MATLOCK.CA
105Articles
8Categories
2025-11-19Date
🚨
The nexus of risk and intelligence: How vulnerability-informed hunting uncovers what everything else missesFor years, I watched organizations treat vulnerability data like a compliance chore. It was something to scan, sort and patch against deadlines. Yet buried in those reports is a treasure map of sorts, where an attacker is likely to strike first. In my previous red team and incide…
KEVCSOONLINE.COM — 19 Nov 2025
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-13223 Google Chromium V8 Type Confusion Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber ac…
KEVCISA.GOV — Wed, 19 Nov 25 1
🐛
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
KEVTHEHACKERNEWS.COM — 19 Nov 2025
🐛
New FortiWeb 0-Day Code Execution Flaw Actively Exploited
KEVGBHACKERS.COM — 19 Nov 2025
🐛
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
KEVSH.ITJUST.WORKS — 19 Nov 2025
🐛
Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
THEHACKERNEWS.COM — 19 Nov 2025
🐛
CISA Alerts on Fortinet FortiWeb Vulnerability Exploited in Real-World Attacks
GBHACKERS.COM — 19 Nov 2025
⚠️
Cybersecurity Today: CloudFlare Outage, Microsoft's AI Risk, New Red Team Tool, and More!
CYBERSECURITYTODAY.LIBSYN.COM — 19 Nov 2025
⚠️
Behind the firewall: The hidden struggles of cyber professionals with a disability
CSOONLINE.COM — 19 Nov 2025
⚠️
New ShadowRay Exploit Targets Vulnerability in Ray AI Framework to Attack AI Systems
GBHACKERS.COM — 19 Nov 2025
⚠️
Eurofiber Data Breach – Hackers Exploited Vulnerability to Exfiltrate Users’ Data
GBHACKERS.COM — 19 Nov 2025
⚠️
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week
SECURITYWEEK.COM — 19 Nov 2025
⚠️
Health and Wellness of the CISO as They Crack Under Pressure and Need a BISO to Scale - BSW #422
YOUTUBE.COM — 2025-11-19
⚠️
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
THEHACKERNEWS.COM — 19 Nov 2025
⚠️
Overcome the myriad challenges of password management to bolster data protection
CSOONLINE.COM — 19 Nov 2025
⚠️
Legal Restrictions on Vulnerability Disclosure
SCHNEIER.COM — 2025-11-19
⚠️
Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign
SECURITYWEEK.COM — 19 Nov 2025
⚠️
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
THEHACKERNEWS.COM — 19 Nov 2025
⚠️
CISA gives govt agencies 7 days to patch new Fortinet flaw
BLEEPINGCOMPUTER.COM — 19 Nov 2025
⚠️
CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers
CISA.GOV — Wed, 19 Nov 25 1
⚠️
Hidden API in Comet AI browser raises security red flags for enterprises
CSOONLINE.COM — 19 Nov 2025
⚠️
New WrtHug campaign hijacks thousands of end-of-life ASUS routers
BLEEPINGCOMPUTER.COM — 19 Nov 2025
⚠️
Bitcoin Core audit
QUARKSLAB.COM — 2025-11-19
⚠️
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
THEHACKERNEWS.COM — 19 Nov 2025
⚠️
W3 Total Cache WordPress plugin vulnerable to PHP command injection
BLEEPINGCOMPUTER.COM — 19 Nov 2025
⚠️
Chinese PlushDaemon Hackers Exploit EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers
GBHACKERS.COM — 19 Nov 2025
⚠️
Hackers Exploit Tuoni C2 Framework to Stealthily Deploy In-Memory Payloads
GBHACKERS.COM — 19 Nov 2025
⚠️
CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs
GBHACKERS.COM — 19 Nov 2025
⚠️
Researchers discover security vulnerability in WhatsApp— Worldwide enumeration of accounts was possible due to a —now closed— privacy vulnerability
INFOSEC.PUB — 19 Nov 2025
⚠️
Researchers discover security vulnerability in WhatsApp— Worldwide enumeration of accounts was possible due to a —now closed— privacy vulnerability
SH.ITJUST.WORKS — 19 Nov 2025
⚠️
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
CSOONLINE.COM — 19 Nov 2025
⚠️
News alert: SquareX exposes obscure AI browser flaw that gives extensions full access to user devices
LASTWATCHDOG.COM — 19 Nov 2025
⚠️
Iranian APT hacks helped direct missile strikes in Israel and the Red Sea
CSOONLINE.COM — 19 Nov 2025
⚠️
Risky Business #815 -- Anthropic's AI APT report is a big deal
RISKY.BIZ — 19 Nov 2025
📋
Critical SolarWinds Serv-U Flaws Allow Remote Admin-Level Code Execution
GBHACKERS.COM — 19 Nov 2025
📋
‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
BLEEPINGCOMPUTER.COM — 19 Nov 2025
📋
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
THEHACKERNEWS.COM — 19 Nov 2025
📢
Microsoft Unveils Security Enhancements for Identity, Defense, Compliance
SECURITYWEEK.COM — 19 Nov 2025
📢
CISA Unveils Guide to Combat Bulletproof Hosting Cybercrime
CISA.GOV — Wed, 19 Nov 25 1
📢
Atlassian security advisory (AV25-770)
CYBER.GC.CA — 2025-11-19
📢
Microsoft Edge security advisory (AV25-771)
CYBER.GC.CA — 2025-11-19
📢
SolarWinds security advisory (AV25-772)
CYBER.GC.CA — 2025-11-19
📢
CISA Releases New Guides to Safeguard Critical Infrastructure from Unmanned Aircraft Systems Threats
CISA.GOV — Wed, 19 Nov 25 1
📢
CISA Urges Critical Infrastructure to Be Air Aware
CISA.GOV — Wed, 19 Nov 25 1
📢
VMware security advisory (AV25-773)
CYBER.GC.CA — 2025-11-19
📢
News alert: ‘Shopping Cart Inspect’ wins top award for stopping online payment skimming in real time
LASTWATCHDOG.COM — 19 Nov 2025
🔥
Anthropic AI-powered cyberattack causes a stir
KEVCSOONLINE.COM — 19 Nov 2025
🔥
New .NET Malware Conceals Lokibot Inside PNG/BMP Files to Bypass Detection
GBHACKERS.COM — 19 Nov 2025
🔥
Cloudflare Reveals Full Technical Explanation of Major Internet Outage
GBHACKERS.COM — 19 Nov 2025
🔥
Datenpanne bei Eurofiber France
CSOONLINE.COM — 19 Nov 2025
🔥
Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters
BLEEPINGCOMPUTER.COM — 19 Nov 2025
🔥
French agency Pajemploi reports data breach affecting 1.2M people
SH.ITJUST.WORKS — 19 Nov 2025
🔥
Russian bulletproof hosting provider sanctioned over ransomware ties
BLEEPINGCOMPUTER.COM — 19 Nov 2025
🔥
US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks
TECHCRUNCH.COM — 19 Nov 2025
🔥
Secure.com Raises $4.5 Million for Agentic Security
SECURITYWEEK.COM — 19 Nov 2025
🔥
Alleged Data Breach of NVIDIA
SH.ITJUST.WORKS — 19 Nov 2025
🔥
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
GBHACKERS.COM — 19 Nov 2025
🔥
The Gentlemen” Ransomware Group Deploys Dual-Extortion Tactics, Encrypting and Exfiltrating Data
GBHACKERS.COM — 19 Nov 2025
🔥
Single Click on CAPTCHA Triggers Destructive Akira Ransomware Attack on Malicious Website
GBHACKERS.COM — 19 Nov 2025
🕵️
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
THEHACKERNEWS.COM — 19 Nov 2025
🕵️
If I wish to explore the world of hacking, where do l begin ? I mean, it has to be with my own machine, correct ???
SH.ITJUST.WORKS — 19 Nov 2025
🕵️
ISC Stormcast For Wednesday, November 19th, 2025 https://isc.sans.edu/podcastdetail/9706, (Wed, Nov 19th)
ISC.SANS.EDU — 19 Nov 2025
🕵️
New npm Malware Campaign Checks If Visitor Is a Victim or Researcher Before Initiating Infection
GBHACKERS.COM — 19 Nov 2025
🕵️
Microsoft Adds Azure Firewall With AI-Powered Security Copilot
GBHACKERS.COM — 19 Nov 2025
🕵️
New Phishing Kit Using BitB Technique Targets Microsoft Accounts to Steal Credentials via Sneaky 2FA Attack
GBHACKERS.COM — 19 Nov 2025
🕵️
Microsoft Adds New Threat Briefing Agent Inside Defender Portal
GBHACKERS.COM — 19 Nov 2025
🕵️
Largest Azure DDoS Attack Powered by Aisuru Botnet
SECURITYWEEK.COM — 19 Nov 2025
🕵️
AI Is Supercharging Phishing: Here’s How to Fight Back
SECURITYWEEK.COM — 19 Nov 2025
🕵️
Agent Access Control: Trust Zones
YOUTUBE.COM — 2025-11-19
🕵️
Self-replicating botnet attacks Ray clusters • The Register
SH.ITJUST.WORKS — 19 Nov 2025
🕵️
Bonkers Bitcoin heist: 5-star hotels, cash-filled envelopes, vanishing funds - Ars Technica
SH.ITJUST.WORKS — 19 Nov 2025
🕵️
Our CIO on Why Security Must Be Built Into AI from Day One
PALOALTONETWORKS.COM — 19 Nov 2025
🕵️
AI-Enhanced Tuoni Framework Targets Major US Real Estate Firm - Infosecurity Magazine
SH.ITJUST.WORKS — 19 Nov 2025
🕵️
New ShadowRay attacks convert Ray clusters into crypto miners
SH.ITJUST.WORKS — 19 Nov 2025
🕵️
Mate Emerges From Stealth Mode With $15.5 Million in Seed Funding
SECURITYWEEK.COM — 19 Nov 2025
🕵️
Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites - Infosecurity Magazine
SH.ITJUST.WORKS — 19 Nov 2025
🕵️
How KnowBe4 Uses AI Efficiently to Get the Best Results
KNOWBE4.COM — 19 Nov 2025
🕵️
Understanding vs Building LLMs
YOUTUBE.COM — 2025-11-19
🕵️
Amazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical Strikes
SECURITYWEEK.COM — 19 Nov 2025
🕵️
FIRESIDE CHAT: Edge AI moves onto the silicon layer, redefining how connected systems run
LASTWATCHDOG.COM — 19 Nov 2025
🕵️
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
INFOSEC.PUB — 19 Nov 2025
🕵️
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications
GBHACKERS.COM — 19 Nov 2025
🕵️
Microsoft Teams Adds Option to Report Misidentified Threat Messages
GBHACKERS.COM — 19 Nov 2025
🕵️
Nova Stealer Targets macOS Users, Swaps Legit Apps to Steal Crypto Wallets
GBHACKERS.COM — 19 Nov 2025
🕵️
News alert: Secure.com debuts AI-native ‘Digital Security Teammate’ to help lean security teams
LASTWATCHDOG.COM — 19 Nov 2025
🕵️
How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago
TECHCRUNCH.COM — 19 Nov 2025
🕵️
News alert: CredShields and Checkmarx partner to extend AppSec into Web3 and smart contracts
LASTWATCHDOG.COM — 19 Nov 2025
🕵️
Cutting Through AI Hype
YOUTUBE.COM — 2025-11-19
🕵️
PlushDaemon compromises network devices for adversary-in-the-middle attacks
WELIVESECURITY.COM — 19 Nov 2025
📡
Cloudflare blames this week's massive outage on database issues
BLEEPINGCOMPUTER.COM — 19 Nov 2025
📡
California man admits to laundering crypto stolen in $230M heist
BLEEPINGCOMPUTER.COM — 19 Nov 2025
📡
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
THEHACKERNEWS.COM — 19 Nov 2025
📡
Hacking Black Friday: using LLMs to save on the “sale of the year” | Kaspersky official blog
KASPERSKY.COM — 19 Nov 2025
📡
Security startup Guardio nabs $80M from ION Crossover Partners
TECHCRUNCH.COM — 19 Nov 2025
📡
Joint guidance on mitigating risks from bulletproof hosting providers
CYBER.GC.CA — 2025-11-19
📡
The Cloudflare Outage May Be a Security Roadmap
KREBSONSECURITY.COM — 19 Nov 2025
📡
The hidden risks in your DevOps stack data—and how to address them
BLEEPINGCOMPUTER.COM — 19 Nov 2025
📡
Unicode: It is more than funny domain names., (Wed, Nov 12th)
ISC.SANS.EDU — 19 Nov 2025
📡
Securing your network for the holidays
SOPHOS.COM — 19 Nov 2025
📡
Google Search is now using AI to create interactive UI to answer your questions
BLEEPINGCOMPUTER.COM — 19 Nov 2025
📡
Google's Gemini 3 is living up to the hype and creating games in one shot
BLEEPINGCOMPUTER.COM — 19 Nov 2025
📡
Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack
BLEEPINGCOMPUTER.COM — 19 Nov 2025
📡
Analysis of a Large-Scale DDoS Attack Against a Payment Processing Platform
F5.COM — 19 Nov 2025
📡
OpenAI says its latest GPT-5.1 Codex can code independently for hours
BLEEPINGCOMPUTER.COM — 19 Nov 2025
📡
Analysis of a Large-Scale DDoS Attack Against a Payment Processing Platform
F5.COM — 19 Nov 2025