105Articles
8Categories
2025-11-19Date
🚨 CISA KEV 2[−]
19 Nov KEVThe nexus of risk and intelligence: How vulnerability-informed hunting uncovers what everything else missesFor years, I watched organizations treat vulnerability data like a compliance chore. It was something to scan, sort and patch against deadlines. Yet buried in those reports is a treasure map of sorts, where an attacker is likely to strike first. In my previous red team and incide…CSOONLINE.COM
19 Nov KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-13223 Google Chromium V8 Type Confusion Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber ac…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
19 Nov KEVFortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the WildFortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. "An Improper Neutralization of Special Elements used in an OS Co…THEHACKERNEWS.COM
19 Nov KEVNew FortiWeb 0-Day Code Execution Flaw Actively ExploitedFortinet has disclosed a critical OS command injection vulnerability affecting multiple versions of FortiWeb that is currently being exploited in the wild. The flaw, tracked as CVE-2025-58034, allows authenticated attackers to execute unauthorized code on vulnerable systems throu…GBHACKERS.COM
19 Nov KEVFortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wildsubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2025/11/fortinet-warns-of-new-fortiweb-cve-2025.htmlSH.ITJUST.WORKS
19 NovHackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execu…THEHACKERNEWS.COM
19 NovCISA Alerts on Fortinet FortiWeb Vulnerability Exploited in Real-World AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical OS command injection vulnerability in Fortinet FortiWeb, warning that the flaw is actively being exploited in real-world attacks. The vulnerability, tracked as CVE-2025-580…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
19 NovCybersecurity Today: CloudFlare Outage, Microsoft's AI Risk, New Red Team Tool, and More!In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based E…CYBERSECURITYTODAY.LIBSYN.COM
19 NovBehind the firewall: The hidden struggles of cyber professionals with a disabilityProblem-solving is what cyber professionals do best, but one problem the industry has yet to solve is inclusion. Despite progress in diversity , research shows many professionals with disabilities or neurodivergent still face bias and challenges in the workplace. The UK’s Decrypt…CSOONLINE.COM
19 NovNew ShadowRay Exploit Targets Vulnerability in Ray AI Framework to Attack AI SystemsOligo Security researchers have uncovered an active global hacking campaign that leverages artificial intelligence to attack AI infrastructure. The operation, dubbed ShadowRay 2.0, exploits a known yet disputed vulnerability in Ray an open-source framework powering numerous AI sy…GBHACKERS.COM
19 NovEurofiber Data Breach – Hackers Exploited Vulnerability to Exfiltrate Users’ DataEurofiber France has disclosed a significant cybersecurity incident detected on November 13, 2025, involving a software vulnerability in its ticket management platform and customer portals. The breach resulted in unauthorized data exfiltration affecting multiple service brands an…GBHACKERS.COM
19 NovFortinet Discloses Second Exploited FortiWeb Zero-Day in a WeekAn OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovHealth and Wellness of the CISO as They Crack Under Pressure and Need a BISO to Scale - BSW #422It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security O…YOUTUBE.COM
19 NovServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order PromptsMalicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni, makes use of Now Ass…THEHACKERNEWS.COM
19 NovOvercome the myriad challenges of password management to bolster data protectionStrengthening the protection of confidential and sensitive data is currently a priority for 40% of chief security officers. [1] And both enterprises and small and mid-sized businesses have already made significant investments in authentication, access controls and identity and ac…CSOONLINE.COM
19 NovLegal Restrictions on Vulnerability DisclosureKendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure …SCHNEIER.COM
19 NovTwo-Year-Old Ray AI Framework Flaw Exploited in Ongoing CampaignThreat actors are exploiting a two-year-old vulnerability in the Ray AI framework in a fresh campaign that hit numerous clusters, Oligo reports. Maintained by Anyscale, Ray is an open source framework for scaling Python-based AI and ML applications. Ray clusters can be deployed i…SECURITYWEEK.COM
19 NovWrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers WorldwideA newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug by Security…THEHACKERNEWS.COM
19 NovCISA gives govt agencies 7 days to patch new Fortinet flawCISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks. [...]BLEEPINGCOMPUTER.COM
19 NovCISA Releases Guide to Mitigate Risks from Bulletproof Hosting ProvidersToday, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitiga…CISA.GOV
19 NovHidden API in Comet AI browser raises security red flags for enterprisesSquareX has disclosed a previously undocumented API within the Comet AI browser that allows its embedded extensions to execute arbitrary commands and launch applications — capabilities mainstream browsers intentionally block. According to a disclosure shared with CSO ahead of its…CSOONLINE.COM
19 NovNew WrtHug campaign hijacks thousands of end-of-life ASUS routersThousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. [...]BLEEPINGCOMPUTER.COM
19 NovBitcoin Core auditThe Open Source Technology Improvement Fund, Inc. mandated Quarkslab to perform the first public security audit of Bitcoin core , the reference open-source implementation of the Bitcoin decentralized protocol.QUARKSLAB.COM
19 NovPython-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian DevicesCybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. "It uses Internet Messag…THEHACKERNEWS.COM
19 NovW3 Total Cache WordPress plugin vulnerable to PHP command injectionA critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. [...]BLEEPINGCOMPUTER.COM
19 NovChinese PlushDaemon Hackers Exploit EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious ServersESET researchers have uncovered a sophisticated attack chain orchestrated by the China-aligned threat actor PlushDaemon, revealing how the group leverages a previously undocumented network implant, EdgeStepper, to conduct adversary-in-the-middle attacks. By compromising network d…GBHACKERS.COM
19 NovHackers Exploit Tuoni C2 Framework to Stealthily Deploy In-Memory PayloadsIn October 2025, Morphisec’s anti-ransomware prevention platform detected and neutralized a sophisticated cyberattack targeting a major U.S. real estate company. The campaign showcased the emerging threat posed by the Tuoni C2 framework a free, modular command-and-control t…GBHACKERS.COM
19 NovCredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec ProgramsSingapore, Singapore, November 19th, 2025, CyberNewsWire The collaboration advances enterprise grade application security into decentralized ecosystems, uniting Checkmarx’s AppSec expertise with Web3 specialization by CredShields. CredShields, a leading Web3 security firm, has pa…GBHACKERS.COM
19 NovResearchers discover security vulnerability in WhatsApp— Worldwide enumeration of accounts was possible due to a —now closed— privacy vulnerabilitysubmitted by Mod to cybersecurity 1 points | 0 comments https://www.univie.ac.at/en/news/detail/forscherinnen-entdecken-grosse-sicherheitsluecke-in-whatsapp IT-Security Researchers from the University of Vienna and SBA Research identified and responsibly disclosed a large-scale p…INFOSEC.PUB
19 NovResearchers discover security vulnerability in WhatsApp— Worldwide enumeration of accounts was possible due to a —now closed— privacy vulnerabilitysubmitted by Mod to cybersecurity 1 points | 0 comments https://www.univie.ac.at/en/news/detail/forscherinnen-entdecken-grosse-sicherheitsluecke-in-whatsapp IT-Security Researchers from the University of Vienna and SBA Research identified and responsibly disclosed a large-scale p…SH.ITJUST.WORKS
19 NovWhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platformResearchers have uncovered a WhatsApp privacy flaw that allowed them to discover the 3.5 billion mobile numbers using the app globally, and possibly infer the identities of some of the people behind them. WhatsApp vulnerabilities are not new, but the scale of the discovery by a c…CSOONLINE.COM
19 NovNews alert: SquareX exposes obscure AI browser flaw that gives extensions full access to user devicesPALO ALTO, Calif., Nov. 19, 2025, CyberNewswire — SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that … (more…) The po…LASTWATCHDOG.COM
19 NovIranian APT hacks helped direct missile strikes in Israel and the Red SeaCyber-related activities of two Iran-linked threat actors played key roles in subsequent high-profile missile strikes, according to Amazon’s Threat Intel team, which sees the incidents as indicative of increased use of cyber operations in support of kinetic attacks. “We believe t…CSOONLINE.COM
19 NovRisky Business #815 -- Anthropic's AI APT report is a big dealIn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Anthropic says a Chinese APT orchestrated attacks using its AI It’s a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild Turns out slashing CISA …RISKY.BIZ
📋 SECURITY BULLETINS 3[−]
19 NovCritical SolarWinds Serv-U Flaws Allow Remote Admin-Level Code ExecutionSolarWinds has released an urgent security update for its Serv-U file transfer software, patching three critical vulnerabilities that could enable attackers with administrative access to execute remote code on affected systems. The flaws, all rated 9.1 on the CVSS severity scale,…GBHACKERS.COM
19 Nov‘PlushDaemon’ hackers hijack software updates in supply-chain attacksThe China-aligned advanced persistent threat (APT) tracked as 'PlushDaemon' is hijacking software update traffic to deliver malicious payloads to its targets. [...]BLEEPINGCOMPUTER.COM
19 NovEdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software UpdatesThe threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks. EdgeStepper "redirects all DNS queries to an external, malicious hijacking node, effective…THEHACKERNEWS.COM
📢 SECURITY ADVISORIES 9[−]
19 NovMicrosoft Unveils Security Enhancements for Identity, Defense, ComplianceMicrosoft announced new security capabilities for Defender, Sentinel, Copilot, Intune, Purview, and Entra. The post Microsoft Unveils Security Enhancements for Identity, Defense, Compliance appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovNews alert: ‘Shopping Cart Inspect’ wins top award for stopping online payment skimming in real timeOREM, Utah, Nov. 18, 2025, CyberNewswire — Security Metrics , a leading innovator in compliance and cybersecurity, today announced that its Shopping Cart Inspect (SCI) solutions has been selected as winner of the “Data Leak Detection Solution of the Year” … (more…) The post…LASTWATCHDOG.COM
🔥 INCIDENT REPORTING 13[−]
19 Nov KEVAnthropic AI-powered cyberattack causes a stirAI ​​company Anthropic recently announced that companies worldwide have been attacked by an AI-powered cyber espionage campaign. It is purported to be the first publicly documented case of a cyberattack carried out by an AI model. According to the research report , around 30 orga…CSOONLINE.COM
19 NovNew .NET Malware Conceals Lokibot Inside PNG/BMP Files to Bypass DetectionRemote Access Trojans (RATs) and Trojan Stealers continue to dominate the threat landscape as some of the most prevalent malware families. To evade detection on compromised systems, these threats increasingly employ sophisticated crypters, loaders, and steganographic techniques t…GBHACKERS.COM
19 NovCloudflare Reveals Full Technical Explanation of Major Internet OutageCloudflare has released a comprehensive post-mortem analysis of a significant network outage that disrupted internet services globally on November 18, 2025. The incident, which began at 11:20 UTC and lasted several hours, affected millions of websites and applications relying on …GBHACKERS.COM
19 NovDatenpanne bei Eurofiber FranceDer TK-Anbieter Eurofiber France ist von Datendiebstahl betroffen. PixelBiss – shutterstock.com Der TK-Konzern Eurofiber Group hat sich auf die digitale Infrastruktur von Unternehmen spezialisiert und betreibt ein Glasfasernetz in den Niederlanden, Belgien, Frankreich und Deutsch…CSOONLINE.COM
19 NovMeet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHuntersAn in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. [...]BLEEPINGCOMPUTER.COM
19 NovFrench agency Pajemploi reports data breach affecting 1.2M peoplesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/french-agency-pajemploi-reports-data-breach-affecting-12m-people/SH.ITJUST.WORKS
19 NovRussian bulletproof hosting provider sanctioned over ransomware tiesToday, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations. [...]BLEEPINGCOMPUTER.COM
19 NovUS, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacksThe newly imposed sanctions target Russian-based web host Media Land, which officials say are linked to LockBit and BlackSuit ransomware attacks.TECHCRUNCH.COM
19 NovSecure.com Raises $4.5 Million for Agentic SecurityThe cybersecurity company has launched Digital Security Teammate (DST), AI agents that investigate, triage, and escalate incidents when needed. The post Secure.com Raises $4.5 Million for Agentic Security appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovAlleged Data Breach of NVIDIAsubmitted by kid to cybersecurity 2 points | 0 comments https://x.com/MonThreat/status/1991081806569885712SH.ITJUST.WORKS
19 NovObscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI BrowsersPalo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has impl…GBHACKERS.COM
19 NovThe Gentlemen” Ransomware Group Deploys Dual-Extortion Tactics, Encrypting and Exfiltrating DataCybereason Threat Intelligence Team has uncovered a sophisticated ransomware operation known as “The Gentlemen,” which emerged around July 2025 and quickly established itself as a formidable threat actor. Operating with a dual-extortion methodology, the group encrypts…GBHACKERS.COM
19 NovSingle Click on CAPTCHA Triggers Destructive Akira Ransomware Attack on Malicious WebsiteA sophisticated Akira ransomware attack orchestrated by the Howling Scorpius group recently left a global data storage and infrastructure company grappling with massive operational disruption all triggered by a single, seemingly innocent click on a website CAPTCHA. The compromise…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 30[−]
19 NovSneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address BarThe malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threa…THEHACKERNEWS.COM
19 NovIf I wish to explore the world of hacking, where do l begin ? I mean, it has to be with my own machine, correct ???submitted by TheracAriane to cybersecurity 2 points | 1 comments If I wish to explore the world of hacking, where do l begin ? I mean, it has to be with my own machine, correct ???SH.ITJUST.WORKS
19 NovISC Stormcast For Wednesday, November 19th, 2025 https://isc.sans.edu/podcastdetail/9706, (Wed, Nov 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 NovNew npm Malware Campaign Checks If Visitor Is a Victim or Researcher Before Initiating InfectionThe Socket Threat Research Team has uncovered a sophisticated npm malware campaign orchestrated by the threat actor dino_reborn, who deployed 7 malicious packages designed to distinguish genuine targets from security researchers before executing their payloads. This nuanced appro…GBHACKERS.COM
19 NovMicrosoft Adds Azure Firewall With AI-Powered Security CopilotMicrosoft has integrated Azure Firewall with its AI-powered Security Copilot platform, bringing natural language threat investigation capabilities to cloud network security teams. The new integration allows security analysts to investigate malicious network traffic using conversa…GBHACKERS.COM
19 NovNew Phishing Kit Using BitB Technique Targets Microsoft Accounts to Steal Credentials via Sneaky 2FA AttackThe cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated phishing techniques to bypass security controls and steal user credentials. Security researchers at Push Security have recently identified a concerning development in the Phishing-a…GBHACKERS.COM
19 NovMicrosoft Adds New Threat Briefing Agent Inside Defender PortalMicrosoft announced significant enhancements to its threat intelligence capabilities at Ignite 2025, including the full integration of the Threat Intelligence Briefing Agent into the Microsoft Defender portal. These updates aim to help security teams transition from reactive defe…GBHACKERS.COM
19 NovLargest Azure DDoS Attack Powered by Aisuru BotnetMicrosoft said the DDoS attack was aimed at an endpoint in Australia and reached 15.72 Tbps and 3.64 Bpps. The post Largest Azure DDoS Attack Powered by Aisuru Botnet appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovAI Is Supercharging Phishing: Here’s How to Fight BackAI has given cybercriminals the ability to operate like Fortune‑500‑scale marketing departments—except their product is account takeover, data theft, and identity fraud. The post AI Is Supercharging Phishing: Here’s How to Fight Back appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovAgent Access Control: Trust Zones🔐 Ready to revolutionize your data security? Join David Brauchler from NCC Group as he unveils the power of trust zones and access controls. Discover how to keep your digital assets safe and sound! Subscribe to our podcasts: https://securityweekly.com/subscribe #CyberSecurity #Da…YOUTUBE.COM
19 NovSelf-replicating botnet attacks Ray clusters • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/11/18/selfreplicating_botnet_ray_clusters/SH.ITJUST.WORKS
19 NovBonkers Bitcoin heist: 5-star hotels, cash-filled envelopes, vanishing funds - Ars Technicasubmitted by kid to cybersecurity 2 points | 0 comments https://arstechnica.com/information-technology/2025/11/bonkers-bitcoin-heist-5-star-hotels-cash-filled-envelopes-vanishing-funds/SH.ITJUST.WORKS
19 NovOur CIO on Why Security Must Be Built Into AI from Day OnePalo Alto Networks CIO shares how the company transformed IT and development with AI, emphasizing that security must be integrated from day one. The post Our CIO on Why Security Must Be Built Into AI from Day One appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
19 NovAI-Enhanced Tuoni Framework Targets Major US Real Estate Firm - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ai-tuoni-framework-targets-us-real/SH.ITJUST.WORKS
19 NovNew ShadowRay attacks convert Ray clusters into crypto minerssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-shadowray-attacks-convert-ray-clusters-into-crypto-miners/SH.ITJUST.WORKS
19 NovMate Emerges From Stealth Mode With $15.5 Million in Seed FundingThe cybersecurity startup will use the funds to expand its engineering team, extend collaborations, and get ready for enterprise rollout. The post Mate Emerges From Stealth Mode With $15.5 Million in Seed Funding appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovHalf a Million Stolen FTSE 100 Credentials Found on Criminal Sites - Infosecurity Magazinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/half-million-stolen-ftse-100/SH.ITJUST.WORKS
19 NovHow KnowBe4 Uses AI Efficiently to Get the Best ResultsUsing the right tool for the job is always better. Anyone who does DIY projects around the home knows how using the right tool can dramatically make the job you are doing far easier. Use the wrong tool, and that task suddenly becomes a burdensome nightmare.KNOWBE4.COM
19 NovUnderstanding vs Building LLMsExplore the intersection of AI and security with Steve Wilson from Exabeam! Discover how mastering the basics can lead to innovative and secure tech solutions. Whether you're a tech enthusiast or a professional, Steve's insights will empower you to harness technology's full poten…YOUTUBE.COM
19 NovAmazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical StrikesAmazon threat intelligence experts have documented two cases in which Iran leveraged hacking to prepare for kinetic attacks. The post Amazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical Strikes appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovFIRESIDE CHAT: Edge AI moves onto the silicon layer, redefining how connected systems runOne of the more surprising — and least visible — frontiers of artificial intelligence today is unfolding at the extreme edges of our hyper-connected systems. Related: AI adoption outpacing controls Think sensors in forests that detect illegal logging. Smart speakers … (more…LASTWATCHDOG.COM
19 NovA Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numberssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.wired.com/story/a-simple-whatsapp-security-flaw-exposed-billions-phone-numbers/INFOSEC.PUB
19 NovSeraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based ApplicationsTel Aviv, Israel, November 19th, 2025, CyberNewsWire Seraphic, the leader in enterprise browser security (SEB) and AI enablement, today announced native protection for Electron-based applications such as ChatGPT desktop, Teams, Slack, and more, becoming the first and only browser…GBHACKERS.COM
19 NovMicrosoft Teams Adds Option to Report Misidentified Threat MessagesMicrosoft Teams is rolling out a new feature that allows users to misreport messages flagged as security threats. The capability, rolling out by the end of November 2025, targets organizations using Microsoft Defender for Office 365 Plan 2 or Microsoft Defender XDR to improve thr…GBHACKERS.COM
19 NovNova Stealer Targets macOS Users, Swaps Legit Apps to Steal Crypto WalletsA sophisticated new macOS malware campaign dubbed “Nova Stealer” has emerged, targeting cryptocurrency users through an elaborate scheme that replaces legitimate wallet applications with malicious counterparts designed to harvest sensitive recovery phrases and wallet …GBHACKERS.COM
19 NovNews alert: Secure.com debuts AI-native ‘Digital Security Teammate’ to help lean security teamsLOS ANGELES and DUBAI, United Arab Emirates, Nov. 18, 2025 – Secure.com today announced the launch of Digital Security Teammate (DST), a new category of AI-native agents built to help security teams survive the largest operational crisis the industry has … (more…) The post …LASTWATCHDOG.COM
19 NovHow the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years agoThe story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the internet.TECHCRUNCH.COM
19 NovNews alert: CredShields and Checkmarx partner to extend AppSec into Web3 and smart contractsSINGAPORE, Nov. 19, 2025, CyberNewswire — The collaboration advances enterprise grade application security into decentralized ecosystems, uniting Checkmarx’s AppSec expertise with Web3 specialization by CredShields. CredShields , a leading Web3 security firm, has partnered with C…LASTWATCHDOG.COM
19 NovCutting Through AI HypeTrevor Horwitz exposes the reality of AI: "Too much hype, not enough truth." Dive into the real capabilities and challenge the over-promises. Subscribe to our podcasts: https://securityweekly.com/subscribe #AIReality #TechTalk #Innovation #AIInsights #TrevorHorwitz #TruthInTech #…YOUTUBE.COM
19 NovPlushDaemon compromises network devices for adversary-in-the-middle attacksESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacksWELIVESECURITY.COM
📡 INFOSEC NEWS 16[−]
19 NovCloudflare blames this week's massive outage on database issuesOn Tuesday, Cloudflare experienced its worst outage in 6 years, blocking access to many websites and online platforms for almost 6 hours after a change to database access controls triggered a cascading failure across its Global Network. [...]BLEEPINGCOMPUTER.COM
19 NovCalifornia man admits to laundering crypto stolen in $230M heistA 45-year-old from Irvine, California, has pleaded guilty to laundering at least $25 million stolen in a massive $230 million cryptocurrency heist. [...]BLEEPINGCOMPUTER.COM
19 NovApplication Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted SoftwareThe challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky…THEHACKERNEWS.COM
19 NovHacking Black Friday: using LLMs to save on the “sale of the year” | Kaspersky official blogWhen the sales hit, you might bag some serious bargains; however, you also have to watch out for unscrupulous vendors that just jack up prices. We're bringing AI into the mix and suggesting working prompts designed to unlock genuine value.KASPERSKY.COM
19 NovSecurity startup Guardio nabs $80M from ION Crossover PartnersGuardio is leveraging its experience building browser extensions and apps that scan for malicious and phishing sites to build a tool that looks for artifacts in code and websites made with vibe coding tools.TECHCRUNCH.COM
19 NovJoint guidance on mitigating risks from bulletproof hosting providersThis joint guidance provides recommendations to Internet service providers (ISPs) and network defenders to mitigate potential cybercriminal activity enabled by BPH providers.CYBER.GC.CA
19 NovThe Cloudflare Outage May Be a Security RoadmapAn intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say d…KREBSONSECURITY.COM
19 NovThe hidden risks in your DevOps stack data—and how to address themDevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups and fast recovery to secure your DevOps data. [...]BLEEPINGCOMPUTER.COM
19 NovUnicode: It is more than funny domain names., (Wed, Nov 12th)When people discuss the security implications of Unicode, International Domain Names (IDNs) are often highlighted as a risk. However, while visible and often talked about, IDNs are probably not what you should really worry about when it comes to Unicode. There are several issues …ISC.SANS.EDU
19 NovSecuring your network for the holidaysTips to better protect your network over extended breaks.SOPHOS.COM
19 NovGoogle Search is now using AI to create interactive UI to answer your questionsIn a move that could redefine the web, Google is testing AI-powered, UI-based answers for its AI mode. [...]BLEEPINGCOMPUTER.COM
19 NovGoogle's Gemini 3 is living up to the hype and creating games in one shotGoogle's Gemini 3 is finally here, and we're impressed with the results, but it still does not adhere to my requests as well as Claude Code. [...]BLEEPINGCOMPUTER.COM
19 NovSneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attackSneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving "customers" the option to launch highly deceptive attacks. [...]BLEEPINGCOMPUTER.COM
19 NovAnalysis of a Large-Scale DDoS Attack Against a Payment Processing PlatformThe two-wave attack reached a peak of 1.8 Tbps.F5.COM
19 NovOpenAI says its latest GPT-5.1 Codex can code independently for hoursOpenAI has started rolling out GPT 5.1-Codex-Max on Codex with a better performance on coding tasks. [...]BLEEPINGCOMPUTER.COM
19 NovAnalysis of a Large-Scale DDoS Attack Against a Payment Processing PlatformThe two-wave attack reached a peak of 1.8 Tbps.F5.COM