🚨 CISA KEV 1[−]
21 Nov KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-61757 Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
21 NovCritical Grafana Flaw Lets Attackers Escalate PrivilegesGrafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0 (Critical), affects Grafana…GBHACKERS.COM
21 NovChinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad MalwareSecurity researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated cyberattack campaign targeting Microsoft Windows Server Update Services (WSUS) infrastructure. The attackers are exploiting a critical remote code execution vulnerability tracked…GBHACKERS.COM
21 NovWindows Graphics Flaw Lets Hackers Take Over with Just One ImageSecurity researchers have identified a dangerous flaw in the Windows Graphics Component that enables attackers to seize complete control of computers using nothing more than a crafted image file. The vulnerability, tracked as CVE-2025-50165, represents a severe threat to Windows …GBHACKERS.COM
21 NovCritical Oracle Identity Manager Flaw Possibly Exploited as Zero-DayCVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
21 NovCritical Azure Bastion Vulnerability Lets Attackers Bypass Login and Gain Higher PrivilegesMicrosoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges to administrative levels with a single network request. The vulnerability, designated CVE-2025-49752, affects all Azur…GBHACKERS.COM
21 NovGrafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege EscalationGrafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cro…THEHACKERNEWS.COM
21 NovGrafana warns of max severity admin spoofing vulnerabilityGrafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. [...]BLEEPINGCOMPUTER.COM
21 Nov KEVCISA warns Oracle Identity Manager RCE flaw is being actively exploitedThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
21 NovSneaky2FA phishing tool adds ability to insert legit-looking URLsSince the introduction of multi-factor authentication (MFA), threat actors have been finding ways to get around what can be an effective defense against phishing attacks. In their latest move, those behind the Sneaky2FA phishing-as-a-service (PhaaS) kit have added browser-in-the-…CSOONLINE.COM
21 NovMajor CloudFlare Outages, Black Friday Phishing Surge, AI Privacy Breach at Ontario Hospital, and Salesforce Data Theft InvestigationIn this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. CloudFlare faced significant outages affecting major platforms like Amazon and YouTube, along with continued issues for Microsoft 365 users. NordVPN warned of a surge in fake shopp…CYBERSECURITYTODAY.LIBSYN.COM
21 NovSalesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth ActivitySalesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform. "Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app's connection," the com…THEHACKERNEWS.COM
21 NovRoot causes of security breaches remain elusive — jeopardizing resiliencePost-incident analysis remains a critical concern at most security organizations today. According to Foundry’s Security Priorities study, 57% of security leaders report their organization struggled to find the root cause of security incidents experienced in the past year, leaving…CSOONLINE.COM
21 NovSalesforce Confirms Customer Data Was Exposed in Gainsight BreachSalesforce has identified unusual activity involving applications published by Gainsight that are connected to the Salesforce platform. The company’s investigation revealed that this suspicious activity resulted in unauthorized access to specific customer data stored in Sal…GBHACKERS.COM
21 NovClop Ransomware Claims Oracle Breach Using E-Business Suite 0-DayThe notorious Clop ransomware gang, also known as Graceful Spider, has listed Oracle Corporation on its dark web leak site, claiming to have successfully breached the technology giant’s internal systems. This alarming development represents a significant escalation in the g…GBHACKERS.COM
21 NovRansomware Attacks Poised to Hit Retailers Hard This Holiday SeasonThe holiday shopping rush has always been the retail industry’s busiest and riskiest time of year. As e-commerce traffic, in-store digital systems, and supply-chain automation have evolved, so too have attackers. The weeks surrounding Black Friday and Cyber Monday now repre…GBHACKERS.COM
21 NovSalesforce Instances Hacked via Gainsight IntegrationsThe infamous ShinyHunters hackers have targeted customer-managed Gainsight-published applications to steal data from Salesforce instances. The post Salesforce Instances Hacked via Gainsight Integrations appeared first on SecurityWeek .SECURITYWEEK.COM
21 NovSquareX and Perplexity Quarrel Over Alleged Comet Browser VulnerabilitySquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake. The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
21 NovRansomware gangs find a new hostage: Your AWS S3 bucketsCybersecurity researchers have issued fresh warnings about ransomware operators shifting their focus from traditional on-premises targets to cloud storage services, especially S3 buckets used by Amazon Web Services (AWS). A recent Trend Micro report outlined a new wave of attacks…CSOONLINE.COM
21 NovSonicWall Patches High-Severity Flaws in Firewalls, Email Security ApplianceThe vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories. The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first on SecurityWeek .SECURITYWEEK.COM
21 NovOAuth token compromise hits Salesforce ecosystem again, Gainsight impactedSalesforce has disclosed yet another security incident involving unauthorized access to customer data through compromised third-party applications, this time implicating Gainsight-published apps connected to its platform through OAuth integrations. Salesforce said it detected unu…CSOONLINE.COM
21 NovSalesforce flags another third-party security incident • The Registersubmitted by kid to cybersecurity 2 points | 0 comments https://www.theregister.com/2025/11/20/salesforce_gainsight_breachSH.ITJUST.WORKS
21 Nov KEVHow to turn threat intel into real security winsSecurity leaders aren’t short of data, they’re short of decisions. Here’s how to turn threat feeds into an operating model that measurably reduces loss, accelerates response and earns board confidence. The problem isn’t data, it’s conversion Modern security operations centres ing…CSOONLINE.COM
21 NovNorth Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day ExploitsNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an u…GBHACKERS.COM
21 NovHackers Adopt Matrix Push C2 for Browser-Based Malware and Phishing AttacksA new breed of browser-based cyberattack is sweeping the threat landscape, as BlackFog researchers have uncovered. Dubbed Matrix Push C2, this command-and-control framework arms cybercriminals with the means to launch fileless malware and phishing campaigns that exploit web brows…GBHACKERS.COM
21 NovClop Ransomware Claims Broadcom Breach Through E-Business Suite 0-DayThe notorious Cl0p ransomware gang has publicly claimed responsibility for breaching Broadcom, a leading semiconductor and infrastructure software company. According to threat intelligence sources, the attackers exploited an unpatched zero-day vulnerability in Oracle E-Business S…GBHACKERS.COM
21 NovFrom code to boardroom: A GenAI GRC approach to supply chain riskI know the pressure chief information security officers face right now. We spent years hardening our own perimeter, then a few more managing the third-party vendor risk. Now, we are facing an existential threat from the fourth, fifth and nth parties in a supply chain that’s quiet…CSOONLINE.COM
21 NovGoogle says hackers stole data from 200 companies following Gainsight breachNotorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.TECHCRUNCH.COM
21 NovCloud Security Shock: How Hackers Exploit AWS Features!In today's digital landscape, cloud security is more crucial than ever. Doug White dives into how cloud malware is exploiting native features to appear legitimate, leveraging powerful tools like AWS encryption. Are you truly safe in the cloud? Discover the hidden risks and ensure…YOUTUBE.COM
21 NovMercedes F1 Team Principal Toto Wolff Sells 15% Stake to CrowdStrike CEO George KurtzCrowdStrike became a global partner of Mercedes’ F1 team in 2019, but Kurtz’s purchase into the ownership group was his personally. The post Mercedes F1 Team Principal Toto Wolff Sells 15% Stake to CrowdStrike CEO George Kurtz appeared first on SecurityWeek .SECURITYWEEK.COM
21 NovRisky Biz Soap Box: Greynoise knows when bad bugs are comingIn this sponsored Soap Box edition of the podcast, Andrew Morris joins Patrick Gray to talk about how Greynoise can often get a 90 day heads up on serious vulnerabilities. Whether it’s malicious actors doing reconnaissance or the affected vendors trying to understand the scope of…RISKY.BIZ
📋 SECURITY BULLETINS 1[−]
21 NovNvidia confirms October Windows updates cause gaming issuesNvidia has confirmed that last month's security updates are causing gaming performance issues on Windows 11 24H2 and Windows 11 25H2 systems. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 5[−]
21 NovRecognizing and responding to cyber threats: What differentiates NDR, EDR and XDRThe constantly growing number of acronyms in cyber security makes it difficult to maintain an overview and compare individual technologies. One example is the three closely related technologies for threat detection: network detection and response (NDR), endpoint detection and res…CSOONLINE.COM
21 NovIn Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA HiringOther noteworthy stories that might have slipped under the radar: surge in Palo Alto Networks scanning, WEL Companies data breach impacts 120,000 people, AI second-order prompt injection attack. The post In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring …SECURITYWEEK.COM
🔥 INCIDENT REPORTING 6[−]
21 NovAPT24 Deploys New BadAudio Malware, Hijacks Legitimate Public Sites to Launch AttacksThe Google Threat Intelligence Group (GTIG) has unveiled a sophisticated three-year cyber espionage campaign orchestrated by APT24, a China-nexus threat actor, targeting organizations primarily in Taiwan through the deployment of BADAUDIO malware and strategic web compromises. AP…GBHACKERS.COM
21 NovAI as CyberattackerFrom Anthropic : In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree—using AI not just as an advisor, but to ex…SCHNEIER.COM
21 NovAPT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ DomainsA China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign. "While earlier operations relied on broad strategic web compr…THEHACKERNEWS.COM
21 NovLayered Defense: Proactive & ReactiveDive into the world of cybersecurity with Rob Allen! Discover how layered defense strategies can outsmart even the sneakiest threats. Are you ready to protect your data like a pro? Subscribe to our podcasts: https://securityweekly.com/subscribe #CyberSavvy #LayeredDefense #Ransom…YOUTUBE.COM
21 Nov'Scattered Spider' teens plead not guilty to UK transport hackTwo British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of pounds in damage and exposed customer data. [...]BLEEPINGCOMPUTER.COM
21 NovCrowdStrike fires ‘suspicious insider’ who passed information to hackersCybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 25[−]
21 NovISC Stormcast For Friday, November 21st, 2025 https://isc.sans.edu/podcastdetail/9710, (Fri, Nov 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 NovSchatten-IT: Viele Fachkräfte nutzen KI ohne ErlaubnisSchatten-KI in Unternehmen birgt erhebliche Risiken. phloxii – shutterstock.com Immer mehr Fachkräfte in den sogenannten MINT-Berufen setzen Künstliche Intelligenz (KI) am Arbeitsplatz ohne die Genehmigung des Arbeitgebers ein. MINT steht für Mathematik, Informatik, Naturwissensc…CSOONLINE.COM
21 NovOperation DreamJob Attacks on Manufacturing via WhatsApp WebOperation DreamJob, a longstanding North Korean cyberespionage campaign, has once again demonstrated its lethal effectiveness by targeting manufacturing organizations through deceptive job-related messages delivered via WhatsApp Web. In August 2025, Orange Cyberdefense’s Cy…GBHACKERS.COM
21 NovRunlayer Emerges From Stealth Mode With $11 Million in FundingThe company has operated in stealth mode for four months and has signed dozens of customers, including eight unicorns. The post Runlayer Emerges From Stealth Mode With $11 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
21 NovChinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain AttacksAPT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads. The post Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
21 NovTamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/11/tamperedchef-malware-spreads-via-fake.htmlSH.ITJUST.WORKS
21 NovHackerangriff auf Music Storesrcset="https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2698414907.jpg?quality=50&strip=all 4080w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2698414907.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
21 NovNew SonicWall SonicOS flaw allows hackers to crash firewallssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-sonicwall-sonicos-flaw-allows-hackers-to-crash-firewalls/SH.ITJUST.WORKS
21 NovSolarWinds Patches Three Critical Serv-U Vulnerabilities - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/solarwinds-patches-three-critical-serv-u-vulnerabilities/SH.ITJUST.WORKS
21 NovNew Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devicessubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/11/new-sturnus-android-trojan-quietly.htmlSH.ITJUST.WORKS
21 NovOver 370 Organizations Take Part in GridEx VIII Grid Security ExerciseThe number of participants in the cyber and physical grid security exercise increased by nearly 50% compared to two years ago. The post Over 370 Organizations Take Part in GridEx VIII Grid Security Exercise appeared first on SecurityWeek .SECURITYWEEK.COM
21 NovHacker claims to steal 2.3TB data from Italian rail group, Almavivasubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/hacker-claims-to-steal-23tb-data-from-italian-rail-group-almaviva/SH.ITJUST.WORKS
21 NovReport: Deepfake Attacks Are on the RiseA new report from Entrust warns of an increase in deepfake attacks, which now account for one in five biometric fraud attempts. Additionally, instances of deepfaked selfies have increased by 58% over the past year.KNOWBE4.COM
21 NovXillen Stealer: Advanced Features Bypass AI Detection and Steal Password Manager DataThe Python-based information-stealing tool Xillen Stealer has reached versions 4 and 5, significantly expanding its targeting capabilities and functionality across platforms. Documented initially by Cyfirma in September 2025, this cross-platform infostealer targets sensitive data…GBHACKERS.COM
21 NovAI-Driven Obfuscated Malicious Apps Bypassing Antivirus Detection to Deliver Malicious PayloadsCybersecurity researchers have identified a sophisticated malware campaign leveraging artificial intelligence to enhance obfuscation techniques, enabling malicious applications to circumvent traditional antivirus detection systems. The threat actors behind the campaign are distri…GBHACKERS.COM
21 NovDark Web Job Market Evolved – Prioritizes Practical Skills Over Formal EducationThe underground labor market has undergone a significant transformation. According to new research analyzing 2,225 job-related posts collected from shadow forums between January 2023 and June 2025. The dark web job market now emphasizes practical skills and real-world experience …GBHACKERS.COM
21 NovWindows 11 to Prevent BSOD Error Messages from Showing PubliclyMicrosoft has announced a significant Windows 11 update that will prevent the Blue Screen of Death (BSOD) and other system error messages from appearing on public-facing screens. The new feature, called Digital Signage mode, addresses a critical business continuity challenge face…GBHACKERS.COM
21 NovUNC2891 Hackers Use Raspberry Pi and Fake Cards to Steal ATM CashA secretive cybercrime group called UNC2891 has been quietly draining ATMs across Southeast Asian banks for years, using an ingenious combination of custom malware and hidden hardware. Recent research from Group-IB reveals how this financially motivated threat actor has maintaine…GBHACKERS.COM
21 NovThe Tsundere botnet uses the Ethereum blockchain to infect its targetssubmitted by kid to cybersecurity 1 points | 0 comments https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/SH.ITJUST.WORKS
21 NovCrowdStrike catches insider feeding information to hackersAmerican cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with unnamed threat actors. [...]BLEEPINGCOMPUTER.COM
21 NovAI-Driven Personalized InterventionsDive into the future of content generation with Nicole Jiang! Discover how AI-driven personalized interventions are transforming the way we interact and respond to emerging threats. Subscribe to our podcasts: https://securityweekly.com/subscribe #ContentGeneration #Innovation #Pe…YOUTUBE.COM
21 NovMicrosoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive yearWe’re happy to share that Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year. The post Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year ap…MICROSOFT.COM
21 NovMore on Rewiring DemocracyIt’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good. Some of the book’s forty-three chapters are available online: chapters 2 , 12 , 28 , 34 , 38 , and 41 . We nee…SCHNEIER.COM
21 NovFriday Squid Blogging: New “Squid” SneakerI did not know Adidas sold a sneaker called “ Squid .” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
21 NovEmoticons, Sonicwall, Global Protect, Pop ups, WhatsApp, 7Zip, Roblox, Josh Marpet - SWN #531Emoticons, Sonicwall, Global Protect, Pop-ups, WhatsApp, 7Zip, Roblox, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-531YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
21 NovSEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity ScrutinyThe U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed…THEHACKERNEWS.COM
21 NovSyncro + Lovable: RAT delivery via AI-generated websites | Kaspersky official blogAttackers are building fake websites with Lovable and using these to distribute a trojanized version of the Syncro remote access tool (RAT).KASPERSKY.COM
📡 INFOSEC NEWS 8[−]
21 NovUse of CSS stuffing as an obfuscation technique?, (Fri, Nov 21st)From time to time, it can be instructive to look at generic phishing messages that are delivered to one's inbox or that are caught by basic spam filters. Although one usually doesn't find much of interest, sometimes these little excursions into what should be a run-of-the…ISC.SANS.EDU
21 NovWhy IT Admins Choose Samsung for Mobile SecurityEver wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have. Mobile devices are essential for modern work—but with mobility comes risk. IT admins, like you, juggle protecting sensitive data while keeping teams productive. That’s why m…THEHACKERNEWS.COM
21 NovGoogle begins showing ads in AI Mode (AI answers)Google has started rolling out ads in AI mode, which is the company's "answer engine," not a search engine. [...]BLEEPINGCOMPUTER.COM
21 NovGoogle Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened SecurityIn a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices. The cross-platform sharing fe…THEHACKERNEWS.COM
21 NovDespite Chinese hacks, Trump’s FCC votes to scrap cybersecurity rules for phone and internet companiesTwo Trump-appointed FCC officials voted to undo the telecom industry's cybersecurity rules. One Democratic commissioner dissented, saying the decision leaves the United States "less safe" at a time when threats are increasing.TECHCRUNCH.COM
21 NovAvast Makes AI-Driven Scam Defense Available for Free WorldwideAvast is rolling out Scam Guardian, a free AI-powered protection layer that analyzes websites, messages, and links to detect rising scam threats. Powered by Gen Threat Labs data, it reveals hidden dangers in code and adds 24/7 scam guidance through the Avast Assistant. [...]BLEEPINGCOMPUTER.COM
21 NovFCC rolls back cybersecurity rules for telcos, despite state-hacking risksThe Federal Communications Commission (FCC) has rolled back a previous ruling that required U.S. telecom carriers to implement stricter cybersecurity measures following the massive hack from the Chinese threat group known as Salt Typhoon. [...]BLEEPINGCOMPUTER.COM
21 NovMicrosoft: Out-of-band update fixes Windows 11 hotpatch install loopMicrosoft has released an out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly. [...]BLEEPINGCOMPUTER.COM