85Articles
8Categories
2025-11-25Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
25 NovFluent Bit vulnerabilities could enable full cloud takeoverFluent Bit, a widely deployed log-processing tool used in containers, Kubernetes DaemonSets, and major cloud platforms, has been found vulnerable to authentication bypass, file-write, and agent takeover attacks. According to an Oligo Security analysis, disclosed in co-operation w…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
25 NovNew Shai-Hulud worm spreading through npm, GitHubA new version of the Shai-Hulud credentials-stealing self-propagating worm is expanding through the open npm registry, a threat that developers who download packages from the repository have to deal with immediately. Researchers at Wiz Inc. said Monday that in the early stages of…CSOONLINE.COM
25 NovYears-old bugs in open source took out major clouds at risk • The Registersubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/11/24/fluent_bit_cves/ A series of “trivial-to-exploit” vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years…INFOSEC.PUB
25 NovFiguring Out Where to Start with Secure Code - ASW #358What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion …YOUTUBE.COM
25 NovDartmouth College confirms data breach after Clop extortion attack​Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. [...]BLEEPINGCOMPUTER.COM
25 Nov3 SOC Challenges You Need to Solve Before 20262026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns. The Storm on the Horizon Global worl…THEHACKERNEWS.COM
25 NovHackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing MalwareCybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. "This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms li…THEHACKERNEWS.COM
25 NovCritical Fluent Bit Vulnerabilities Allow Remote Attacks on Cloud EnvironmentsFive newly discovered critical vulnerabilities in Fluent Bit, the open-source log processor embedded in billions of containers, are sending shockwaves through the cloud security community. Oligo Security’s research uncovers attack chains that enable adversaries to bypass authenti…GBHACKERS.COM
25 NovRetail Finance Giant SitusAMC Hit by Breach Exposing Confidential FilesSitusAMC, a major player in the real estate and finance services sector, disclosed a significant data breach on November 12, 2025, that compromised sensitive corporate information. The incident resulted in unauthorized access to client accounting records, legal agreements, and po…GBHACKERS.COM
25 NovApache Syncope Flaw Lets Attackers Access Internal Database ContentA security vulnerability has been identified in Apache Syncope that could allow attackers to decrypt stored passwords if they gain access to the internal database. The flaw stems from the use of a hardcoded default AES encryption key, which undermines the password protection mech…GBHACKERS.COM
25 NovCISA Warns of Commercial Spyware Targeting Signal and WhatsApp UsersThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert warning that multiple cyber threat actors are actively exploiting commercial spyware to target users of popular mobile messaging applications, including Signal and WhatsApp. The advisory, publi…GBHACKERS.COM
25 NovThreat Actors Exploit Blender Files to Deploy StealC V2 InfostealerThreat actors are weaponizing Blender Foundation project files to deliver the notorious StealC V2 infostealer, targeting 3D artists and game developers who download community assets from popular marketplaces. In recent months, Morphisec has blocked multiple sophisticated campaign…GBHACKERS.COM
25 NovTokenization: The Hidden Risks in Modern Payment SystemsUncover the hidden vulnerabilities in modern payment systems, where tokenization can still be exploited by fraudsters. Learn why protecting tokens is as crucial as safeguarding primary account numbers, and how the PCI industry is responding to these challenges. Subscribe to our p…YOUTUBE.COM
25 NovWeaponized file name flaw allows RCE through glob • The Registersubmitted by kid to cybersecurity 4 points | 0 comments https://www.theregister.com/2025/11/23/infosec_news_in_brief/SH.ITJUST.WORKS
25 NovShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Accesssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.htmlSH.ITJUST.WORKS
25 NovFluent Bit Vulnerabilities Expose Cloud Services to TakeoverFive flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
25 NovNew Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusionssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/11/new-fluent-bit-flaws-expose-cloud-to.htmlSH.ITJUST.WORKS
25 NovTelecom security reboot: Why zero trust is the only way forwardTelecom networks are everywhere. They keep the world moving — all the way from managing data, powering business, connecting people across continents and whatnot. For a long time, security in this space was pretty straightforward: build a wall, keep threats outside and trust every…CSOONLINE.COM
25 NovA Vulnerability in SonicOS Could Allow for Denial of Service (DoS)submitted by kid to cybersecurity 1 points | 0 comments https://www.cisecurity.org/advisory/a-vulnerability-in-sonicos-could-allow-for-denial-of-service-dos_2025-110SH.ITJUST.WORKS
25 NovCritical Oracle Identity Manager Flaw Under Attacksubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/critical-flaw-oracle-identity-manager-under-exploitationSH.ITJUST.WORKS
25 NovShai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealersubmitted by pylapp to security 1 points | 0 comments https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/#the-dead-mans-switch Publication croisée depuis programming.dev/post/41331208 “Upon execution, the malware downloads and runs TruffleHog to sca…PROGRAMMING.DEV
25 NovShai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealersubmitted by pylapp to security 1 points | 0 comments https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/#the-dead-mans-switch Publication croisée depuis programming.dev/post/41331208 “Upon execution, the malware downloads and runs TruffleHog to sca…PROGRAMMING.DEV
25 NovCanon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hacksubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/canon-breached-clop-ransomware-oracle-ebs-hack/SH.ITJUST.WORKS
25 NovCISA Releases Seven Industrial Control Systems AdvisoriesCISA released seven Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-329-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share ICSA-25-329-02…CISA.GOV
25 NovDevelopers left large cache of credentials exposed on code generation websitesA large trove of sensitive credentials, authentication keys, configuration data, tokens, and API keys has been potentially exposed by developers using two popular code formatting sites, security company watchTowr has discovered. In an industry that normally worries about criminal…CSOONLINE.COM
📋 SECURITY BULLETINS 2[−]
25 NovClickFix Attack Uses Steganography to Hide Malware in Fake Windows Security UpdateCybersecurity researchers at Huntress have uncovered a sophisticated ClickFix campaign that leverages steganography to conceal malicious code within PNG images disguised as Windows Update screens. The attack chain delivers multiple variants of information-stealing malware, includ…GBHACKERS.COM
25 NovJackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple StealersCybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update. "Campaign leverages fake adult web…THEHACKERNEWS.COM
📢 SECURITY ADVISORIES 6[−]
25 NovCISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp UsersThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications. "These cyber actors use sophisticated targeti…THEHACKERNEWS.COM
25 Nov7 signs your cybersecurity framework needs rebuildingCybersecurity frameworks are the guidelines enterprises use to guard against cyberattacks. The typical framework describes the steps needed to address various cybersecurity risks, detecting latent vulnerabilities, and generally improving the enterprise’s digital defense. Any gaps…CSOONLINE.COM
25 NovHackers compromise devices via messaging apps​Hackers target WhatsApp, Signal apps with spyware, compromising personal devices, CISA warns | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/cisa-warning-messaging-apps-deliver-zero-click-spyware-personal-devices-high-profile/SH.ITJUST.WORKS
25 NovCISA Warns of Spyware Targeting Messaging App UsersCISA has described the techniques used by attackers and pointed out that the focus is on high-value individuals. The post CISA Warns of Spyware Targeting Messaging App Users appeared first on SecurityWeek .SECURITYWEEK.COM
25 NovThe Black Friday 2025 Cybersecurity, IT, VPN, & Antivirus DealsBlack Friday 2025 is almost here, and early deals are already live across security software, online courses, system administration tools, antivirus products, and VPN services. These discounts are limited-time offers and vary by provider, so if you see something that fits your nee…BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 12[−]
25 NovCanon Says Subsidiary Impacted by Oracle EBS HackMore than 100 alleged victims of the Oracle EBS campaign have been added to the Cl0p ransomware website. The post Canon Says Subsidiary Impacted by Oracle EBS Hack appeared first on SecurityWeek .SECURITYWEEK.COM
25 NovHackerangriff auf Hochschule MainzDie Hochschule Mainz wurde gehackt. Hochschule Mainz Die Hochschule Mainz ist nach eigener Einschätzung am Montag (24. November) Opfer einer Cyberattacke geworden. Daraufhin habe man alle IT-Systeme komplett heruntergefahren, heißt es in einer Mitteilung auf der Website . Deshalb…CSOONLINE.COM
25 NovMajor US Banks Impacted by SitusAMC HackHackers stole corporate data such as accounting records and legal agreements, but did not deploy file-encrypting ransomware. The post Major US Banks Impacted by SitusAMC Hack appeared first on SecurityWeek .SECURITYWEEK.COM
25 NovRussian and North Korean Hackers Forge Global Cyberattack AllianceState-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persistent threat (APT) group, and L…GBHACKERS.COM
25 NovMajor Data Breach at Delta Dental of Virginia Hits Over 146,000 Customers’ InfoDelta Dental of Virginia, a non-profit dental benefits organization based in Roanoke, has announced a significant data breach affecting approximately 145,918 individuals. The unauthorised access to an external system exposed sensitive personal information, marking one of the more…GBHACKERS.COM
25 NovSha1-Hulud Supply Chain Attack: 800+ npm Packages and Thousands of GitHub Repos Compromisedsubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/sha1-hulud-supply-chain-attack/SH.ITJUST.WORKS
25 NovToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access TokensThe threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol …THEHACKERNEWS.COM
25 Nov146,000 Impacted by Delta Dental of Virginia Data Breach - SecurityWeeksubmitted by kid to cybersecurity 3 points | 0 comments https://www.securityweek.com/146000-impacted-by-delta-dental-of-virginia-data-breach/SH.ITJUST.WORKS
25 NovHarvard University discloses data breach affecting alumni, donorssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/harvard-university-discloses-data-breach-affecting-alumni-donors/SH.ITJUST.WORKS
25 NovDartmouth College confirms data breach after Clop extortion attacksubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/dartmouth-college-confirms-data-breach-after-clop-extortion-attack/SH.ITJUST.WORKS
25 NovDetego Global Launches Case Management Platform for Digital Forensics and Incident Response TeamsHorsham, United Kingdom, November 25th, 2025, CyberNewsWire Detego Global, the company behind the award-winning Unified Digital Forensics Platform, is proud to announce the launch of Detego Case Manager for DFIR, a powerful, purpose-built platform designed to meet the evolving de…GBHACKERS.COM
25 NovOnSolve CodeRED cyberattack disrupts emergency alert systems nationwideRisk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 30[−]
25 NovNews alert: Veteran-led Blast Security launches, pushing proactive cloud defense over responseTEL AVIV, Israel, Nov. 24, 2025, CyberNewswire — Blast Security, a cybersecurity startup founded by industry veterans from Solebit (acquired by Mimecast) and elite IDF units, today announced its launch from stealth and a $10 million seed round co-led by … (more…) The post N…LASTWATCHDOG.COM
25 NovISC Stormcast For Tuesday, November 25th, 2025 https://isc.sans.edu/podcastdetail/9714, (Tue, Nov 25th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
25 NovHackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentialssubmitted by cm0002 to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/microsoft-phishing-replace-m-with-rn/ A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sens…INFOSEC.PUB
25 NovMalicious app developers offering to buy old apps from developers who are no longer active, so they can push malware onto those userssubmitted by AmbiguousProps to cybersecurity 1 points | 0 comments https://support.google.com/googleplay/android-developer/thread/323184988/what-is-tara-applications-about?hl=en cross-posted from: lemmy.dbzer0.com/post/58319781 I just got offered by these people to sell my accoun…SH.ITJUST.WORKS
25 Nov640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain AttackThe new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
25 NovFour Ways AI Is Being Used to Strengthen Democracies WorldwideDemocracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to…SCHNEIER.COM
25 NovMicrosoft Warns of Security Risks in New Agentic AI FeatureMicrosoft is sounding the alarm on critical security considerations as it introduces agentic AI capabilities to Windows through experimental features like Copilot Actions. The company is rolling out a new agent workspace feature in private preview that establishes isolated enviro…GBHACKERS.COM
25 NovSha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub ReposShai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing prove…GBHACKERS.COM
25 NovDepartment 40 Exposed: Inside the IRGC Unit Connecting Cyber Ops to Assassinations - Nariman Gharibsubmitted by kid to cybersecurity 1 points | 0 comments https://blog.narimangharib.com/posts/2025%2F11%2F1763938840948?lang=enSH.ITJUST.WORKS
25 NovMazda Says No Data Leakage or Operational Impact From Oracle Hack - SecurityWeeksubmitted by kid to cybersecurity 3 points | 0 comments https://www.securityweek.com/mazda-says-no-data-leakage-or-operational-impact-from-oracle-hack/SH.ITJUST.WORKS
25 NovWormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime AutomationPalo Alto Networks has conducted an analysis of malicious LLMs that help threat actors with phishing, malware development, and reconnaissance. The post WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation appeared first on SecurityWeek .SECURITYWEEK.COM
25 NovNew ClickFix attacks use fake Windows Updates to swipe creds • The Registersubmitted by kid to cybersecurity 2 points | 0 comments https://www.theregister.com/2025/11/24/clickfix_attack_infostealers_images/SH.ITJUST.WORKS
25 NovAlumni, Student, and Staff Information Stolen From Harvard UniversityA phone phishing attack led to the compromise of a system containing information about alumni, donors, students, staff, and other individuals. The post Alumni, Student, and Staff Information Stolen From Harvard University appeared first on SecurityWeek .SECURITYWEEK.COM
25 NovShai-Hulud malware infects 500 npm packages, leaks secrets on GitHubsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/shai-hulud-malware-infects-500-npm-packages-leaks-secrets-on-github/SH.ITJUST.WORKS
25 NovMicrosoft cracks down on malicious meeting invites - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/11/25/enhance-microsoft-calendar-threat-protection/SH.ITJUST.WORKS
25 NovMalicious Blender model files deliver StealC infostealing malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/malicious-blender-model-files-deliver-stealc-infostealing-malware/SH.ITJUST.WORKS
25 NovHow Quickly Can AI Crack Your Password?submitted by cm0002 to cybersecurity 2 points | 0 comments https://messente.com/blog/ai-password-cracking-2025 AI Password Cracking in 2025: Key Findings AI-powered password cracking has become dramatically faster in 2025, with 85.6% of common passwords now crackable in under 10 …INFOSEC.PUB
25 NovThe AI Fix #78: The big AI bubble, and robot Grandma in the cloudIn episode 78 of The AI Fix, alien robot spiders invade Antarctica (or Facebook says they do), Mark prepares humanity for AI-powered fighter jets with loyalty issues, and Graham tries to work out why his AI-generated country music career hasn't yet paid for even a Tesco Meal Deal…GRAHAMCLULEY.COM
25 NovCISOs: Product & Enterprise SecurityIn today's digital landscape, the role of CISOs is evolving beyond just enterprise security. Jeff Pollard dives into the importance of integrating product security under the CISO's umbrella, ensuring that what companies sell is as secure as their internal operations. Discover how…YOUTUBE.COM
25 NovYears of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API KeysNew research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecuri…THEHACKERNEWS.COM
25 NovCharting the future of SOC: Human and AI collaboration for better securityThis blog shares our journey and insights from building autonomous AI agents for MDR operations and explores how the shift to a GenAI-powered SOC redefines collaboration between humans and AI. The post Charting the future of SOC: Human and AI collaboration for better security app…TECHCOMMUNITY.MICROSOFT.COM
25 NovCobalt Strike 4.12 Adds New Injection, UAC Bypasses & C2 FeaturesFortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), …GBHACKERS.COM
25 NovVSCode Marketplace Hit by Rogue Prettier Extension Delivering Anivia StealerA recently discovered malicious Visual Studio Code (VSCode) extension masquerading as the well-known “Prettier” formatter briefly infiltrated the official VSCode Marketplace, delivering a variant of the Anivia Stealer malware in a targeted attack to steal sensitive login credenti…GBHACKERS.COM
25 Nov'JackFix' Attack Circumvents ClickFix Mitigationssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/jackfix-attack-clickfix-mitigationsSH.ITJUST.WORKS
25 NovAI Agent Security Firm Vijil Raises $17 MillionFocusing on improving the resilience of AI agents, the startup will use the funding to accelerate deployments of its platform. The post AI Agent Security Firm Vijil Raises $17 Million appeared first on SecurityWeek .SECURITYWEEK.COM
25 NovHackers knock out systems at Moscow-run postal operator in occupied Ukrainesubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/hackers-knock-out-systems-russia-operated-post-ukraineSH.ITJUST.WORKS
25 Nov2026 Predictions for Autonomous AIIn Palo Alto Networks 2026 predictions for Autonomous AI, discover how "The Year of the Defender" will finally shift the cybersecurity scales in your favor. The post 2026 Predictions for Autonomous AI appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
25 NovAI's Impact on Medical Imaging DoctorsIn a world where AI is revolutionizing medical imaging, Shakour Abuzneid explores the future of healthcare. Discover how AI systems, trained with millions of images, are achieving near-perfect accuracy, challenging the traditional roles of doctors. Is it time to rethink the futur…YOUTUBE.COM
25 NovAI with Dr. Shakour Abuzneid - Shakour Abuzneid - SWN #532Doug talks about AI with Cybersecurity Expert Dr. Shakour Abuzneid from Roger Williams University. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-532YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
25 NovInfluencers in the crosshairs: How cybercriminals are targeting content creatorsSocial media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters.WELIVESECURITY.COM
📡 INFOSEC NEWS 8[−]
25 NovCode-formatters expose thousands of secrets from banks, govt, tech orgsThousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter and CodeBeautify online tools that format and structure code. [...]BLEEPINGCOMPUTER.COM
25 NovYear-end approaches: How to maximize your cyber spendYear-end budgeting is the perfect time to close real security gaps by strengthening identity controls, reducing redundant tools, and investing in outcome-driven engagements. The article highlights how targeting credential risks and documenting results helps teams maximize spend a…BLEEPINGCOMPUTER.COM
25 NovMicrosoft is speeding up the Teams desktop client for WindowsMicrosoft says it will add a new Teams call handler beginning in January 2026 to reduce launch times and boost call performance for the Windows desktop client. [...]BLEEPINGCOMPUTER.COM
25 NovCode beautifiers expose credentials from banks, govt, tech orgsThousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter and CodeBeautify online tools that format and structure code. [...]BLEEPINGCOMPUTER.COM
25 NovMicrosoft: Exchange Online outage blocks access to Outlook mailboxesMicrosoft is investigating an Exchange Online service outage that is preventing customers from accessing their mailboxes using the classic Outlook desktop client. [...]BLEEPINGCOMPUTER.COM
25 NovTor switches to new Counter Galois Onion relay encryption algorithmTor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). [...]BLEEPINGCOMPUTER.COM
25 NovFBI: Cybercriminals stole $262M by impersonating bank support teamsThe FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over $262 million in ATO attacks since the start of the year. [...]BLEEPINGCOMPUTER.COM