12Articles
5Categories
2025-11-15Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
15 NovHoneypot: FortiWeb CVE-2025-64446 Exploits, (Sat, Nov 15th)Like many have reported, we too noticed exploit attempts for CVE-2025-64446 in our honeypots. ISC.SANS.EDU
15 NovRondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its BotnetThe botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug tha…THEHACKERNEWS.COM
15 Nov KEVCritical FortiWeb WAF Flaw Actively Exploited to Establish Admin Access and Seize Total ControlFortinet has released urgent security updates to address a critical vulnerability in its FortiWeb Web Application Firewall (WAF) that is being actively exploited in the wild. Tracked as CVE-2025-64446, the flaw allows unauthenticated attackers to execute administrative commands a…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
15 NovReal Estate Giant Redfin Exposed Users’ Personal Info on Listing Contact Formssubmitted by ie11 to cybersecurity 1 points | 0 comments https://theintercept.com/2025/11/13/redfin-user-information-real-estate-listing/SH.ITJUST.WORKS
15 NovWorm flooding npm registry with token stealers still isn’t under controlA coordinated token farming campaign continues to flood the open source npm registry, with tens of thousands of infected packages created almost daily to steal tokens from unsuspecting developers using the Tea Protocol to reward coding work. On Thursday, researchers at Amazon sai…CSOONLINE.COM
📋 SECURITY BULLETINS 1[−]
15 NovMicrosoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errorsMicrosoft has confirmed it is investigating a bug causing the Windows 10 KB5068781 extended security update to fail to install with 0x800f0922 errors on devices with corporate licensing. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 3[−]
15 NovCybercrime and the Future: An In-Depth Discussion with Tammy Harper, Flare.ioIn this episode of Cybersecurity Today, host Jim Love is joined by Tammy Harper, a senior threat intelligence researcher at Flare, to explore the future landscape of cybercrime. The conversation delves into various aspects like the evolution of underground markets, state-backed c…CYBERSECURITYTODAY.LIBSYN.COM
15 NovJaguar Land Rover cyberattack cost the company over $220 millionJaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million ($220 million) in the quarter. [...]BLEEPINGCOMPUTER.COM
15 NovFirst Large-scale Cyberattack Using AI With Minimal Human Inputsubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/first-large-scale-cyberattack-using-ai/SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 3[−]
15 NovFive U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 CompaniesThe U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions. The five individuals are …THEHACKERNEWS.COM
15 NovDecades-old ‘Finger’ protocol abused in ClickFix malware attacksThe decades-old "finger" command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. [...]BLEEPINGCOMPUTER.COM
15 NovMY TAKE: AI’s fortune-teller effect — why it’s all too easy to mistake pattern mastery for wisdomI hadn’t expected the machine’s answer to be that good. Related: The AI bubble is inflating It was a simple prompt — I needed help crafting a reply to a client. One of those mid-project check-ins where timing gets murky … (more…) The post MY TAKE: AI’s fortune-teller effect…LASTWATCHDOG.COM