🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
24 NovShadowPad Malware Actively Exploits WSUS Vulnerability for Full System AccessA recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Securi…THEHACKERNEWS.COM
24 NovPoC Published for W3 Total Cache Flaw Exposing 1M+ Sites to RCESecurity researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins with over one million active installations. The flaw, tracked as CVE-2025-9501, allows attack…GBHACKERS.COM
24 NovvLLM Flaw Allows Remote Code Execution Through Malicious PayloadsA high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent …GBHACKERS.COM
24 Nov KEVOracle OIM zero‑day: Pre‑auth RCE forces rapid patching across enterprisesThe Cybersecurity and Infrastructure Security Agency (CISA) has flagged a pre-authenticated, critical remote code execution flaw in Oracle Identity Manager (OIM), noting that it has been actively exploited, and added it to its Known Exploited Vulnerabilities (KEV) catalog. The fl…CSOONLINE.COM
24 Nov KEVCISA Confirms Exploitation of Recent Oracle Identity Manager VulnerabilityCISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
24 NovNVIDIA Isaac-GROOT Flaws Let Attackers Inject Malicious CodeNVIDIA has released security updates addressing two critical code injection vulnerabilities in its Isaac-GR00T robotics software platform. The flaws could allow attackers with local system access to execute arbitrary code, escalate privileges, and tamper with sensitive data, pote…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 25[−]
24 NovThe CISO’s greatest risk? Department leaders quittingIt’s a familiar refrain: too much work and not enough compensation and recognition. Yet, while CISOs have seen their role grow in prominence and responsibility , the same cannot be said of functional security leaders who are being asked to do more — but are not reaping the benefi…CSOONLINE.COM
24 NovAligning teams for effective remediation, Anthropic's latest report, and the news - ESW #434Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity’s 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lea…YOUTUBE.COM
24 NovIberia Airlines Hit by Data Breach Exposing Customer Personal DetailsIberia Líneas Aéreas de España has disclosed a significant security incident involving unauthorized access to systems operated by an external service provider. The breach has exposed sensitive personal information belonging to the airline’s customers, including names, email…GBHACKERS.COM
24 NovCritical 7 Zip Vulnerability With Public Exploit Requires Manual Update – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and Moresubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/7-zip-vulnerability-public-exploit-manual-update/SH.ITJUST.WORKS
24 NovCritical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privilegessubmitted by kid to cybersecurity 3 points | 0 comments https://cybersecuritynews.com/azure-bastion-vulnerability/SH.ITJUST.WORKS
24 NovGrafana warns of max severity admin spoofing vulnerabilitysubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/grafana-warns-of-max-severity-admin-spoofing-vulnerability/SH.ITJUST.WORKS
24 NovJPMorgan, Citi, Morgan Stanley assess fallout from SitusAMC data breachJPMorgan Chase, Citi, and Morgan Stanley are among the major US banks assessing potential customer data exposure following a cyberattack on SitusAMC, a third-party vendor that processes residential mortgage data for hundreds of financial institutions. The New York-based company d…CSOONLINE.COM
24 Nov KEVCISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerabilitysubmitted by kid to cybersecurity 5 points | 0 comments https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.htmlSH.ITJUST.WORKS
24 Nov⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & MoreThis week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast…THEHACKERNEWS.COM
24 NovInvisible battles: How cybersecurity work erodes mental health in silence and what we can do about itThe attacker never sleeps and neither do you. At least, that’s how it feels when your job is to stay one step ahead of someone whose only job is to break things. Cybersecurity isn’t just a technical domain. It’s psychological warfare. And for the defenders on the front lines, tha…CSOONLINE.COM
24 NovHarvard University discloses data breach affecting alumni, donorsHarvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members. [...]BLEEPINGCOMPUTER.COM
24 NovConflicts between URL mapping and URL based access control., (Mon, Nov 24th)We continue to encounter high-profile vulnerabilities that relate to how URL mapping (or "aliases") interac&#;x26;#;x5c;&#;x26;#;x7c;zsh:1: parse error near &#;x26;#;x60;&#;x26;&…ISC.SANS.EDU
24 NovCrowdStrike Insider Helped Hackers Falsely Claim System BreachThe company has confirmed that it terminated an insider who shared screenshots of his computer with cybercriminals. The post CrowdStrike Insider Helped Hackers Falsely Claim System Breach appeared first on SecurityWeek .SECURITYWEEK.COM
24 NovWhat keeps CISOs awake at night — and why Zurich might hold the cureSleepless nights in cybersecurity When I attended the Global Cyber Conference 2025 in Zurich last week, I expected world-class keynotes and sharp panel debates. What I didn’t expect were so many conversations about sleep. Or rather, the absence of it. The exhaustion was palpable …CSOONLINE.COM
24 NovNew Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure IntrusionsCybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path trav…THEHACKERNEWS.COM
24 NovTracking RondoDox: Malware Exploiting Many IoT VulnerabilitiesOver a Dozen Exploits Used to Target IoT DevicesF5.COM
24 NovReal-estate finance services giant SitusAMC breach exposes client dataSitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. [...]BLEEPINGCOMPUTER.COM
24 NovSpyware Allows Cyber Threat Actors to Target Users of Messaging ApplicationsCISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps). 1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a vi…CISA.GOV
24 NovIs Your Android TV Streaming Box Part of a Botnet?On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But se…KREBSONSECURITY.COM
24 NovAligning teams for effective remediation, Anthropic's latest report, and the news - ESW #434Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity’s 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lea…YOUTUBE.COM
24 NovHackers Leveraging WhatsApp to Silently Harvest Logs and Contact DetailsSecurity researchers at K7 Labs have uncovered a sophisticated phishing campaign targeting Brazilian users that exploits WhatsApp Web to distribute malware and steal sensitive financial information. The attack leverages open-source WhatsApp automation scripts combined with bankin…GBHACKERS.COM
24 NovAttackers Swap ‘m’ with ‘rn’ in Microsoft.com to Trick UsersA sophisticated phishing campaign is currently exploiting a subtle typographical illusion to deceive users into surrendering sensitive login credentials. Cybercriminals have registered the domain “rnicrosoft.com,” strategically replacing the letter ‘m’ wit…GBHACKERS.COM
24 NovA Vulnerability in SonicOS Could Allow for Denial of Service (DoS)A vulnerability has been discovered SonicOS, which could allow for Denial of Service (DoS). SonicOS is the operating system that runs on SonicWall's network security appliances, such as firewalls. Successful exploitation of this vulnerability could allow a remote unauthenticated …CISECURITY.ORG
24 NovMultiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. De…CISECURITY.ORG
24 NovTracking RondoDox: Malware Exploiting Many IoT VulnerabilitiesOver a dozen exploits were used to target IoT devices.F5.COM
📢 SECURITY ADVISORIES 11[−]
24 NovCheckout.com Takes a Bold Stance, SolarWinds Case Dismissed, and FCC Reverses MandateIn this episode, host David Shipley discusses some of the most pressing issues in cybersecurity today. Checkout.com refuses to pay a ransom to cyber extortion group Shiny Hunters and instead donates to cybersecurity research. The U.S. SEC ends its long-standing case against Solar…CYBERSECURITYTODAY.LIBSYN.COM
24 NovChinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or UyghursNew research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. "We found that when DeepSeek-R1 receives pr…THEHACKERNEWS.COM
24 NovMicrosoft to remove WINS support after Windows Server 2025Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034. [...]BLEEPINGCOMPUTER.COM
24 NovSCCM and WSUS in a Hybrid World: Why It’s Time for Cloud-native PatchingHybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1's cloud-native patching keeps devices updated from any location, strengthening compliance and security. [...]BLEEPINGCOMPUTER.COM
24 NovCrowdStrike Researchers Identify Hidden Vulnerabilities in AI-Coded Softwaresubmitted by kid to cybersecurity 4 points | 0 comments https://www.crowdstrike.com/en-us/blog/crowdstrike-researchers-identify-hidden-vulnerabilities-ai-coded-software/ …we found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely co…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 13[−]
24 Nov146,000 Impacted by Delta Dental of Virginia Data BreachNames, Social Security numbers, ID numbers, and health information were stolen from a compromised email account. The post 146,000 Impacted by Delta Dental of Virginia Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
24 NovSpanish Airline Iberia Notifies Customers of Data BreachThe company has notified its customers of the incident roughly a week after a threat actor claimed the theft of 77GB of data from Iberia’s systems. The post Spanish Airline Iberia Notifies Customers of Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
24 NovZapier’s NPM Account Hacked, Multiple Packages Infected with MalwareZapier’s NPM account has been successfully compromised, leading to the injection of the Shai Hulud malware into 425 packages currently distributed across the npm ecosystem. The attack represents a significant supply chain threat, with the affected packages collectively gene…GBHACKERS.COM
24 NovAI: End of Cybersecurity?Can AI truly end cybersecurity threats? Dive into the discussion on how AI might transform the landscape by fixing software flaws and making breaches rare. What are your thoughts? Subscribe to our podcasts: https://securityweekly.com/subscribe #AIRevolution #Innovation #TechTrend…YOUTUBE.COM
24 NovCox Enterprises discloses Oracle E-Business Suite data breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cox-enterprises-discloses-oracle-e-business-suite-data-breach/SH.ITJUST.WORKS
24 NovMazda Says No Data Leakage or Operational Impact From Oracle HackThe Cl0p ransomware group has listed Mazda and Mazda USA as victims of the Oracle EBS campaign on its leak website. The post Mazda Says No Data Leakage or Operational Impact From Oracle Hack appeared first on SecurityWeek .SECURITYWEEK.COM
24 NovSecond Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential TheftMultiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports fro…THEHACKERNEWS.COM
24 NovIberia discloses customer data leak after vendor security breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/iberia-discloses-customer-data-leak-after-vendor-security-breach/SH.ITJUST.WORKS
24 NovMicrosoft Highlights Security Risks Introduced by New Agentic AI FeatureWithout proper security controls, AI agents could perform malicious actions, such as data exfiltration and malware installation. The post Microsoft Highlights Security Risks Introduced by New Agentic AI Feature appeared first on SecurityWeek .SECURITYWEEK.COM
24 NovAWS S3-Buckets im Visier von Ransomware-BandenRansomware-Banden haben ihren Fokus von traditionellen lokalen Zielen auf Cloud-Speicherdienste und insbesondere Amazon S3 verlagert. ImageFlow – shutterstock.com Ein aktueller Bericht von Trend Micro beschreibt eine neue Welle von Angriffen, bei denen Angreifer Cloud-native Vers…CSOONLINE.COM
24 NovUS banks scramble to assess data theft after hackers breach financial tech firmU.S. banking giants including JPMorgan Chase, Citi, and Morgan Stanley are working to identify what data was stolen in a recent cyberattack on a New York financial firm.TECHCRUNCH.COM
24 NovElephant Group Launches Defense Sector Attacks Using MSBuild-Delivered Python BackdoorAn India-aligned advanced persistent threat group known as Dropping Elephant has launched sophisticated cyberattacks against Pakistan’s defense sector using a newly developed Python-based backdoor delivered through an MSBuild dropper. The campaign demonstrates significant e…GBHACKERS.COM
24 NovAPT35 Data Leak Uncovers the Iranian Hacker Group’s Operations and TacticsIn October 2025, a significant breach exposed internal operational documents from APT35, also known as Charming Kitten, revealing that the Iranian state-sponsored group operates as a bureaucratized, quota-driven cyber-espionage unit with hierarchical command structures, performan…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 16[−]
24 NovISC Stormcast For Monday, November 24th, 2025 https://isc.sans.edu/podcastdetail/9712, (Mon, Nov 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 NovCox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged VictimsMore than 1.6 Tb of data allegedly stolen from Cox was made public by the hackers. The post Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims appeared first on SecurityWeek .SECURITYWEEK.COM
24 NovLLMs Tools Like GPT-3.5-Turbo and GPT-4 Fuel the Development of Fully Autonomous MalwareThe rapid proliferation of large language models has transformed how organizations approach automation, coding, and research. Yet this technological advancement presents a double-edged sword: threat actors are increasingly exploring how to weaponize these tools for creating next-…GBHACKERS.COM
24 NovMalicious PyPI Package Used by Hackers to Steal Users’ Crypto InformationCybersecurity researchers have uncovered a sophisticated supply-chain attack targeting Python developers through a malicious package distributed via the Python Package Index (PyPI). The malicious package, named “spellcheckers,” contains a multi-layered encrypted backd…GBHACKERS.COM
24 NovNew EtherHiding Technique Uses Web Attacks to Deploy Malware and Rotate PayloadsA new era of web-delivered malware has arrived with EtherHiding, a technique that fundamentally reshapes how attackers distribute and rotate malicious payloads. Unlike traditional threats that rely on static staging servers or disposable redirect chains, EtherHiding leverages sma…GBHACKERS.COM
24 NovNorth Korean Scam Job Platform Targets U.S. AI DevelopersA sophisticated new variant of the North Korean-linked Contagious Interview campaign has emerged, featuring an unprecedented level of polish and technical sophistication designed to compromise job-seeking AI developers, software engineers, and cryptocurrency professionals. Unlike…GBHACKERS.COM
24 NovTenda N300 Flaws Allow Attackers to Run Commands as RootHigh command injection vulnerabilities have been discovered in Tenda’s N300 Wi-Fi 4G LTE Router and the 4G03 Pro model, allowing authenticated attackers to execute arbitrary commands with root privileges on affected devices. With no patches currently available from the manu…GBHACKERS.COM
24 NovToddyCat APT Targeting Internal Employee Communications at OrganizationsAdvanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organ…GBHACKERS.COM
24 NovPython-Based Malware Enables Stealthy Process Injection into Legitimate Windows BinariesK7 Labs researchers have identified a sophisticated Python-based malware sample employing multi-stage obfuscation and process injection techniques to achieve stealthy persistence on Windows systems. The malware reconstructs a 65 MB blob, with the bulk consisting of filler content…GBHACKERS.COM
24 NovIACR Nullifies Election Because of Lost Decryption KeyThe International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”) and Eurocrypt since the 1980s—had to nullify an online elect…SCHNEIER.COM
24 NovLinux 6.18-rc7 Released With New Bug Fixes and Driver UpdatesThe Linux kernel development team has released version 6.18-rc7, marking another step toward the final 6.18 release expected next weekend. According to kernel maintainer Linus Torvalds, the release cycle remains on track despite a minor setback in the previous version that requir…GBHACKERS.COM
24 NovJPMorgan, Citi, Morgan Stanley client data may be exposed by vendor's hack, NYT reportssubmitted by kid to cybersecurity 2 points | 1 comments https://www.reuters.com/business/finance/major-banks-including-jpmorgan-citi-warned-data-exposure-after-hack-nyt-reports-2025-11-23/SH.ITJUST.WORKS
24 NovMicrosoft's Limitations in Non-Employee ManagementDiscover how Microsoft serves as a foundational partner, yet struggles with non-employee management and SIAM. Joel Burleson-Davis dives into the critical need for protecting patient records and the risks of shared passwords. Subscribe to our podcasts: https://securityweekly.com/s…YOUTUBE.COM
24 NovClickFix attack uses fake Windows Update screen to push malwareNew ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. [...]BLEEPINGCOMPUTER.COM
24 NovAutomating Cryptographic InventoryDiscover the future of cryptographic inventory with Sandy Carielli! From spreadsheets to automation, learn how new tools are revolutionizing the way we manage data. Subscribe to our podcasts: https://securityweekly.com/subscribe #Cryptography #TechInnovation #DataSecurity #Automa…YOUTUBE.COM
24 NovElite Cyber Veterans Launch Blast Security with $10M to Turn Cloud Detection into PreventionTel Aviv, Israel, November 24th, 2025, CyberNewsWire Blast is introducing a new operating model for cloud security with a first-of-its-kind Preemptive Cloud Defense Platform, replacing reactive response with continuous prevention. Blast Security, a cybersecurity startup founded b…GBHACKERS.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
24 NovOperation Endgame disrupts Rhadamanthys information-stealing malwareInternational cybercrime-fighting agencies, co-ordinated by Europol, took down over 1000 servers and seized 20 domains earlier this month as part of Operation Endgame 3.0. Their target? Three major malware platforms: the infostealer known as Rhadamanthys, the VenomRAT remote acce…BITDEFENDER.COM
24 NovShai-Hulud malware infects 500 npm packages, leaks secrets on GitHubHundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. [...]BLEEPINGCOMPUTER.COM
24 NovMalicious Blender model files deliver StealC infostealing malwareA Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 7[−]
24 NovMicrosoft: Windows 11 24H2 bug crashes Explorer and Start MenuMicrosoft has confirmed a critical Windows 11 24H2 bug that causes the File Explorer, the Start Menu, and other key system components to crash after installing cumulative updates released since July 2025. [...]BLEEPINGCOMPUTER.COM
24 NovMicrosoft tests File Explorer preloading for faster performanceMicrosoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. [...]BLEEPINGCOMPUTER.COM
24 NovModernizing trust: How UADY transformed campus security with SophosAt the Autonomous University of Yucatán (UADY), technology has long been central to supporting academic excellence. As the university expanded to serve more than 20,000 students across five campuses, its IT team faced increasing pressure on an aging cybersecurity infrastructure. …SOPHOS.COM
24 NovThe Sophos Central UAE region is now live!Expanding customer choice and bringing Sophos Central closer to customers and partners across the Middle East.SOPHOS.COM
24 NovIntroducing Sophos DNS Protection for EndpointsJoin the early access program for this new product.SOPHOS.COM
24 NovDOGE days are over as Trump disbands Elon Musk’s team of federal cost-cuttersDOGE members are reportedly worried that they could face prosecution for some of their activities conducted while under the leadership of Elon Musk.TECHCRUNCH.COM
24 NovMDR is the answer – now, what’s the question?Why your business needs the best-of-breed combination of technology and human expertiseWELIVESECURITY.COM