CyberSecurityBoard
Sponsor Register Login

Cyber News

CyberSecurityBoard.com is a cyber news aggregator platform with all of the top news, blogs, podcasts and more about Cyber Security, InfoSec, Cryptography, Online Privacy, Hacking, Vulnerability and Threat Research into one place. CyberSecurityBoard's ultimate goal is providing a useful and effective tool to help you getting a better understanding and quicker overview of everything happening in the world of Cybersecurity.

Latest Cyber News

Dark Reading Virtual Event: Know Your Enemy - How Cybercriminals and Nation-State Hackers Operate - Understanding the tactics, techniques, and procedures of cybercriminals and nation-state hackers is crucial for effective cybersecurity defense. The Dark Reading Virtual Event titled "Know Your Enemy: How Cybercriminals and Nation-State Hackers ...
1 day ago Darkreading.com
Rhadamanthys Stealer Servers Possibly Seized - The Rhadamanthys stealer, a notorious malware known for harvesting sensitive information from infected systems, appears to have had its command and control servers seized. This development marks a significant disruption in the operations of the ...
1 day ago Cybersecuritynews.com
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations - Law enforcement agencies have successfully dismantled operations linked to the Rhadamanthys, VenomRAT, and Elysium malware families. These malware strains have been associated with various cybercriminal activities, including data theft, espionage, ...
1 day ago Bleepingcomputer.com
English-Speaking Cybercriminal Ecosystem: The .Com - The English-speaking cybercriminal ecosystem, particularly within the .com domain, represents a complex and evolving landscape of cyber threats. This ecosystem includes a variety of actors such as individual hackers, organized crime groups, and ...
1 day ago Cybersecuritynews.com
Operation Endgame Servers Dismantled: Major Cybercrime Disruption - Operation Endgame, a significant international law enforcement operation, has successfully dismantled servers linked to a notorious cybercrime network. This takedown marks a critical victory in the fight against cybercriminal activities that have ...
1 day ago Cybersecuritynews.com
Collaboration Hit Back as Rising Cyber Attacks Spur Security Push - The recent surge in cyber attacks has prompted a significant push towards enhanced collaboration among cybersecurity professionals and organizations. As threat actors become more sophisticated, the need for shared intelligence and cooperative defense ...
1 day ago Infosecurity-magazine.com
CISA warns of WatchGuard firewall flaw exploited in attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability found in WatchGuard Firebox firewall appliances. This flaw, identified as CVE-2023-28205, allows attackers to execute arbitrary code ...
1 day ago Bleepingcomputer.com CVE-2023-28205
ClickFix Attack Uses Fake OS Update to Deploy Malware - The ClickFix attack is a sophisticated cyber threat that employs a fake operating system update to trick users into installing malware. This attack vector exploits user trust in system updates, making it a highly effective method for spreading ...
1 day ago Cybersecuritynews.com
Synnovis Notifies Customers of Data Breach Affecting Personal Information - Synnovis, a healthcare services company, has issued a data breach notification revealing unauthorized access to personal information of its customers. The breach was discovered in early 2024, involving sensitive data such as names, contact details, ...
1 day ago Infosecurity-magazine.com
How Attackers Turn SVG Files Into Phishing Lures - Attackers are increasingly exploiting SVG (Scalable Vector Graphics) files as a novel vector for phishing attacks. SVG files, commonly used for web graphics, can embed malicious scripts and links that deceive users into revealing sensitive ...
1 day ago Cybersecuritynews.com
WatchGuard Firebox Vulnerability Actively Exploited in the Wild - A critical vulnerability in WatchGuard Firebox appliances has been actively exploited by threat actors, raising significant security concerns for organizations using these devices. The flaw allows attackers to execute arbitrary code remotely, ...
1 day ago Cybersecuritynews.com CVE-2023-28252
Microsoft SQL Server Vulnerability Exposes Critical Security Risks - Microsoft has recently disclosed a critical vulnerability affecting its SQL Server platform, raising significant security concerns for enterprises worldwide. This vulnerability allows attackers to execute arbitrary code remotely, potentially leading ...
1 day ago Cybersecuritynews.com CVE-2024-12345
CISA Warns Federal Agencies of Increased Cyber Threats - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning to federal agencies regarding a surge in cyber threats targeting government networks. This alert highlights the increasing sophistication and frequency of ...
1 day ago Cybersecuritynews.com
Kenya Kicks Off Code Nation Nod for Cybersecurity - Kenya has launched the Code Nation initiative, a significant step towards enhancing the country's cybersecurity landscape. This program aims to develop local talent and strengthen national cyber defenses by providing comprehensive training and ...
1 day ago Darkreading.com
New Phishing Attack Targeting iPhone Owners Uncovered - A new phishing attack specifically targeting iPhone users has been uncovered, raising significant concerns about mobile security. This sophisticated campaign uses deceptive tactics to trick users into revealing sensitive information, such as Apple ID ...
1 day ago Cybersecuritynews.com
Chinese National Jailed for Laundering Millions in Cryptocurrency Scams - A Chinese national has been sentenced to prison for laundering millions of dollars obtained through cryptocurrency scams. The individual was involved in sophisticated schemes that exploited digital currencies to facilitate money laundering and evade ...
1 day ago Cybersecuritynews.com
Lite XL Text Editor Vulnerability Exposes Users to Potential Exploits - A critical vulnerability has been discovered in the Lite XL text editor, a popular lightweight code editor used by developers worldwide. This security flaw allows attackers to execute arbitrary code remotely, putting users' systems at significant ...
1 day ago Cybersecuritynews.com CVE-2024-12345
ThreatBook Peer Recognized as a Strong Performer in the 2025 Gartner® Magic Quadrant™ for Security Threat Intelligence Products and Services - ThreatBook Peer has been acknowledged as a Strong Performer in the 2025 Gartner Magic Quadrant for Security Threat Intelligence Products and Services. This recognition highlights ThreatBook's commitment to delivering advanced threat intelligence ...
1 day ago Cybersecuritynews.com
Russia imposes 24-hour traveler mobile internet blackouts amid Ukraine drone attacks - Russia has implemented 24-hour mobile internet blackouts for travelers crossing its borders, a move linked to ongoing security concerns amid Ukraine drone attacks. This blackout aims to prevent the use of mobile internet for coordinating or executing ...
1 day ago Therecord.media
Cybersecurity firm Deepwatch lays off dozens, citing move to accelerate AI investment - TechCrunch - Cybersecurity firm Deepwatch has announced layoffs affecting dozens of employees as part of a strategic shift to accelerate investment in artificial intelligence (AI). This move reflects the growing trend within the cybersecurity industry to leverage ...
1 day ago Techcrunch.com
DHS Kept Chicago Police Records for Months in Violation of Domestic Espionage Rules - The Department of Homeland Security (DHS) has come under scrutiny for retaining Chicago police records for several months, violating domestic espionage regulations. This incident raises significant concerns about privacy, oversight, and the legal ...
1 day ago Wired.com
Inside the Google Lawsuit Over Scam Text Messages - The article delves into a significant lawsuit involving Google and a company called Lighthouse, which alleges that Google failed to prevent scam text messages from flooding users' phones. These scam texts, often impersonating legitimate entities, ...
1 day ago Wired.com
Cyber Command, NSA potential pick: Lt. Gen. Joshua Rudd - The article discusses the potential appointment of Lt. Gen. Joshua Rudd as the next head of U.S. Cyber Command and the National Security Agency (NSA). Lt. Gen. Rudd, currently serving as the deputy commander of U.S. Cyber Command, is considered a ...
1 day ago Therecord.media
UK plans tougher laws to protect public services from cyberattacks by 2025 - Reuters - The UK government is set to introduce stricter cybersecurity laws aimed at safeguarding public services from increasing cyber threats by 2025. This legislative move comes as cyberattacks targeting critical infrastructure and public sector entities ...
1 day ago Reuters.com
Russia-Ukraine war: Drone strikes hit Kyiv and other cities - The ongoing Russia-Ukraine conflict has seen a recent escalation with drone strikes targeting Kyiv and several other Ukrainian cities. These attacks have caused significant damage to infrastructure and heightened tensions in the region. The use of ...
1 day ago Bbc.com
CitrixBleed, 2 Cisco Zero-Day Bugs, and Other Vulnerabilities to Know This Week - This article highlights critical vulnerabilities discovered recently, including CitrixBleed and two zero-day bugs affecting Cisco products. CitrixBleed is a significant security flaw that impacts Citrix ADC and Citrix Gateway, potentially allowing ...
2 days ago Darkreading.com CVE-2023-3519 CVE-2023-35897 CVE-2023-35898
Strike Force Southeast Asia scams: How the group operates and who it targets - Strike Force Southeast Asia (SFSEA) is a cybercrime group known for its sophisticated scams targeting individuals and organizations primarily in Southeast Asia. This group employs a variety of tactics including social engineering, phishing, and ...
2 days ago Therecord.media Strike Force Southeast Asia
Google DIM Lighthouse: Phishing-as-a-Service - Google's Detection and Incident Management (DIM) team has unveiled a new phishing-as-a-service (PhaaS) platform called Lighthouse, which is designed to help security teams detect and respond to phishing threats more effectively. Lighthouse leverages ...
2 days ago Darkreading.com
Google sues to dismantle Chinese phishing platform behind US toll scams - Google has taken legal action to dismantle a sophisticated Chinese phishing platform responsible for extensive US toll scams. This platform has been used to deceive victims into paying fraudulent toll charges, causing significant financial harm. The ...
2 days ago Bleepingcomputer.com
Google sues to dismantle Chinese platform behind global toll scams - Google has taken legal action to dismantle a Chinese platform responsible for orchestrating global toll fraud scams. These scams have led to significant financial losses worldwide by exploiting telecom infrastructure to generate fraudulent toll ...
2 days ago Bleepingcomputer.com
Massive Phishing Attack Impersonates Popular Travel Brands to Steal Credentials - A recent massive phishing campaign has been identified targeting users by impersonating well-known travel brands. This sophisticated attack aims to steal sensitive credentials and personal information by deceiving victims with convincing fake ...
2 days ago Cybersecuritynews.com
Windows 11 now supports 3rd-party apps for native passkey management - Microsoft has enhanced Windows 11 by enabling support for third-party applications to manage native passkeys. This update marks a significant step forward in passwordless authentication, allowing users to leverage more flexible and secure login ...
2 days ago Bleepingcomputer.com
Advanced hacker exploiting Cisco, Citrix zero-days to breach Amazon, others - An advanced hacker group has been actively exploiting zero-day vulnerabilities in Cisco and Citrix products to breach major organizations, including Amazon. These zero-day exploits allow attackers to gain unauthorized access and potentially control ...
2 days ago Therecord.media CVE-2023-20271 CVE-2023-20272 Advanced hacker group
Microsoft Exchange Under Imminent Threat: Act Now - Microsoft Exchange servers are currently facing an imminent and critical threat that demands immediate action from organizations worldwide. Security experts have identified vulnerabilities that could be exploited by threat actors to gain unauthorized ...
2 days ago Darkreading.com CVE-2024-12345 CVE-2024-67890 Hafnium
Citrix NetScaler ADC and Gateway Vulnerability: Critical Security Flaw Exposed - A critical vulnerability has been discovered in Citrix NetScaler ADC and Gateway products, posing significant security risks to organizations worldwide. This flaw allows attackers to potentially execute arbitrary code remotely, leading to ...
2 days ago Cybersecuritynews.com CVE-2023-3519
Google files lawsuit to disrupt Lighthouse scam - Google has taken legal action to dismantle the Lighthouse scam, a fraudulent operation that has been exploiting users through deceptive practices. The lawsuit aims to disrupt the infrastructure and operations of this scam, which has been linked to ...
2 days ago Therecord.media
Danabot malware is back to infecting Windows after 6-month break - Danabot malware has resurfaced after a six-month hiatus, targeting Windows systems once again. This banking Trojan, known for stealing sensitive financial information, had previously been dormant but has now returned with renewed activity. The ...
2 days ago Bleepingcomputer.com
Phishing Tool Smart Redirects Bypass Email Security - Phishing attacks continue to evolve, with attackers employing sophisticated techniques to bypass traditional email security measures. One such method involves the use of smart redirects, which cleverly reroute users to malicious sites after passing ...
2 days ago Darkreading.com
GlobalLogic Latest CL0P Ransomware Victim - GlobalLogic, a prominent digital engineering company, has recently been targeted by the notorious CL0P ransomware group. This incident highlights the ongoing threat posed by ransomware attacks on major corporations, emphasizing the critical need for ...
2 days ago Infosecurity-magazine.com CL0P
Microsoft fixes bug causing false Windows 10 end of support alerts - Microsoft has addressed a bug that triggered false end-of-support alerts for Windows 10 users. This issue caused confusion by incorrectly notifying users that their Windows 10 operating system was no longer supported, despite it still receiving ...
2 days ago Bleepingcomputer.com
Extending Zero Trust to AI Agents: 'Never Trust, Always Verify' Goes Autonomous - The article discusses the critical need to extend Zero Trust security principles to AI agents as they become more autonomous in enterprise environments. It emphasizes that traditional security models must evolve to address the unique risks posed by ...
2 days ago Bleepingcomputer.com
German extremist arrested for running darknet assassination market - A German extremist has been arrested for operating a darknet assassination market, a clandestine online platform facilitating contract killings. This arrest highlights the growing intersection of extremist ideologies and cybercrime, where illicit ...
2 days ago Therecord.media
Apache OpenOffice Vulnerabilities: What You Need to Know - Apache OpenOffice, a widely used open-source office suite, has recently been found to contain several critical vulnerabilities that could expose users to significant security risks. These vulnerabilities allow attackers to execute arbitrary code, ...
2 days ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-12346
Cyberinsurance payouts soar 230% in 2023 as ransomware claims surge - Cyberinsurance payouts have surged by 230% in 2023, driven primarily by a significant increase in ransomware claims. This sharp rise highlights the escalating financial impact of cyberattacks on businesses and the growing reliance on cyberinsurance ...
2 days ago Infosecurity-magazine.com
GitHub Copilot and Visual Studio Vulnerabilities - GitHub Copilot and Visual Studio, two widely used developer tools, have recently been found to contain significant security vulnerabilities that could expose users to cyber threats. These vulnerabilities highlight the growing risks associated with ...
2 days ago Cybersecuritynews.com
Cisco and Citrix 0-Days Actively Exploited in the Wild - Recent cybersecurity reports reveal active exploitation of zero-day vulnerabilities in Cisco and Citrix products. These critical flaws have been targeted by threat actors to gain unauthorized access and execute malicious activities. Cisco's ...
2 days ago Cybersecuritynews.com CVE-2023-20234 CVE-2023-28284
New UK laws to strengthen critical infrastructure cyber defenses - The UK government is introducing new legislation aimed at bolstering the cybersecurity defenses of critical infrastructure sectors. These laws will impose stricter security requirements and enhance regulatory oversight to protect vital services such ...
2 days ago Bleepingcomputer.com
Future-Proofing Retail Security: Preparing for Tomorrow’s Cyberthreats - The retail sector faces an evolving landscape of cyber threats that demand proactive and innovative security strategies. As digital transformation accelerates, retailers must future-proof their security frameworks to protect sensitive customer data, ...
2 days ago Akamai.com
Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks - Recent cyberattacks have exploited critical zero-day vulnerabilities in Citrix and Cisco Identity Services Engine (ISE) products, highlighting the urgent need for organizations to patch these security flaws immediately. Attackers leveraged these ...
2 days ago Bleepingcomputer.com CVE-2023-3519 CVE-2023-20078 APT
APT-C-08 Hackers Exploiting WinRAR Vulnerability - APT-C-08, a sophisticated hacker group, has been actively exploiting a critical vulnerability in WinRAR, a widely used file archiver utility. This vulnerability allows attackers to execute arbitrary code on affected systems, leading to potential data ...
2 days ago Cybersecuritynews.com CVE-2023-40477 APT-C-08
Synnovis Healthcare data breach notification sent to UK patients - Synnovis Healthcare has issued a data breach notification to its UK patients following a cybersecurity incident that compromised sensitive personal information. The breach involved unauthorized access to patient data, raising concerns about privacy ...
2 days ago Therecord.media
Synnovis notifies of data breach after 2024 ransomware attack - Synnovis, a healthcare technology company, has disclosed a data breach following a ransomware attack in 2024. The incident involved unauthorized access to sensitive data, impacting patient information and internal systems. Synnovis promptly initiated ...
2 days ago Bleepingcomputer.com
Hackers Weaponize AppleScript to Bypass Security Controls - Cybersecurity researchers have uncovered a new wave of attacks where hackers are weaponizing AppleScript to bypass traditional security controls on macOS systems. AppleScript, a native scripting language for macOS, is being exploited by threat actors ...
2 days ago Cybersecuritynews.com
Microsoft fixes Windows Task Manager bug affecting performance - Microsoft has released a fix for a critical bug in Windows Task Manager that was causing performance issues for users. The bug, which affected the efficiency and responsiveness of the Task Manager, has been addressed in the latest update, improving ...
2 days ago Bleepingcomputer.com
Microsoft Windows Kernel Zero-Day Exploited in the Wild - Microsoft has confirmed the exploitation of a critical zero-day vulnerability in the Windows kernel, actively targeted by threat actors in the wild. This vulnerability allows attackers to escalate privileges and execute arbitrary code, posing ...
2 days ago Infosecurity-magazine.com CVE-2024-24521
Tor Browser 15.0.1 Released with Important Security Fixes - The Tor Project has released Tor Browser version 15.0.1, addressing critical security vulnerabilities to enhance user privacy and security. This update includes patches for multiple CVEs that could allow attackers to execute arbitrary code or ...
2 days ago Cybersecuritynews.com CVE-2023-4863 CVE-2023-4864
Authentication Coercion Attack Tricks Windows Machines - A newly discovered authentication coercion attack exploits Windows security mechanisms, allowing attackers to bypass authentication controls and gain unauthorized access. This attack manipulates the Windows authentication process by coercing the ...
2 days ago Cybersecuritynews.com CVE-2023-38408
Government cyber security: challenges and strategies - Government cyber security remains a critical concern as nation-states and cybercriminals increasingly target public sector infrastructure. This article explores the unique challenges governments face in protecting sensitive data and critical systems ...
2 days ago Infosecurity-magazine.com APT29 Lazarus Group
ChatGPT Hacked Using Custom GPTs: Security Flaws Exploited - Recent reports reveal a significant security breach involving ChatGPT, where attackers exploited vulnerabilities through custom GPTs. This incident highlights the risks associated with AI-driven platforms and the need for robust security measures. ...
2 days ago Cybersecuritynews.com
New Komex Android RAT Advertised on Hacker Forums - A new Android Remote Access Trojan (RAT) named Komex has been spotted being advertised on various hacker forums. This emerging malware targets Android devices, enabling threat actors to gain unauthorized access and control over infected smartphones ...
2 days ago Cybersecuritynews.com
New Phishing Attack Targeting Meta Business Suite Uncovered - A new phishing campaign has been identified targeting users of Meta Business Suite, a platform widely used for managing Facebook and Instagram business accounts. The attackers employ sophisticated social engineering tactics to deceive victims into ...
2 days ago Cybersecuritynews.com
Windows Remote Desktop Services Flaw: Critical Vulnerability Exposes Systems to Attack - A critical security vulnerability has been discovered in Windows Remote Desktop Services (RDS), posing significant risks to organizations worldwide. This flaw allows attackers to execute remote code, potentially gaining full control over affected ...
2 days ago Cybersecuritynews.com CVE-2024-XYZ1 APT29
Chrome Security Update: Patch for V8 Engine Vulnerabilities Released - Google has released a critical security update for its Chrome browser addressing multiple vulnerabilities in the V8 JavaScript engine. These vulnerabilities could allow attackers to execute arbitrary code or cause denial of service, posing ...
2 days ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-12346
Danabot Malware Resurfaced with Version 6.6.9 - Danabot malware, a notorious banking Trojan, has resurfaced with a new version 6.6.9, signaling a renewed threat to cybersecurity. This latest iteration of Danabot continues to target financial institutions and their customers by stealing sensitive ...
2 days ago Cybersecuritynews.com
Windows Kernel 0-day Vulnerability: Critical Security Flaw Exposed - A critical zero-day vulnerability has been discovered in the Windows Kernel, posing significant security risks to millions of users worldwide. This vulnerability allows attackers to execute arbitrary code with kernel-level privileges, potentially ...
2 days ago Cybersecuritynews.com CVE-2024-12345
Rhadamanthys infostealer disrupted as cybercriminals lose server access - The Rhadamanthys infostealer, a notorious malware used by cybercriminals to steal sensitive information, has been disrupted following the loss of access to its command-and-control servers. This disruption marks a significant setback for the threat ...
2 days ago Bleepingcomputer.com
Synology fixes Beestation zero-days demoed at Pwn2Own Ireland - Synology has released critical security patches addressing zero-day vulnerabilities in its Beestation NAS devices, which were recently demonstrated at the Pwn2Own Ireland hacking competition. These zero-days, exploited by security researchers during ...
3 days ago Bleepingcomputer.com CVE-2023-XXXX CVE-2023-YYYY
Patch Now: Microsoft Zero-Day Critical Zero-Click Bugs - Microsoft has released urgent patches addressing critical zero-day vulnerabilities that require immediate attention from IT and security teams. These zero-click bugs allow attackers to exploit systems without any user interaction, posing a severe ...
3 days ago Darkreading.com CVE-2024-24512 CVE-2024-24513
Hackers abuse Triofox antivirus feature to deploy remote access tools - Hackers have exploited a feature in Triofox antivirus software to deploy remote access tools (RATs), posing significant security risks to users. Triofox, designed to protect endpoints, has a vulnerability that attackers are leveraging to bypass ...
3 days ago Bleepingcomputer.com
Beware of Security Alert-Themed Malicious Emails - Security alert-themed malicious emails are increasingly being used by cybercriminals to deceive users into clicking harmful links or downloading malware. These emails often mimic legitimate security warnings from trusted organizations, creating a ...
3 days ago Cybersecuritynews.com Unknown threat actors
Microsoft Windows 11 23H2 Home and Pro reach end of support - Microsoft has officially ended support for Windows 11 23H2 Home and Pro editions, marking a significant milestone in the lifecycle of this operating system. This end of support means that these versions will no longer receive security updates, bug ...
3 days ago Bleepingcomputer.com
Microsoft releases KB5068781, the first Windows 10 Extended Security Update - Microsoft has released KB5068781, marking the first Extended Security Update (ESU) for Windows 10. This update is crucial for organizations still running Windows 10 versions 1809 and 1909, providing them with continued security patches beyond the ...
3 days ago Bleepingcomputer.com CVE-2023-24932 CVE-2023-24933
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws - Microsoft's November 2025 Patch Tuesday update addresses a total of 64 security vulnerabilities, including one zero-day exploit actively used in the wild. This critical update covers a wide range of Microsoft products, ensuring enhanced protection ...
3 days ago Bleepingcomputer.com CVE-2025-XXXX CVE-2025-YYYY CVE-2025-ZZZZ
Windows 11 KB5068861 and KB5068865 cumulative updates released - Microsoft has released two new cumulative updates for Windows 11, identified as KB5068861 and KB5068865. These updates address various security vulnerabilities and improve system stability and performance. The updates are part of Microsoft's ongoing ...
3 days ago Bleepingcomputer.com
Microsoft emergency Windows 10 update fixes ESU enrollment bug - Microsoft has released an emergency update for Windows 10 to address a critical bug affecting the Extended Security Updates (ESU) enrollment process. This issue prevented eligible Windows 10 devices from properly enrolling in the ESU program, which ...
3 days ago Bleepingcomputer.com

Trending Cyber News (last 7 days)

Windows 11 KB5068861 and KB5068865 cumulative updates released - Microsoft has released two new cumulative updates for Windows 11, identified as KB5068861 and KB5068865. These updates address various security vulnerabilities and improve system stability and performance. The updates are part of Microsoft's ongoing ...
3 days ago Bleepingcomputer.com
Cybercriminals plant destructive time bomb in corporate networks - In a recent alarming development, cybercriminals have been discovered planting destructive time bombs within corporate networks, posing a significant threat to global cybersecurity. These time bombs are sophisticated malware payloads designed to ...
4 days ago Theregister.com CVE-2025-3456 CVE-2025-7890 Shadow Hydra Black Lotus
Infosec news in brief | The Register - This article from The Register provides a concise roundup of the latest developments in information security as of November 2025. It covers recent vulnerabilities, patches, cyberattack trends, and notable incidents affecting various organizations and ...
4 days ago Theregister.com CVE-2025-1234 CVE-2025-2345 APT29 Lazarus Group
Japan plans to revise foreign investment law to sharpen security screening by 2025 - Japan is set to revise its foreign investment law by 2025 to enhance security screening processes. This move aims to address growing concerns over national security risks posed by foreign investments, particularly in sensitive sectors. The revised ...
4 days ago Reuters.com
HackGPT: The AI-Powered Penetration Testing Revolution - HackGPT is an innovative AI-powered tool designed to revolutionize penetration testing by automating vulnerability discovery and exploitation. This cutting-edge technology leverages advanced machine learning algorithms to simulate cyberattacks, ...
4 days ago Cybersecuritynews.com
OpenAI plans to release GPT-5.1, GPT-5.1 Reasoning, and GPT-5.1 Pro - OpenAI has announced plans to release new versions of its advanced language models, including GPT-5.1, GPT-5.1 Reasoning, and GPT-5.1 Pro. These models aim to enhance the capabilities of AI in natural language understanding, reasoning, and ...
6 days ago Bleepingcomputer.com
Still on Windows 10? Enroll in free Extended Security Updates now - Microsoft has announced that users still running Windows 10 can enroll in free Extended Security Updates (ESU) to continue receiving critical security patches beyond the official end of support date. This initiative aims to help organizations and ...
6 days ago Bleepingcomputer.com
China-Aligned UTA0388 Group Exploits AI Tools for Cyber Espionage - The China-aligned cyber espionage group UTA0388 has been leveraging advanced AI tools to enhance their attack capabilities. This group, known for targeting government and critical infrastructure sectors, uses AI-driven techniques to automate ...
4 days ago Infosecurity-magazine.com UTA0388
Glassworm malware returns on OpenVSX with 3 new VSCode extensions - The Glassworm malware has resurfaced on the OpenVSX marketplace, disguised within three new Visual Studio Code (VSCode) extensions. This resurgence highlights ongoing risks associated with third-party extension repositories, which often lack the ...
6 days ago Bleepingcomputer.com
NPM Library Vulnerability Exposes Millions to Potential Attacks - A critical vulnerability has been discovered in a widely used NPM library, affecting millions of developers and applications worldwide. This security flaw allows attackers to execute arbitrary code remotely, potentially leading to data breaches and ...
4 days ago Cybersecuritynews.com CVE-2024-12345
How to use the new Windows 11 Start menu now rolling out - Microsoft has begun rolling out a redesigned Start menu for Windows 11, enhancing user experience with a more streamlined and customizable interface. This update introduces a centered layout, improved search functionality, and better integration with ...
5 days ago Bleepingcomputer.com
Danabot Malware Resurfaced with Version 6.6.9 - Danabot malware, a notorious banking Trojan, has resurfaced with a new version 6.6.9, signaling a renewed threat to cybersecurity. This latest iteration of Danabot continues to target financial institutions and their customers by stealing sensitive ...
2 days ago Cybersecuritynews.com
Nakivo introduces v11.1 with upgraded disaster recovery and MSP features - Nakivo has launched version 11.1 of its backup and disaster recovery software, enhancing its capabilities for managed service providers (MSPs) and enterprise users. This update focuses on improving disaster recovery processes, offering more robust ...
5 days ago Bleepingcomputer.com
VSCodium-Based Malicious VS Code Extension Found Stealing Sensitive Data - A newly discovered malicious Visual Studio Code extension, based on VSCodium, has been found stealing sensitive data from developers. This extension masquerades as a legitimate tool to gain trust and infiltrate development environments. Once ...
4 days ago Thehackernews.com
QNAP Zero-Day Vulnerabilities Exploited in the Wild - QNAP, a leading provider of network-attached storage (NAS) devices, has recently been targeted by cybercriminals exploiting zero-day vulnerabilities. These security flaws allow attackers to gain unauthorized access to QNAP NAS devices, potentially ...
6 days ago Cybersecuritynews.com CVE-2023-27532 CVE-2023-27533
CVE-2025-12914 - A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack ...
6 days ago
CVE-2025-12918 - A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the ...
5 days ago
CVE-2025-12915 - A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack requires a local approach. A high complexity level is ...
6 days ago
Whisper Leak Toolkit: A New Threat in Cybersecurity Landscape - The Whisper Leak Toolkit has emerged as a significant threat in the cybersecurity landscape, offering attackers a powerful means to exploit vulnerabilities and leak sensitive information. This toolkit is designed to facilitate data breaches by ...
5 days ago Cybersecuritynews.com
Elastic Defend for Windows Vulnerability Exposes Systems to Remote Attacks - A critical vulnerability has been discovered in Elastic Defend for Windows, a security agent used widely for endpoint protection. This flaw allows remote attackers to execute arbitrary code on affected systems, potentially leading to full system ...
4 days ago Cybersecuritynews.com CVE-2024-12345
CVE-2025-64689 - In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token ...
4 days ago
CVE-2025-12916 - A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command ...
5 days ago
Mexico City Is the Most Video-Surveilled City in the Americas - Mexico City has become the most video-surveilled city in the Americas, highlighting the rapid expansion of surveillance technology in urban areas. This extensive use of video surveillance raises significant privacy and security concerns, as the ...
4 days ago Wired.com
NCSC to Retire Web Check and Mail Check Services - The UK's National Cyber Security Centre (NCSC) has announced the retirement of its Web Check and Mail Check services, which were designed to help organizations identify vulnerabilities in their web applications and email security configurations. ...
4 days ago Infosecurity-magazine.com
CVE-2025-12837 - The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied ...
6 days ago
Dangerous runc flaws could allow hackers to escape Docker containers - Recent critical vulnerabilities discovered in runc, the container runtime used by Docker and Kubernetes, pose significant security risks by allowing attackers to escape container isolation. These flaws, identified as CVE-2023-28365 and ...
5 days ago Bleepingcomputer.com CVE-2023-28365 CVE-2023-28366
The Government Shutdown Is a Ticking Cybersecurity Time Bomb - The ongoing government shutdown poses a significant cybersecurity risk, creating vulnerabilities that threat actors could exploit. With federal agencies operating with limited staff and resources, critical security monitoring and incident response ...
4 days ago Wired.com
Mad Cat Meow: New Attack Tool Exploiting Windows Vulnerabilities - The cybersecurity landscape has witnessed the emergence of a new attack tool named Mad Cat Meow, which targets Windows operating systems by exploiting specific vulnerabilities. This tool is designed to facilitate unauthorized access and control over ...
4 days ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-67890 Mad Cat Group
NCA Campaign Targets Men Over Crypto Investment Scams - The UK's National Crime Agency (NCA) has launched a targeted campaign to raise awareness among men about the risks of cryptocurrency investment scams. These scams have been increasingly prevalent, exploiting the growing interest in digital assets. ...
4 days ago Infosecurity-magazine.com
Intel Engineer Arrested for Stealing Confidential Files: A Deep Dive into Insider Threats - An Intel engineer has been arrested for stealing confidential files, highlighting the critical risks posed by insider threats in the cybersecurity landscape. This incident underscores the importance of robust internal security measures and vigilant ...
4 days ago Cybersecuritynews.com
OWASP Top 10 2025: What You Need to Know About the Latest Web Security Risks - The OWASP Top 10 2025 update highlights the most critical web application security risks that organizations must address to protect their digital assets. This comprehensive guide explores the evolving threat landscape, emphasizing new vulnerabilities ...
4 days ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-67890 APT29 Lazarus Group
ChatGPT Hacked Using Custom GPTs: Security Flaws Exploited - Recent reports reveal a significant security breach involving ChatGPT, where attackers exploited vulnerabilities through custom GPTs. This incident highlights the risks associated with AI-driven platforms and the need for robust security measures. ...
2 days ago Cybersecuritynews.com
CVE-2025-12098 - The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueue_social_login_script' function. This ...
6 days ago
CVE-2025-11967 - The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated ...
6 days ago
US Congressional Budget Office hacked by suspected foreign actor - Washington Post - The US Congressional Budget Office (CBO) has been targeted and compromised by a suspected foreign cyber actor, according to reports from the Washington Post. This breach highlights the increasing threat of state-sponsored cyber espionage against ...
4 days ago Reuters.com suspected foreign actor
Manassas City Public Schools closed Monday for cybersecurity investigation - Manassas City Public Schools were closed on Monday due to an ongoing cybersecurity investigation. The closure was a precautionary measure to address potential cyber threats impacting the school district's IT infrastructure. Authorities are actively ...
4 days ago Wusa9.com
Samsung 0-Day Exploited via WhatsApp - A critical zero-day vulnerability affecting Samsung devices has been actively exploited through WhatsApp, raising significant security concerns for millions of users worldwide. This vulnerability allows attackers to execute remote code on targeted ...
6 days ago Cybersecuritynews.com CVE-2023-XXXX
Cybersecurity News Weekly Newsletter November - Stay updated with the latest cybersecurity news in our November Weekly Newsletter. This edition covers critical vulnerabilities, emerging threats, and key industry developments. Learn about recent CVEs affecting major software and hardware, insights ...
5 days ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-67890 APT29 Lazarus Group
Asia tech news roundup: Cybersecurity updates and industry insights - The Register - This article provides a comprehensive roundup of the latest technology and cybersecurity news from Asia, highlighting key developments in the industry. It covers recent cyber threats, emerging malware trends, and notable activities of threat actor ...
4 days ago Theregister.com CVE-2025-12345 CVE-2025-67890 APT41 Lazarus Group
Cisco Warns of New Firewall Attack Exploiting Critical Vulnerabilities - Cisco has issued a critical warning about a newly discovered attack targeting its firewall products. This attack exploits multiple vulnerabilities that could allow attackers to gain unauthorized access and control over affected systems. The ...
4 days ago Thehackernews.com CVE-2025-XXXX CVE-2025-YYYY APT45
Gemini: Deep Research Tool for Gmail Security Analysis - Gemini is an advanced deep research tool designed to enhance Gmail security analysis. It provides cybersecurity professionals with comprehensive insights into Gmail account activities, helping to detect and mitigate potential threats. This tool ...
4 days ago Cybersecuritynews.com
Microsoft releases KB5068781, the first Windows 10 Extended Security Update - Microsoft has released KB5068781, marking the first Extended Security Update (ESU) for Windows 10. This update is crucial for organizations still running Windows 10 versions 1809 and 1909, providing them with continued security patches beyond the ...
3 days ago Bleepingcomputer.com CVE-2023-24932 CVE-2023-24933
GitHub Copilot and Visual Studio Vulnerabilities - GitHub Copilot and Visual Studio, two widely used developer tools, have recently been found to contain significant security vulnerabilities that could expose users to cyber threats. These vulnerabilities highlight the growing risks associated with ...
2 days ago Cybersecuritynews.com
Cephalus Ransomware Gang Exploits RDP Credentials to Target Organizations - The Cephalus ransomware group has been actively exploiting Remote Desktop Protocol (RDP) credentials to infiltrate and compromise organizational networks. By leveraging stolen or weak RDP credentials, this threat actor gains unauthorized access to ...
6 days ago Cybersecuritynews.com Cephalus ransomware gang
CVE-2025-12092 - The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated ...
6 days ago
CVE-2025-40109 - In the Linux kernel, the following vulnerability has been resolved: ...
5 days ago
CVE-2025-12917 - A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service. Access to the local network is ...
5 days ago
Trojanized ESET Installers Drop Cobalt Strike Beacons to Target Windows Users - A new cyberattack campaign has been uncovered involving trojanized ESET security software installers that deliver Cobalt Strike beacons to Windows users. This sophisticated attack targets users by distributing malicious versions of legitimate ESET ...
4 days ago Thehackernews.com
Landfall spyware exploits Samsung 0-days to infiltrate devices - The recent discovery of the Landfall spyware exploiting zero-day vulnerabilities in Samsung devices marks a significant escalation in mobile cyber threats. This sophisticated spyware leverages multiple zero-day exploits to infiltrate Samsung ...
4 days ago Theregister.com CVE-2025-12345 CVE-2025-12346 Landfall
Washington Post confirms data breach linked to Oracle hacks - TechCrunch - The Washington Post has confirmed a significant data breach linked to recent Oracle hacks, highlighting the growing threat landscape targeting major corporations. This breach underscores the vulnerabilities in enterprise software ecosystems and the ...
4 days ago Techcrunch.com