🚨 CISA KEV 1[−]
4 Nov KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-11371 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability CVE-2025-48703 CWP Control Web…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
4 NovGoogle’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKitGoogle's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser…THEHACKERNEWS.COM
4 NovAndroid Hit by 0-Click RCE Vulnerability in Core System ComponentGoogle has released an urgent security alert addressing a critical remote code execution vulnerability affecting Android devices worldwide. The vulnerability, tracked as CVE-2025-48593, exists in Android’s System component and requires no user interaction for exploitation, …GBHACKERS.COM
4 NovCritical WordPress Post SMTP Plugin Vulnerability Puts 400,000 Sites at Risk of Account TakeoverA critical vulnerability has been discovered in the Post SMTP WordPress plugin, affecting over 400,000 active installations across the web. The vulnerability, identified as CVE-2025-11833 with a CVSS score of 9.8, allows unauthenticated attackers to access sensitive email logs an…GBHACKERS.COM
4 NovCritical Flaw in Popular React Native NPM Package Exposes Developers to AttacksArbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux. The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 31[−]
4 NovMY TAKE: From AOL-Time Warner to OpenAI-Amazon — is the next tech bubble already inflating?Anyone remember the dot-com bubble burst? The early warning came in January 2000, when AOL and Time Warner joined forces in a $164 billion deal — the largest merger in U.S. history at the time. Related: Reuters’ backstory on Amazon … (more…) The post MY TAKE: From AOL…LASTWATCHDOG.COM
4 NovCybercriminals Exploit RMM Tools to Target Trucking Firms and Hijack FreightCybercriminals are orchestrating sophisticated attacks against trucking and freight companies in elaborate schemes designed to steal cargo shipments worth millions. These threat actors are exploiting the digital transformation of the logistics industry, compromising transportatio…GBHACKERS.COM
4 NovHackers Can Manipulate Claude AI APIs with Indirect Prompts to Steal User DataA new security issue discovered by researchers reveals that Anthropic’s Claude AI system can be exploited through indirect prompts, allowing attackers to exfiltrate user data via its built‑in File API. The attack, documented in a detailed technical post on October 28, 2025, demon…GBHACKERS.COM
4 NovSesameOp: Using the OpenAI Assistants API for Covert C2 CommunicationMicrosoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leve…GBHACKERS.COM
4 NovMicrosoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command ChannelMicrosoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenA…THEHACKERNEWS.COM
4 NovGen AI success requires an AI champions networkGetting an enterprise-grade generative AI platform rolled out is a milestone, but it’s just the entry point. Sustained, distributed adoption doesn’t come from tool access. It comes from embedding AI capability inside how the organization works. Centralized enablement teams cannot…CSOONLINE.COM
4 NovModern supply-chain attacks and their real-world impactWhen headlines broke this September about the world’s largest supply-chain attack yet on the popular open source Chalk and Debug libraries, skeptics were quick to question its real-world impact, despite the scale. A widely circulated report , Oops, No Victims: The Largest Supply …CSOONLINE.COM
4 Nov165: TanyaTanya Janca is a globally recognized AppSec (application security) expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder. You can sign …DARKNETDIARIES.COM
4 NovRansomware-Bande missbraucht Microsoft-ZertifikateKontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein. Dada Leee | shutterstock.com Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt . Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Be…CSOONLINE.COM
4 NovBalancer DeFi Platform Hit by Major Exploit Resulting in $100M+ in LossesThe decentralised finance (DeFi) ecosystem was rocked by a significant exploit targeting Balancer, one of the leading DeFi platforms. The breach specifically impacted Balancer’s V2 Composable Stable Pools, resulting in losses that reportedly exceed $100 million. This major incide…GBHACKERS.COM
4 Nov‘SleepyDuck’ Malware in Open VSX Lets Attackers Remotely Control Windows PCsSecurity researchers have identified a dangerous remote access trojan called SleepyDuck lurking in the Open VSX IDE extension marketplace, targeting developers who use code editors like Cursor and Windsurf. The malicious extension masqueraded as a legitimate Solidity programming …GBHACKERS.COM
4 NovHackers exploit critical auth bypass flaw in JobMonster WordPress themeThreat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. [...]BLEEPINGCOMPUTER.COM
4 NovAndroid Update Patches Critical Remote Code Execution FlawThe November 2025 Android patches resolve two vulnerabilities, both in the platform’s System component. The post Android Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovRondoDox Botnet Swells Its Arsenal — 650% Jump in Enterprise-Focused ExploitsThe cybersecurity threat landscape shifted dramatically on October 30, 2025, when security researchers monitoring honeypot infrastructure detected a significantly evolved variant of the RondoDox botnet. The updated malware now features 75 distinct exploitation vectors, a fundamen…GBHACKERS.COM
4 NovResearching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfiguring how PRs can trigger actions. But what happens when repo owners don't read the docs? Bar Kaduri and Roi Nisimi walk through t…YOUTUBE.COM
4 NovNew backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operationsIn a newly uncovered campaign, threat actors embedded a previously undocumented backdoor, dubbed SesameOp, which exploits the OpenAI Assistants API for relaying commands and exfiltrating results. According to researchers at Microsoft, the campaign was active for months before det…CSOONLINE.COM
4 NovRansomware Defense Using the Wazuh Open Source PlatformRansomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure world…THEHACKERNEWS.COM
4 NovApple Patches Everything, Again, (Tue, Nov 4th)Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities is marked as al…ISC.SANS.EDU
4 Nov KEVCybersecurity experts charged with running BlackCat ransomware operationThree cybersecurity professionals who specialized in helping companies respond to ransomware attacks have been charged with secretly running their own ransomware operation, deploying ALPHV BlackCat malware against at least five US enterprises between May and November 2023. Ryan C…CSOONLINE.COM
4 NovNew GDI Flaws Could Enable Remote Code Execution in Windows - Infosecurity Magazinesubmitted by kid to cybersecurity 4 points | 1 comments https://www.infosecurity-magazine.com/news/gdi-flaws-enable-rce-windows/SH.ITJUST.WORKS
4 NovMicrosoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages UnnoticedCybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploi…THEHACKERNEWS.COM
4 NovPolice arrests suspects linked to €600 million crypto fraud ringEuropean law enforcement authorities have arrested nine suspected money launderers who set up a cryptocurrency fraud network that stole over €600 million ($689 million) from victims across multiple countries. [...]BLEEPINGCOMPUTER.COM
4 NovThe Top 3 Browser Sandbox Threats That Slip Past Modern Security ToolsAttackers exploit web browsers' built-in behaviors to steal credentials, abuse extensions, and move laterall, slipping past traditional defenses. Learn from Keep Aware how browser-layer visibility and policy enforcement stop these hidden threats in real time. [...]BLEEPINGCOMPUTER.COM
4 NovCritical React Native CLI Flaw Exposed Millions of Developers to Remote AttacksDetails have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. "The vulnerability allows remote unauthenticated …THEHACKERNEWS.COM
4 NovEuropol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global SweepNine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place bet…THEHACKERNEWS.COM
4 NovCISA Releases Five Industrial Control Systems AdvisoriesCISA released five Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-308-01 Fuji Electric Monitouch V-SFT-6 ICSA-25-308-02 Survision License Plate Re…CISA.GOV
4 NovDragonForce Cartel Emerges as Conti-Derived Ransomware Threatsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/dragonforce-cartel-conti-derived/SH.ITJUST.WORKS
4 NovA Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join ForcesThe nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 tim…THEHACKERNEWS.COM
4 NovHackers exploit WordPress plugin Post SMTP to hijack admin accountsThreat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. [...]BLEEPINGCOMPUTER.COM
4 NovA Vulnerability in CWP (aka Control Web Panel or CentOS Web Panel) Could Allow for Remote Code ExecutionA vulnerability has been discovered in CWP (aka Control Web Panel or CentOS Web Panel), which could allow for remote code execution. CWP, or Control Web Panel, is a free server administration tool for enterprise-based Linux distributions like CentOS, which simplifies managing web…CISECURITY.ORG
4 NovHow social engineering works | Unlocked 403 cybersecurity podcast (S2E6)Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step aheadWELIVESECURITY.COM
📋 SECURITY BULLETINS 3[−]
4 NovApple Releases Security Update Addressing Critical Flaws in iOS 26.1 and iPadOS 26.1Apple has rolled out new security updates for iOS 26.1 and iPadOS 26.1, released on November 3, 2025, introducing important fixes for a wide range of vulnerabilities. The update is available for iPhone 11 and later models, along with several iPad models including iPad Pro (3rd ge…GBHACKERS.COM
4 NovMicrosoft’s WSUS Patch Causes Hotpatching Failures on Windows Server 2025Microsoft has acknowledged a critical issue affecting Windows Server 2025 systems enrolled in the Hotpatch program. A recent Windows Server Update Services (WSUS) patch was inadvertently distributed to machines configured to receive Hotpatch updates, causing disruptions to the se…GBHACKERS.COM
4 NovLouvre delayed Windows security updates ahead of burglaryThe Louvre Museum in Paris, victim of an audacious burglary involving a furniture lift last month, has been struggling for over a decade to upgrade outdated software, including that controlling its video surveillance systems, according to a French newspaper report. Thieves used a…CSOONLINE.COM
📢 SECURITY ADVISORIES 5[−]
4 NovBob Flores, Former CTO of the CIA, Joins BrinkerDelaware, United States, November 4th, 2025, CyberNewsWire Brinker, the narrative intelligence company dedicated to combating disinformation and influence campaigns, announced today that Bob Flores, former Chief Technology Officer of the U.S. Central Intelligence Agency, has join…GBHACKERS.COM
🔥 INCIDENT REPORTING 13[−]
4 NovMalicious PuTTY Ads Deliver OysterLoader, Allowing Attackers Full Device and Network AccessThe Rhysida ransomware gang has been running a sophisticated malvertising campaign that delivers OysterLoader malware through deceptive search engine advertisements, giving attackers complete access to compromised devices and networks. The Rhysida gang, formerly known as Vice Soc…GBHACKERS.COM
4 Nov KEVU.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware AttacksFederal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-C…THEHACKERNEWS.COM
4 NovMicrosoft Plans to Remove Entra Accounts from Authenticator on Jailbroken DevicesMicrosoft is rolling out a significant security enhancement for its Authenticator app starting February 2026, introducing jailbreak and root detection capabilities that will automatically wipe Microsoft Entra credentials from compromised devices. This move represents a strategic …GBHACKERS.COM
4 NovOperation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense SectorsThreat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on…THEHACKERNEWS.COM
4 NovHackers hit Polish loan site | Cybernewssubmitted by kid to cybersecurity 2 points | 0 comments https://cybernews.com/cybercrime/poland-major-cyberattack-hackers-loan-customers-data/SH.ITJUST.WORKS
4 NovNew Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and Moresubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/dante-spyware-hacking-team-memento-labs/SH.ITJUST.WORKS
4 Nov2025 Insider Risk Report Finds Most Organizations Struggle to Detect and Predict Insider RisksBaltimore, USA, November 4th, 2025, CyberNewsWire The new 2025 Insider Risk Report, produced by Cybersecurity Insiders in collaboration with Cogility, highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than external cyberatt…GBHACKERS.COM
4 NovTransportation Companies Hacked to Steal CargoThreat actors engage in elaborate attack chains to infect trucking and logistics companies with remote access tools. The post Transportation Companies Hacked to Steal Cargo appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovMedia giant Nikkei reports data breach impacting 17,000 peopleJapanese publishing giant Nikkei announced earlier today that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners. [...]BLEEPINGCOMPUTER.COM
4 NovData breach at major Swedish software supplier impacts 1.5 millionThe Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. [...]BLEEPINGCOMPUTER.COM
4 NovLearn what generative AI can do for your security operations centerThis new e-book showcases what generative AI can do for your SOC, from reducing alert fatigue and enabling quicker triage to getting ahead of cyberattacks with proactive threat hunting, and more. The post Learn what generative AI can do for your security operations center appea…MICROSOFT.COM
4 NovFormer ransomware negotiators allegedly targeted US firms with ALPHV/BlackCat ransomware - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/11/04/ransomware-negotiator-alphv-blackcat-ransomware/SH.ITJUST.WORKS
4 NovApache OpenOffice disputes data breach claims by ransomware gangThe Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 22[−]
4 NovISC Stormcast For Tuesday, November 4th, 2025 https://isc.sans.edu/podcastdetail/9684, (Tue, Nov 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 NovZscaler Acquires AI Security Company SPLXSPLX red teaming, asset management, and threat inspection technology will enable Zscaler to expand its Zero Trust Exchange platform. The post Zscaler Acquires AI Security Company SPLX appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovAnatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and GmailThe Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform, which emerged in August 2023, has become a formidable adversary against organizational security, employing advanced e…GBHACKERS.COM
4 NovApple Patches 19 WebKit VulnerabilitiesApple has released iOS 26.1 and macOS Tahoe 26.1 with patches for over 100 vulnerabilities, including critical flaws. The post Apple Patches 19 WebKit Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovCybercriminals Targeting Payroll SitesMicrosoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for the victim to realize what …SCHNEIER.COM
4 NovMicrosoft: SesameOp malware abuses OpenAI Assistants API in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/SH.ITJUST.WORKS
4 NovAndroid Malware Mutes Alerts, Drains Crypto Walletssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/android-malware-mutes-alerts-drains-crypto-walletsSH.ITJUST.WORKS
4 NovZscaler Acquires SPLX to Strengthen AI-Powered Zero Trust SecurityZscaler, a leading cloud security company, has acquired SPLX, an innovative AI security pioneer, to enhance its Zero Trust Exchange platform with advanced AI protection capabilities. The acquisition will integrate shift-left AI asset discovery, automated red teaming, and governan…GBHACKERS.COM
4 NovXLoader Malware Analyzed Using ChatGPT’s AI, Breaks RC4 Encryption Layers in HoursCybersecurity researchers have successfully demonstrated how artificial intelligence can dramatically accelerate malware analysis, decrypting complex XLoader samples in a fraction of the time previously required. XLoader, a sophisticated malware loader with information-stealing c…GBHACKERS.COM
4 NovBugcrowd Acquires Application Security Firm MayhemBugcrowd said the acquisition of Mayhem has nearly doubled its valuation — previously reported at over $1 billion. The post Bugcrowd Acquires Application Security Firm Mayhem appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovHacker steals over $120 million from Balancer DeFi crypto protocolsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/cryptocurrency/hacker-steals-over-120-million-from-balancer-defi-crypto-protocol/SH.ITJUST.WORKS
4 NovData Theft Hits Behavioral Health Network in 3 Statessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bankinfosecurity.in/data-theft-hits-behavioral-health-network-in-3-states-a-29920SH.ITJUST.WORKS
4 NovSesameOp Malware Abuses OpenAI APIA component of the newly discovered SesameOp backdoor uses the API to store and relay commands from the C&C server. The post SesameOp Malware Abuses OpenAI API appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovHacker Conversations: Kunal Agarwal and the DNA of a HackerFor Agarwal, being a hacker is not what you do, but who you are; that is, someone who always questions the status quo and questions how it could be different. The post Hacker Conversations: Kunal Agarwal and the DNA of a Hacker appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovRussian hackers abuse Hyper-V to hide malware in Linux VMsThe Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware. [...]BLEEPINGCOMPUTER.COM
4 NovHackers Deliver SSH-Tor Backdoor Via Weaponized Military Documents in ZIP Filessubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/hackers-deliver-ssh-tor-backdoor/SH.ITJUST.WORKS
4 NovPrisma SASE as Your New Blueprint for Modern Branch SecurityPrisma SASE offers a modern blueprint for branch security, transforming traditional networks into dynamic, secure hubs for distributed enterprises. The post Prisma SASE as Your New Blueprint for Modern Branch Security appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
4 NovHow to check if Tor Onion Service is alive?submitted by maltfield to cybersecurity 1 points | 0 comments How can I check to see if a given Onion Service is still in-use? To be clear: I’m not asking about just Onion Services bound to port 80. Of course I can just curl it, but that won’t tell me if the Onion Service is runn…SH.ITJUST.WORKS
4 NovHow to check if Tor Onion Service is alive?submitted by maltfield to cybersecurity 2 points | 0 comments How can I check to see if a given Onion Service is still in-use? To be clear: I’m not asking about just Onion Services bound to port 80. Of course I can just curl it, but that won’t tell me if the Onion Service is runn…INFOSEC.PUB
4 NovHow to check if Tor Onion Service is alive?submitted by maltfield to security 1 points | 0 comments How can I check to see if a given Onion Service is still in-use? To be clear: I’m not asking about just Onion Services bound to port 80. Of course I can just curl it, but that won’t tell me if the Onion Service is running s…PROGRAMMING.DEV
4 NovNews alert: Insider risk report finds behavioral blind spots leave most orgs exposed, confidence lowBALTIMORE, Nov. 4, 2025, CyberNewswire — he new 2025 Insider Risk Report , produced by Cybersecurity Insiders in collaboration with Cogility , highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than … (more…) The post …LASTWATCHDOG.COM
🎙️ PODCASTS 1[−]
4 NovThe AI Fix #75: Claude’s existential battery crisis, and why ChatGPT is a terrible therapistIn episode 75 of The AI Fix, a Claude-powered robot gets so anxious about its dying battery that it composes a Broadway musical about stress and announces it’s “achieved consciousness and chosen chaos.” Also: an 18-month psychological study reveals five reasons why ChatGPT is a d…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 4[−]
4 NovWindows 10 update bug triggers incorrect end-of-support alertsMicrosoft says the October 2025 updates trigger incorrect end-of-support warnings on Windows 10 systems with active security coverage or still under active support. [...]BLEEPINGCOMPUTER.COM
4 NovPhone location data of top EU officials for sale, report findsJournalists in Europe found it was "easy" to spy on top European Union officials using commercially obtained location data sold by data brokers, despite the continent having some of the strongest data protection laws in the world.TECHCRUNCH.COM
4 NovMicrosoft removing Defender Application Guard from OfficeMicrosoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. [...]BLEEPINGCOMPUTER.COM
4 NovMalicious Android apps on Google Play downloaded 42 million timesHundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. [...]BLEEPINGCOMPUTER.COM