Category: hacking

Auto Added by WPeMatico

Asia Pacific, Breaking News, Global Security News, hacking, information security news, IT Information Security, malware

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

December 12, 2025

Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor that uses the Google Drive API for C2. Elastic says it shares code with the FINALDRAFT (Squidoor) implant, which uses Microsoft Graph API and is linked to threat…

U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

December 12, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer flaw, tracked as CVE-2025-58360 (CVSS Score of 8.2), to its Known Exploited Vulnerabilities (KEV) catalog. GeoServer is an open-source server that allows users to share and edit geospatial…

U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

December 12, 2025

Critical Gogs zero-day under attack, 700 servers hacked

December 11, 2025

Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or Bitbucket, but designed to be lightweight and easy to deploy. It allows individuals or organizations to host their own Git repositories on their servers, offering features like version…

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

December 11, 2025

Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could leak corporate data via crafted emails, invites, or documents, Noma Security says. Google addressed a Gemini Enterprise flaw dubbed GeminiJack, which can be exploited in zero-click attacks triggered via crafted emails, invites, or documents. The vulnerability could have exposed sensitive corporate data, according to Noma…

Google fixed a new actively exploited Chrome zero-day

December 11, 2025

Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome browser, including a high-severity flaw that threat actors are already exploiting in real-world attacks. “Google is aware that an exploit for 466192044 exists in the wild,” reads…

Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

December 11, 2025

Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charged in the US for allegedly aiding the pro-Russia hacktivist groups Cyber Army of Russia Reborn (CARR) and NoName057(16) in cyberattacks against critical infrastructure worldwide. Dubranova was extradited to…

SIM Pharm Cyber crime Escalates in South Africa

December 11, 2025

Just when you thought there couldn’t be another type of cyber thief, they develop new and devious methods to steal valuable information and finances. Over the last few yearsthere has been an uptick in “SIM pharm” crimes. This form of crime has encompassed avariety of scams including theft of banking credentials, impersonation, investment fraud,and online…

Fortinet fixed two critical authentication-bypass vulnerabilities

December 10, 2025

Fortinet patched 18 flaws, including two authentication-bypass bugs affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO enabled. Fortinet addressed 18 vulnerabilities, including two authentication-bypass flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1), affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when FortiCloud SSO is enabled. Both vulnerabilities are improper verification of cryptographic signature issues.…

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

December 10, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-6218 (CVSS score of 7.8) RARLAB WinRAR Path Traversal…

Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

December 10, 2025

Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. Three vulnerabilities are rated Critical, while the rest are…

Ivanti warns customers of new EPM flaw enabling remote code execution

December 9, 2025

Ivanti warns users to address a newly disclosed Endpoint Manager vulnerability that could let attackers execute code remotely. Software firm Ivanti addressed a newly disclosed vulnerability, tracked as CVE-2025-10573 (CVSS score 9.6), in its Endpoint Manager (EPM) solution. The vulnerability is a Stored XSS that could allow a remote unauthenticated attacker to execute arbitrary “Stored…

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

December 9, 2025

Poland arrested three Ukrainian nationals accused of using hacking devices to target IT systems and obtain sensitive defense-related data. Polish police arrested three Ukrainian nationals for allegedly trying to damage IT systems and obtaining sensitive defense-related data using advanced hacking equipment. The police arrested three Ukrainian men after finding Flipper hacking gear, spy-device detectors, SIM…

Oracle EBS zero-day used by Clop to breach Barts Health NHS

December 8, 2025

Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added the organization to its dark web data leak site and leaked the stolen information. The…

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

December 8, 2025

Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182, also known as the React2Shell flaw, within hours, according to AWS Security. The researchers confirmed that this vulnerability doesn’t affect AWS services, however they opted to share threat intelligence data to…

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

December 8, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a a Meta React Server Components flaw, tracked as CVE-2025-55182 (CVSS Score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a pre-authentication remote code execution…

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

December 7, 2025

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs Maximum-severity XXE vulnerability discovered in Apache…

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

December 7, 2025

Hundreds of Porsche cars in Russia became undrivable due to a malfunction in their factory-installed satellite security system, owners say. Hundreds of Porsche cars in Russia became undrivable after their factory-installed satellite security system malfunctioned, owners and dealers report. Drivers in several Russian cities reported sudden engine shutdowns and fuel-delivery blocks after Porsche cars lost…

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

December 6, 2025

A hacking campaign is targeting GlobalProtect logins and scannig SonicWall APIs since December 2, 2025. A campaign began on December 2 targeting Palo Alto GlobalProtect portals with login attempts and scanning SonicWall SonicOS API endpoints. The activity came from over 7,000 IPs tied to German hosting provider 3xK GmbH, which operates its own BGP network…

Maximum-severity XXE vulnerability discovered in Apache Tika

December 5, 2025

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules. An attacker can embed a malicious XFA file inside a PDF and…

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

December 5, 2025

CISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details on BRICKSTORM, a backdoor used by China state-sponsored threat actors to gain and maintain long-term persistence on compromised systems, highlighting ongoing PRC cyber-espionage activity. “The Cybersecurity…

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

December 4, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26828 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an unrestricted upload of file with dangerous type vulnerability. “OpenPLC…

Marquis data breach impacted more than 780,000 individuals

December 4, 2025

Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financial data, including names, addresses, SSNs, and card numbers, impacting over 780,000 people. Marquis is a Texas-based fintech and software firm that provides data-driven marketing, customer data platforms, analytics,…

King Addons flaw lets anyone become WordPress admin

December 3, 2025

Hackers are exploiting a King Addons flaw (CVE-2025-8489) that lets anyone register and instantly gain admin privileges on WordPress sites. Hackers are exploiting a critical vulnerability, tracked as CVE-2025-8489 (CVSS score of 9.8), in the WordPress plugin King Addons for Elementor that allows unauthenticated users to create admin accounts via a registration privilege bug. King…

University of Pennsylvania and University of Phoenix disclose data breaches

December 3, 2025

The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign. The University of Pennsylvania (Penn) and the University of Phoenix confirmed they were hit in the recent cyberattack targeting Oracle E-Business Suite customers. Penn explained that it uses Oracle’s E-Business Suite (EBS) platform for supplier…

Researchers spotted Lazarus’s remote IT workers in action

December 3, 2025

Researchers exposed a Lazarus scheme using remote IT workers tied to North Korea’s Famous Chollima APT group in a joint investigation. Researchers filmed Lazarus APT group’s remote-worker scheme in action, uncovering a North Korean network of IT contractors linked to the Famous Chollima unit, TheHackerNews reported. Recently, multiple cybersecurity firms and government agencies observed North…

India mandates SIM-linked messaging apps to fight rising fraud

December 3, 2025

India ordered messaging apps to work only with active SIM cards linked to users’ phone numbers to curb fraud and misuse. India’s Department of Telecommunications (DoT) now requires providers of messaging apps to work only with active SIM cards linked to users’ numbers to prevent fraud and misuse. “The Department of Telecommunications (DoT) has observed that some…

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

December 2, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Framework flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Android Framework flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-48572 Android Framework Privilege Escalation Vulnerability CVE-2025-48633 Android Framework Information Disclosure Vulnerability This week,…

MuddyWater strikes Israel with advanced MuddyViper malware

December 2, 2025

Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader,…

‘Korea’s Amazon’ Coupang discloses a data breach impacting 34M customers

December 2, 2025

Coupang disclosed a five-month data breach that exposed the personal information of nearly 34 million South Korean customers. South Korean e-commerce giant disclosed a data breach affecting nearly 34 million customers, exposing personal information over a period of more than five months. “According to the investigation so far, it is believed that unauthorized access to…

Google’s latest Android security update fixes two actively exploited flaws

December 2, 2025

Google’s latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google’s new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components. Here’s a concise summary under 160 characters: December’s Android update offers two patch levels (12-01,…

Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks

December 1, 2025

Australian Michael Clapsis got 7 years and 4 months in prison for Wi-Fi attacks at airports and on flights, stealing sensitive data. Australian man Michael Clapsis (44) was sentenced to 7 years and 4 months in prison for conducting Wi-Fi attacks at airports and on flights, stealing sensitive information, according to the Australian Federal Police…

U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

December 1, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26829 (CVSS score of 5.4), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a cross-site scripting (XSS) flaw that impacts Windows and Linux versions via system_settings.shtm.…

Security Affairs newsletter Round 552 by Pierluigi Paganini – INTERNATIONAL EDITION

November 30, 2025

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers stole member data from French Soccer Federation Thousands of sensitive secrets published on JSONFormatter and…

Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

November 29, 2025

North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. The Contagious Interview campaign, active since November 2023 and linked to…

Deeper Network Promo Deeper Network Promo

Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

November 28, 2025

Users of JSONFormatter and CodeBeautify leaked thousands of sensitive secrets, including credentials and private keys, WatchTowr warns. WatchTowr’s latest research reveals massive leaks of passwords, secrets, and keys across developer formatting platforms like JSONFormatter and CodeBeautify. Despite past incidents, exposed credentials remain rampant, sometimes even for critical systems. WatchTowr researchers highlight how easily sensitive data…

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

November 28, 2025

ShadowV2, a new Mirai-based botnet, briefly targeted vulnerable IoT devices during October’s AWS outage, likely as a test run. During the late-October AWS disruption, FortiGuard Labs researchers observed the Mirai-based ‘ShadowV2’ malware exploiting IoT vulnerabilities across multiple countries and industries. The botnet was active only during the outage, suggesting a test run for future attacks.…

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

November 27, 2025

OpenAI warns some users that a cyberattack on analytics firm Mixpanel may have exposed their data. Mixpanel is a product analytics platform that companies use to understand how people interact with their apps or websites. Many tech companies use Mixpanel to make data-driven decisions about features, performance, and customer journeys. OpenAI is alerting some users about…

Forget Firewalls — Hack the Supplier: The Iberia Attack Blueprint Revealed

November 26, 2025

On 23 November 2025, Iberia disclosed a security incident stemming from an unauthorized access to the systems of a third-party supplier / vendor.The airline communicated to impacted customers that certain personal data may have been exposed. According to the notification, exposed information may include first and last name, email address, and loyalty-card identification numbers (Iberia…

Multiple London councils faced a cyberattack

November 26, 2025

Multiple London councils, including Chelsea and Westminster, faced a cyberattack that may have exposed resident data. Authorities are actively investigating the incident. A cyberattack struck multiple London councils, including Kensington & Chelsea and Westminster, which share IT systems. Officials say residents’ data may have been compromised and have notified the UK Information Commissioner’s Office. The…

Emergency alerts go dark after cyberattack on OnSolve CodeRED

November 26, 2025

Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies. A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification services used by U.S. state and local governments, police, and fire agencies. OnSolve CodeRED is a cloud-based emergency alert system used by U.S. state and local governments to…

Dissecting a new malspam chain delivering Purelogs infostealer

November 26, 2025

The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and personal security remains under constant threat from increasingly sophisticated attack vectors, with malspam continuing to represent one of the most widespread and effective initial infection vectors for distributing malware on a large…

FBI: bank impersonators fuel $262M surge in account takeover fraud

November 25, 2025

Cybercriminals posing as banks drove a major spike in account takeover fraud this year, stealing over $262 million, the FBI warned. The FBI warns of a surge in account takeover fraud, with criminals posing as financial institutions and stealing over $262M since January 2025. Cybercriminals breach online financial, payroll, or health-savings accounts to steal money…

Morphisec warns StealC V2 malware spread through weaponized blender files

November 25, 2025

StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation…

SitusAMC confirms data breach affecting customer information

November 25, 2025

SitusAMC says a recent breach exposed customer data; the real-estate financing firm provides back-office services for banks and lenders. SitusAMC, a leading real-estate financing services provider for banks and lenders, disclosed a data breach discovered earlier this month that exposed customer information. The firm manages back-office functions such as mortgage origination, servicing, and compliance for…

Attackers deliver ShadowPad via newly patched WSUS RCE bug

November 24, 2025

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…

Scattered Spider alleged members deny TfL charges

November 24, 2025

Two UK teens linked to Scattered Spider pleaded not guilty to charges over last year’s TfL cyberattack at a Southwark Crown Court hearing. Two British teens accused of Computer Misuse Act offenses for a cyberattack on Transport for London pleaded not guilty in court. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, and Owen…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72

November 23, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery RONINGLOADER: DragonBreath’s New Path to PPL Abuse npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects GPT Trade: Fake Google Play Store…

Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION

November 23, 2025

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks U.S. CISA adds an Oracle…

SonicWall flags SSLVPN flaw allowing firewall crashes

November 23, 2025

SonicWall warns of a high-severity buffer overflow flaw in SonicOS SSLVPN (CVE-2025-40601) that lets attackers crash Gen7 and Gen8 firewalls. A new high-severity SonicOS SSLVPN flaw, tracked as CVE-2025-40601 (CVSS score of 7.5), allows attackers to crash SonicWall Gen7 and Gen8 firewalls. SonicWall is urging all customers to apply patches immediately, as the issue stems…

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

November 22, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a an Oracle Fusion Middleware flaw, tracked as CVE-2025-61757 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a missing authentication for a critical function that…

CrowdStrike denies breach after insider sent internal screenshots to hackers

November 21, 2025

CrowdStrike says an insider shared internal screenshots with hackers but confirms no system breach and no customer data exposure. BleepingComputer first reported that CrowdStrike said an insider shared internal system screenshots with hackers, after Scattered Lapsus$ Hunters leaked them on Telegram. The company stresses that no systems were breached and no customer data was exposed.…

SolarWinds addressed three critical flaws in Serv-U

November 21, 2025

SolarWinds patched three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. SolarWinds addressed three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. The first vulnerability, tracked as CVE-2025-40549 (CVSS score 9.1), is a path restriction bypass issue that impacts Serv-U. An attacker with…

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

November 21, 2025

Ferrovie dello Stato Italiane (FS) data leaked after a breach at IT provider Almaviva. A hacker claims the theft of 2.3 TB of sensitive data. Data belonging to Italy’s national railway operator Ferrovie dello Stato Italiane (FS) was leaked after a data breach at IT provider Almaviva. FS Italiane Group is Italy’s state-owned railway company, managing passenger…

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

November 21, 2025

Salesforce warns that unusual activity in Gainsight-linked OAuth apps may have enabled unauthorized access to some customers’ Salesforce data. Salesforce warned of unusual activity involving Gainsight-linked OAuth apps, noting that threat actors may have used these integrations to gain unauthorized access to some customers’ Salesforce data. “Salesforce has identified unusual activity involving Gainsight-published applications connected…

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

November 20, 2025

Researchers disclosed a WhatsApp flaw that exposed 3.5B accounts. Meta has patched it to prevent this mass enumeration. A team of researchers at the University of Vienna found a WhatsApp flaw that could scrape 3.5 billion accounts. Meta has since patched the vulnerability to block this enumeration technique. Users discover contacts by querying WhatsApp servers…

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

November 20, 2025

Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Identification System (AIS) data shortly before an attempted missile strike, showing how Tehran-aligned groups use cyber operations to support and amplify real-world kinetic attacks. The research demonstrates that…

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

November 19, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium V8 flaw, tracked as CVE-2025-13223, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Google released Chrome security updates to address two flaws, including a high-severity V8 type confusion…

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

November 19, 2025

A remote code execution vulnerability, tracked as CVE-2025-11001, in the 7-Zip software is under active exploitation. A new 7-Zip flaw tracked as CVE-2025-11001 (CVSS score of 7.0) is now being actively exploited in the wild, NHS England warns. Remote attackers can trigger the vulnerability to execute arbitrary code on affected installations of 7-Zip. “Active exploitation…

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

November 19, 2025

U.S. CISA has added a second Fortinet FortiWeb vulnerability in just a few days to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiWeb flaw, tracked as CVE-2025-58034 (CVSS score of 6.7), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet patched a new FortiWeb zero-day, tracked…

Popular Ghost blogging platform experiences hack attack [OLD NEWS]

November 19, 2025

Unknown hackers hacked the Ghost blogging platform. In May 2020, the popular blogging platform Ghost faced a security scare after unknown hackers infiltrated their systems. This incident, while resolved quickly, highlighted the ever-present threat of cyberattacks and the importance of robust security measures. Ghost in the Machine: The Breach Explained The attack involved exploiting vulnerabilities…

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

November 19, 2025

Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting. Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034 (CVSS score 6.7), which is being actively exploited in attacks in the wild. Trend Micro researcher Jason McFadyen reported the vulnerability. The flaw is an improper neutralization of special elements used in…

DoorDash data breach exposes personal info after social engineering attack

November 18, 2025

DoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. “Our team recently identified and shut down a cybersecurity incident that involved an unauthorized…

Google fixed the seventh Chrome zero-day in 2025

November 18, 2025

Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google released Chrome security updates to address two flaws, including a high-severity V8 type confusion bug tracked as CVE-2025-13223 that has been actively exploited in the wild. The Chrome V8 engine is Google’s open-source JavaScript…

Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

November 17, 2025

Jaguar Land Rover says the September 2025 cyberattack halted production, led to data theft, and cost £196M in the quarter. Jaguar Land Rover reported that a September 2025 cyberattack, claimed by Scattered Lapsus$ Hunters, cost the company £196 million in the quarter. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted…

North Korean threat actors use JSON sites to deliver malware via trojanized code

November 17, 2025

North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. “NVISO…

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

November 17, 2025

RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE flaw CVE-2025-24893 (CVSS score of 9.8), pulling more devices into its botnet despite patches released in Feb 2025. The XWiki Platform is a generic wiki framework…

Five admit helping North Korea evade sanctions through IT worker schemes

November 16, 2025

Five pleaded guilty to aiding North Korea ’s illicit revenue via IT worker fraud, violating international sanctions. The U.S. Department of Justice announced that five people have pleaded guilty to helping North Korea secretly generate revenue by running illegal IT-worker schemes that violated international sanctions. The individuals – Audricus Phagnasay (24), Jason Salazar (30), Alexander…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71

November 16, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter 9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure Gootloader Returns: What Goodies Did They Bring? Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector…

Security Affairs newsletter Round 550 by Pierluigi Paganini – INTERNATIONAL EDITION

November 16, 2025

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple Vulnerabilities in GoSign Desktop lead to Remote Code Execution U.S. CISA adds Fortinet FortiWeb flaw to…

Deeper Network Promo Deeper Network Promo

APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, intelligence

Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack

November 16, 2025

China-linked actors used Anthropic’s AI to automate and run cyberattacks in a sophisticated 2025 espionage campaign using advanced agentic tools. China-linked threat actors used Anthropic’s AI to automate and execute cyberattacks in a highly sophisticated espionage campaign in September 2025. The cyber spies leveraged advanced “agentic” capabilities rather than using AI only for guidance. Attackers…

Multiple Vulnerabilities in GoSign Desktop lead to Remote Code Execution

November 15, 2025

Researchers found a critical vulnerability in GoSign Desktop: TLS Certificate Validation Disabled and Unsigned Update Mechanism. GoSign is an advanced and qualified electronic signature solution developed by Tinexta InfoCert S.p.A., used by public administrations, businesses, and professionals to manage approval workflows with traceability and security. The SaaS/web version of the product has received the “QC2”…

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

November 15, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiWeb flaw, tracked as CVE-2025-64446 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a relative path traversal issue in Fortinet FortiWeb 8.0.0…

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

November 14, 2025

ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease. ASUS patched a critical auth-bypass flaw, tracked as CVE-2025-59367 (CVSS score of 9.3), in multiple DSL routers that allows remote, unauthenticated attackers to easily access unpatched devices. The vulnerability impacts DSL-AC51, DSL-N16, DSL-AC750 router families, the…

Millions of sites at risk from Imunify360 critical flaw exploit

November 14, 2025

A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers and execute arbitrary code, potentially exposing millions of websites, cybersecurity firm Patchstack warns. The flaw in Imunify360 AV before v32.7.4.0 lets attacker‑supplied malware trigger dangerous PHP…

Critical FortiWeb flaw under attack, allowing complete compromise

November 14, 2025

A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to hijack admin accounts and fully compromise devices. Researchers warn of an authentication bypass flaw in Fortinet FortiWeb WAF that allows full device takeover. The cybersecurity vendor addressed the vulnerability with the release version 8.0.2. A security flaw lets anyone break into FortiWeb devices…

Washington Post notifies 10,000 individuals affected in Oracle-linked data theft

November 14, 2025

The Washington Post alerts nearly 10,000 employees and contractors that personal and financial data was exposed in the Oracle breach. The Washington Post warns nearly 10,000 staff and contractors that personal and financial data was exposed in the Oracle breach. The popular newspaper has approximately 2.5M digital subscribers. Between July 10 and August 22, threat…

A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet

November 13, 2025

Europol’s Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Operation Endgame, carried out between November 10 and 13, 2025, dismantling major malware families including Rhadamanthys Stealer, Venom RAT, and the Elysium botnet as part of a global effort…

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

November 13, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-9242 WatchGuard Firebox…

Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days

November 13, 2025

Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon’s threat intelligence researchers spotted an advanced threat actor exploiting two previously undisclosed zero-day flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC to deliver custom malware. Attackers also exploited multiple undisclosed vulnerabilities. Amazon’s…

Australia’s spy chief warns of China-linked threats to critical infrastructure

November 12, 2025

Australia’s spy chief warns China-linked actors are probing critical infrastructure and preparing for cyber sabotage and espionage. Australia’s intelligence chief Mike Burgess warned that China-linked threat actors are probing critical infrastructure and, in some cases, have gained access. He said at least two Chinese state-sponsored groups are positioning themselves for future sabotage and espionage operations…

Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

November 12, 2025

Synology fixed a critical BeeStation RCE flaw (CVE-2025-12686) shown at Pwn2Own, caused by unchecked buffer input allowing code execution. Synology patched a critical remote code execution (RCE) flaw, tracked as CVE-2025-12686 (CVSS score 9.8), in BeeStation, demonstrated during the hacking competition Pwn2Own Ireland 2025. BeeStation is a plug-and-play device that turns traditional storage into a…

Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

November 12, 2025

Microsoft fixed over 60 flaws, including an actively exploited Windows kernel zero-day, in its latest Patch Tuesday updates. Microsoft’s Patch Tuesday security updates for November 2025 addressed 63 vulnerabilities impacting Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure Monitor Agent, Dynamics 365, Hyper-V, SQL Server, and the Windows Subsystem for Linux…

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

November 11, 2025

SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, including a critical flaw in SQL Anywhere Monitor, with the release of November 2025 notes. The vulnerability, tracked as CVE-2025-42890 (CVSS score of 10/10), is an insecure key…

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

November 11, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw, tracked as CVE-2025-21042 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. The now-patched Samsung Galaxy flaw CVE-2025-21042 was exploited as a zero-day…

Critical Triofox bug exploited to run malicious payloads via AV configuration

November 11, 2025

Hackers exploited Triofox flaw CVE-2025-12480 to bypass auth and install remote access tools via the platform’s antivirus feature. Google’s Mandiant researchers spotted threat actors exploiting a now-patched Triofox flaw, tracked as CVE-2025-12480 (CVSS score of 9.1) that allows them to bypass authentication to upload and run remote access tools via the platform’s antivirus feature. Mandiant…

GlassWorm malware has resurfaced on the Open VSX registry

November 10, 2025

GlassWorm malware resurfaces in Open VSX and GitHub, infecting VS Code extensions weeks after its removal from the official marketplace. GlassWorm malware has resurfaced on the Open VSX registry and newly appeared in GitHub repositories, infecting three more VS Code extensions just weeks after its removal from the official marketplace, Koi Security researchers warn. In…

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

November 10, 2025

Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks. Bus operators in Denmark and Norway are urgently probing a security vulnerability in Chinese-made Yutong electric buses, raising concerns about Western dependence on Chinese technology. The issue highlights growing European fears that…

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

November 10, 2025

With a 4M cybersecurity worker shortage, agentic AI helps SOCs move beyond triage, enabling proactive security once thought impossible. With a deficit of 4 million cybersecurity workers worldwide, it’s no surprise that most SOCs are still stuck in triage mode. That’s why agentic AI is stepping in to fill the gap. And this boost to…

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

November 10, 2025

Nine NuGet packages by “shanhai666” can deploy delayed payloads to disrupt databases and industrial systems. Socket’s Threat Research Team discovered nine malicious NuGet packages, published between 2023 and 2024 by “shanhai666,” that can deploy time-delayed payloads to disrupt databases and industrial control systems. Scheduled to trigger in August 2027 and November 2028, the packages were…

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

November 9, 2025

QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025. The flaws affected QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync. The vulnerabilities addressed by the company…

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

November 9, 2025

Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak, which lets attackers who can monitor network traffic infer what users discuss with remote language models, even when the data is encrypted. The company warned that…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

November 9, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SesameOp: Novel backdoor uses OpenAI Assistants API for command and control Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector Gootloader Returns: What Goodies Did They Bring? Ransomvibing appears in VS Code extensions …

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

November 9, 2025

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. China-linked hackers target U.S. non-profit in long-term espionage campaign A new Italian citizen was targeted with…

China-linked hackers target U.S. non-profit in long-term espionage campaign

November 8, 2025

A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and…

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

November 8, 2025

An Italian political adviser was targeted with Paragon’s Graphite spyware, becoming the fifth Italian in the ongoing government surveillance activity. Italian political adviser Francesco Nicodemo said he was targeted with Paragon’s Graphite spyware, becoming the fifth Italian in the ongoing government surveillance activity. Graphite is an invasive, non-auditable spyware that covertly accesses sensitive phone data;…

Cisco fixes critical UCCX flaw allowing Root command execution

November 7, 2025

Cisco patched a critical flaw in its Unified Contact Center Express (UCCX) software that allowed attackers to execute commands with root privileges. Cisco released security updates to address a critical vulnerability, tracked as CVE-2025-20354 (CVSS score 9.8), in the Unified Contact Center Express (UCCX) software. An attacker can exploit the flaw to execute commands with root…

Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems

November 7, 2025

Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. “Another…

Clop Ransomware group claims the breach of The Washington Post

November 6, 2025

The Clop Ransomware group claims the breach of The Washington Post and added the American daily newspaper to its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious American daily newspaper The Washington Post. The cybercrime group created a page for the university on its Tor data leak site and announced it will…

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

November 6, 2025

Cisco warns of a new attack variant exploiting CVE-2025-20333 and CVE-2025-20362 in Secure Firewall ASA and FTD devices. Cisco warned of a new attack variant targeting vulnerable Secure Firewall ASA and FTD devices by exploiting the vulnerabilities CVE-2025-20333 and CVE-2025-20362. “On November 5, 2025, Cisco became aware of a new attack variant against devices running…

Asia Pacific, Breaking News, Global Security News, hacking, information security news, IT Information Security, malware

Breaking News, Exploits, GeoServer, Global Security News, hacking, hacking news, Security

Breaking News, Exploits, GeoServer, Global Security News, hacking, hacking news, Security

Breaking News, Exploits, Global Security News, Gogs, hacking, malware, Security

AI, Artificial Intelligence, Breaking News, Exploits, Global Security News, hacking, Security

Breaking News, Chrome, Exploits, Global Security News, Google, hacking, Security

Breaking News, Global Security News, hacking, hacktivism, Security

Cybersecurity, Global Security News, hacking, mobile devices, phishing, Ransomware

Breaking News, Exploits, Fortinet, FortiOS, Global Security News, hacking, Security

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Security

Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Security

Breaking News, cyber crime, Cybercrime, Europe, Flipper Zero, Global Security News, hacking

Breaking News, cyber crime, data breach, Exploits, Global Security News, hacking

APT, Breaking News, Exploits, Global Security News, hacking, intelligence, Security

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, Uncategorized

Breaking News, Global Security News, hacking, Security

Breaking News, Cybercrime, Global Security News, GlobalProtect, hacking, Security

Breaking News, Global Security News, hacking, hacking news, Security

Asia Pacific, Breaking News, Cyber warfare, Global Security News, hacking, intelligence, Mobile

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

Breaking News, cyber crime, data breach, Global Security News, hacking, Security

Breaking News, Exploits, Global Security News, hacking, information security news, Security

Breaking News, cyber crime, data breach, Exploits, Global Security News, hacking, Security

Breaking News, Cyber warfare, Global Security News, hacking, hacking news, Security

Breaking News, Exploits, Global Security News, hacking, India, Laws and regulations, Mobile

Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security

APT, Breaking News, Global Security News, hacking, information security news, malware, North America

Breaking News, cyber crime, data breach, Global Security News, hacking

Android, Breaking News, Exploits, Global Security News, hacking, Mobile, Security

Australia, Breaking News, cyber crime, Global Security News, hacking, Security

Breaking News, CISA, Exploits, Global Security News, hacking, ICS-SCADA, Security

Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, hacking news

APT, Global Security News, hacking, malware, Security

Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Botnet, Breaking News, cyber crime, Exploits, Global Security News, hacking, malware

Breaking News, Cybercrime, data breach, Global Security News, hacking

AI, Apps, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, hacking, Information Security, malware

Breaking News, Global Security News, hacking, hacking news, information security news, Security

Breaking News, cyber crime, data breach, Global Security News, hacking, malware

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware

Breaking News, cyber crime, Cybercrime, Global Security News, hacking

Breaking News, cyber crime, Exploits, Global Security News, hacking, malware, Security

Breaking News, cyber crime, Cybercrime, data breach, Global Security News, hacking

Breaking News, Exploits, Global Security News, hacking, hacking news, malware

Breaking News, cyber crime, Cybercrime, Global Security News, hacking, Security

Breaking News, Cybercrime, data breach, Emerging Tech, Global Security News, hacking, malware

Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, hacking news

Breaking News, Exploits, Global Security News, hacking, hacking news, IT Information Security, Security