Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
Cisco has unveiled an ambitious new artificial intelligence model designed to enhance its cybersecurity capabilities by utilizing 17 billion parameters. The company's aim is to improve threat detection and response times through the deployment of this innovative technology, setting itself apart from competitors in a rapidly evolving industry.
Published: Mon Nov 10 01:03:29 2025 by llama3.2 3B Q4_K_M
As cybersecurity professionals grapple with the growing threat landscape enabled by AI, a recent study provides valuable insights into how teams are responding to this trend, including the emergence of high-severity vulnerabilities and the acceleration of remediation efforts.
Published: Mon Nov 10 03:14:52 2025 by llama3.2 3B Q4_K_M
Nine malicious NuGet packages have been found that can deploy time-delayed payloads to disrupt databases and industrial control systems. The packages target SQL Server, PostgreSQL, SQLite, and industrial PLCs via a typosquat called Sharp7Extend, which bundles the genuine Sharp7 library alongside concealed malware to evade detection.
Published: Mon Nov 10 03:29:32 2025 by llama3.2 3B Q4_K_M
Threat actors have discovered a new way to spread malware using the GlassWorm campaign, targeting the Visual Studio Code (VS Code) ecosystem with three malicious extensions. The latest development highlights the need for users to prioritize security and verify the authenticity of any extension before adding it to their system.
Published: Mon Nov 10 06:53:35 2025 by llama3.2 3B Q4_K_M
Agentic AI is revolutionizing cybersecurity by automating the tedious and time-consuming task of threat analysis, freeing up human analysts to focus on high-value initiatives like proactive threat hunting. With a 4 million cybersecurity worker shortage facing organizations worldwide, agentic AI is bridging the gap between human analysts and AI systems, enabling SOCs to move beyond reactive triage and into strategic threat hunting.
Published: Mon Nov 10 07:02:27 2025 by llama3.2 3B Q4_K_M
Allianz UK has confirmed a recent zero-day data raid on its personal lines business, leaving 80 current and 670 previous customers affected. The attack highlights the growing concern for cybersecurity, particularly among large-scale organizations that rely on outdated systems and software. In this article, we'll explore the incident in more detail and discuss the implications for organizations and the broader cybersecurity community.
Published: Mon Nov 10 07:20:25 2025 by llama3.2 3B Q4_K_M
Cybersecurity threat actors have been adapting at an alarming rate, employing increasingly sophisticated tactics such as hiding malware within virtual machines to evade detection. As the landscape continues to evolve, organizations must prioritize staying informed and leveraging innovative solutions to protect themselves against emerging threats.
Published: Mon Nov 10 07:28:25 2025 by llama3.2 3B Q4_K_M
Browser security has become a critical vulnerability point for enterprises, with traditional controls failing to address the evolving threat landscape. As GenAI tools and AI browsers emerge as new attack surfaces, organizations must prioritize browser security over other areas to protect sensitive data and prevent future breaches.
Published: Mon Nov 10 07:44:04 2025 by llama3.2 3B Q4_K_M
America's central coordinator of cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA), is facing an unprecedented crisis. With mass staffing cuts, reassignments to immigration-related work, and rampant politicization, CISA is staring down a diminished role in US cyber defenses. As Arizona Secretary of State Adrian Fontes' office discovered a major attack on their online portal, they were forced to navigate the treacherous landscape of post-truth politics and compromised agency capabilities.
Published: Mon Nov 10 08:07:30 2025 by llama3.2 3B Q4_K_M
A Russian national has pleaded guilty to profiting from Yanluowang ransomware attacks, facing years in prison. The suspect's actions had significant financial costs for his victims, highlighting the ongoing threat posed by initial access brokers and ransomware attackers.
Published: Mon Nov 10 09:18:54 2025 by llama3.2 3B Q4_K_M
A security flaw has been discovered in Yutong buses, prompting Denmark and Norway to investigate the matter amid growing concerns about European dependence on Chinese technology and potential cyber risks.
Published: Mon Nov 10 09:29:22 2025 by llama3.2 3B Q4_K_M
Researchers expose a vulnerability in Gladinet's Triofox file-sharing platform, allowing attackers to bypass authentication and execute malicious payloads. The patch was released in version 16.7.10368.56560, but experts warn of the need for regular security audits and updates to prevent similar attacks.
Published: Mon Nov 10 10:39:53 2025 by llama3.2 3B Q4_K_M
A critical vulnerability in the expr-eval JavaScript library has been discovered, exposing systems to remote code execution. The severity rating is 9.8, making it a critical concern for developers and organizations. Migrating to expr-eval-fork v3.0.0 is recommended as soon as possible to ensure timely patching of this vulnerability.
Published: Mon Nov 10 12:38:08 2025 by llama3.2 3B Q4_K_M
Phishing Expedition Targets 5K Facebook Advertisers: A Sophisticated Campaign to Steal Credentials and Sensitive Information
A recent phishing campaign targeting over 5,000 businesses using Facebook for their advertising needs has been uncovered by Check Point researchers. The attack involved tens of thousands of phishing emails sent from legitimate domains, with the goal of stealing user credentials and sensitive information. As the use of Meta platforms becomes increasingly prevalent in customer engagement across various industries, such campaigns underscore a growing trend where cyber criminals weaponize established services to bypass security controls.
Published: Mon Nov 10 12:47:47 2025 by llama3.2 3B Q4_K_M
US Government Shutdown Enters 40th Day as Cybersecurity Funding Bill Advances
Published: Mon Nov 10 13:12:01 2025 by llama3.2 3B Q4_K_M
Aleksey Volkov, an initial access broker for Yanluowang ransomware, has pleaded guilty to multiple charges, including breaching corporate networks and selling access to the group. He faces up to 53 years in prison and will pay over $9.1 million in restitution to the victims of the attacks.
Published: Mon Nov 10 13:29:54 2025 by llama3.2 3B Q4_K_M
U.S. federal agencies have been ordered by CISA to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy the notorious LandFall spyware on devices running WhatsApp. The vulnerability, tracked as CVE-2025-21042, allows remote attackers to gain code execution on devices running Android 13 and later.
Published: Mon Nov 10 14:07:48 2025 by llama3.2 3B Q4_K_M
A Russian national has pleaded guilty to acting as an initial access broker (IAB) for the notorious Yanluowang ransomware group, which carried out devastating cyber attacks against at least eight U.S. companies between July 2021 and November 2022. Volkov's guilty plea comes after a lengthy investigation by the FBI, which uncovered a complex web of deceit and exploitation that resulted in significant financial and reputational damage for the affected companies.
Published: Mon Nov 10 14:27:33 2025 by llama3.2 3B Q4_K_M
GlassWorm malware has resurfaced on the Open VSX registry and GitHub repositories, infecting three more VS Code extensions and threatening critical infrastructure. The malware, which was first detected in 2020, targets credentials from infected users and has been known to steal sensitive information.
Published: Mon Nov 10 14:38:46 2025 by llama3.2 3B Q4_K_M
Google's Mandiant Threat Defense team has discovered that hackers are exploiting a critical vulnerability in Gladinet's Triofox file-sharing and remote access platform. This allows attackers to bypass authentication, access configuration pages, and potentially deploy malware via the antivirus feature. Users of the platform are advised to update to the latest version, audit admin accounts, and verify their antivirus settings to prevent potential exploitation.
Published: Mon Nov 10 15:26:56 2025 by llama3.2 3B Q4_K_M
European countries launch probes into security vulnerabilities of China-made electric buses.
Published: Mon Nov 10 16:14:30 2025 by llama3.2 3B Q4_K_M
Google’s Mandiant researchers exposed a critical Duofox bug exploitation via AV configuration, which continues unchecked despite patching. Security experts recommend upgrading to the latest release and auditing admin accounts due to potential malicious activity.
Published: Tue Nov 11 02:30:03 2025 by llama3.2 3B Q4_K_M
The recent CISA announcement marks a critical escalation in the battle against cybersecurity threats, highlighting the need for swift action to address identified vulnerabilities. This development underscores the intricate web of vulnerabilities that are constantly being discovered, emphasizing the importance of vigilance and proactive measures in the face of evolving cyber threats.
Published: Tue Nov 11 03:31:29 2025 by llama3.2 3B Q4_K_M
Despite nearly three decades of development, the UK's Ajax fighting vehicle has finally declared initial operating capability, but concerns remain about its relevance in an era of drone warfare and its ability to deliver on time and within budget.
Published: Tue Nov 11 04:17:45 2025 by llama3.2 3B Q4_K_M
The United Kingdom has witnessed a significant increase in ransomware payments by cyber insurance companies in 2024, with the total payout exceeding £197 million ($259 million). This alarming trend is attributed to the rising sophistication of cyberattacks and their devastating impact on businesses. As cybersecurity threats continue to evolve at an alarming rate, it is essential to develop and implement effective strategies to mitigate their impact.
Published: Tue Nov 11 05:22:54 2025 by llama3.2 3B Q4_K_M
UK government launches inquiry into Chinese electric buses after Norwegian operator raises concerns about remote access and potential cyber attacks.
Published: Tue Nov 11 06:03:37 2025 by llama3.2 3B Q4_K_M
AI-powered supply chain attacks have become a significant threat to organizations, with malicious actors leveraging artificial intelligence (AI) and machine learning (ML) techniques to infiltrate software repositories, compromise systems, and steal sensitive data. Discover the latest on this emerging threat and learn how to protect your organization from AI-powered supply chain attacks.
Published: Tue Nov 11 06:19:13 2025 by llama3.2 3B Q4_K_M
Malicious npm package exploits vulnerabilities in GitHub-owned repositories, exfiltrating sensitive data and publishing malicious artifacts. Researchers warn of the ongoing threat landscape and call for increased vigilance and proactive security measures.
Published: Tue Nov 11 06:29:13 2025 by llama3.2 3B Q4_K_M
The rise of MaaS operations like Fantasy Hub poses a significant threat to mobile banking security, highlighting the need for individuals and organizations to implement robust security measures to protect themselves from mobile-based threats.
Published: Tue Nov 11 06:41:51 2025 by llama3.2 3B Q4_K_M
In a recent cyber warfare operation, North Korea-linked APT group Konni has been utilizing Google's "Find Hub" service to remotely reset Android devices in South Korea, erasing users' personal data. This attack highlights the evolving sophistication of North Korean threat actors and their willingness to adapt and exploit new vulnerabilities. Stay informed about emerging threats and tactics with our expert analysis and guidance on how to prevent similar incidents.
Published: Tue Nov 11 06:50:30 2025 by llama3.2 3B Q4_K_M
The Clop ransomware gang has launched a massive exploitation campaign targeting Oracle EBS servers, compromising over 30 organizations across various sectors, including healthcare and finance. The attack highlights the vulnerability of enterprise software and the need for corporations to prioritize security and data protection.
Published: Tue Nov 11 07:01:41 2025 by llama3.2 3B Q4_K_M
ClickFix: The Stealthy Scam That's Infiltrating Your Computer
In a bid to evade detection, malicious actors have developed a new method of infiltrating computers through seemingly innocuous links and emails. ClickFix, a relatively unknown threat, has been gaining traction in recent months, targeting both macOS and Windows users with its sophisticated techniques.
Published: Tue Nov 11 07:21:46 2025 by llama3.2 3B Q4_K_M
The OWASP Top 10 Application Security Risks for 2025 highlights key categories and implications for organizations and developers seeking to protect their applications from cyber threats. Learn how to prioritize your security efforts and stay ahead of emerging risks with the latest insights from the Open Worldwide Application Security Project.
Published: Tue Nov 11 07:37:32 2025 by llama3.2 3B Q4_K_M
The world of cybersecurity is plagued by a perpetual struggle to patch vulnerabilities before they're exploited by attackers. This article explores how modern patch management platforms like Action1 are addressing this challenge and providing a more effective approach to patching.
Learn how automation, continuous visibility, and policy-driven workflows can help IT and security teams prioritize risk, maintain compliance, and patch faster – without losing control.
Join the upcoming webinar, "Winning the 2026 vulnerability race: Closing the gap between detection and remediation," to discover new approaches to modern patch management and learn from organizations that have successfully implemented these strategies.
Register now for this live webinar and take the first step towards finally breaking the cycle of delay, complexity, and risk.
Published: Tue Nov 11 08:31:51 2025 by llama3.2 3B Q4_K_M
The European Union's latest efforts to overhaul its General Data Protection Regulation (GDPR) have sparked widespread criticism among privacy activists, who fear that the resulting reforms will undermine protections afforded under current law. Big Tech giants such as Google and Amazon are accused of lobbying for these changes in order to reduce burdensome regulatory requirements, potentially exposing users' personal data to exploitation.
Published: Tue Nov 11 08:49:41 2025 by llama3.2 3B Q4_K_M
Fantasy Hub, a Russian-sold Android RAT, has been discovered to offer advanced spyware capabilities via Telegram. This MaaS product allows attackers to access infected devices remotely, steal sensitive information, and control devices. As the threat landscape continues to evolve, it's essential to stay informed about emerging malware like Fantasy Hub and take necessary precautions to protect our digital lives.
Published: Tue Nov 11 09:34:10 2025 by llama3.2 3B Q4_K_M
GlobalLogic, a major provider of digital engineering services, has notified over 10,000 employees that their data was stolen in an Oracle E-Business Suite breach. The attackers exploited a zero-day vulnerability to steal personal information, including email addresses, dates of birth, and bank account details. With the Clop ransomware gang suspected to be behind the attack, GlobalLogic is urging affected individuals to remain vigilant and take steps to protect their sensitive information.
Published: Tue Nov 11 09:46:58 2025 by llama3.2 3B Q4_K_M
A critical look at the SocGholish ransomware attack reveals the tactics, techniques, and procedures used by threat actors to compromise corporate networks. Varonis helped a customer remediate the threat with zero business downtime, highlighting the importance of advanced threat detection and response capabilities.
Published: Tue Nov 11 09:57:17 2025 by llama3.2 3B Q4_K_M
GootLoader's Resurgence: Uncovering the Sophisticated Malware Threat to WordPress Sites
Published: Tue Nov 11 10:05:08 2025 by llama3.2 3B Q4_K_M
North Korea's KONNI group has found a new way to destroy evidence by hijacking Google's Find My Device service, highlighting the growing risk for anyone relying on "lost device" features that are tied to online identity systems. This exploit underscores the need for users to be cautious when using cloud services that rely on online identity systems.
Published: Tue Nov 11 10:37:06 2025 by llama3.2 3B Q4_K_M
Microsoft has released its November 2025 Patch Tuesday, which includes a total of 63 security updates for various products and services. Among these, one actively exploited zero-day vulnerability was fixed in the Windows Kernel. The patch addresses four "Critical" vulnerabilities and fixes several other high-severity flaws.
Published: Tue Nov 11 12:58:22 2025 by llama3.2 3B Q4_K_M
WhatsApp Malware 'Maverick' has been discovered to hijack browser sessions in order to target Brazil's biggest banks, bearing similarities with the existing banking malware Coyote. The campaign is linked to a threat actor named Water Saci and leverages WhatsApp's messaging platform for stealthy attacks.
Published: Tue Nov 11 13:15:39 2025 by llama3.2 3B Q4_K_M
Microsoft has extended its end-of-life warning for users of Windows 11 Home and Pro editions, reminding them that these operating system variants are no longer receiving regular security updates. As a result, individuals are advised to upgrade to the latest version, Windows 11 25H2, as soon as possible to ensure continued protection against emerging threats.
Published: Tue Nov 11 13:26:13 2025 by llama3.2 3B Q4_K_M
Hackers Abuse Triofox Antivirus Feature to Deploy Remote Access Tools, Exploit Zero-Day Vulnerability
A recent attack by hackers has leveraged a critical vulnerability in Gladinet's Triofox antivirus feature to deploy remote access tools and exploit a zero-day vulnerability. This highlights the importance of regular software updates, monitoring system logs, and implementing robust threat intelligence capabilities to prevent such attacks.
Read more about this incident and learn how you can protect your organization from similar threats:
Published: Tue Nov 11 14:11:11 2025 by llama3.2 3B Q4_K_M
SAP has issued patches for a maximum severity flaw in its SQL Anywhere Monitor, which allows arbitrary code execution due to hardcoded credentials. The vulnerability, tracked as CVE-2025-42890 (CVSS score of 10/10), is considered highly impactful on system confidentiality, integrity, and availability.
Published: Tue Nov 11 15:29:38 2025 by llama3.2 3B Q4_K_M
Synology Fixes Critical BeeStation Zero-Day Exploited at Pwn2Own Ireland
A critical-severity RCE vulnerability in Synology's BeeStation products was demonstrated at the recent Pwn2Own Ireland 2025 hacking competition. Researchers Tek and anyfun earned $40,000 for successfully exploiting the bug. To address this issue, Synology released patches for affected versions of BeeStation OS, providing updated software that mitigates the risk associated with this vulnerability.
Published: Tue Nov 11 16:42:30 2025 by llama3.2 3B Q4_K_M
Rhadamanthys infostealer operation disrupted as cybercriminals lose server access amidst allegations of German law enforcement involvement.
The Rhadamanthys infostealer malware has been causing chaos, but a recent disruption may be related to an upcoming announcement from Operation Endgame. Stay tuned for further updates on this developing story.
Published: Tue Nov 11 18:27:52 2025 by llama3.2 3B Q4_K_M
As the White House considers allowing companies like NSO Group to sell their services to American law enforcement agencies, Apple and WhatsApp are promising to protect mobile users from future spyware threats. But what does this mean for national security, human rights, and technological advancements? Gizmodo explores the tangled web of relationships between these major players and the implications for users worldwide.
Published: Tue Nov 11 18:55:33 2025 by llama3.2 3B Q4_K_M
Australia's spy boss has warned that authoritarian regimes are poised to commit 'high-harm' activities such as turning off energy supplies and crippling financial systems via cyber-sabotage. The threat is expected to become more complex, challenging and dynamic in the next five years, according to ASIO Director-General Mike Burgess.
Published: Tue Nov 11 19:26:51 2025 by llama3.2 3B Q4_K_M
China's National Computer Virus Emergency Response Center (CVERC) has alleged that a nation-state entity, probably the USA, was behind a 2020 attack on a bitcoin mining operation in Iran and China. The stolen bitcoins were subsequently linked to US-based Chen Zhi, who has been indicted by the DoJ on charges of wire fraud conspiracy and money laundering conspiracy. But what are the true motives behind CVERC's report, and how might it be perceived by Chinese authorities and the global cybersecurity community?
Published: Tue Nov 11 22:57:45 2025 by llama3.2 3B Q4_K_M
Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug. This update highlights the ongoing threat landscape in today's digital world and underscores the importance of staying informed and up-to-date with the latest security patches to mitigate potential vulnerabilities.
Published: Wed Nov 12 00:33:05 2025 by llama3.2 3B Q4_K_M
The infamous "Bitcoin Queen," Zhimin Qian, has been sentenced to 11 years in prison for her role in laundering $7.3 billion worth of cryptocurrency from a massive crypto scam that defrauded over 128,000 victims in China. This landmark case highlights the severity of international crypto laundering and the determination of law enforcement agencies worldwide to bring such culprits to justice.
Published: Wed Nov 12 02:30:10 2025 by llama3.2 3B Q4_K_M
A recent discovery by cybersecurity researchers has exposed a malicious npm package designed to target GitHub-owned repositories. The package, which masqueraded as a legitimate dependency, utilized typosquating and post-install hooks to embed malware in the platform's build process. This targeted attack highlights the ongoing threat of software supply chain attacks and underscores the need for greater awareness among developers about the potential risks associated with using npm packages.
Published: Wed Nov 12 03:15:31 2025 by llama3.2 3B Q4_K_M
Drone attacks are becoming increasingly sophisticated and a major concern for UK aviation security. Authorities warn that organized drone attacks could bring the entire airport network to a standstill, with cheap drones and cyber threats posing an unprecedented challenge.
Published: Wed Nov 12 04:26:54 2025 by llama3.2 3B Q4_K_M
Synology has patched a critical remote code execution (RCE) flaw in BeeStation, demonstrated during Pwn2Own Ireland 2025. The CVE-2025-12686 vulnerability allows arbitrary code execution due to improper buffer size checks. Users of affected products are advised to apply the patch immediately.
Published: Wed Nov 12 04:34:17 2025 by llama3.2 3B Q4_K_M
President Donald Trump has been using his clemency power to benefit not only himself and his allies but also individuals who have committed serious crimes. As the story of Tony Gene Broxton and Liliana Trafficante highlights, this abuse of power raises concerns about corruption, cronyism, and the erosion of trust in government.
Published: Wed Nov 12 04:57:16 2025 by llama3.2 3B Q4_K_M
UK's Cyber Security and Resilience Bill: A Comprehensive Overhaul of Local Cybersecurity Legislation
Published: Wed Nov 12 05:04:44 2025 by llama3.2 3B Q4_K_M
Microsoft has released a new set of security updates that address 63 newly identified vulnerabilities in its software, including one zero-day vulnerability that has been exploited in the wild. This update includes four critical and 59 important vulnerabilities, with the Windows Kernel zero-day being the most concerning. To stay safe online, it's essential to keep your software up-to-date with the latest patches and follow best practices for network security.
Published: Wed Nov 12 05:21:08 2025 by llama3.2 3B Q4_K_M
A £5 billion Bitcoin bandit has been sentenced to 11 years and eight months in prison, marking one of the largest economic crime investigations undertaken by the UK's Metropolitan Police. The mastermind behind the fraud, Zhimin Qian, was found guilty of two charges related to criminal property and had amassed a stash of over 61,000 Bitcoins worth £4.8 billion ($6.3 billion). This case serves as an example of how organized crime groups utilize cryptocurrency for their nefarious activities.
Published: Wed Nov 12 05:59:05 2025 by llama3.2 3B Q4_K_M
Synnovis, a leading UK pathology services provider, has informed healthcare providers that a data breach occurred following a ransomware attack in June 2024. The stolen data includes personal information such as names, dates of birth, NHS numbers, and test results that could be matched to an individual. Synnovis is now notifying affected NHS organizations directly and will not contact patients personally. The incident is linked to the Qilin ransomware gang, which has claimed responsibility for over 300 victims.
Published: Wed Nov 12 06:35:55 2025 by llama3.2 3B Q4_K_M
The United Kingdom has introduced a new piece of legislation aimed at bolstering its critical infrastructure cyber defenses. The Cyber Security and Resilience Bill represents a significant overhaul of Britain's approach to protecting its essential services from cyber threats, introducing new security standards, incident response measures, and support for small and medium-sized enterprises.
Published: Wed Nov 12 08:18:28 2025 by llama3.2 3B Q4_K_M
Advanced threat actors have successfully exploited two critical Citrix and Cisco vulnerabilities in a zero-day attack, demonstrating a high level of sophistication and expertise. Organizations are urged to apply security updates and limit access to edge network devices immediately.
Published: Wed Nov 12 08:25:22 2025 by llama3.2 3B Q4_K_M
A sophisticated threat actor has been identified as targeting critical identity and network access control infrastructure using zero-day exploits in Cisco ISE and Citrix NetScaler products. The attack campaign highlights the growing trend of threat actors focusing on such systems to bypass authentication and gain unauthorized access to networks.
Published: Wed Nov 12 08:37:01 2025 by llama3.2 3B Q4_K_M
Australia's spy chief warns that Chinese state-sponsored groups are targeting critical infrastructure and preparing for future sabotage and espionage operations. The warning comes as part of a growing trend of China's aggressive cyber capabilities, which have been demonstrated through various campaigns targeting critical infrastructure and sensitive data.
Published: Wed Nov 12 08:44:54 2025 by llama3.2 3B Q4_K_M
Microsoft's recent decision to release an out-of-band update for Windows 10 devices has shed light on a critical issue that had been plaguing the operating system. The emergency patch was released in response to a malfunctioning enrollment wizard that prevented eligible users from accessing Extended Security Updates (ESU). This development comes at a time when Microsoft's Windows 10 support is set to end, and the company has faced criticism for its handling of the ESU program. Despite months of promotion, Microsoft failed to ensure that its enrollment system worked properly, rendering affected devices vulnerable to exploitation.
Published: Wed Nov 12 08:58:33 2025 by llama3.2 3B Q4_K_M
Microsoft has resolved a critical bug causing false Windows 10 end-of-support warnings on systems with active security coverage or still under active support after installing the October 2025 updates. The issue was addressed through the release of an extended security update (KB5068781) and an emergency out-of-band update, which provide accurate representations of the end-of-support status for affected devices.
Published: Wed Nov 12 09:36:30 2025 by llama3.2 3B Q4_K_M
A recent online platform experienced a temporary outage, prompting administrators to notify users of the issue and provide instructions on how to minimize its effects. As the situation is being addressed, users are advised to refresh their pages periodically until normal service is restored.
Published: Wed Nov 12 10:37:09 2025 by llama3.2 3B Q4_K_M
Google has taken legal action against a massive phishing-as-a-service (PhaaS) platform called Lighthouse, which was operated by China-based hackers and generated over $1 billion in revenue. The platform used SMS phishing attacks to exploit trusted brands and steal users' financial information across 120 countries.
Published: Wed Nov 12 10:50:36 2025 by llama3.2 3B Q4_K_M
A sophisticated attacker has exploited two zero-day vulnerabilities in Citrix and Cisco systems, deploying custom malware that poses a significant threat to enterprises relying on these systems. The CitrixBleed 2 vulnerability allows remote attackers to leak memory contents, giving them access to sensitive information. Understanding the implications of this attack is crucial for organizations to take proactive steps to protect themselves from emerging security risks.
Published: Wed Nov 12 11:27:40 2025 by llama3.2 3B Q4_K_M
The recent accusations made by China's cybersecurity agency against the United States regarding the alleged hack of a bitcoin mining pool known as LuBian have sent shockwaves throughout the cryptocurrency community. A 127,272 bitcoin theft valued at approximately $13 billion has sparked intense debate and scrutiny about the potential involvement of state actors in this high-profile heist. The story raises questions about cyber espionage, pig butchering scams, and the growing cyber war between China, the U.S., and other nations.
Published: Wed Nov 12 13:08:46 2025 by llama3.2 3B Q4_K_M
The DanaBot banking Trojan has returned to the threat landscape after May disruption, highlighting the ongoing threat posed by malware as a service (MaaS) models and the importance of regular security updates and patching. This multi-stage modular banking Trojan was initially designed to target users in Australia and Poland but has since expanded its reach to other countries. The recent resurfacing of DanaBot underscores the need for continued vigilance from law enforcement agencies.
Published: Wed Nov 12 13:49:58 2025 by llama3.2 3B Q4_K_M
Google has filed a lawsuit against Smishing Triad, a China-based group behind a massive text message phishing operation that has affected consumers across the globe. The lawsuit seeks to hold the group accountable for its actions and disrupt their operations. This move is a significant step in combating cybercrime and protecting consumers from smishing attacks.
Published: Wed Nov 12 15:32:38 2025 by llama3.2 3B Q4_K_M
Google has filed a lawsuit against Lighthouse, a phishing-as-a-service (PhaaS) platform used by cybercriminals worldwide to steal credit card information through SMS phishing attacks that impersonate the U.S. Postal Service (USPS) and E-ZPass toll systems. The lawsuit aims to shut down the website infrastructure supporting the Lighthouse PhaaS, which has affected over 1 million victims across 120 countries.
Published: Wed Nov 12 15:47:51 2025 by llama3.2 3B Q4_K_M
Google has filed a lawsuit against 25 unnamed China-based scammers, alleging that they have stolen more than 115 million credit card numbers in the US as part of the Lighthouse phishing operation. The company is seeking to disrupt the scam and recover damages, while also advocating for public policy changes aimed at preventing foreign cybercrime.
Published: Wed Nov 12 15:55:58 2025 by llama3.2 3B Q4_K_M
The Department of Homeland Security's Domestic Intelligence and Analysis (DIA) office has been embroiled in a scandal over its handling of gang-related data obtained from Chicago police departments. This exposé delves into the intricacies of the scandal, exposing a web of deceit, lax oversight, and data exploitation that threatens to undermine American democracy.
Published: Wed Nov 12 16:11:42 2025 by llama3.2 3B Q4_K_M
Google takes on China-based hackers behind $1 billion Lighthouse phishing platform in a civil lawsuit filed in the U.S. District Court for the Southern District of New York (SDNY). The PhaaS kit has been linked to over 17,500 phishing domains and is used to conduct large-scale SMS phishing attacks that exploit trusted brands. Google's lawsuit aims to dismantle the underlying infrastructure of Lighthouse under various laws.
Published: Wed Nov 12 23:04:54 2025 by llama3.2 3B Q4_K_M
WatchGuard Fireware users have been left vulnerable to a critical no-login exploit affecting 54,000+ devices worldwide, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The CVE-2025-9242 vulnerability allows attackers to execute arbitrary code on affected systems without needing valid login credentials. Users are advised to apply patches by December 3, 2025.
Published: Thu Nov 13 01:55:59 2025 by llama3.2 3B Q4_K_M
A sophisticated threat actor has been exploiting zero-days in Cisco ISE and Citrix NetScaler ADC, demonstrating advanced exploit research and patch-gap exploitation techniques. Organizations are advised to take immediate action to patch their systems and implement comprehensive security measures to prevent potential attacks.
Published: Thu Nov 13 03:33:54 2025 by llama3.2 3B Q4_K_M
Android has announced a shift in its developer verification policy to strike a balance between security and user freedom. In a move aimed at addressing scammer tactics, Google will introduce safeguards for users installing apps from unverified developers.
Published: Thu Nov 13 04:05:01 2025 by llama3.2 3B Q4_K_M
CISA has warned government agencies to patch a critical WatchGuard firewall flaw that has been exploited in attacks. The vulnerability, identified as CVE-2025-9242, allows remote attackers to execute malicious code remotely on vulnerable devices. Organizations are urged to apply patches and take mitigations per vendor instructions to prevent further exploitation.
Published: Thu Nov 13 04:16:00 2025 by llama3.2 3B Q4_K_M
The evolving threat landscape highlights the growing sophistication of attackers and the need for organizations to be more vigilant in their approach to web security. This article provides a detailed analysis of recent attacks, including software supply chain failures and mishandling of exceptional conditions, as well as high-profile breaches involving AI firms, Facebook Business Suite, Google, construction companies, and Android users.
Published: Thu Nov 13 04:38:34 2025 by llama3.2 3B Q4_K_M
Operation Endgame has successfully disrupted the Rhadamanthys infolstealer, VenomRAT, and Elysium malware operations, marking a significant blow to cybercrime. Law enforcement authorities from nine countries have taken down 1,025 servers used by the targeted malware operations, as well as seized 20 domains and arrested a key suspect in Greece. The operation highlights the growing efforts of law enforcement agencies to combat cybercrime and bring down malicious infrastructure.
Published: Thu Nov 13 05:04:39 2025 by llama3.2 3B Q4_K_M
The Qilin ransomware attack on NHS supplier Synnovis highlights just how daunting and complex data breaches can be. With nearly a million patients' data compromised during the breach, Synnovis's 18-month-long investigation is now complete. However, questions still linger about the full extent of the breach and what this will mean for patient care in the future.
Published: Thu Nov 13 05:21:18 2025 by llama3.2 3B Q4_K_M
The accelerating threat environment demands a corresponding acceleration in defense strategies. As vulnerabilities are increasingly being exploited within hours of public disclosure, security teams must adopt machine-speed security to remain competitive. This article explores the implications of this new reality and provides guidance on adopting policy-driven automation strategies to close the operational gap with attackers.
Published: Thu Nov 13 05:42:13 2025 by llama3.2 3B Q4_K_M
In a major operation, law enforcement agencies around the world have joined forces to take down three large-scale cybercrime infrastructures linked to Rhadamanthys Stealer, Venom RAT, and the Elysium botnet. The global crackdown highlights the ever-evolving nature of cyber threats and underscores the need for continued vigilance and cooperation among governments, financial institutions, and other stakeholders to prevent illicit transactions from taking place.
Published: Thu Nov 13 05:58:49 2025 by llama3.2 3B Q4_K_M
CISA Urges Federal Agencies to Prioritize Cisco Patching Amid Ongoing Zero-Day Attacks
CISA has issued an urgent warning to federal agencies, advising them to prioritize patching two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. These security flaws allow remote threat actors to access restricted URL endpoints without authentication and gain code execution on vulnerable Cisco firewall devices, respectively. Read the full article to learn more about this critical cybersecurity issue.
Published: Thu Nov 13 06:16:23 2025 by llama3.2 3B Q4_K_M
Rhadamanthys Malware Administrator's Reign Ends as Operation Endgame Seizes Servers and Reveals Scope of Global Infostealing Operation. In a significant blow to cybercrime operators, Europol and Eurojust have announced the completion of Operation Endgame, a coordinated effort to dismantle the Rhadamanthys infostealer operation. Over 1,025 servers tied to the malware were seized, revealing more than 525,000 infections between March and November 2025 across 226 countries. The operation highlights the importance of international cooperation in combating cybercrime.
Published: Thu Nov 13 06:26:24 2025 by llama3.2 3B Q4_K_M
U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. These critical vulnerabilities pose significant risks to organizations if not addressed promptly. Experts warn that remote code execution on a perimeter device, exposure via a public-facing VPN service, and pre-auth exploitability make these bugs highly attractive targets for ransomware actors.
Published: Thu Nov 13 06:48:24 2025 by llama3.2 3B Q4_K_M
A recent security assessment has uncovered a significant threat to user security, highlighting the dangers of malicious Android-based photo frames that download malware on boot. Consumers are advised to be cautious when purchasing these devices and take necessary precautions to protect themselves from potential harm.
Published: Thu Nov 13 07:12:56 2025 by llama3.2 3B Q4_K_M
A recent discovery of a malicious Chrome extension has highlighted the importance of staying informed about emerging threats in the digital world. The "Safery: Ethereum Wallet" extension was designed to steal users' seed phrases by encoding them into Sui addresses and broadcasting microtransactions from a threat actor-controlled wallet.
Published: Thu Nov 13 07:20:49 2025 by llama3.2 3B Q4_K_M
Microsoft's solution to compatibility issues in Windows 95 involved a sophisticated system for patching third-party code, which relied on detection strings stored in the Registry to resolve conflicts between applications. This innovative approach not only ensured a smoother user experience but also set a precedent for future advances in software development and operating systems.
Published: Thu Nov 13 07:36:28 2025 by llama3.2 3B Q4_K_M
The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in a Clop-linked Oracle E-Business Suite (EBS) attack. This brazen breach highlights the devastating impact of such attacks on businesses and individuals alike.
Published: Thu Nov 13 07:53:19 2025 by llama3.2 3B Q4_K_M
Google has launched a legal action against a notorious Chinese SMS phishing triad known as Lighthouse, which is alleged to be responsible for numerous high-profile scams targeting consumers worldwide. The lawsuit, filed by Google, aims to disrupt the lucrative phishing-for-hire industry and bring much-needed pressure on Chinese networks hosting such services.
Published: Thu Nov 13 08:59:59 2025 by llama3.2 3B Q4_K_M
In a significant development, Europol's latest operation, "Operation Endgame," has resulted in the dismantling of Rhadamanthys Stealer, Venom RAT, and Elysium botnet. This operation, which took place between November 10th and 13th, 2025, saw a coordinated effort by law enforcement agencies from around the world to disrupt cybercriminal infrastructures and ransomware enablers. With over 1,025 servers taken down and 20 domains seized, this operation has dealt a serious blow to the cybercrime community. The full extent of this disruption remains to be fully assessed, but one thing is certain: Operation Endgame has had a significant impact in disrupting the activities of several major malware families.
Published: Thu Nov 13 09:38:04 2025 by llama3.2 3B Q4_K_M
Ubuntu 25.10's Rusty sudo holes quickly welded shut • Two new security vulnerabilities were discovered in the new "sudo-rs" command used in the Linux distribution Ubuntu 25.10. The issues, related to password timeout and timestamp authentication bugs, have been addressed through bug fixes and patches. Despite their severity, Canonical has downplayed the impact of these vulnerabilities, emphasizing transparency and collaboration with the open-source community.
Published: Thu Nov 13 10:00:11 2025 by llama3.2 3B Q4_K_M
A massive Oracle data breach has exposed sensitive information of nearly 10,000 Washington Post employees and contractors. The attackers exploited a zero-day vulnerability to gain access to the organization's systems and steal personal and financial data. In this article, we'll delve into the details of what happened, who was impacted, how it occurred, and most importantly, what steps the news organization is taking to mitigate the damage.
Published: Thu Nov 13 10:11:45 2025 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |