🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
22 Nov KEVCISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-6175…THEHACKERNEWS.COM
22 Nov KEVCISA Issues Warning as Hackers Target Oracle Identity Manager RCE FlawThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Oracle vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that attackers are already exploiting it in real-world attacks. The bug, tracked as CVE-2025-61757, affects Oracle I…GBHACKERS.COM
22 NovMetasploit Releases New Exploit for Fresh FortiWeb 0-Day VulnerabilitiesRapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root privileges. CVE ID Vulnerabi…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 5[−]
22 NovFCC reversal removes federal cyber safeguards targeting telecom weaknesses post-Salt Typhoon attacksThe US federal government is rolling back mandates intended to protect critical infrastructure following the widespread Salt Typhoon attacks. The Federal Communication Commission (FCC) has reversed a January 2025 Declaratory Ruling requiring US telecom providers to adopt and cert…CSOONLINE.COM
22 Nov KEVCrowdStrike fired insider for sharing internal info with hacking groupCybersecurity company CrowdStrike fired a “suspicious insider” last month, according to a report from TechCrunch . The terminated worker allegedly provided information about the company’s internal systems to a prominent hacking group. The firing came to light after Scattered Laps…CSOONLINE.COM
22 NovHackers Use Salesforce Gainsight Breach to Access Data from More Than 200 CompaniesSalesforce has disclosed a significant security incident involving unauthorized access to customer data through compromised Gainsight-published applications. The breach, detected in mid-November 2025, potentially exposed sensitive information from over 200 organizations that use …GBHACKERS.COM
22 NovCox Enterprises discloses Oracle E-Business Suite data breachCox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. [...]BLEEPINGCOMPUTER.COM
22 NovPiecing Together the Puzzle: A Qilin Ransomware InvestigationHuntress analysts reconstructed a Qilin ransomware attack from a single endpoint, using limited logs to reveal rogue ScreenConnect access, failed infostealer attempts, and the ransomware execution path. The investigation shows how validating multiple data sources can uncover acti…BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 3[−]
22 NovUnderstanding Cybersecurity Threats: Insights from Intelligence ExpertsIn this episode of Cybersecurity Today, host Jim Love welcomes retired intelligence officer Neil Bisson and regular guest David Shipley for an in-depth discussion on current cybersecurity threats facing both Canada and the US. They explore the roles of major state actors like Chi…CYBERSECURITYTODAY.LIBSYN.COM
22 NovCrowdStrike Fires Employee for Leaking Internal System Info to HackersCybersecurity giant CrowdStrike has terminated an employee who allegedly shared sensitive internal system information with a notorious hacking collective. The incident involved the leak of internal screenshots posted on a public Telegram channel operated by the threat group known…GBHACKERS.COM
22 NovChina-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud ServicesThe China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time. "In the period from 2024 to 2025, the …THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 2[−]
22 NovMY TAKE: Carol Sturka declares ‘I Have Agency’ — Big Tech’s AI models now testing that claimIt was a tense moment in Episode 4 of Pluribus , the Apple TV series about a world linked by a single intelligence. Related: Mistaking pattern mastery for wisdom A character named Carol Sturka, surrounded by a seemingly benevolent collective … (more…) The post MY TAKE: Caro…LASTWATCHDOG.COM
22 NovCrowdStrike catches insider feeding information to hackerssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/crowdstrike-catches-insider-feeding-information-to-hackers/SH.ITJUST.WORKS
📡 INFOSEC NEWS 2[−]
22 NovMatrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing AttacksBad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. "This browser-native, fileless framework leverages push notifications, fake alerts, and link r…THEHACKERNEWS.COM
22 NovWhatsApp API flaw let researchers scrape 3.5 billion accountsResearchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. [...]BLEEPINGCOMPUTER.COM