51Articles
8Categories
2025-11-27Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
27 NovApache SkyWalking Flaw Allows Attackers to Launch XSS AttacksA recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalkin…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 12[−]
27 NovAI browsers can be tricked with malicious prompts hidden in URL fragmentsResearchers have demonstrated another indirect prompt injection attack against AI-powered browsers and browser assistants that could lead to phishing, sensitive data exfiltration, credential theft, or malware downloads. The attack, dubbed HashJack, relies on rogue prompts added t…CSOONLINE.COM
27 NovSonicWall ransomware attacks offer an M&A lesson for CSOsThe recent ransomware attacks on organizations with SonicWall SSL VPNs may teach more lessons than just the need for patch management and identity and access control. Some of the victim firms had vulnerable SonicWall devices on their IT networks as legacies of past mergers or acq…CSOONLINE.COM
27 NovSmashing Security podcast #445: The hack that brought back the zombie apocalypseAmerica's airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts. Meanwhil…GRAHAMCLULEY.COM
27 NovGainsight Expands Impacted Customer List Following Salesforce Security AlertGainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21,…THEHACKERNEWS.COM
27 NovMicrosoft Teams’ guest chat feature exposes cross-tenant blind spotA newly highlighted flaw in Microsoft’s cross-tenant collaboration model shows that once a user accepts a guest invitation in Teams, their Defender for Office 365 protections are dropped entirely, leaving them exposed inside an external tenant even while logged in with their home…CSOONLINE.COM
27 NovServiceNow is in talks to buy identity security firm Veza for over $1 billion: reportServiceNow is reportedly in advanced talks to acquire Veza, an identity security startup, for more than $1 billion. For ServiceNow customers deploying AI agents across their organizations, the acquisition would address a critical gap: controlling what those agents can access and …CSOONLINE.COM
27 NovNeues ToddyCat-Toolkit greift Outlook und Microsoft-Token ansrcset="https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2108335628.jpg?quality=50&strip=all 5760w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2108335628.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
27 NovOpenAI Reveals Mixpanel Data Breach Exposing User DetailsOpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email addre…GBHACKERS.COM
27 NovLegacy Python Package Vulnerabilities Enable PyPI Attacks Through Domain TakeoverReversingLabs researchers have sounded the alarm over a vulnerability lurking in legacy Python packages one that exposes users of the Python Package Index (PyPI) to supply chain attacks through domain compromise. Although the vulnerable code is rarely used in modern projects, its…GBHACKERS.COM
27 NovMicrosoft Teams Guest Chat Flaw Could Let Hackers Deliver MalwareSecurity researchers have discovered a critical vulnerability in Microsoft Teams that allows attackers to bypass all Defender for Office 365 protections by inviting users into malicious tenant environments. The flaw exploits a fundamental architectural gap in how Teams handles cr…GBHACKERS.COM
27 NovShai Hulud v2 Exploits GitHub Actions to Steal SecretsA sophisticated supply chain attack has compromised hundreds of npm packages and exposed secrets from tens of thousands of GitHub repositories, with cybersecurity researchers now documenting how attackers weaponized GitHub Actions workflows to bootstrap one of the most aggressive…GBHACKERS.COM
27 NovOpenAI admits data breach after analytics partner hit by phishing attackOpenAI has suffered a significant data breach after hackers broke into the systems of its analytics partner Mixpanel and successfully stole customer profile information for its API portal, the companies have said in coordinated statements. According to a post by Mixpanel CEO Jen …CSOONLINE.COM
📋 SECURITY BULLETINS 2[−]
27 NovCybersecurity Update: Incorrect Company Naming, Major Breaches, and New Malware CampaignsIn this episode, the host addresses a previous mistake in naming a company involved in a breach, correcting SitusAMC for Ascensus, and extends apologies. Key topics include US banks assessing a breach fallout from financial tech vendor SitusAMC, ransomware group CioP targeting Br…CYBERSECURITYTODAY.LIBSYN.COM
27 NovNVIDIA DGX Spark Flaws Allow Attackers to Run Malicious Code and Launch DoS AttacksNVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system. These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the system. The vulnerabilities aff…GBHACKERS.COM
📢 SECURITY ADVISORIES 4[−]
27 NovState-backed spyware attacks are targeting Signal and WhatsApp users, CISA warnsCISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. R…BITDEFENDER.COM
27 NovQuttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence Quttera today announced major enhancements to its Web Malware Scanner API that transform static security scanning in…GBHACKERS.COM
27 NovNews alert: Quttera’s new API replaces manual audit prep, now aligned with PCI DSS v4.0 requirementsTEL AVIV, Israel, Nov. 27, 2025, CyberNewswire — Quttera today announced major enhancements to its Web Malware Scanner API that transform static security scanning into automated compliance evidence. The update introduces real-time evidence streaming and compliance mapping, direct…LASTWATCHDOG.COM
🔥 INCIDENT REPORTING 10[−]
27 NovChina Software Developer Network - 6,414,990 breached accountsIn 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records . The data included email addresses alongside usernames and plain text passwords.HAVEIBEENPWNED.COM
27 NovOpenAI discloses API customer data breach via Mixpanel vendor hackOpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]BLEEPINGCOMPUTER.COM
27 NovOpenAI User Data Exposed in Mixpanel HackMultiple Mixpanel customers were impacted by a recent cyberattack targeting the product analytics company. The post OpenAI User Data Exposed in Mixpanel Hack appeared first on SecurityWeek .SECURITYWEEK.COM
27 NovComcast to pay $1.5M fine for vendor breach affecting 270K customerssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/comcast-to-pay-15-million-fine-after-a-vendor-data-breach-affecting-270-000-customers/SH.ITJUST.WORKS
27 NovOpenAI-Dienstleister gehacktCyberkriminelle sind in das System des Datenanalyseanbieters von OpenAI eingedrungen. babar ali 1233 – shutterstock.com Laut einer Mitteilung von OpenAI haben sich Cyberkriminelle Anfang November Zugriff auf die Systeme des Analysedienst Mixpanel verschafft. Demnach wurden dabei …CSOONLINE.COM
27 NovAsahi Data Breach Impacts 2 Million IndividualsHackers stole the personal information of customers and employees before deploying ransomware and crippling Asahi’s operations in Japan. The post Asahi Data Breach Impacts 2 Million Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
27 NovHow your dashcam can be hacked, and how to protect yourself from the attack | Kaspersky official blogHow a dashcam can be hacked and turned it into a surveillance toolKASPERSKY.COM
27 NovRansomware Defense: Embracing Zero Trust Networking#CyberSecurity #ZeroTrust #RansomwareProtection #NetworkSecurity #MicrosoftInsightDoes your network needs a security upgrade? Discover the power of zero trust networking to fend off ransomware. Learn from Microsoft's insights on remote encryption and ensure only trusted devices a…YOUTUBE.COM
27 NovBloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and UzbekistanThe threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers…THEHACKERNEWS.COM
27 NovMalicious LLMs empower inexperienced hackers with advanced toolsUnrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 16[−]
27 NovVon LLM generierte Malware wird immer besserForscher tricksen Chatbots aus, stoßen aber auf unzuverlässige Ergebnisse. Ascannio / Shutterstock Cyberkriminelle versuchen bereits seit geraumer Zeit, mit Hilfe von Large Language Models (LLM) ihre dunklen Machenschaften zu automatisieren. Aber können sie schon bösartigen Code …CSOONLINE.COM
27 NovWhat is Cyber Resilience Act, and what cybersecurity requirements does it impose?submitted by CodiUnicorn to cybersecurity 1 points | 0 comments https://pvs-studio.com/en/blog/posts/1317/INFOSEC.PUB
27 NovWhat is Cyber Resilience Act, and what cybersecurity requirements does it impose?submitted by CodiUnicorn to cybersecurity 1 points | 0 comments https://pvs-studio.com/en/blog/posts/1317/SH.ITJUST.WORKS
27 NovFirmware Authentication Bypass: The Holy GrailCracking the code of authentication bypass is the ultimate quest in cybersecurity. It's not just about finding vulnerabilities; it's about unlocking the secrets hidden within firmware's layers. Join us as we explore this thrilling challenge and arm yourself with the knowledge to …YOUTUBE.COM
27 NovBlurred Chats, Bigger RisksThink about your digital spaces. You’ve got your corporate email, which we all treat a bit like a high-security bank vault. We approach it with caution, we're suspicious of unfamiliar senders, and we’re primed to spot a dodgy attachment. Then, you have WhatsApp. That’s the digita…KNOWBE4.COM
27 NovHow Malware Authors Incorporate LLMs to Evade Detectionsubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/malware-authors-incorporate-llms-evade-detectionSH.ITJUST.WORKS
27 NovNew ShadowV2 botnet malware used AWS outage as a test opportunitysubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-shadowv2-botnet-malware-used-aws-outage-as-a-test-opportunity/SH.ITJUST.WORKS
27 NovHandala Hacker Group Targets Israeli High-Tech and Aerospace ProfessionalsA sophisticated cyber intimidation campaign by the Handala hacker group has targeted Israeli high-tech and aerospace professionals, publishing their personal information alongside aggressive, misleading descriptions that falsely label them as criminals. Security researchers monit…GBHACKERS.COM
27 Nov“Dead Man’s Switch” Triggers Massive npm Supply Chain Malware AttackGitLab’s security team has discovered a severe, ongoing attack spreading dangerous malware through npm, the world’s most extensive code library. The malware uses an alarming “dead man’s switch,” a self-destruct trigger that threatens to erase user da…GBHACKERS.COM
27 NovLapsus$ Hunters Register 40+ Domains Impersonating Zendesk EnvironmentsReliaQuest’s Threat Research team has uncovered a significant new campaign from the notorious threat collective “Scattered Lapsus$ Hunters,” this time targeting users and organizations that leverage the widely adopted customer support platform Zendesk. The inves…GBHACKERS.COM
27 NovAbandoned iCal Domains Threaten 4M DevicesAs our daily lives become more time-pressured and interconnected, digital calendars have emerged as indispensable tools for managing personal and professional commitments. Yet, this very convenience carries a latent risk one that can expose millions to unseen security threats. Re…GBHACKERS.COM
27 NovOpenAI User Data Exposed in Mixpanel Hacksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/openai-user-data-exposed-in-mixpanel-hack/SH.ITJUST.WORKS
27 NovOne Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAMAlisa Viejo, CA, USA, November 27th, 2025, CyberNewsWire Gartner has recognized One Identity as a Visionary in the 2025 Gartner Magic Quadrant for Privileged Access Management (PAM).  In a rapidly transforming market, innovation and demonstrated performance continue to …GBHACKERS.COM
27 NovCybersecurity Services, Solutions & Products. Global Provider | Group-IBsubmitted by kid to cybersecurity 1 points | 1 comments https://www.group-ib.com/blog/bloody-wolf/SH.ITJUST.WORKS
27 NovMalware: Software with Bad IntentIn today's digital landscape, understanding the intent behind software is crucial. Learn why it matters and how combining controls with detection can safeguard your digital environment. Subscribe to our podcasts: https://securityweekly.com/subscribe #SoftwareIntent #Malware #Tech…YOUTUBE.COM
27 NovVibe Coding For Success and Failure - PSW #902Tune in for some hands-on tips on how to use Claude code to create some amazing and not-so-amazing software. Paul will walk you through what worked and what didn't as he 100% vibe-coded a Python Flask application. The discussion continues with the crew discussing the future of vi…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
27 NovThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More StoriesHackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. B…THEHACKERNEWS.COM
27 NovShai-hulud 2.0 Campaign Targets Cloud and Developer EcosystemsShai-hulud 2.0 campaign features a sophisticated variant capable of stealing credentials and secrets from major cloud platforms and developer services, while automating the backdooring of NPM packages maintained by victims. Its advanced tactics enable rapid, stealthy propagation …TRENDMICRO.COM
27 NovGreyNoise launches free scanner to check if you're part of a botnetGreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 2[−]
27 NovMicrosoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP UpdateMicrosoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.…THEHACKERNEWS.COM
27 NovWhat parents should know to protect their children from doxxingOnline disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake.WELIVESECURITY.COM