| 8.11.25 | Windows 10 update bug triggers incorrect end-of-support alerts | Microsoft says the October 2025 updates trigger incorrect end-of-support warnings on Windows 10 systems with active security coverage or still under active support. | OS | |
| 8.11.25 | Hackers exploit critical auth bypass flaw in JobMonster WordPress theme | Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. | Exploit | |
| 8.11.25 | Hacker steals over $120 million from Balancer DeFi crypto protocol | The Balancer Protocol announced that hackers had targeted its v2 pools, with losses reportedly estimated to be more than $128 million. | Incindent | |
| 8.11.25 | Fake Solidity VSCode extension on Open VSX backdoors developers | A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. | Virus | |
| 8.11.25 | Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks | Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. | Virus | |
| 8.11.25 | US cybersecurity experts indicted for BlackCat ransomware attacks | Three former employees of cybersecurity incident response companies DigitalMint and Sygnia have been indicted for allegedly hacking the networks of five U.S. companies in BlackCat (ALPHV) ransomware attacks between May 2023 and November 2023. | Ransom | |
| 8.11.25 | Hackers use RMM tools to breach freighters and steal cargo shipments | Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. | Incindent | |
| 8.11.25 | Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching | An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices. | OS | |
| 8.11.25 | OAuth Device Code Phishing: Azure vs. Google Compared | Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive tactics, and get an Identity Security Assessment. | Security | |
| 8.11.25 | Microsoft: Windows Task Manager won’t quit after KB5067036 update | Microsoft has confirmed a known issue that is preventing users from quitting the Windows 11 Task Manager after installing the October 2025 optional update. | OS | |
| 8.11.25 | How PowerShell Gallery simplifies attacks | PowerShell Gallery’s Install-Module command presents one key link in the kill chain of a possible attack. | Hacking blog | REVERSINGLABS |
| 8.11.25 | China-linked Actors Maintain Focus on Organizations Influencing U.S. Policy | Recent compromise of a non-profit organization reflects continued interest in U.S. policy. | APT blog | SECURITY.COM |
| 8.11.25 | Mastering DORA’s Five Pillars with Preemptive Cyber Defense | The Digital Operational Resilience Act (DORA) represents a paradigm shift for the EU’s financial sector. No longer is a reactive security posture enough. DORA mandates a comprehensive, proactive, and testable framework for managing ICT risk and ensuring digital operational resilience. | Cyber blog | Silent Push |
| 8.11.25 | Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare for those challenges. | Cyber blog | Google Threat Intelligence | |
| 8.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience | Cyber blog | Google Threat Intelligence | |
| 8.11.25 | Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individuals in the digital advertising and marketing sectors. | APT blog | Google Threat Intelligence | |
| 8.11.25 | Key Highlights XLoader 8.0 malware is one of the most evasive and persistent information stealers ... | Malware blog | CHECKPOINT | |
| 8.11.25 | Trust alone isn’t a security strategy. That’s the key lesson from new research by Check ... | Exploit blog | CHECKPOINT | |
| 8.11.25 | Introduction Over the past few months, we identified an emerging online threat that combines fraud, ... | AI blog | CHECKPOINT | |
| 8.11.25 | Australia Strengthens Regional Cyber Partnerships to Bolster Security Across the Asia-Pacific | Australia, through ACSC and Cyber Affairs and Critical Technology, strengthens Asia-Pacific cybersecurity via PaCSON, APCERT, and regional threat-sharing initiatives. | BigBrother blog | Cyble |
| 8.11.25 | South Africa Launches Pilot for Secure Data Exchange Among Government Agencies | South Africa’s MzansiXchange initiative, led by the National Treasury, is pioneering secure data exchange across government. | BigBrother blog | Cyble |
| 8.11.25 | Software Supply Chain Attacks Surge to Record High in October 2025 | Software supply chain attacks in October were 32% above previous records, according to Cyble data. | Hacking blog | Cyble |
| 8.11.25 | The Week in Vulnerabilities: Cyble Urges Apache, Microsoft Fixes | This week’s vulnerability report examines 15 IT and ICS flaws at high risk of exploitation by threat actors. | Vulnerebility blog | Cyble |
| 8.11.25 | Securing India’s Financial Future: Why the DPDP Act is a Game-Changer for BFSI | India’s Banking, Financial Services, and Insurance (BFSI) industry stands at the intersection of innovation and risk. From UPI and digital wallets to AI-based lending and predictive underwriting, digital transformation is no longer a differentiator — it’s the operating model. | Cyber blog | Seqrite |
| 8.11.25 | Operation Peek-a-Baku: Silent Lynx APT makes sluggish shift to Dushanbe | Introduction Timeline Key Targets. Industries Affecte d. Geographical Focus. Infection Chain. Initial Findings. Technical Analysis. Campaign – I The LNK Way. Malicious SILENT LOADER Malicious LAPLAS Implant – TCP & TLS. Malicious .NET Implant – SilentSweeper Campaign –.. | APT blog | Seqrite |
| 8.11.25 | TRACKING RANSOMWARE : OCTOBER 2025 | EXECUTIVE SUMMARY In October 2025, ransomware activity surged globally, marking a significant resurgence after a period of mid-year stability. Victim counts climbed to 738, | Ransom blog | Cyfirma |
| 8.11.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products D-Link | Tenda | Jira Increase in | Vulnerebility blog | Cyfirma |
| 8.11.25 | Rising Cyber Threats to Rwanda : Hacktivists and Data Breaches | EXECUTIVE SUMMARY Between January and October 2025, Rwanda’s government infrastructure experienced a series of coordinated cyber incidents involving data leaks, credential | Cyber blog | Cyfirma |
| 8.11.25 | Cyber Threat Landscape – The United Republic of Tanzania | EXECUTIVE SUMMARY Tanzania’s cyber threat landscape has escalated in 2025, reflecting its growing digital transformation, expanding telecom sector, and increasing reliance on online platforms for governance, commerce, and public services.… | Cyber blog | Cyfirma |
| 8.11.25 | Survey of AFCEA Attendees Shows Government Shutdown Has Major Impact on Cybersecurity Readiness | The results are in from the Eclypsium survey of over 100 government employees and affiliated entities about cybersecurity risk to the U.S. Federal government and Department of Defense. | Cyber blog | Eclypsium |
| 8.11.25 | The Future of F5 Risk In The Enterprise | The major F5 security incident disclosed on October 15 is still sending ripples (or tsunamis) through the enterprises and governments worldwide. While F5 has issued patches for 44 vulnerabilities that were leaked to attackers during the breach, major concerns still linger about undiscovered or undisclosed risks to F5’s customers. | Cyber blog | Eclypsium |
| 8.11.25 | Crossed wires: a case study of Iranian espionage and attribution | In June, Proofpoint Threat Research began investigating a benign email discussing economic uncertainty and domestic political unrest in Iran. While coinciding with the escalations in the Iran-Israel conflict, there was no indication that the observed activity was directly correlated with Israel’s attacks on Iranian nuclear facilities or Iran’s actions in response. | BigBrother blog | PROOFPOINT |
| 8.11.25 | Insiders, AI, and data sprawl converge: essential insights from the 2025 Data Security Landscape report | Data security is at a critical inflection point. Organizations today are struggling with explosive data growth, sprawling IT environments, persistent insider risks, and the adoption of generative AI (GenAI). What’s more, the rapid emergence of AI agents is giving rise to a new, more complex agentic workspace, where both humans and agents interact with sensitive data. | AI blog | PROOFPOINT |
| 8.11.25 | Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint is tracking a cluster of cybercriminal activity that targets trucking and logistics companies and infects them with RMM tooling for financial gain. Based on our ongoing investigations paired with open-source information, Proofpoint assesses with high confidence that the threat actors are working with organized crime groups to compromise entities in the surface transportation industry — in particular trucking carriers and freight brokers — to hijack cargo freight, leading to the theft of physical goods. | Cyber blog | PROOFPOINT |
| 8.11.25 | SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. | AI blog | Microsoft blog |
| 8.11.25 | LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices | Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple mobile platforms. | Malware blog | Palo Alto |
| 8.11.25 | Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management | Cyber threat intelligence is often touted as a way to help defend an organization's IT environment. If we better understand the threats that might target our networks, we can better defend ourselves against those threats. This is true, but threat intelligence is only effective if an organization also properly manages its IT assets. | Cyber blog | Palo Alto |
| 8.11.25 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) | On Oct. 14, 2025, a critical, unauthenticated remote code execution (RCE) vulnerability was identified in Microsoft's Windows Server Update Services (WSUS), a core enterprise component for patch management | Vulnerebility blog | Palo Alto |
| 8.11.25 | Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed | Check Point Research uncovered four vulnerabilities in Microsoft Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video and audio calls. | Exploit blog | CHECKPOINT |
| 8.11.25 | Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure | Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025. | Vulnerebility blog | CHECKPOINT |
| 8.11.25 | Beating XLoader at Speed: Generative AI as a Force Multiplier for Reverse Engineering | XLoader remains one of the most challenging malware families to analyze. Its code decrypts only at runtime and is protected by multiple layers of encryption, each locked with a different key hidden somewhere else in the binary. Even sandboxes are no help: evasions block malicious branches, and the real C2 (command and control) domains are buried among dozens of fakes. With new versions released faster than researchers can investigate, analysis is almost always a (losing) race against time. | AI blog | CHECKPOINT |
| 8.11.25 | Do robots dream of secure networking? Teaching cybersecurity to AI systems | This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. | AI blog | CISCO TALOS |
| 8.11.25 | Remember, remember the fifth of November | This edition, Hazel explores the origins of Guy Fawkes Day and how heeding an anonymous warning prevented an assassination. | Cyber blog | CISCO TALOS |
| 8.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Hacking blog | CISCO TALOS |
| 8.11.25 | In memoriam: David Harley | Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security | Cyber blog | Eset |
| 8.11.25 | The who, where, and how of APT attacks in Q2 2025–Q3 2025 | ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report | APT blog | Eset |
| 8.11.25 | ESET APT Activity Report Q2 2025–Q3 2025 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 | APT blog | Eset |
| 8.11.25 | Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming | How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data | Social blog | Eset |
| 8.11.25 | How social engineering works | Unlocked 403 cybersecurity podcast (S2E6) | Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead | Cyber blog | Eset |
| 8.11.25 | Ground zero: 5 things to do after discovering a cyberattack | When every minute counts, preparation and precision can mean the difference between disruption and disaster | Cyber blog | Eset |
| 8.11.25 | Tycoon 2FA Phishing Kit Analysis | In this Threat Alert, Cybereason analyzes Tycoon 2FA phishing kit, a sophisticated phishing-as-a-service platform designed to bypass two-factor authentication. | Phishing blog | Cybereason |
| 8.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 8.11.25 | Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware | A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the | Exploit | The Hacker News |
| 8.11.25 | From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools | A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed | APT | The Hacker News |
| 7.11.25 | Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation | A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. | Virus | The Hacker News |
| 7.11.25 | Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts | Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad | Cyber | The Hacker News |
| 7.11.25 | Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities | Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial | Ransom | The Hacker News |
| 7.11.25 | Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine | A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The | Virus | The Hacker News |
| 7.11.25 | Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 | Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software | Exploit | The Hacker News |
| 6.11.25 | From Tabletop to Turnkey: Building Cyber Resilience in Financial Services | Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. | Cyber | The Hacker News |
| 6.11.25 | ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More | Cybercrime has stopped being a problem of just the internet — it's becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and | Cyber | The Hacker News |
| 6.11.25 | Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection | The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According | Hack | The Hacker News |
| 6.11.25 | SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach | SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. | Incindent | The Hacker News |
| 6.11.25 | Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly | Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini | Virus | The Hacker News |
| 6.11.25 | Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data | Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal | AI | The Hacker News |
| 5.11.25 | Securing the Open Android Ecosystem with Samsung Knox | Raise your hand if you've heard the myth, "Android isn't secure." Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the | OS | The Hacker News |
| 5.11.25 | Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions | A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts | APT | The Hacker News |
| 5.11.25 | U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud | The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various | Cryptocurrency | The Hacker News |
| 5.11.25 | CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited | Vulnerebility | The Hacker News |
| 4.11.25 | A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces | The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, | CyberCrime | The Hacker News |
| 4.11.25 | Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep | Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 | Cryptocurrency | The Hacker News |
| 4.11.25 | Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks | Details have emerged about a now-patched critical security flaw in the popular " @react-native-community/cli " npm package that could be potentially exploited to run malicious | Exploit | The Hacker News |
| 4.11.25 | Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed | Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The | CyberCrime | The Hacker News |
| 4.11.25 | Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors | Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit | CyberCrime | The Hacker News |
| 4.11.25 | Google's AI 'Big Sleep' Finds 5 New Vulnerabilities in Apple's Safari WebKit | Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit | Vulnerebility | The Hacker News |
| 4.11.25 | U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks | Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 | Ransom | The Hacker News |
| 4.11.25 | Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel | Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) | Virus | The Hacker News |
| 4.11.25 | Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive | Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck . According to Secure Annex's John | Cryptocurrency | The Hacker News |
| 3.11.25 | Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks | Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial | Exploit | The Hacker News |
| 3.11.25 | The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations | Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules | Security | The Hacker News |
| 3.11.25 | Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data | Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised | Virus | The Hacker News |
| 3.11.25 | New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea | The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack | Virus | The Hacker News |
| 3.11.25 | Penn hacker claims to have stolen 1.2 million donor records in data breach | A hacker has taken responsibility for last week's University of Pennsylvania "We got hacked" email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents. | Incindent | |
| 3.11.25 | Open VSX rotates access tokens used in supply-chain malware attack | The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. | Virus | |
| 3.11.25 | Windows 11 Build 26220.7051 released with “Ask Copilot” feature | Windows 11 Build 26220.7051 is now rolling out to testers in the Windows Insider Program, and there are at least three new features, including Ask Copilot in the taskbar. | OS | |
| 3.11.25 | China-linked hackers exploited Lanscope flaw as a zero-day in attacks | China-linked cyber-espionage actors tracked as 'Bronze Butler' (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. | Exploit | |
| 3.11.25 | Windows 11 tests shared Bluetooth audio support, but only for AI PCs | If you have two headphones, speakers, earbuds, or any other Bluetooth hardware, you can now use both simultaneously on a Copilot+ PC. | OS | |
| 3.11.25 | ‘We got hacked’ emails threaten to leak University of Pennsylvania data | The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach. | Incindent | |
| 3.11.25 | ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability | The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented | Exploit | The Hacker News |
| 3.11.25 | Microsoft Edge gets scareware sensor for faster scam detection | Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. | Spam | |
| 3.11.25 | Australia warns of BadCandy infections on unpatched Cisco devices | The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. | Virus | |
| 3.11.25 | Why password controls still matter in cybersecurity | Passwords still matter — and weak policies leave the door wide open. Specops Software explains how longer passphrases, smarter banned-password lists, and adaptive rotation strategies can strengthen security without frustrating users. | Security | |
| 3.11.25 | Alleged Meduza Stealer malware admins arrested after hacking Russian org | The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. | Virus | |
| 3.11.25 | CISA: High-severity Linux flaw now exploited by ransomware gangs | CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks. | Ransom | |
| 3.11.25 | Google says Search AI Mode will know everything about you | Google wants 'AI mode' on Search to be as personal as possible, and it'll soon tap into services like Gmail or Drive to know more about you. | AI | |
| 3.11.25 | Windows zero-day actively exploited to spy on European diplomats | A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. | Exploit | |
| 3.11.25 | Ukrainian extradited from Ireland on Conti ransomware charges | A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison. | Ransom | |
| 3.11.25 | Massive surge of NFC relay malware steals Europeans’ credit cards | Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's payment card information in the past few months. | Virus | |
| 3.11.25 | CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers | CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024. | Exploit | |
| 3.11.25 | Major telecom services provider Ribbon breached by state hackers | Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. | Incindent | |
| 2.11.25 | BPO giant Conduent confirms data breach impacts 10.5 million people | American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General's offices. | Incindent | |
| 2.11.25 | WhatsApp adds passwordless chat backups on iOS and Android | WhatsApp is rolling out passkey-encrypted backups for iOS and Android devices, enabling users to encrypt their chat history using their fingerprint, face, or a screen lock code. | Social | |
| 2.11.25 | Ex-L3Harris exec guilty of selling cyber exploits to Russian broker | Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant, has pleaded guilty in U.S. District Court to stealing and selling confidential cybersecurity information to a Russian vulnerability exploit broker. | BigBrothers | |
| 2.11.25 | CISA and NSA share tips on securing Microsoft Exchange servers | The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. | BigBrothers | |
| 2.11.25 | LinkedIn phishing targets finance execs with fake board invites | Hackers are abusing LinkedIn to target finance executives with direct-message phishing attacks that impersonate executive board invitations, aiming to steal their Microsoft credentials. | Phishing | |
| 2.11.25 | Microsoft promises more Copilot features in Microsoft 365 companion apps | Microsoft 365 companion apps will be getting more Copilot features in the coming weeks. | Security | |
| 2.11.25 | Malicious NPM packages fetch infostealer for Windows, Linux, macOS | Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. | Virus | |
| 2.11.25 | WordPress security plugin exposes private data to site subscribers | The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. | Vulnerebility | |
| 2.11.25 | Canada says hacktivists breached water and energy facilities | The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions. | Incindent | |
| 2.11.25 | Microsoft fixes Media Creation Tool broken on some Windows PCs | Microsoft has confirmed that the Windows 11 Media Creation Tool (MCT) is working again on Windows 10 22H2 and Windows 11 25H2 systems. | OS | |
| 2.11.25 | Microsoft: DNS outage impacts Azure and Microsoft 365 services | Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. | Security | |
| 2.11.25 | PhantomRaven attack floods npm with credential-stealing packages | An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. | Hack | |
| 2.11.25 | Microsoft fixes 0x800F081F errors causing Windows update failures | Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. | OS | |
| 1.11.25 | Windows 11 KB5067036 update rolls out Administrator Protection feature | Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu. | OS | |
| 1.11.25 | Advertising giant Dentsu reports data breach at subsidiary Merkle | Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data. | Incindent | |
| 1.11.25 | Qilin ransomware abuses WSL to run Linux encryptors in Windows | The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. | Ransom | |
| 1.11.25 | CISA warns of two more actively exploited Dassault vulnerabilities | The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes' DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. | Exploit | |
| 1.11.25 | Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions | The Australian Competition and Consumer Commission (ACCC) is suing Microsoft for allegedly misleading 2.7 million Australians into paying for the Copilot AI assistant in the Microsoft 365 service. | Security | |
| 1.11.25 | Google Chrome to warn users before opening insecure HTTP sites | Google announced today that the Chrome web browser will load all public websites via secure HTTPS connections by default and ask for permission before connecting to public, insecure HTTP websites, beginning with Chrome 154 in October 2026. | Security | |
| 1.11.25 | TEE.Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs | Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel's SGX and TDX, and AMD's SEV-SNP. | Attack | |
| 1.11.25 | BiDi Swap: The bidirectional text trick that makes fake URLs look real | Attackers are abusing bidirectional text to make fake URLs look real, reviving a decade-old browser flaw now fueling new phishing tricks. Varonis reveals how the "BiDi Swap" technique works and what organizations need to watch out for. | Hack | |
| 1.11.25 | New Atroposia malware comes with a local vulnerability scanner | A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. | Virus | |
| 1.11.25 | New Herodotus Android malware fakes human typing to avoid detection | A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. | Virus | |
| 1.11.25 | Google disputes false claims of massive Gmail data breach | Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. | Incindent | |
| 1.11.25 | X: Re-enroll 2FA security keys by November 10 or get locked out | X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. | Social | |
| 1.11.25 | Ransomware profits drop as victims stop paying hackers | The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands. | Ransom | |
| 1.11.25 | Windows will soon prompt for memory scans after BSOD crashes | Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). | OS | |
| 1.11.25 | QNAP warns of critical ASP.NET flaw in its Windows backup software | QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. | Vulnerebility | |
| 1.11.25 | Italian spyware vendor linked to Chrome zero-day attacks | A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. | BigBrothers | |
| 1.11.25 | Google says everyone will be able to vibe code video games | Google AI Studio product lead teased that everyone will be able to vibe code video games by the end of the year. | Security | |
| 1.11.25 | Microsoft: New policy removes pre-installed Microsoft Store apps | Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. | Security | |
| 1.11.25 | CISA orders feds to patch Windows Server WSUS flaw used in attacks | The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog of security flaws exploited in attacks. | Vulnerebility | BleepingComputer |
| 1.11.25 | Tracking an evolving Discord-based RAT family | RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules. | Malware blog | REVERSINGLABS |
| 1.11.25 | Ukrainian organizations still heavily targeted by Russian attacks | Attackers are gaining access using a custom, Sandworm-linked webshell and are making heavy use of Living-off-the-Land tactics to maintain persistent access. | BigBrother blog | SECURITY.COM |
| 1.11.25 | BRONZE BUTLER exploits Japanese asset management software vulnerability | The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932) | APT blog | SOPHOS |
| 1.11.25 | Cloud Abuse at Scale | FortiGuard Labs analyzes TruffleNet, a large-scale campaign abusing AWS SES with stolen credentials and linked to Business Email Compromise (BEC). | Spam blog | FORTINET |
| 1.11.25 | Stolen Credentials and Valid Account Abuse Remain Integral to Financially Motivated Intrusions | FortiGuard IR analysis of H1 2025 shows financially motivated actors increasingly abusing valid accounts and legitimate remote access tools to bypass detection, emphasizing the need for identity-centric defenses. | Hacking blog | FORTINET |
| 1.11.25 | Silent Push Unearths AdaptixC2's Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads | Silent Push Threat Analysts have uncovered threat actors using AdaptixC2, a free and open-source Command and Control (C2) framework commonly used by penetration testers, to deliver malicious payloads. | Hacking blog | Silent Push |
| 1.11.25 | Silent Push 2026 Predictions | The Silent Push Threat Intelligence team discussed what we see as some of the greatest threats and motivators the global community will encounter in the New Year. Here are our 2026 predictions: | Security blog | Silent Push |
| 1.11.25 | Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience. | Security blog | Google Threat Intelligence | |
| 1.11.25 | A new ideologically-motivated threat actor has emerged and growing technical capabilities: Hezi Rash. This Kurdish ... | APT blog | CHECKPOINT | |
| 1.11.25 | Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector | Military-themed lure targeting using weaponized ZIPs and hidden tunneling infrastructure | Malware blog | Cyble |
| 1.11.25 | Hacktivist Attacks on Critical Infrastructure Surge: Cyble Report | Hacktivist attacks on industrial control systems (ICS) nearly doubled over the course of the third quarter. | Hacking blog | Cyble |
| 1.11.25 | The Week in Vulnerabilities: Oracle, Microsoft & Adobe Fixes Urged by Cyble | Critical vulnerabilities from Oracle, Microsoft and Adobe are just a few of the flaws meriting high-priority attention by security teams. | Vulnerebility blog | Cyble |
| 1.11.25 | When Money Moves, Hackers Follow: Europe’s Financial Sector Under Siege | Europe’s BFSI sector faces growing deepfake and ransomware threats. CISOs focus on intelligence, resilience, and rapid response to stay ahead. | Ransom blog | Cyble |
| 1.11.25 | APT-C-60 Escalates SpyGlace Campaigns Targeting Japan with Evolved Malware, Advanced Evasion TTPs | APT-C-60 intensified operations against Japanese organizations during Q3 2025, deploying three updated SpyGlace backdoor versions with refined tracking mechanisms, modified encryption, and sophisticated abuse of GitHub, StatCounter, and Git for stealthy malware distribution. | APT blog | Cyble |
| 1.11.25 | From Human-Led to AI-Driven: Why Agentic AI Is Redefining Cybersecurity Strategy | Agentic AI marks the next leap in cybersecurity—autonomous systems that detect, decide, and act in real time, transforming how organizations defend against threats. | AI blog | Cyble |
| 1.11.25 | Operation SkyCloak: Tor Campaign targets Military of Russia & Belarus | Authors: Sathwik Ram Prakki and Kartikkumar Jivani Contents Introduction Key Targets Industries Geographical Focus Infection and Decoys Technical Analysis PowerShell Stage Persistence Configuration Infrastructure and Attribution Conclusion SEQRITE Protection IOCs MITRE ATT&CK Introduction SEQRITE Labs has identified a campaign... | Hacking blog | Seqrite |
| 1.11.25 | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application packages (APKs) | Malware blog | Cyfirma |
| 1.11.25 | AI Security: NVIDIA BlueField Now with Vision One™ | Launching at NVIDIA GTC 2025 - Transforming AI Security with Trend Vision One™ on NVIDIA BlueField | AI blog | Trend Micro |
| 1.11.25 | Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C | Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines. | Hacking blog | Trend Micro |
| 1.11.25 | Oracle E-Business Suite Under Siege: Active Exploitation of Dual Zero-Days | The SonicWall Capture Labs threat research team became aware of multiple remote code execution vulnerabilities in Oracle E-Business Suite, assessed their impact and developed mitigation measures. | Exploit blog | SonicWall |
| 1.11.25 | HijackLoader Delivered via SVG files | The SonicWall Capture Labs threat research team has recently been monitoring new variants of the HijackLoader malware that are being delivered through SVG files. | Malware blog | SonicWall |
| 1.11.25 | Bots, Bread and the Battle for the Web | Meet Sarah, an artisanal baker who opens Sarah’s Sourdough. To improve her search engine optimization (SEO), she builds a beautiful website and shares authentic baking content. | BotNet blog | Palo Alto |
| 1.11.25 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack | We have discovered a new Windows-based malware family we've named Airstalk, which is available in both PowerShell and .NET variants. We assess with medium confidence that a possible nation-state threat actor used this malware in a likely supply chain attack. We have created the threat activity cluster CL-STA-1009 to identify and track any further related activity. | Hacking blog | Palo Alto |
| 1.11.25 | When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems | We discovered a new attack technique, which we call agent session smuggling. This technique allows a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent. | AI blog | Palo Alto |
| 1.11.25 | Cybersecurity on a budget: Strategies for an economic downturn | This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts. | Cyber blog | CISCO TALOS |
| 1.11.25 | Trick, treat, repeat | Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. | Vulnerebility blog | CISCO TALOS |
| 1.11.25 | Dynamic binary instrumentation (DBI) with DynamoRio | Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. | Cyber blog | CISCO TALOS |
| 1.11.25 | Uncovering Qilin attack methods exposed through multiple cases | Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence. | Ransom blog | CISCO TALOS |
| 1.11.25 | Think passwordless is too complicated? Let's clear that up | We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. | Cyber blog | CISCO TALOS |
| 1.11.25 | Strings in the maze: Finding hidden strengths and gaps in your team | In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats. | Cyber blog | CISCO TALOS |
| 1.11.25 | This month in security with Tony Anscombe – October 2025 edition | From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now | Social blog | Eset |
| 1.11.25 | Fraud prevention: How to help older family members avoid scams | Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically | Spam blog | Eset |
| 1.11.25 | Cybersecurity Awareness Month 2025: When seeing isn't believing | Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams | Security blog | Eset |
| 1.11.25 | Recruitment red flags: Can you spot a spy posing as a job seeker? | Security blog | Eset | |
| 1.11.25 | How MDR can give MSPs the edge in a competitive market | With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs | Security blog | Eset |
| 1.11.25 | From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations | In this Threat Analysis Report, investigates the flow of a Tangerine Turkey campaign | Hacking blog | Cybereason |
| 1.11.25 | The Bug Report - October 2025 Edition | October's cybersecurity horror show is here! Zero-days in WSUS (CVE-2025-59287) and SessionReaper (Adobe) are under active attack. Patch these RCE and LPE monsters now or risk full possession of your network. | Vulnerebility blog | Trelix |
| 1.11.25 | OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically | OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable | AI | |
| 1.11.25 | Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack | A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's | Virus | The Hacker News |
| 1.11.25 | China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats | A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and | Exploit | The Hacker News |
| 1.11.25 | China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems | The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick . The vulnerability, | Exploit | The Hacker News |
| 1.11.25 | CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released | Exploit | |
| 1.11.25 | Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery | Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS | Vulnerebility | |
| 1.11.25 | CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its | Exploit | The Hacker News |
| 1.11.25 | A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do | A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. | Security | The Hacker News |
| 1.11.25 | Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month | Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every | AI | |
| 1.11.25 | Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks | The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware | Ransom | The Hacker News |
| 1.11.25 | New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL | A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, | Exploit | The Hacker News |