November, 2025
</div> </div>
November 28, 2025 – Breach
The Salesforce-Gainsight Security Incident: What You Need to Know Full Text
Abstract
A recent security incident involving Gainsight applications integrated with Salesforce has highlighted the growing risk of supply-chain compromise through trusted SaaS connections.Recorded Future
November 28, 2025 – Breach
Canadian scientific consulting service confirms data breach following $1.2 million ransom demand Full Text
Abstract
A cyberattack orchestrated by the Rhysida ransomware group has resulted in a confirmed data breach at JASCO Applied Sciences, a Canadian consulting firm servicing sectors like defense, renewable energy, and marine construction.CompariTech
November 28, 2025 – APT
Bloody Wolf Threat Actor Expands Activity Across Central Asia Full Text
Abstract
A significant cyber-espionage campaign linked to the Bloody Wolf Advanced Persistent Threat (APT) group has expanded across Central Asia, targeting government entities in Kyrgyzstan and Uzbekistan.Infosecurity Magazine
November 28, 2025 – Government
FCC Warns of Hackers Hijacking Radio Equipment For False Alerts Full Text
Abstract
US radio broadcasters are being targeted in a surge of infrastructure hijackings where intruders exploit unsecured Barix audio devices to air unauthorized Emergency Alert System (EAS) tones and offensive content over public airwaves.Infosecurity Magazine
November 27, 2025 – Botnet
ShadowV2 Casts a Shadow Over IoT Devices Full Text
Abstract
A new Mirai-variant botnet named ShadowV2 has been identified targeting Internet of Things (IoT) devices globally. It is designed to exploit known vulnerabilities across multiple embedded platformsFortinet
November 27, 2025 – Malware
For the first time, a RomCom payload has been observed being distributed via SocGholish. Full Text
Abstract
RomCom malware, linked to Russian military intelligence unit GRU Unit 29155, has been observed using the SocGholish fake browser update framework to deliver a Mythic C2 agent, targeting a U.S. civil engineering firm with ties to Ukraine.Security Affairs
November 27, 2025 – Vulnerabilities
Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks Full Text
Abstract
A newly discovered architectural flaw in Microsoft Teams B2B Guest Access exposes users to malware, phishing, and data exfiltration attacks. Attackers are exploiting a systemic gap that bypasses Microsoft Defender for Office 365 protections.Hack Read
November 27, 2025 – Outage
Multiple London councils report disruption amid ongoing cyberattack Full Text
Abstract
Three London borough councils—Kensington and Chelsea, Westminster, and Hammersmith & Fulham—have been targeted in a coordinated cyberattack, leading to widespread disruption of core public services and operational systems.Tech Crunch
November 27, 2025 – Breach
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist Full Text
Abstract
A highly coordinated supply chain attack exploiting a South Korean Managed Service Provider (MSP) has led to the deployment of the Qilin ransomware, culminating in a significant data heist campaign dubbed "Korean Leaks".The Hacker News
November 27, 2025 – Breach
OpenAI Confirms Mixpanel Breach Impacting API User Data Full Text
Abstract
A data breach at Mixpanel—a third-party analytics vendor used by OpenAI—has led to the exposure of limited identifiable information belonging to some OpenAI API users. The breach was exclusively attributed to Mixpanel.The Cyber Express
November 26, 2025 – Attack
London Councils Hit By Serious Cyber “Incidents” Full Text
Abstract
Authorities in London—including the Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC)—are responding to a serious cybersecurity incident first identified on Monday morning.Infosecurity Magazine
November 26, 2025 – Outage
OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide Full Text
Abstract
A widespread cyberattack targeting Crisis24's legacy CodeRED platform has significantly disrupted emergency communication systems used by local governments, police, and fire agencies across the United States.Bleeping Computer
November 26, 2025 – Government
$262 million stolen in account takeover fraud schemes this year, FBI says ahead of holiday season Full Text
Abstract
Cybercriminals have ramped up account takeover (ATO) frauds, causing over $262 million in losses since January. The frequency and sophistication of these attacks are rapidly intensifying with the onset of the holiday shopping season.The Record
November 26, 2025 – Malware
Lifetime access to WormGPT 4 costs just $220 Full Text
Abstract
Emerging malicious LLMs such as WormGPT 4 and KawaiiGPT are being sold and distributed through underground platforms like Telegram and Darknet forums. These AI-based tools are capable of generating highly functional malware scripts.The Register
November 25, 2025 – Vulnerabilities
Critical Firefox Bug Leaves 180M Users Exposed Full Text
Abstract
A high-severity vulnerability was discovered in Mozilla Firefox's WebAssembly garbage-collection implementation. This flaw exposed over 180 million users worldwide to risk of memory corruption and potential RCE.ESecurity Planet
November 25, 2025 – Outage
Ransomware gang says it hacked Georgia Clerks Authority, disrupted systems Full Text
Abstract
A ransomware group identified as Devman has claimed responsibility for a cyberattack targeting the Georgia Superior Court Clerks’ Cooperative Authority (GSCCCA), disrupting core administrative functions across Georgia’s judiciary.CompariTech
November 25, 2025 – Vulnerabilities
Vulnerability Summary for the Week of November 17, 2025 Full Text
Abstract
This weekly vulnerability summary highlights several high-severity issues identified across major vendor platforms such as ABB, AMD, Broadcom, Grafana, and HPE. Many of these allow for authentication bypass, RCE, privilege escalation, and DoS.CISA
November 25, 2025 – Breach
Harvard reports vishing breach exposing alumni and donor contact data Full Text
Abstract
Harvard University has disclosed a data breach targeting its Alumni Affairs and Development systems, caused by a vishing attack. It led to the unauthorized access of sensitive contact and biographical information of university affiliates.Security Affairs
November 25, 2025 – Phishing
Black Friday scammers offer fake gifts from big-name brands to empty bank accounts Full Text
Abstract
A widespread and industrial-scale scam campaign targeting Black Friday shoppers is exploiting malvertising and fake brand giveaways to harvest personal information and payment card data.Malware Bytes
November 25, 2025 – Malware
Malicious Blender model files deliver StealC infostealing malware Full Text
Abstract
A new malware campaign leveraging malicious Blender model files is delivering the latest variant of the StealC V2 infostealer. The attack targets users of CGTrader by embedding malicious Python scripts into `.blend` files.Bleeping Computer
November 24, 2025 – Attack
Who Is Dark Storm? The Threat Actor European Security Teams Can’t Ignore Full Text
Abstract
A threat actor known as Dark Storm, a pro-Russian hacktivist collective, has escalated its cyber disruption campaigns across Europe and Russia, increasingly targeting government institutions and critical infrastructure.The Cyber Express
November 24, 2025 – APT
ToddyCat APT’s new tools and techniques Full Text
Abstract
A highly sophisticated email espionage campaign led by the persistent threat actor ToddyCat has been detected making use of enhanced and stealthy malware methodologies to exfiltrate corporate email data.Secure List
November 24, 2025 – Vulnerabilities
Hidden Functionality Vulnerability in Festo MSE6-C2M/D2M/E2M Devices Allows Remote Compromise Full Text
Abstract
A critical vulnerability has been identified in multiple models of Festo's MSE6-C2M, D2M, and E2M devices. Exploitation of this remotely accessible flaw may allow a low-privileged authenticated attacker to trigger undocumented test modes.CISA
November 24, 2025 – Breach
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack Full Text
Abstract
A data breach has affected Italy’s national railway operator, Ferrovie dello Stato Italiane, following a successful cyberattack on its digital services provider, Almaviva. Threat actors claim to have exfiltrated 2.3 TB of highly sensitive info.Security Affairs
November 24, 2025 – Government
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
A newly discovered and actively exploited vulnerability in Oracle Fusion Middleware—tracked as CVE-2025-61757—has been added to the Known Exploited Vulnerabilities (KEV) Catalog maintained to promote early detection and remediation.CISA
November 24, 2025 – Malware
Analysis Report on Malicious Apps Using Advanced Detection and Evasion Techniques Full Text
Abstract
A sophisticated Android malware has been identified utilizing advanced evasion and detection resistance strategies. The malware employs strong packing and obfuscation to hinder traditional antivirus (AV) systems.Ahn Lab
November 24, 2025 – Breach
Cox Enterprises discloses Oracle E-Business Suite data breach Full Text
Abstract
Cox Enterprises has suffered a significant data breach due to exploitation of a zero-day vulnerability in Oracle E-Business Suite. The Cl0p ransomware group exploited CVE-2025-61882.Bleeping Computer
November 24, 2025 – Ransomware
Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses Full Text
Abstract
Recent ransomware developments have shifted focus toward exploiting cloud-native environments, particularly Amazon S3, through misconfigurations and advanced misuse of AWS encryption and access mechanisms.Trend Micro
November 21, 2025 – Botnet
The Tsundere botnet uses the Ethereum blockchain to infect its targets Full Text
Abstract
A newly emerged malware campaign, dubbed Tsundere Botnet, is actively targeting Windows systems through various sophisticated infection mechanisms. This Node.js-based botnet utilizes Ethereum blockchain smart contracts.Secure List
November 21, 2025 – General
OWASP Top 10 takes on software supply chain risk Full Text
Abstract
The OWASP Top 10 for 2025 introduces core changes emphasizing systemic risks in modern application ecosystems. Key additions include “Supply Chain Failures” at rank #3 and “Mishandling of Exceptional Conditions” at rank #10.Reversing Labs
November 21, 2025 – Attack
Salesforce investigating campaign targeting customer environments connected to Gainsight app Full Text
Abstract
A recent campaign linked to the ShinyHunters threat actor is exploiting OAuth tokens from third-party applications—specifically those developed by Gainsight—integrated into Salesforce environments.Cybersecurity Dive
November 21, 2025 – Breach
UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation Full Text
Abstract
An ATM fraud operation led by the threat group UNC2891 involved ATM malware, money mule recruitment, rootkit-based PIN bypass, and coordinated cash withdrawal efforts targeting two major Indonesian banks between 2022 and 2024.Infosecurity Magazine
November 21, 2025 – Vulnerabilities
Authentication Bypass Vulnerabilities Identified in iCam365 P201 and QC021 CCTV Models Full Text
Abstract
Multiple iCam365 CCTV camera models are affected by missing authentication vulnerabilities, impacting ONVIF and RTSP services. These flaws expose video streams and configuration data to unauthorized users on the same local network.CISA
November 21, 2025 – Malware
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages Full Text
Abstract
A newly discovered Android banking trojan named Sturnus poses a significant threat to device and data security by targeting encrypted messaging applications such as Signal, WhatsApp, and Telegram.Bleeping Computer
November 20, 2025 – Breach
New WrtHug campaign hijacks thousands of end-of-life ASUS routers Full Text
Abstract
Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits several vulnerabilities.Bleeping Computer
November 20, 2025 – Criminals
Russian bulletproof hosting provider sanctioned over ransomware ties Full Text
Abstract
The United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations.Bleeping Computer
November 20, 2025 – Vulnerabilities
W3 Total Cache WordPress plugin vulnerable to PHP command injection Full Text
Abstract
The vulnerability, tracked as CVE-2025-9501, in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.Bleeping Computer
November 20, 2025 – Phishing
Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack Full Text
Abstract
The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions.Bleeping Computer
November 19, 2025 – Breach
New ShadowRay attacks convert Ray clusters into crypto miners Full Text
Abstract
A new global campaign, ShadowRay 2.0, is compromising publicly exposed instances of the distributed computing framework Ray by exploiting a critical, unpatched vulnerability (CVE-2023-48022).Bleeping Computer
November 19, 2025 – Attack
LG battery subsidiary says ransomware attack targeted overseas facility Full Text
Abstract
A ransomware attack has targeted an overseas facility of LG Energy Solution, a major global battery manufacturer. The Akira ransomware group claims responsibility for the incident, alleging the theft of 1.7 terabytes of sensitive data.The Record
November 19, 2025 – Breach
WhatsApp Screen-Sharing Scam Drains $700K in Minutes Full Text
Abstract
A widespread scam campaign is exploiting WhatsApp’s screen-sharing feature alongside malware-based propagation via WhatsApp Web to compromise accounts and execute large-scale financial fraud.ESecurity Planet
November 17, 2025 – Breach
Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking Full Text
Abstract
A major data breach at Chinese cybersecurity firm Knownsec has reportedly exposed over 12,000 files revealing its alleged involvement in developing and deploying state-linked cyber-espionage tools.Hack Read
November 17, 2025 – Ransomware
Akira Ransomware Haul Surpasses $244M in Illicit Proceeds Full Text
Abstract
Akira ransomware has generated over $244 million in illicit proceeds since late September 2025, showcasing a significant evolution in its tactics and capabilities. The group has expanded its targeting scope to include Nutanix AHV environments.Infosecurity Magazine
November 17, 2025 – Vulnerabilities
Mitsubishi Electric MELSEC iQ-F Series Full Text
Abstract
A medium-severity bug (CVE-2025-10259) has been identified in Mitsubishi Electric's MELSEC iQ-F Series programmable logic controllers (PLCs). The flaw, stemming from improper validation of specified quantity in input, can be exploited remotely.CISA
November 17, 2025 – Attack
Decades-old ‘Finger’ protocol abused in ClickFix malware attacks Full Text
Abstract
Threat actors are exploiting the legacy Finger protocol via Windows' built-in finger command to execute remote commands and deploy malware through the ClickFix malware campaign.Bleeping Computer
November 17, 2025 – Malware
Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT Full Text
Abstract
Two evolving malware campaigns—Campaign Trio (Feb–Mar 2025) and Campaign Chorus (May 2025)—are distributing variants of the Gh0st remote access trojan (RAT) by impersonating known software applications through massive fake domain infrastructure.Palo Alto Networks
November 17, 2025 – Attack
Crims flood npm with 150K+ junk packages to farm TEA tokens Full Text
Abstract
A large-scale supply chain attack has flooded the npm open-source registry with over 150,000 malicious packages in a campaign exploiting the tea.xyz platform to harvest cryptocurrency rewards.The Register
November 17, 2025 – Attack
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels Full Text
Abstract
A sophisticated North Korean-backed campaign, dubbed Contagious Interview, has adopted novel tactics by leveraging legitimate JSON storage services—such as JSON Keeper, JSONsilo, and npoint.io—as covert payload delivery platforms.The Hacker News
November 17, 2025 – Vulnerabilities
Medium-Severity Vulnerabilities in Siemens SICAM P850 and P855 Devices Allow Remote Impersonation and CSRF Attacks Full Text
Abstract
Two medium-severity vulnerabilities have been identified in Siemens SICAM P850 and P855 devices, which are widely deployed in the Energy sector. Exploitation could allow attackers to impersonate users or perform unauthorized actions remotely.CISA
November 14, 2025 – Vulnerabilities
Critical Vulnerabilities in Brightpick Mission Control Allow Remote Access and Credential Exposure Full Text
Abstract
Multiple high-severity vulnerabilities have been identified in all versions of Brightpick AI's Mission Control / Internal Logic Control platform. These bugs affect all versions of the product and are exploitable remotely with low attack complexity.CISA
November 14, 2025 – Breach
Washington Post data breach impacts nearly 10K employees, contractors Full Text
Abstract
A critical data breach at The Washington Post has compromised sensitive personal and financial information of 9,720 employees and contractors. The breach was facilitated through a zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61884).Bleeping Computer
November 14, 2025 – Government
CISA and Partners Release Advisory Update on Akira Ransomware Full Text
Abstract
As of November 2025, Akira ransomware actors have expanded their operations, deploying a new variant—Akira_v2—that features faster encryption speeds and improved mechanisms to inhibit system recovery.CISA
November 14, 2025 – Government
Siemens LOGO! 8 BM Devices Full Text
Abstract
Multiple critical vulnerabilities have been identified in Siemens LOGO! 8 BM and SIPLUS LOGO! programmable logic controller (PLC) devices. These vulnerabilities could allow remote attackers to execute arbitrary code.CISA
November 14, 2025 – Vulnerabilities
GitHub security advisory (AV25-737) Full Text
Abstract
Multiple versions of GitHub Enterprise Server are affected by a vulnerability identified as CVE-2025-11892. This issue may have been exploited, prompting urgent action to update to the latest patched versions.Government of Canada
November 14, 2025 – Phishing
Fake spam filter alerts are hitting inboxes Full Text
Abstract
A sophisticated phishing campaign is targeting email users with fake spam filter alerts. These emails impersonate legitimate spam filter notifications and redirect users to spoofed login pages designed to harvest sensitive information.Help Net Security
November 14, 2025 – Phishing
Phishing campaign targets customers of major Italian web hosting provider Full Text
Abstract
A large-scale phishing campaign has been uncovered targeting customers of Aruba S.p.A. The campaign aims to steal sensitive login credentials and payment information by impersonating Aruba’s login and payment portals.The Record
November 14, 2025 – Breach
DoorDash hit by new data breach in October exposing user information Full Text
Abstract
DoorDash has disclosed a data breach, involving unauthorized access to user data through a social engineering attack. Notification emails began reaching affected users the evening before the public disclosure, primarily targeting users in Canada.Bleeping Computer
November 13, 2025 – APT
Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack Full Text
Abstract
A sophisticated spyware campaign attributed to the North Korea-linked KONNI APT group has targeted individuals in South Korea using spear phishing, social engineering, and abuse of legitimate services.Hack Read
November 13, 2025 – Vulnerabilities
Vulnerability in Google Chrome for Desktop Prior to Version 142.0.7444.162 Full Text
Abstract
A security vulnerability has been identified in Google Chrome for Desktop. Users running versions prior to 142.0.7444.162/.163 on Windows and 142.0.7444.162 on Mac and Linux are affected.Government of Canada
November 13, 2025 – Vulnerabilities
Microsoft Patches 63 Vulnerabilities in November Patch Tuesday Including Critical RCE and Privilege Escalation Flaws Full Text
Abstract
Microsoft’s November Patch Tuesday addresses 63 vulnerabilities across 13 product families, including: Windows (38) Office (12), 365 (11), Excel (7), Visual Studio (4) Dynamics 365 (3), Azure (1), Configuration Manager (1) and more.Sophos
November 13, 2025 – Breach
NHS patients to finally be informed if hackers published their STI and cancer test data Full Text
Abstract
A ransomware attack by the Qilin cybercrime group in June 2024 targeted Synnovis, a pathology services provider for the NHS, resulting in the exposure of highly sensitive medical data of over 900,000 patients.The Record
November 13, 2025 – Criminals
Rhadamanthys Stealer Servers Reportedly Seized Full Text
Abstract
A major law enforcement operation has reportedly compromised the infrastructure of the Rhadamanthys stealer, a prominent malware-as-a-service platform. The takedown has disrupted access to its command-and-control (C2) servers and control panels.GBHakcers
November 13, 2025 – Policy and Law
UK Government Finally Introduces Cyber Security and Resilience Bill Full Text
Abstract
The UK government has introduced the Cyber Security and Resilience Bill to Parliament, marking a significant step toward strengthening national cybersecurity and protecting critical infrastructure.Infosecurity Magazine
November 13, 2025 – Phishing
Phishing emails disguised as spam filter alerts are stealing logins Full Text
Abstract
The phishing emails are crafted to resemble internal “Email Delivery Reports” and claim that due to a recent upgrade in the Secure Message system, some messages are pending delivery.Malware Bytes
November 12, 2025 – Phishing
Beware of Security Alert-Themed Malicious Emails that Steal Your Email Logins Full Text
Abstract
A sophisticated phishing campaign is actively targeting email users by impersonating internal security alert systems. These emails appear to originate from the recipient’s own corporate domain.GBHackers
November 12, 2025 – Phishing
Quantum Route Redirect Phishing Kit Democratizes Cyber-Attacks Full Text
Abstract
A new PhaaS platform, Quantum Route Redirect, is enabling cybercriminals to launch sophisticated phishing campaigns with minimal technical expertise. The platform has been used to target users across 90 nations, with 76% of victims located in the US.Infosecurity Magazine
November 12, 2025 – Malware
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS Full Text
Abstract
Fantasy Hub is a sophisticated Android Remote Access Trojan (RAT) sold as a Malware-as-a-Service (MaaS) offering, primarily targeting mobile banking users and BYOD environments.Security Affairs
November 12, 2025 – General
Qilin Ransomware Activity Surges as Attacks Target Small Businesses Full Text
Abstract
Qilin ransomware, a long-standing Ransomware-as-a-Service (RaaS) operation, has seen a surge in activity, primarily targeting small-to-medium-sized businesses across the construction, healthcare, and financial sectors.Infosecurity Magazine
November 12, 2025 – Attack
North Korean spies used Google Find Hub as remote-wipe tool Full Text
Abstract
North Korea-linked threat actor KONNI has been observed abusing Google's Find My Device feature to remotely factory reset Android smartphones and tablets belonging to South Korean targets.The Register
November 11, 2025 – Criminals
Yanluowang initial access broker pleaded guilty to ransomware attacks Full Text
Abstract
A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022.Bleeping Computer
November 11, 2025 – APT
APT37 hackers abuse Google Find Hub in Android data-wiping attacks Full Text
Abstract
North Korean hackers are abusing Google’s Find Hub tool to track the GPS location of their targets and remotely reset Android devices to factory settings. The attacks are primarily targeting South Koreans.Bleeping Computer
November 11, 2025 – Attack
Lazarus Group Deploys Weaponized Documents Against Aerospace & Defense Full Text
Abstract
Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant of the Comebacker backdoor to infiltrate high-value targets.GBHackers
November 11, 2025 – Malware
Researchers Expose Deep Connections Between Maverick and Coyote Banking Malware Full Text
Abstract
Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp.GBHackers
November 11, 2025 – Vulnerabilities
Critical Triofox bug exploited to run malicious payloads via AV configuration Full Text
Abstract
Google’s Mandiant researchers spotted threat actors exploiting a now-patched Triofox flaw, tracked as CVE-2025-12480 that allows them to bypass authentication to upload and run remote access tools via the platform’s antivirus feature.Security Affairs
November 10, 2025 – General
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic Full Text
Abstract
A novel side-channel attack technique, dubbed Whisper Leak, has been disclosed, targeting encrypted communications between users and streaming-mode large language models (LLMs).The Hacker News
November 10, 2025 – Denial Of Service
Cisco: Actively exploited firewall flaws now abused for DoS attacks Full Text
Abstract
Two critical bugs in Cisco ASA and FTD firewalls—CVE-2025-20362 and CVE-2025-20333—are being actively exploited in the wild. Initially used for remote code execution and unauthorized access, these flaws are now also being leveraged in DoS attacks.Bleeping Computer
November 10, 2025 – Attack
Nevada ransomware attack traced back to malware download by employee Full Text
Abstract
A ransomware attack targeting the state of Nevada was traced back to a malware-laced tool downloaded by a state employee from a spoofed website. The attack, which culminated in ransomware deployment on August 24, impacted over 60 state agencies.Cybersecurity Dive
November 10, 2025 – Vulnerabilities
Amazon WorkSpaces Linux Flaw Exposes User Tokens Full Text
Abstract
A critical vulnerability in Amazon WorkSpaces client for Linux (CVE-2025-12779) allows local attackers to extract valid authentication tokens, potentially leading to unauthorized access and lateral movement within corporate environments.ESecurity Planet
November 10, 2025 – General
Cyberattacks surge against IoT, mobile devices in critical infrastructure Full Text
Abstract
A significant surge in cyberattacks targeting Android and Internet of Things (IoT) devices has been observed across critical infrastructure sectors between June 2024 and May 2025.Cybersecurity Dive
November 10, 2025 – Malware
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation Full Text
Abstract
A sophisticated software supply chain attack has been uncovered involving nine malicious NuGet packages embedded with time-delayed logic bombs. These packages, published by a user named shanhai666, were downloaded nearly 9,500 times.The Hacker News
November 10, 2025 – Hacker
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools Full Text
Abstract
Multiple Chinese state-linked threat actors are exploiting legacy bugs in widely used software to conduct cyberespionage. These target government, non-profit, and private sector organizations across the U.S., Asia, Europe, and Latin America.The Hacker News
November 10, 2025 – Malware
New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images Full Text
Abstract
A newly discovered Android spyware campaign, dubbed LANDFALL, has exploited a critical zero-day vulnerability (CVE-2025-21042) in Samsung’s image processing library to deliver surveillance malware via malformed DNG image files sent through WhatsApp.GBHackers
November 10, 2025 – Vulnerabilities
New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks Full Text
Abstract
Microsoft is introducing a new feature in Teams that allows users to initiate chats with any email address, even if the recipient is not a Teams user. It significantly increases the risk of phishing, impersonation, and malware attacks.GBHackers
November 10, 2025 – Breach
Have I Been Pwned: TISZA Világ Data Breach Full Text
Abstract
A data breach has impacted the TISZA Világ service resulting in the exposure of nearly 200,000 user records. The breach, which occurred in October 2025, has led to the widespread redistribution of sensitive personal data online.Have I Been PWNED
November 7, 2025 – Privacy
Old privacy laws create new risks for businesses Full Text
Abstract
A recent analysis of nearly 200 data privacy-related insurance claims and 5,000 business websites reveals that 77% of wrongful collection claims stem from web activity. The Meta Pixel alone was cited in 43% of all web privacy claims.Help Net Security
November 7, 2025 – Government
Influence of Chinese Hacker Organizations on U.S. Foreign Policy Full Text
Abstract
A coordinated cyber-espionage campaign attributed to Chinese state-linked threat actors has targeted a prominent U.S. non-profit involved in foreign policy advocacy. The operation demonstrates advanced persistence techniques.GBHackers
November 7, 2025 – Attack
U.S. Congressional Budget Office hit by suspected foreign cyberattack Full Text
Abstract
The U.S. Congressional Budget Office (CBO) has confirmed a cybersecurity incident involving unauthorized access to its network, suspected to be the work of a foreign threat actor.Bleeping Computer
November 7, 2025 – Criminals
Malicious Infrastructure Finds Stability with aurologic GmbH Full Text
Abstract
aurologic GmbH, a German hosting provider, has emerged as a central enabler of malicious infrastructure by providing upstream connectivity to numerous high-risk and sanctioned networks.Recorded Future
November 7, 2025 – Privacy
Italian communications executive reveals he was targeted with Paragon spyware Full Text
Abstract
Francesco Nicodemo, a prominent Italian communications executive and political adviser, has been identified as the fifth Italian victim of Paragon’s Graphite spyware. He is among 90 individuals notified by WhatsApp of the targeting.The Record
November 7, 2025 – Attack
Sandworm Hackers Target Ukrainian Organizations With Data-Wiping Malware Full Text
Abstract
Russia-aligned Sandworm deployed two data-wiping malware strains—ZEROLOT and Sting. The malware campaigns have targeted critical sectors including governmental entities, energy infrastructure, logistics providers, and notably, the grain sector.GBHackers
November 7, 2025 – Attack
Cavalry Werewolf Launches Cyberattack on Government Agencies to Deploy Network Backdoor Full Text
Abstract
A sophisticated cyberattack campaign has been attributed to the threat actor group Cavalry Werewolf, targeting government agencies with the intent to steal sensitive data and establish persistent access within critical infrastructure networks.GBHackers
November 7, 2025 – Malware
New NGate Malware Lets Hackers Drain ATMs Remotely Full Text
Abstract
NGate is a newly identified Android malware that enables attackers to perform unauthorized ATM withdrawals by relaying NFC payment data from victims’ smartphones. It leverages Host Card Emulation (HCE) and advanced social engineering.ESecurity Planet
November 7, 2025 – Ransomware
AI-Slop ransomware test sneaks on to VS Code marketplace Full Text
Abstract
A malicious Visual Studio Code extension named susvsex, published by suspublisher18, was discovered on the official VS Code marketplace. The extension exhibited ransomware-like behavior.Bleeping Computer
November 6, 2025 – General
Enterprises are losing track of the devices inside their networks Full Text
Abstract
A comprehensive analysis of 10 million devices across 700+ organizations revealed that nearly two-thirds of connected assets were non-traditional IT devices. These included network infrastructure (routers, firewalls) and xIoT devices such as OT.Help Net Security
November 5, 2025 – Criminals
Nine Arrested in €600M crypto laundering bust across Europe Full Text
Abstract
A coordinated international law enforcement operation has led to the arrest of nine individuals across Cyprus, Spain, and Germany for their involvement in laundering over €600 million through fraudulent cryptocurrency investment schemes.Security Affairs
November 5, 2025 – Breach
Media giant Nikkei reports data breach impacting 17,000 people Full Text
Abstract
A recent data breach at Japanese media conglomerate Nikkei has compromised the personal information of 17,368 individuals, including employees and business partners, following unauthorized access to its Slack messaging platform.Bleeping Computer
November 5, 2025 – Breach
Data breach at major Swedish software supplier impacts 1.5 million Full Text
Abstract
A significant data breach at Swedish IT systems supplier Miljödata has compromised the personal data of approximately 1.5 million individuals. The breach is attributed to the threat actor Datacarry.Bleeping Computer
November 5, 2025 – Vulnerabilities
Radiometrics VizAir Full Text
Abstract
Multiple critical vulnerabilities have been identified in Radiometrics VizAir, a weather monitoring system used in aviation. All vulnerabilities have a CVSS v3.1 and v4 base score of 10.0, indicating maximum severity.CISA
November 5, 2025 – Vulnerabilities
Survision License Plate Recognition Camera Full Text
Abstract
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.CISA
November 5, 2025 – Vulnerabilities
TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities Full Text
Abstract
Multiple critical vulnerabilities have been identified and patched across three software products: Fade In (screenwriting software), TruffleHog (sensitive data scanner for code repositories), and Dell BSAFE Crypto-C (cryptographic development kit).Talos Intelligence
November 5, 2025 – Hacker
Russian hackers abuse Hyper-V to hide malware in Linux VMs Full Text
Abstract
A Russian-aligned cyber-espionage group, Curly COMrades, is leveraging Microsoft Hyper-V to deploy hidden Alpine Linux VMs on compromised Windows systems. These VMs host custom malware implants - CurlyShell and CurlCat.Bleeping Computer
November 5, 2025 – Vulnerabilities
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks Full Text
Abstract
A critical command injection bug has been identified in two npm packages. It allows remote unauthenticated attackers to execute arbitrary OS commands on development machines running the vulnerable Metro server.The Hacker News
November 5, 2025 – Vulnerabilities
Researchers warn of flaws that allow manipulation of Microsoft Teams messages Full Text
Abstract
Multiple critical vulnerabilities in Microsoft Teams have been identified that allow attackers to manipulate messages, spoof notifications, and impersonate users in chats and calls. These flaws affect both internal and external communications.Cyber Security Dive
November 5, 2025 – Vulnerabilities
How PowerShell Gallery simplifies supply chain attacks Full Text
Abstract
PowerShell Gallery has been identified as a potential vector for software supply chain attacks. Malicious actors can exploit PowerShell’s autoloading and command clobbering features to override legitimate system commands.Reversing Labs
November 3, 2025 – Breach
Akira Ransomware Strikes Apache OpenOffice, Allegedly Exfiltrates 23GB of Data Full Text
Abstract
The notorious Akira ransomware gang announced on October 29, 2025, that it successfully penetrated the systems of Apache OpenOffice, claiming to have exfiltrated a staggering 23 gigabytes of sensitive corporate data.GBHackers
November 3, 2025 – Breach
Proton Warns of 300 Million Stolen Login Details Circulating on Dark Web Full Text
Abstract
Privacy-focused technology company Proton has issued a warning about the escalating data breach crisis, revealing that hundreds of millions of stolen login credentials are actively circulating on the dark web.GBHackers
November 3, 2025 – General
Leak Site Ransomware Victims Spike 13% in a Year Full Text
Abstract
A review of data leak sites over the period September 2024-August 2025 revealed a double-digit annual increase in European victims, to 1380. After the UK, Germany, Italy, France and Spain were the most targeted nations.Infosecurity Magazine
November 3, 2025 – Vulnerabilities
New BOF Tool Bypasses Microsoft Teams Cookie Encryption to Steal User Chats Full Text
Abstract
Cybersecurity researchers have released a specialised Beacon Object File (BOF) tool that exploits a critical weakness in Microsoft Teams cookie encryption, enabling attackers to steal user chat messages and other sensitive communications.GBHackers
November 3, 2025 – Attack
China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats Full Text
Abstract
A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025.The Hacker News
November 3, 2025 – Attack
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability Full Text
Abstract
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY.The Hacker News
November 3, 2025 – Attack
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack Full Text
Abstract
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Airstalk misuses the AirWatch API for Workspace ONE Unified Endpoint Management.The Hacker News
November 3, 2025 – Breach
Conduent January 2025 breach impacts 10M+ people Full Text
Abstract
A major data breach at Conduent has compromised the personal information of approximately 10,515,849 individuals. The breach, discovered exposed sensitive data including names, addresses, dates of birth, SSNs, and health and insurance information.Security Affairs
November 1, 2025 – General
One In Four Employees Use Unapproved AI Tools, Research Finds Full Text
Abstract
Overall, workers are broadly encouraged by their company to use AI as part of their workloads and the 1Password report found that of 5000 workers surveyed 73% said their company is in favor of such experimentation.Infosecurity Magazine
November 1, 2025 – Vulnerabilities
Critical Flaws Found in Elementor King Addons Affect 10,000 Sites Full Text
Abstract
The King Addons for Elementor plugin, used on over 10,000 sites, contains two unauthenticated critical issues that can lead to full site takeover. New research from Patchstack shows two easily exploitable flaws.Infosecurity Magazine
November 1, 2025 – Breach
Major telecom services provider Ribbon breached by state hackers Full Text
Abstract
Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024.Bleeping Computer
November 1, 2025 – Malware
Massive surge of NFC relay malware steals Europeans’ credit cards Full Text
Abstract
NFC relay malware has become increasingly prevalent in Eastern Europe, targeting Android users' payment card data. The malware exploits Android's HCE to manipulate contactless payment data.Bleeping Computer
November 1, 2025 – Privacy
Windows zero-day actively exploited to spy on European diplomats Full Text
Abstract
A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. The attack chain begins with spearphishing emails that lead to the delivery of malicious LNK files.Bleeping Computer