11/27-30/2025

Bloody Wolf Threat Actor Expands Activity Across Central Asia

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

Chinese Cyberattack Campaign Likely Impacted Every American, Former FBI Official Says

Critical New FBI Warning: This Simple Hack Can Empty Your Bank Account

Poems Can Trick AI Into Helping You Make a Nuclear

Malicious LLMs Empower Inexperienced Hackers With Advanced Tools

Threat Actors Exploit Calendar Subscriptions for Phishing and Malware Delivery

FCC Warns of Hackers Hijacking Radio Equipment For False Alerts

The Wired Guide to Digital OPSEC for Teens

Three Black Friday Scams to Watch Out For This Year

TryHackMe Races to Add Women to Christmas Cyber Challenge Roster After Backlash

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

GrapheneOS Bails on OVHcloud Over France’s Privacy Stance

Man Behind In-Flight Evil Twin WiFi Attacks Gets 7 Years in Prison

Poland Arrested Suspected Russian Citizen for Hacking Local Organizations’ Computer Networks

GreyNoise Launches Free Scanner to Check if You’re Part of a Botnet
Asahi Confirms 1.5 Million Customers Affected in Major Cyber-Attack

Top South Korean E-Commerce Firm Coupang Apologises Over Massive Data Breach

Korean Web Giant Naver Acquired Crypto Exchange Upbit, Which Reported a $30M Heist a Day Later

French Football Federation Suffers Data Breach

Brit Telco Brsk Confirms Breach as Bidding Begins for 230K+ Customer Records

Data Copied in Kensington and Chelsea Cyber Attack

At Least 35,000 Impacted by Dartmouth College Breach Through Oracle EBS Campaign

Computer Services Impacted After Ransomware Attack Hits Golf Manor (OH)

OpenAI Warns of Mixpanel Data Breach Impacting API Users

Public GitLab Repositories Exposed More Than 17,000 Secrets

PostHog Admits Shai-Hulud 2.0 Was Its Biggest Ever Security Bungle

Scattered Lapsus$ Hunters Take Aim At Zendesk Users

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

California Law Regulating Web Browsers Could Have National Data Privacy Impact, Experts Say

11/26/2025

Bug in Jury Systems Used by Several U.S. States Exposed Sensitive Personal Data

New ShadowV2 Botnet Malware Used AWS Outage as a Test Opportunity

Gainsight CEO Downplays Breach, Says Only a ‘Handful’ of Customers Had Data Stolen

Krebs: Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’

House Energy and Commerce Committee Unveils New Draft Children’s Online Safety Bill
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

Popular Forge Library Gets Fix for Signature Verification Bypass Flaw

ASUS Warns of New Critical Auth Bypass Flaw in AiCloud Routers

11/25/2025

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users

FBI: Cybercriminals Stole $262M by Impersonating Bank Support Teams

Scammers Hacked Her Phone and Stole Thousands – So How Did They Get Her Details?

Crime Rings Enlist Hackers to Hijack Trucks

ICE Offers up to $280 Million to Immigrant-Tracking ‘Bounty Hunter’ Firms

HashJack Attack Shows AI browsers Can Be Fooled With a Simple ‘#’

Tor Switches to New Counter Galois Onion Relay Encryption Algorithm

The Black Friday 2025 Cybersecurity, IT, VPN, & Antivirus Deals

Russia Arrests Young Cybersecurity Entrepreneur on Treason Charges
Multiple London Councils ‘Hit by Cyber-Attacks’

Georgia Court Filing Organization Warns of Outages After Ransomware Allegations

Clop’s Oracle EBS Rampage Reaches Dartmouth College

OnSolve CodeRED Cyberattack Disrupts Emergency Alert Systems Nationwide

Smishing Triad Impersonation Campaigns Expand Globally

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

New FlexibleFerret Malware Chain Targets macOS With Go Backdoor

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

11/24/2025

Russian-Linked Malware Campaign Hides in Blender 3D Files

Hackers Knock Out Systems at Moscow-Run Postal Operator in Occupied Ukraine

Krebs: Is Your Android TV Streaming Box Part of a Botnet?

Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs

UK Privacy Regulator Has Seen ‘Collapse in Enforcement Activity,’ Rights Coalition Says

Software Companies Must Be Held Liable for British Economic Security, Say MPs

Comcast to Pay $1.5 Million U.S. Fine After Vendor Data Breach

This Hacker Conference Installed a Literal Antivirus Monitoring System

With AI Reshaping Entry-Level Cyber, What Happens to the Security Talent Pipeline?
Harvard University Discloses Data Breach Affecting Alumni, Donors

AI Nude Photo Link Appears on Kansas AG’s Website After Apparent Hack

Fresh ClickFix Attacks Use Windows Update Trick-Pics to Steal Credentials

Malicious Blender Model Files Deliver StealC Infostealing Malware

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

Flaws Expose Risks in Fluent Bit Logging Agent

Amazon Is Using Specialized AI Agents for Deep Bug Hunting

Microsoft to Remove WINS Support after Windows Server 2025

11/21-23/2025

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

More Companies Are Shifting Workers to Passwordless Authentication

Google Enables Pixel-to-iPhone File Sharing via Quick Share, AirDrop

Press a Button and This SSD Will Self-Destruct With All Your Data

Russia-Linked Crooks Bought a Bank for Christmas to Launder Cyber Loot

Four Charged Over Alleged Plot to Smuggle Nvidia AI Chips Into China

‘Scattered Spider’ Teens Plead Not Guilty to UK Transport Hack

CrowdStrike Catches Insider Feeding Information to Hackers

Flock Safety Cameras Used to Monitor Protesters, Rights Group Finds

Google Begins Showing Ads in AI Mode (AI Answers)
A Swath of Bank Customer Data Was Hacked at Real Estate Technology Vendor SitusAMC. The FBI. Is Investigating

Wall Street Banks Scramble to Assess Fallout From Hack of Real-Estate Data Firm

Cox Enterprises Discloses Oracle E-Business Suite Data Breach

Iberia Discloses Customer Data Leak After Vendor Security Breach

Local Law Enforcement Agencies in Oklahoma, Massachusetts Responding to Cyber Incidents

ShinyHunters ‘Does Not Like Salesforce at All,’ Claims the Crew Accessed Gainsight 3 Months Ago

Matrix Push C2: Cybercriminals Exploit Browser Push Notifications to Deliver Malware

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

11/20/2025

Google Exposes BadAudio Malware Used in APT24 Espionage Campaigns

Russia Blacklists S.T.A.L.K.E.R. Game Developer, Accusing It of Aiding Ukraine’s War Effort

With the Rise of AI, Cisco Sounds an Urgent Alarm About the Risks of Aging Tech

LLM-Generated Malware Is Improving, but Don’t Expect Autonomous Attacks Tomorrow

CISA Issues New Guidance on Bulletproof Hosting Threat

Krebs: Mozilla Says It’s Finally Done With Two-Faced Onerep

The FCC Is Rolling Back Steps Meant to Stop a Repeat of a Massive Telecom Hack

U.S. SEC Dismisses Case Against SolarWinds, Top Security Officer

NSO Seeks to Overturn Whatsapp Case, Saying It Is ‘Catastrophic’ for the Spyware Maker

Fired Techie Admits Sabotaging Ex-Employer, Causing $862K in Damage

Samourai Crypto Mixer Founders Sent to Prison for Laundering Over $237 Million

TV Streaming Piracy Service Photocall With 26M Yearly Visits Shut Down
Salesforce Investigates Customer Data Theft via Gainsight Breach

Salesforce-Linked Data Breach Claims 200+ Victims, Has ShinyHunters’ Fingerprints All Over It

Hacker Claims to Steal 2.3TB Data From Italian Rail Group, Almavia

GlobalProtect VPN Portals Probed with 2.3 Million Scan Sessions

UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

New SonicWall SonicOS Flaw Allows Hackers to Crash Firewalls

D-Link Warns of New RCE Flaws in End-of-Life DIR-878 Routers

Lawmakers Reintroduce Bill to Bolster Cybersecurity at Securities and Exchange Commission

Privacy Oversight Board Finds FBI Does Not Buy Real-Time Location Data

11/19/2025

China-Linked Operation “WrtHug” Hijacks Thousands of ASUS Routers

Cloudflare Shows Internet Outages Aren’t a Matter of If — but When

Krebs: The Cloudflare Outage May Be a Security Roadmap

Airline Data Broker Airlines Reporting Corporation to Stop Selling Individuals’ Travel Records to Government Agencies

Vaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance Boom

Half of Ransomware Access Due to Hijacked VPN Credentials

Russian Bulletproof Hosting Provider Sanctioned Over Ransomware Ties

California Man Admits to Laundering Crypto Stolen in $230M Heist

Coordinated Europol Operation Disrupts $55m in Cryptocurrency For Piracy

Palo Alto Tops Earnings Expectations, Announces Chronosphere Acquisition

What AI Bubble? Nvidia’s Strong Earnings Signal There’s More Room to Grow

Canadian Privacy Regulators Say Schools Share Blame for PowerSchool Hack
Major Russian Insurer VSK Facing Widespread Outages After Cyberattack

Email Breach at St. Anthony Hospital (IL) May Have Exposed the Information of More Than 6,600 People

Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime

PlushDaemon Hackers Unleash New Malware in China-Aligned Spy Campaigns

Meet ShinySp1d3r: New Ransomware-as-a-Service Created by ShinyHunters

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

W3 Total Cache WordPress Plugin Vulnerable to PHP Command Injection

CISA Gives Gov’t Agencies 7 Days to Patch New Fortinet Flaw

Google Search Is Now Using AI to Create Interactive UI to Answer Your Questions

The AI Attack Surface: How Agents Raise the Cyber Stakes

Lawmakers Reintroduce Bill to Bolster Cybersecurity at Securities and Exchange Commission

11/18/2025

White House Goes on Cyber Offensive

CISA 2015 Receives Extension, Offering Brief Relief for Cyber Information Sharing

FCC Looks to Torch Biden-Era Cyber Rules Sparked by Salt Typhoon Mess

CBO Director Testifies That Hackers Have Been Expelled From Email Systems

MI5 Warns of Chinese Spies Using LinkedIn to Gain Intel on Lawmakers

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers

GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud

Microsoft Teams to Let Users Report Messages Wrongly Flagged as Threats

Microsoft Is Turning Windows Into an ‘Agentic OS,’ Starting With the Taskbar

Microsoft to Integrate Sysmon Directly Into Windows 11, Server 2025

Windows 11 Gets New Cloud Rebuild, Point-In-Time Restore Tools

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Amazon, Google Named by EU Among ‘Critical’ Tech Providers for Finance Industry

Zoomers Are Officially Worse at Passwords Than 80-Year-Olds

Russian Suspect Detained in Thailand Is Allegedly Tied to Void Blizzard Group
Cloudflare Outage Disrupts X, ChatGPT and Other Parts of the Internet

Cloudflare Says Outage That Hit X, ChatGPT and Other Sites Is Resolved

Pro-Russian Group Claims Hits on Danish Party Websites as Voters Head to Polls

French Agency Pajemploi Reports Data Breach Affecting 1.2m People

LG Battery Subsidiary Says Ransomware Attack Targeted Overseas Facility

Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

New ShadowRay Attacks Convert Ray Clusters Into Crypto Miners

Researchers Detail Tuoni C2’s Role in an Attempted 2025 Real-Estate Cyber Intrusion

New npm Malware Campaign Redirects Victims to Crypto Sites

RondoDox Botnet Malware Now Hacks Servers Using XWiki Flaw

Fortinet Warns of New FortiWeb Zero-Day Exploited in Attacks

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Microsoft: Windows 10 KB5072653 OOB Update Fixes ESU Install Errors

Bug Bounty Programs Rise as Key Strategic Security Solutions

11/17/2025

Pentagon and Soldiers Let Too Many Secrets Slip on Social Networks, Watchdog Says

Hackers Steal Maternity Ward CCTV Videos in India Cybercrime Racket

Google Is Collecting Troves of Data From Downgraded Nest Thermostats

X Launches Chat, Its New Encrypted DMs

UK Twitter Hacker Who Breached Obama’s Account Ordered to Repay $5.4 Million in Bitcoin

Govini Founder Eric Gillespie’s Lawyer Calls Child Sex Chat ‘Internet Fantasy,’ Not a Crime

Dutch Police Seizes 250 Servers Used by “Bulletproof Hosting” Service

Kamel Ghali on What’s ‘Theoretically Possible’ in Car Hacking
Kenyan Gov’t Websites Back Online After Hackers Deface Pages With White Supremacist Messages

Princeton University Discloses Data Breach Affecting Donors, Alumni

Pennsylvania AG Confirms Data Breach After INC Ransom Attack

Eurofiber France Warns of Breach After Hacker Tries to Sell Customer Data

DoorDash Email Spoofing Vulnerability Sparks Messy Disclosure Dispute

‘Largest-Ever’ Cloud DDoS Attack Pummels Azure With 3.64b Packets per Second

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

11/14-16/2025

U.S. Announces New Strike Force Targeting Chinese Crypto Scammers

Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

Anthropic Claims of Claude AI-Automated Cyberattacks Met With Doubt

Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns

Google to Flag Android Apps With Excessive Battery Use on the Play Store

Google Backpedals on New Android Developer Registration Rules

Civil Society Decries Digital Rights ‘Rollback’ as European Commission Pushes Data Protection Changes

DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound

Suspected Russian Hacker Reportedly Detained in Thailand, Faces Possible U.S. Extradition

Five Plead Guilty to Helping North Koreans Infiltrate U.S. Firms

Uncertain Economy Takes Toll on Cybersecurity Teams

CISO Pay Increases 7% As Budget Growth Slows
FBI Flags Scam Targeting Chinese Speakers With Bogus Surgery Bills

Cyberattack on Russian Port Operator Aimed to Disrupt Coal, Fertilizer Shipments

DoorDash Hit by New Data Breach in October Exposing User Information

Checkout.com Snubs Hackers After Data Breach, to Donate Ransom Instead

Logitech Leaks Data After Zero-Day Attack

Decades-Old ‘Finger’ Protocol Abused in ClickFix Malware Attacks

Kraken Ransomware Benchmarks Systems for Optimal Encryption Choice

CISA Warns of Akira Ransomware Linux Encryptor Targeting Nutanix VMs

Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts

ASUS Warns of Critical Auth Bypass Flaw in DSL Series Routers

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Krebs: Microsoft Patch Tuesday, November 2025 Edition

Microsoft: Windows 10 KB5068781 ESU Update May Fail With 0x800f0922 Errors

11/13/2025

Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks

U.S. Dismisses Chinese Accusation of Extensive LuBian Mining Pool Hack

Two Key Cyber Laws Are Back as President Trump Signs Bill to End Shutdown

Microsoft Rolls Out Screen Capture Prevention for Teams Users

Google Will Let ‘Experienced Users’ Keep Sideloading Android Apps

Krebs: Google Sues to Disrupt Chinese SMS Phishing Triad

Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown

FBI: Akira Gang Has Received Nearly $250 Million in Ransoms

NHS Supplier Ends Probe Into Ransomware Attack That Contributed to Patient Death

Kazakhstan Becomes Latest Country to Ban ‘LGBT Propaganda’ Online

Kenya Kicks Off ‘Code Nation’ With a Nod to Cybersecurity

Orgs Move to SSO, Passkeys to Solve Bad Password Habits
Washington Post Data Breach Impacts Nearly 10K Employees, Contractors

Popular Android-Based Photo Frames Download Malware on Boot

Phishing Campaign Targets Customers of Major Italian Web Hosting Provider

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data

Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

RCE Flaw in ImunifyAV Puts Millions of Linux-Hosted Sites at Risk

CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks

CISA Warns Feds to Fully Patch Actively Exploited Cisco Flaws

Ubuntu 25.10’s Rusty Sudo Holes Quickly Welded Shut

11/12/2025

Australia at Risk of ‘High-Impact Sabotage’ From China, Says Spy Chief

UK Plans Tougher Laws to Protect Public Services From Cyberattacks

British Government Unveils Long-Awaited Landmark Cybersecurity Bill

Army Officer With Indo-Pacific Experience Emerges as Potential Cyber Command, NSA Pick

U.S. Announces ‘Strike Force’ to Counter Southeast Asian Cyber Scams, Sanctions Myanmar Armed Group

Lighthouse: This Is the Platform Google Claims Is Behind a ‘Staggering’ Scam Text Operation

German Extremist Arrested Over Operating Alleged Darknet Assassination Marketplace

DHS Kept Chicago Police Records for Months in Violation of Domestic Espionage Rules
Synnovis Notifies of Data Breach After 2024 Ransomware Attack

DanaBot Malware Is Back to Infecting Windows After 6-Month Break

Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws

Windows 11 Now Supports 3rd-Party Apps for Native Passkey Management

Cybersecurity Firm Deepwatch Lays off Dozens, Citing Move to ‘Accelerate’ AI Investment

Bridging the Skills Gap: How Military Veterans Are Strengthening Cybersecurity

Russia Imposes 24-Hour Mobile Internet Blackout for Travelers Returning Home

Rhadamanthys Infostealer Disrupted as Cybercriminals Lose Server Access

11/10-11/2025

China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns

Android Devices Targeted By KONNI APT in Find Hub Exploitation

CISA Orders Feds to Patch Samsung Zero-Day Used in Spyware Attacks

UK Asks Cyberspies to Probe Whether Chinese Buses Can Be Switched off Remotely

China Accuses U.S. of Orchestrating $13 Billion Bitcoin Hack

America’s Cybersecurity Defenses Are Cracking

Shutdown Deal Would Revive Cyber Intelligence-Sharing Bill

EU’s Reforms of GDPR, AI Slated by Privacy Activists for ‘Playing Into Big Tech’s Hands’

Yanluowang Initial Access Broker Pleaded Guilty to Ransomware Attacks

“Bitcoin Queen” Gets 11 Years in Prison for $7.3 Billion Bitcoin Scam

Mozilla Firefox Gets New Anti-Fingerprinting Defenses

Data Privacy Whistleblowers Would Get Expanded Protections Under California Proposal

Former Trump Official Named NSO Group Executive Chairman

Microsoft Releases KB5068781 — The first Windows 10 Extended Security Update
Hitachi-Owned GlobalLogic Admits Data Stolen on 10K Current and Former Staff

Wakefield & Associates (TN) Announces Breach of Client Data

Qilin Ransomware Activity Surges as Attacks Target Small Businesses

Quantum Route Redirect PhaaS Targets Microsoft 365 Users Worldwide

WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

Hackers Exploit Critical Flaw in Gladinet’s Triofox File Sharing Product

Popular JavaScript Library Expr-Eval Vulnerable to RCE Flaw

SAP Fixes Hardcoded Credentials Flaw in SQL Anywhere Monitor

Synology Fixes BeeStation Zero-Days Demoed at Pwn2Own Ireland

Microsoft November 2025 Patch Tuesday Fixes 1 Zero-Day, 63 Flaws

11/6-9/2025

U.S. Congressional Budget Office (CBO) Hit by Cybersecurity Incident

Congressional Budget Office Implementing New Security Controls Following Cyberattack

Data Breach at Chinese Infosec Firm Reveals Cyber-Weapons and Target List

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine

Previously Unknown Landfall Spyware Used in 0-Day Attacks on Samsung Phones

Scam Ads Are Flooding Social Media. These Former Meta Staffers Have a Plan

Krebs: Cloudflare Scrubs Aisuru Botnet from Top Domains List

Krebs: Drilling Down on Uncle Sam’s Proposed TP-Link Ban

The Government Shutdown Is a Ticking Cybersecurity Time Bomb

Japan Plans to Revise Foreign Investment Law to Sharpen Security Screening

Mexico City Is the Most Video-Surveilled Metropolis in the Americas

Lost iPhone? Don’t Fall for Phishing Texts Saying It Was Found

Italian Communications Executive Reveals He Was Targeted With Paragon Spyware

Edtech Company Fined $5.1 Million for Poor Data Security Practices Leading to Hack

Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
“I Paid Twice” Phishing Campaign Targets Booking.com

How a Ransomware Gang Encrypted Nevada Government’s Systems

Washington Post Confirms Data Breach Linked to Oracle Hacks

Louvre’s Pathetic Passwords Belong in a Museum, Just Not That One

Cybersecurity Investigation Closes Manassas City Public Schools (VA) Monday

Cybercrims Plant Destructive Time Bomb Malware in Industrial .Net Extensions

Curly COMrades Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

GlassWorm Malware Returns on OpenVSX with 3 New VSCode Extensions

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

ClickFix Malware Attacks Evolve with Multi-OS Support, Video Tutorials

Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic

Multi-Turn Attacks Expose Weaknesses in Open-Weight LLM Models

Critical Cisco UCCX Flaw Lets Attackers Run Commands as Root

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362

Dangerous runC Flaws Could Allow Hackers to Escape Docker Containers

QNAP Fixes Seven NAS Zero-Day Flaws Exploited at Pwn2Own

11/5/2025

SonicWall Says State-Sponsored Hackers Behind September Security Breach

Russia-Linked ‘Curly COMrades’ Turn to Malicious Virtual Machines for Digital Spy Campaigns

Zohran Mamdani Just Inherited the NYPD Surveillance State

China Sentences 5 Myanmar Scam Kingpins to Death

Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries

UK Carriers to Block Spoofed Phone Numbers in Fraud Crackdown

Telecoms Cyber Chiefs Adopt Financial Sector’s Model of Collective Defense

Google Gets the U.S. Government’s Green Light to Acquire Wiz for $32B

Armis Raises $435 Million, Valuing Cybersecurity Startup at $6.1 Billion

Cyberattack Ate up Profits for First Half of Year, Retailer M&S Says
UNK_SmudgedSerpent Targets Academics With Political Lures

Hyundai AutoEver America Data Breach Exposes SSNs, Drivers Licenses

Central New Jersey Medical Center Suffers Ransomware Attack

University of Pennsylvania Confirms Hacker Stole Data During Cyberattack

Gootloader Malware Is Back With a Bang With New Tricks After 7-Month Break

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

AMD Red-Faced Over Random-Number Bug That Kills Cryptographic Security

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

11/4/2025

Russian Spies Pack Custom Malware Into Hidden VMs on Windows Machines

Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Data Brokers Selling Location Info That Can Be Used to Track EU Officials, Report Finds

Europe Sees Increase in Ransomware, Extortion Attacks

A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces

DragonForce Cartel Emerges as Conti-Derived Ransomware Threat

Lawmakers Say Stolen Police Logins Are Exposing Flock Surveillance Cameras to Hackers

FBI Warns of Criminals Posing as ICE, Urges Agents to ID Themselves

Treasury Sanctions 8 for Laundering North Korea Earnings From Cybercrime, IT Worker Scheme

Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep

French Police Seize €1.6m Amid Crypto Scam Network Crackdown

Health Privacy Bill Seeks Protections for Data Collected by Apps, Smartwatches
Data Breach at Major Swedish Software Supplier Impacts 1.5 Million

Media Giant Nikkei Reports Data Breach Impacting 17,000 People

Polish Loan Platform Hacked; Mobile Payment System and Other Businesses Disrupted

Hundreds of South Gloucestershire Residents’ Details Shared in Data Breach

Penn Data Breach Involves Decades of Student and Alumni Information

Apache OpenOffice Disputes Data Breach Claims by Akira Ransomware Gang

Malicious Android Apps on Google Play Downloaded 42 Million Times

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Hackers Exploit WordPress Plugin Post SMTP to Hijack Admin Accounts

Hackers Exploit Critical Auth Bypass Flaw in JobMonster WordPress Theme

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

Microsoft Removing Defender Application Guard From Office

11/3/2025

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

Homeland Security Biometric Policy for Foreign Travelers Poses Data-Theft Risks

Hack Exposes Kansas City’s Secret Police Misconduct List

Cybercrooks Team Up With Organized Crime to Steal Pricey Cargo

Ransomware Negotiator, Pay Thyself!

U.S. Cybersecurity Experts Indicted for BlackCat Ransomware Attacks

MIT Sloan Quietly Shelves AI Ransomware Study After Researcher Calls BS

AWS, Nvidia, CrowdStrike Seek Security Startups to Enter the Arena

Data Breach Costs Lead to 90% Drop In Operating Profit at South Korean Telecom Giant
Hackers Are Attacking Britain’s Drinking Water Suppliers

Hacker Steals Over $120 Million From Balancer DeFi Crypto Protocol

Japanese Retailer Askul Confirms Data Leak After Cyberattack Claimed by Russia-Linked Group

Malicious VSX Extension “SleepyDuck” Uses Ethereum to Keep Its Command Server Alive

Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data

Microsoft: SesameOp Malware Abuses OpenAI Assistants API in Attacks

New GDI Flaws Could Enable Remote Code Execution in Windows

Microsoft: Patch for WSUS Flaw Disabled Windows Server Hotpatching

CISA and NSA Outline Best Practices to Secure Exchange Servers

10/31-11/2/2025

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

How to Hack a Poker Game Revealed

Security Concerns Persist Over System at Heart of Digital ID

Krebs: Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

Alleged Conti Ransomware Gang Affiliate Appears in Tennessee Court After Ireland Extradition

Russia Finally Bites the Cybercrooks It Raised, Arresting Suspected Meduza Infostealer Devs

FCC Plans Vote to Remove Cyber Regulations Installed After Theft of Trump Info From Telecoms

Sling TV Settles With California for Allegedly Violating State Consumer Privacy Law
Hackers Threaten to Leak ‘Woke’ University of Pennsylvania Student Data

Attackers Dig Up $11M in Garden Finance Crypto Exploit

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

Rhysida Oysterloader Malvertising Campaign Leverages 40+ Code-Signing Certificates

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

CISA: High-Severity Linux Flaw Now Exploited by Ransomware Gangs

Chinese Hackers Scanning, Exploiting Cisco ASA Firewalls Used by Governments Worldwide

Microsoft Edge Gets Scareware Sensor for Faster Scam Detection

Cybersecurity Earnings Rise as AI Dominates Strategies

10/30/2025

Diplomatic Entities in Belgium and Hungary Hacked in China-Linked Spy Campaign

Leaker Reveals Which Pixels Are Vulnerable to Cellebrite Phone Hacking

Shadow AI: One In Four Employees Use Unapproved AI Tools, Research Finds

LinkedIn Phishing Targets Finance Execs With Fake Board Invites

Proton Trains New Service to Expose Corporate Infosec Cover-Ups

NASA’s Quiet Supersonic Jet Takes Flight

Coalition Calls on FTC to Block Meta From Using Chatbot Interactions to Target Ads, Personalize Content
Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery

Critical Flaws Found in Elementor King Addons Affect 10,000 Sites

Massive Surge of NFC Relay Malware Steals Europeans’ Credit Cards

Malicious NPM Packages Fetch Infostealer for Windows, Linux, macOS

CISA Orders Feds to Patch VMware Tools Flaw Exploited by Chinese Hackers

Cyber Info Sharing ‘Holding Steady’ Despite Lapse in CISA 2015, Official Says

The AI Trust Paradox: Why Security Teams Fear Automated Remediation

10/29/2025

U.S. Company Ribbon Communications With Access to Biggest Telecom Firms Uncovers Breach by Unnamed Nation-State Hackers

Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics

New Names Surface for NSA Director, Other Top Jobs at Spy Agency

The Microsoft Azure Outage Shows the Harsh Reality of Cloud Failures

Krebs: Aisuru Botnet Shifts from DDoS to Residential Proxies

New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts

Ex-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm

CISOs Finally Get a Seat at the Board’s Table — But There’s a Big Catch
Canada Says Hacktivists Breached Water and Energy Facilities

Cloud Atlas Hackers Target Russian Agriculture Sector Ahead of Industry Forum

EY Exposes 4TB+ SQL Database to Open Internet for Who Knows How Long

Tata Motors Confirms It Fixed Security Flaws, Which Exposed Company and Customer Data

More Than 10 Million Impacted by Breach of Government Contractor Conduent

Investment Scams Spread Across Asia With International Reach

PhantomRaven: Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

WordPress Security Plugin Exposes Private Data to Site Subscribers

Windows 11 KB5067036 Update Rolls out Administrator Protection Feature

10/28/2025

SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats

Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains

Nation-State Cyber Ecosystems Weakened by Sanctions, Report Reveals

Clearview AI Faces Criminal Heat for Ignoring EU Data Fines

AI Browsers Face a Security Flaw as Inevitable as Death and Taxes

Palo Alto Networks Debuts Automated AI Agents to Fight Cyberattacks

Sublime Raises $150 Million for AI-Powered Email Security

A Quarter of Scam Victims Have Considered Self-Harm
Advertising Giant Dentsu Reports Data Breach at Subsidiary Merkle

New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a Human

New Atroposia Malware Comes With a Local Vulnerability Scanner

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

CISA Warns of Two More Actively Exploited Dassault Vulnerabilities

Google Chrome to Warn Users by Default Before Opening Insecure HTTP Sites

FCC Adopts New Rule Targeting Robocalls

F5 Expects Big Revenue Hit From Recent Cyber Attack Compromising Many

10/27/2025

Chatbots Are Pushing Sanctioned Russian Propaganda

Iran’s School for Cyberspies Could’ve Used a Few More Lessons in Preventing Breaches

Italian Spyware Vendor Linked to Chrome Zero-Day Attacks

Europol Warns of Rising Threat From Caller ID Spoofing Attacks

‘There Isn’t Really Another Choice:’ Signal Chief Explains Why the Encrypted Messenger Relies on AWS

X: Re-Enroll 2FA Security Keys by November 10 or Get Locked Out

You Have One Week to Opt Out or Become Fodder for LinkedIn AI Training

Shaquille O’Neal’s Custom Range Rover Stolen During Transport in Suspected Hack
Hundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ Website

Google Disputes False Claims of Massive Gmail Data Breach

Sweden’s Power Grid Operator Confirms Data Breach Claimed by Everest Ransomware Gang

Qilin Ransomware Group Publishes Over 40 Cases Monthly

Ransomware Profits Drop as Victims Stop Paying Hackers

QNAP Warns of Critical ASP.NET Flaw in its Windows Backup Software

CISA Releases Warning About Windows Server Update Service Bug, Orders Agencies to Patch

Google Says Everyone Will Be Able to Vibe Code Video Games

10/24-26/2025

Blitz Spear Phishing Campaign Targets NGOs Supporting Ukraine

UN Cybercrime Treaty to Be Signed in Hanoi to Tackle Global Offences

Fake LastPass Death Claims Used to Breach Password Vaults

MPs Urge Government to Stop Britain’s Phone Theft Wave Through Tech

How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA

Hackers Earn $1,024,750 for 73 Zero-Days at Pwn2Own Ireland
Everest Ransomware Says It Stole 1.5m Dublin Airport Passenger Records

New LockBit Ransomware Victims Identified by Security Researchers

Hackers Steal Discord Accounts With RedTiger-Based Infostealer

Hackers Launch Mass Attacks Exploiting Outdated WordPress Plugins

Windows Server Emergency Patches Fix WSUS Bug with PoC Exploit

Critical WSUS Flaw in Windows Server Now Exploited in Attacks

10/23/2025

Lazarus Group’s Operation DreamJob Targets European Defense Firms

Pakistani-Linked Hacker Group Targets Indian Government with DeskRAT

Hackers Posing as Kyrgyz Officials Target Russian Agencies in Cyber Espionage Campaign

Europe’s Offshore Wind Sector Faces Dilemma Over China’s Grip on Sector

UK Cyber Law Delays ‘Deeply Concerning,’ Say MPs

The ‘Universal Browser’ Privacy Browser Has Dangerous Hidden Features

23andMe’s Data-Theft Victims Offered ‘Genetic Monitoring’ to Ward Off Hackers

Former Polish Official Indicted Over Spyware Purchase
Playtime’s Over: Crooks Swipe Toys R Us Canada Customer Data and Dump It Online

“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards

Spoofed AI Sidebars Can Trick Atlas, Comet Users Into Dangerous Actions

Tired of Unpaid Toll Texts? Blame the ‘Smishing Triad’

CISA Warns of Lanscope Endpoint Manager Flaw Exploited in Attacks

Microsoft Disables File Explorer Preview for Downloads to Block Attacks

Google Nukes 3,000 YouTube Videos That Sowed Malware Disguised as Cracked Software

Trump Pardons Former Binance CEO After Guilty Plea in Letting Cybercrime Proceeds Flow Through Platform

10/22/2025

PhantomCaptcha Campaign Targets Ukraine Relief Organizations

MuddyWater Uses Compromised Mailboxes in Global Phishing Campaign

The Long Tail of the AWS Outage

Scattered Lapsus$ Hunters Signal Shift in Tactics

UN Cybercrime Pact to Be Signed in Hanoi Raises Hopes, Concerns

Krebs: Canada Fines Cybercrime Friendly Cryptomus $176M

JLR Hack UK’s Costliest Ever, Hitting Economy with £1.9bn Loss

No, ICE (Probably) Didn’t Buy Guided Missile Warheads

SpaceX Disables More Than 2,000 Starlink Devices Used in Myanmar Scam Compounds

It Takes Only 250 Documents to Poison Any AI Model
Cyber Incidents in Texas, Tennessee and Indiana Impacting Critical Government Services

Ransomware Gang Steals Meeting Videos, Financial Secrets From Fence Wholesaler

Summit Golf Brands Allegedly Subjected to Massive INC Ransom Breach

Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys

TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution

Hackers Exploiting Critical “SessionReaper” Flaw in Adobe Magento

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch

Pwn2Own Day 2: Hackers Exploit 56 Zero-Days for $790,000

10/21/2025

Russian Coldriver Hackers Deploy New ‘NoRobot’, ‘YesRobot’, and ‘MaybeRobot’ Malware

‘PassiveNeuron’ Cyber Spies Target Orgs With Custom Malware

Lumma Stealer Developers Doxxed in Underground Rival Cybercrime Campaign

Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams

How Malware Vaccines Could Stop Ransomware’s Rampage

Medical Specialist Group Fined £100K After Hack Exposed Patient Data

Cloud Data Firm Veeam to Buy Securiti AI for $1.73 Billion

Russia Pressures Apple to Make Russian Search Engines Default on Locally-Sold iPhones
Amazon Says AWS Cloud Service Back to Normal After Outage Disrupts Businesses Worldwide

Singapore Officials Impersonated in Sophisticated Investment Scam

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

Vidar Stealer 2.0 Adds Multi-Threaded Data Theft, Better Evasion

PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign

Cursor, Windsurf IDEs Riddled with 94+ N-Day Chromium Vulnerabilities

TP-Link Warns of Critical Command Injection Flaw in Omada Gateways

Hackers Exploit 34 Zero-Days on the First Day of Pwn2Own Ireland 2025

10/20/2025

Amazon’s AWS Struggles to Recover After Major Outage Disrupts Apps, Services Worldwide

What the Huge AWS Outage Reveals About the Internet

Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack

Flawed Vendor Guidance Exposes Enterprises to Avoidable Risk

Cyberattacks Cripple Small Businesses, Even When They Aren’t Hacked

DNS0.EU Private DNS Service Shuts Down Over Sustainability Issues

Evilginx’s Creator Reckons With the Dark Side of Red-Team Tools

Judge Bars NSO From Targeting WhatsApp Users With Spyware, Reduces Damages in Landmark Case

What to Know About the Shocking Louvre Jewelry Heist

The Fraudster Behind Steve Ballmer’s NBA Nightmare
Retail Giant Muji Halts Online Sales After Ransomware Attack on Supplier

Home Security Firm Verisure Reports Data Breach at Swedish Subsidiary

Japanese Retailer Askul Halts Online Orders, Shipments After Ransomware Attack

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign

Self-Spreading GlassWorm Malware Hits OpenVSX, VS Code Registries

Cyber Defenders From All Around Sound the Alarm as F5 Hack Exposes Broad Risks

CISA: High-Severity Windows SMB Flaw Now Exploited in Attacks

Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among Targets

Microsoft Warns of Windows Smart Card Auth Issues After October Updates

10/17-19/2025

Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe

Over 266,000 F5 BIG-IP Instances Exposed to Remote Attacks

China Accuses U.S. of Cyberattack on National Time Center

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

Experian Fined $3.2 Million for Mass-Collecting Personal Data

Labor Unions Sue Trump Administration Over Social Media Surveillance
American Airlines Subsidiary Envoy Air Confirms Oracle Data Theft Attack

AI Girlfriend Apps Leak Millions of Private Chats

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Krebs: Email Bombs Exploit Lax Authentication in Zendesk

Google Ads for Fake Homebrew, LogMeIn Sites Push Infostealers

TikTok Videos Continue to Push Infostealers, Including Aura Stealer, in ClickFix Attacks

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

ConnectWise Fixes Automate Bug Allowing AiTM Update Attacks

Microsoft Fixes Highest-Severity ASP.NET Core Flaw Ever

10/16/2025

Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks

Breach at U.S.-Based Cybersecurity Provider F5 Blamed on China, Say Sources

Cybersecurity Firm F5′S Stock Sinks 10%

‘Categorically Untrue’ That China Hacked UK Intelligence Systems, Say Officials

Hacked Airport P.A. Systems Broadcast Anti-Trump and Pro-Hamas Messages

North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts

Microsoft Disrupts Ransomware Attacks Targeting Teams Users

Microsoft Debuts Copilot Actions for Agentic AI-Driven Windows Tasks

Ring to Partner With Flock, Giving Law Enforcement Easier Access to Home Security Camera Footage

Cambodia to Repatriate South Koreans Ensnared by Scam Industry Amid Diplomatic Pressure

Ex-Trump National Security Adviser Bolton Charged With Storing and Sharing Classified Information

Vulnerability Scores, Huh, What Are They Good For? Almost Nothing
Nintendo Denies Data Leak After Online Reports

Auction Giant Sotheby’s Says Data Breach Exposed Customer Information

Have I Been Pwned: Prosper Data Breach Impacts 17.6 Million Accounts

List of Major Companies Hit by Massive Salesforce Data Breach Continues to Grow

Dairy Farmers of America Confirms June Cyberattack Leaked Personal Data

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

Microsoft Warns of a 32% Surge in Identity Hacks, Mainly Driven by Stolen Passwords

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

New Rootkit Campaign Exploits Cisco SNMP Flaw to Gain Persistence

Gladinet Fixes Actively Exploited Zero-Day CVE-2025-11371 in File-Sharing Software

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

10/15/2025

U.S. Warns That Hackers Using F5 Devices to Target Government Networks

Emergency Order

F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion

Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months

When Face Recognition Doesn’t Know Your Face Is a Face

Google Will Let Friends Help You Recover an Account

Outsourcing Firm Capita Fined £14M After Millions Had Data Stolen

New York Secures $14 Million in Fines From 8 Car Insurance Companies After Data Breaches

UK, U.S. Sanction Southeast Asia-Based Online Scam Network

PowerSchool Hacker Gets Sentenced to Four Years in Prison

Scouts Can Now Earn AI and Cybersecurity Badges

Cisco Must Share More Information About Effects of Severe Bugs on Businesses, Senator Cassidy Says
Salesforce-Linked Security Breach Fallout Escalates With Qantas Leak

Clothing Giant MANGO Discloses Data Breach Exposing Customer Info

Texas Electric Cooperatives Purportedly Breached by Qilin

Whisper 2FA Behind One Million Phishing Attempts Since July

Fake LastPass, Bitwarden Breach Alerts Lead to PC Hijacks

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

Flaw in Slider Revolution Plugin Exposed 4m WordPress Sites

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Krebs: Patch Tuesday, October 2025 ‘End of 10’ Edition

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

10/14/2025

Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence

Taiwan Flags Rise in Chinese Cyberattacks, Warns of ‘Online Troll Army’

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

Salesforce Deepens AI Ties With OpenAI, Anthropic to Power Agentforce Platform

Senior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns

Cyber Attack Contingency Plans Should Be Put On Paper, Firms Told

NCSC Reports 130% Spike in “Nationally Significant” Cyber Incidents

UK Firms Lose Average of £2.9m to AI Risk

Critical infrastructure CISOs Can’t Ignore ‘Back-Office Clutter’ Data

Feds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam Empire

Florida Sues Roku for Illegally Selling Children’s Data, Including Precise Geolocation

Security Firms Dispute Credit for Overlapping CVE Reports
Discord Blamed a Vendor for Its Data Breach — Now the Vendor Says It Was ‘Not Hacked’

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Personal Data Potentially Stolen in Asahi Cyber-Attack

Harvard Says ‘Limited Number of Parties’ Impacted by Breach Linked to Oracle Zero-Day

Michigan City (IN) Confirms Ransomware Hackers Behind September Incident

Hacker Group TA585 Emerges With Advanced Attack Infrastructure

Malicious Crypto-Stealing VSCode Extensions Resurface on OpenVSX

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Secure Boot Bypass Risk Threatens Nearly 200,000 Linux Framework Laptops

Legacy Windows Protocols Still Expose Networks to Credential Theft

Microsoft October 2025 Patch Tuesday Fixes 6 Zero-Days, 172 Flaws

Oracles Silently Fixes Zero-Day Exploit Leaked by ShinyHunters

10/13/2025

Ukraine Takes Steps to Launch Dedicated Cyber Force for Offensive Strikes

China Probes Qualcomm’s Autotalks Deal Amid Rising U.S. Trade Tensions

Dutch Government Puts Nexperia on a Short Leash Over Chip Security Fears

UK Ofcom Fines 4chan £20K and Counting for Pretending UK’s Online Safety Act Doesn’t Exist

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Apple Bug Bounty Payouts Can Now Top $5m

Fired California Cybersecurity Chief Speaks Out on Sudden Termination, Security Concerns
Scattered Lapsus$ Hunters Rage-Quit the Internet (Again), Promise to Return Next Year

Harvard Investigating Breach Linked to Oracle Zero-Day Exploit

SimonMed Says 1.2 Million Patients Impacted in January Data Breach

Goosehead Insurance Confirms Data Breach Exposes SSNs Following Ransomware Attack

Wellborn & Company Data Breach Affecting Clients’ Personal Information

Hackers Target ScreenConnect Features For Network Intrusions

Massive Multi-Country Botnet Targets RDP Services in the U.S.

New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs

SonicWall VPN Accounts Breached Using Stolen Creds in Widespread Attacks

10/10-12/2025

What Are the Latest Sticking Points in U.S.-China Tensions?

White House Lays off Thousands of U.S. Government Workers, Blaming Shutdown

Federal Cyber Cuts Raise National Security Alarms

Acting U.S. Cyber Command, NSA Chief Won’t Be Nominated for the Job, Sources Say

North Korean Scammers Are Doing Architectural Design Now

Krebs: DDoS Botnet Aisuru Blankets U.S. ISPs in Record DDoS

Spyware Maker NSO Group Confirms Acquisition by U.S. Investors

Led by Hollywood Producer

Cops Nuke BreachForums (Again) Amid Cybercrime Supergroup Extortion Blitz

Spain Dismantles “GXC Team” Cybercrime Syndicate, Arrests Leader

Prosecutors Seek 7-Year Prison Term for ‘Sophisticated’ PowerSchool Hacker

Finland’s Trial of Men Charged Over Baltic Sea Cable Damage Hits Choppy Waters

Microsoft Violated EU Law in Handling of Kids’ Data, Austrian Privacy Regulator Finds
UK Techies’ Union Prospect Warns Members After Breach Exposes Sensitive Personal Details

Australian Airline Qantas Airways Says Hackers Leaked Data on Its Customers

Private Data Exposed in Georgia Department of Human Services Email Breach

Kearney Public Schools (NE) Hit by a Cybersecurity Attack

Houston Suburb Sugar Land (TX) Says Some Online Services Taken Down by Cyberattack

Fake ‘Inflation Refund’ Texts Target New Yorkers in New Scam

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Hackers Exploiting Zero-Day in Gladinet File Sharing Software

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits

10/9/2025

China Honing Abilities for a Possible Future Attack, Taiwan Defence Report Warns

From HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage Malware

Pro-Russian Hacktivist Group ‘Twonet’ Target Critical Infrastructure, Hit Decoy Plant

Claude’s New AI File-Creation Feature Ships With Security Risks Built In

Researchers Warn of Security Gaps in AI Browsers

It’s Trivially Easy to Poison LLMs Into Spitting Out Gibberish, Says Anthropic

GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data

Take Note: Cyber-Risks With AI Notetakers

High Number of Windows 10 Users Remain as End-of-Life Looms

Renewal of Cyber Information-Sharing Law Must Mind the Gap, Senator Says
Google Says ‘Likely Over 100’ Affected by Oracle-Linked Hacking Campaign

All SonicWall Cloud Backup Users Have Firewall Configuration Files Stolen

Hackers Claim Discord Breach Exposed Data of 5.5 Million Users

Rhode Island Lottery Tech Supplier Brightstar Lottery Group Breach Impacted Thousands

Qilin Ransomware Gang Claims San Francisco’s Cal Club, Exposing Members of Exclusive Golf Club

ClayRat Spyware Campaign Targets Android Users in Russia

Microsoft: Storm-2657 Hackers Target Universities in “Payroll Pirate” Attacks

Hackers Now Use Velociraptor DFIR Tool in Ransomware Attacks

Chaos Ransomware Upgrades With Aggressive New C++ Variant

RondoDox Botnet Targets 56 N-Day Flaws in Worldwide Attacks

10/8/2025

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

Russian Hackers Turn to AI as Old Tactics Fail, Ukrainian CERT Says

Russia Is at ‘Hybrid War’ With Europe, Warns EU Chief, Calling for Members ‘To Take It Very Seriously’

Nezha Tool Used by Chinese Hackers in New Cyber Campaign Targeting Web Applications

Bybit Theft Drives Record-Breaking $2bn Haul for North Korea

U.S. Government Shutdown: Who Is Still Working and Who Has Been Furloughed?

Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue

Salesforce Says It Won’t Pay Extortion Demand in 1 Billion Records Breach

Krebs: ShinyHunters Wage Broad Corporate Extortion Spree

Cybersecurity Gets C-Suite Attention as Companies Dive Into AI

1Password Says It Can Fix Login Security for AI Browser Agents

Germany Slams Brakes on EU’s Chat Control Device-Scanning Snoopfest
Discord Says 70,000 Users May Have Had Their Government IDs Leaked in Breach

Major U.S. Law Firm Williams & Connolly Says Hackers Broke Into Attorneys’ Emails Accounts

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Crimson Collective Hackers Target AWS Cloud Instances for Data Theft

New FileFix Attack Uses Cache Smuggling to Evade Security Software

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Hackers Exploit Auth Bypass in Service Finder WordPress Theme

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Docker Makes Hardened Images Catalog Affordable for Small Businesses

California Enacts Law Giving Consumers Ability to Universally Opt Out of Data Sharing

Time’s Running Out to Claim Your Part of the $177 Million AT&T Data Breach Settlement

10/7/2025

Russia Blocks Mobile Internet for Foreign SIM Cards, Citing Drone Threats

OpenAI Bans Suspected Chinese Accounts Using ChatGPT to Plan Surveillance

Employees Regularly Paste Company Secrets into ChatGPT

Despite AI-Related Job Loss Fears, Tech Hiring Holds Steady – And Here Are the Most In-Demand Skills

Google Won’t Fix New ASCII Smuggling Attack in Gemini

Google’s New AI Bug Bounty Program Pays up to $30,000 for Flaws

Man and Teenage Boy Arrested Over Cyber-Attack on London Nurseries
Cyberattacks Upset British Life, Disrupting Car Factories and Grocery Stores

‘Qilin’ Cybercrime Gang Claims Hack on Japan’s Asahi Group

Qilin Claims Ransomware Attack on Mecklenburg Schools (VA)

Electronics Giant Avnet Confirms Breach, Says Stolen Data Unreadable

DraftKings Warns of Account Breaches in Credential Stuffing Attacks

BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers

California Sets 30 Day Deadline for Data Breach Notifications

10/6/2025

Suspected Chinese Cyber Spies Targeted Serbian Aviation Agency

New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations

One iPhone Led Police to Gang Suspected of Sending up to 40,000 Stolen UK Phones to China

Vibe Coding Is the New Open Source—In the Worst Way Possible

Google Confirms Android Dev Verification Will Have Free and Paid Tiers, No Public List of Devs

OpenAI, AMD Announce Massive Computing Deal, Marking New Phase of AI Boom

A Biological 0-Day? Threat-Screening Tools May Miss AI-Designed Proteins.

The True Cost of Cyber Attacks – And the Business Weak Spots That Allow Them to Happen

SAIC to Acquire Silveredge Government Solutions for $205 Million

Europol Calls for Stronger Data Laws to Combat Cybercrime

Signal Calls on Germany to Vote Against ‘Chat Control,’ Saying It Would Leave EU Market
Scattered Lapsus$ Hunters Offering $10 in Bitcoin to ‘Endlessly Harass’ Execs

Red Hat Data Breach Escalates as ShinyHunters Joins Extortion

Ransomware Group “Trinity of Chaos” Launches Data Leak Site

Doctors Imaging Group (FL) Suffers Data Breach – 171,800+ Users Data Exposed

XWorm Malware Resurfaces With Ransomware Module, Over 35 Plugins

New Malware Sorvepotel Leverages WhatsApp to Target Brazilian Government and Businesses

Redis Warns of Critical Flaw Impacting Thousands of Instances

Microsoft: Critical GoAnywhere Bug Exploited by Storm-1175 in Medusa Ransomware Attacks

Steam and Microsoft Warn of Unity Flaw Exposing Gamers to Attacks

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Zeroday Cloud Hacking Contest Offers $4.5 Million in Bounties

Phishing Is Moving From Email to Mobile. Is Your Security?

10/3-5/2025

ShinyHunters Launches Salesforce Data Leak Site to Extort 39 Victims

Salesforce Providing Support to Customers Listed on Scattered Spider Extortion Site

Apple Drops ICE-Tracking Apps From App Store

Google Too

ICE Wants to Build Out a 24/7 Social Media Surveillance Team

Congress Let Cyber-Intel Sharing Act Lapse. Does it Matter?

National Security, Legal Readiness, and U.S. Engagement for International Dual-Use Technology Companies

UK Government Says Digital ID Won’t Be Compulsory – Honest

Consumers More Likely to Pay for ‘Responsible’ AI Tools, Deloitte Survey Says

ChatGPT Social Could Be a Thing, as Leak Shows Direct Messages Support

OpenAI Wants ChatGPT to be Your Emotional Support

Signal Adds New Cryptographic Defense Against Quantum Attacks

Munich Airport Chaos After Drone Sightings Spook Air Traffic Control

ParkMobile Pays… $1 Each for 2021 Data Breach That Hit 22 Million

LinkedIn Sues Software Company Allegedly Scraping Data From Millions of Profiles

California AG Sues City for Allowing Out-Of-State Searches of License Plate Reader Database
Oracle Links Clop Extortion Attacks to July 2025 Vulnerabilities

Discord Customer Service Data Breach Leaks User Info and Scanned Photo IDs

Renault and Dacia UK Warn of Data Breach Impacting Customers

Six Out of 10 UK Secondary Schools Hit by Cyber-Attack or Breach in Past Year

Japan Faces Asahi Beer Shortage After Cyber-Attack

New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT

Massive Surge in Scans Targeting Palo Alto Networks Login Portals

Chinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO Fraud

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Hackers Exploited Zimbra Flaw as Zero-Day Using iCalendar Files

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

License Plate Reader Company Flock Launches New Product That Detects Human Voices

10/2/2025

U.S. to Provide Ukraine With Intelligence for Missile Strikes Deep Inside Russia

Trump’s Drone Deal With Ukraine to Give U.S. Access to Battlefield Tech

U.S. Government Shutdown to Slash Federal Cybersecurity Staff

Shutdown Guts U.S. Cybersecurity Agency at Perilous Time

U.S. Stocks Rally on Shutdown’s Second Day

Google Says Self-Reported Cl0p Hackers Are Sending Extortion Emails to Corporate Executives

Gmail’s End-To-End Encryption for Organizations Now Works Across Email Providers

EU Funds Are Flowing Into Spyware Companies, and Politicians Are Demanding Answers

HackerOne Paid $81 Million in Bug Bounties Over the Past Year
Cybercrims Claim Raid on 28,000 Red Hat Repos, Say They Have Sensitive Customer Files

Subpoena Tracking Platform Blames Outage on AWS Social Engineering Attack

Concerns for Patient Data After Suspected Cyberattack on Shamir Medical Center

Confucius Shifts from Document Stealers to Python Backdoors

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

DrayTek Warns of Remote Code Execution Bug in Vigor Routers

Microsoft Outlook Stops Displaying Inline SVG Images Used in Attacks

Microsoft Defender Bug Triggers Erroneous BIOS Update Alerts

10/1/2025

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs

Geopolitics Drives More Cyberattacks

China Imposes One-Hour Reporting Rule for Major Cyber Incidents

Expiration of Cyber Information-Sharing Act Leaves U.S. Very Vulnerable

F-Droid Project Threatened by Google’s New Dev Registration Rules

Schools and Colleges Are Swotting up on Security Yet Still Flunk Recovery When Cyberattacks Inevitably Strike

Seniors Targeted in Global Facebook Scam Spreading New Android Malware

AI Data Analytics Startup Dataiku Picked Multiple Banks for U.S. IPO, Sources Say
Allianz Life Says July Data Breach Impacts 1.5 Million People

Data Breach at Dealership Software Provider Motility Software Solutions Impacts 766K Clients

Adobe Analytics Bug Leaked Customer Tracking Data to Other Tenants

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Shortcut-based Credential Lures Deliver DLL Implants

New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer

‘Delightful’ Root-Access Bug in Red Hat OpenShift AI Allows Full Cluster Takeover

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

9/30/2025

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware

North Korea IT Worker Scheme Expanding to More Industries, Countries Outside of U.S. Tech Sector

Tile’s Lack of Encryption Could Make Tracker Owners Vulnerable to Stalking

Microsoft’s New Security Store Is Like an App Store for Cybersecurity

Google Releases AI-Powered Ransomware Detection Features for Cloud Files

Google’s Latest AI Ransomware Defense Only Goes So Far

‘Trifecta’ of Google Gemini Flaws Turn AI Into Attack Vehicle

Why Burnout Is a Growing Problem in Cybersecurity

Israeli High-Tech Funding and M&A Gain in 2025 Despite Ongoing Gaza War

Trump Visa Curbs Push U.S. Firms to Consider Shifting More Work to India

Sendit Sued by the FTC for Illegal Collection of Children Data

CPPA Fines Tractor Supply Company $1.4 Million for Privacy Violations

UK Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto Bust of ‘Bitcoin Queen’

Afghanistan Plunged Into Nationwide Internet Blackout, Disrupting Air Travel, Medical Care
Harbor Mental Health Services Organization (OH) Investigating Data Breach

Smishing Campaigns Exploit Cellular Routers to Target Belgium

New MatrixPDF Toolkit Turns PDFs into Phishing and Malware Lures

New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events

New Android RAT Klopatra Targets Financial Data

Critical WD My Cloud Bug Allows Remote Command Injection

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections

Nearly 50,000 Cisco Firewalls Vulnerable to Actively Exploited Flaws

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

CISA Orders Federal Gov to Patch Critical Fortra File Transfer Bug

Broadcom Fixes High-Severity VMware NSX Bugs Reported by NSA

Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024

Tech Companies Should Be Shielded From Spyware Lawsuits, Report Says

Cyber Information-Sharing Law and State Grants Set to Go Dark as Congress Stalls Over Funding

9/29/2025

Ukrainian Cops Spoofed in Fileless Phishing Attacks on Kyiv

Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say

How to Use a Password Manager to Share Your Logins After You Die

UK Gov’t Backs Jaguar Land Rover (JLR) With £1.5 Billion Loan Guarantee After Cyberattack

Chinese Scammer Pleads Guilty After UK Seizes Nearly $7 Billion in Bitcoin

Ukraine’s Digital Chief Pushes for AI-First State Amid War and Cyber Threats

European AI Company’s ‘Reputation Reports’ Are Inaccurate and Illegal, Watchdog Claims

Law Enforcement Is Using AI to Synthesize Evidence. Is the Justice System Ready for It?
‘You’ll Never Need to Work Again’: Criminals Offer Reporter Money to Hack BBC

Canada’s WestJet Says Some Passenger Data Exposed in Cybersecurity Breach

Asahi Runs Dry as Online Attackers Take Down Japanese Brewer

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

National Cyber Authorities Launch OT Security Guidance

DHS, CISA Kick Off Cybersecurity Awareness Month

CISA to Furlough 65% of Staff if Government Shuts Down This Week

9/26-28/2025

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

Dutch Teens Arrested for Trying to Spy on Europol for Russia

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks

Netanyahu Broadcasts United Nations Message Into Gaza Accusing World Leaders of Appeasing ‘Evil’

Trump Signs ‘Saving TikTok’ Order to Start Resolving Its Big Ban Problem

Singapore Threatens Meta With Fines Over Facebook Impersonation Scams

Krebs: Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

Interpol Cracks Down on Large-Scale African Scamming Networks

‘No Harm, No Foul:’ Courts Take Tougher Line on Data-Breach Suits

Salesforce Facing Multiple Lawsuits After Salesloft Breach

As Fraud Surges, UK Prepares to Replace Its Massively Broken Reporting Services

Datacenter Fire Takes 647 South Korean Government Services Offline

A New Front Opens Between Zuckerberg and Musk Over Robots
Harrods Says Customers’ Data Stolen in It Breach

Volvo North America Confirms Staff Data Stolen Following Ransomware Attack on It Supplier

Union County (OH) Suffers Ransomware Attack Impacting 45,000 People

Fake Microsoft Teams Installers Push Oyster Malware via Malvertising

New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module

New LockBit Ransomware Variant Emerges as Most Dangerous Yet

Akira Ransomware Breaching MFA-Protected SonicWall VPN Accounts

ArcaneDoor Threat Actor Resurfaces in Continued Attacks Against Cisco Firewalls

Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

Microsoft Edge to Block Malicious Sideloaded Extensions

Microsoft’s New AI Feature Will Organize Your Photos Automatically

EU Probes SAP Over Anti-Competitive ERP Support Practice

9/25/2025

Microsoft Disables Some Cloud Services Used by Israel’s Defense Ministry

DOGE Might Be Storing Every American’s SSN on an Insecure Cloud Server

Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

Teen Suspected of Vegas Casino Cyberattacks Released to Parents

Empty Shelves, Empty Coffers: Co-Op Pegs Cyber Hit at £80M

Google, Period-Tracking App to Pay Combined $56 Million to Settle Privacy Claims
Callous Crims Break Into Preschool Network, Publish Toddlers’ Data

Jaguar Land Rover Restarts Some IT Systems as Suppliers Call for Urgent Support

Malicious Postmark MCP Server AI Agent Server Reportedly Steals Emails

Experts Warn of Global Breach Risk from Indian Third Party Suppliers

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

ForcedLeak: Critical Vulnerability in Salesforce AI-Powered AgentForce Exposed

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Amazon Pays $2.5 Billion to Settle Prime Memberships Lawsuit from FTC

9/24/2025

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Collins Aerospace Working on Restoring Software for Airlines Hit by Cyberattack

UK Arrests Man in Airport Ransomware Attack That Caused Delays Across Europe

Krebs: Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

Police Seizes $439 Million Stolen by Cybercrime Rings Worldwide

Phone Spyware Scandal in Greece Moves to Court as Critics Claim Cover-up

OpenAI is Testing a New GPT-5-Based AI agent “GPT-Alpha”

Kali Linux 2025.3 Released With 10 New Tools, WiFi Enhancements

Senators Introduce Bill Directing FTC to Establish Standards for Protecting Consumers’ Neural Data
Vegas Gambling Giant Boyd Gaming Corporation Hit by Cyber Incident, Employee Data Exposed

Rhysida Ransomware Gang Known for Government Attacks Claims Maryland Transit Incident

CISA Urges Orgs to Review Software After ‘Shai-Hulud’ Supply Chain Compromise

New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus

GitHub Notifications Abused to Impersonate Y Combinator for Crypto Theft

New String of Phishing Attacks Targets Python Developers

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Unpatched Flaw in OnePlus Phones Lets Rogue Apps Text Messages

Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models

Cisco Warns of iOS Zero-Day Vulnerability Exploited in Attacks

9/23/2025

U.S. Secret Service Agents Dismantle Network That Could Shut Down New York Cellphone System

Found Near UN General Assembly

300 SIM Servers, 100K Cards

‘SIM Farms’ Are a Spam Plague

CISA Says Hackers Breached Federal Agency Using Geoserver Exploit

European Airports Still Dealing With Disruptions Days After Ransomware Attack

Drones and Cyber Outages Exposing Aviation Weak Spots Since 2017

Critical Security Flaws Grow With AI Use, New Report Shows

Attacker Breakout Time Falls to 18 Minutes

Deepfake Attacks Hit Two-Thirds of Businesses

DHS Has Been Collecting U.S. Citizens’ DNA for Years

WhatsApp Adds Message Translation to iPhone and Android Apps

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

15 Years of Zero Trust: Why It Matters More Than Ever

Cloudflare Mitigates New Record-Breaking 22.2 Tbps DDoS Attack
Jaguar Land Rover Extends Production Pause Again

Suspected Cyberattack Disrupts Circle K Chain’s Operations in Hong Kong

South Korea Probes Credit Card Company Lotte Card Data Breach Affecting 3 Million Customers

Iranian Hacking Group Nimbus Manticore Expands European Targeting

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

NPM Package ‘fezbox’ Caught Using QR Code to Fetch Cookie-Stealing Malware

Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security

Libraesva ESG Issues Emergency Fix for Bug Exploited by State Hackers

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

SonicWall Releases SMA100 Firmware Update to Wipe Rootkit Malware

9/22/2025

EU Agency Confirms Ransomware Attack Behind Airport Disruptions

Airport Chaos Highlights Rise in High-Profile Ransomware Attacks, Cyber Experts Say

New Plan Would Give Congress Another 18 Months to Revisit Section 702 Surveillance Powers

Deal to Keep TikTok in U.S. Is Near. These Are the Details.

Russia Steps up Disinformation Efforts to Sway Moldova’s Parliamentary Vote

$100M Cyberattack on Vegas Strip Involved Teen Hacker, Police Say

Organizations Must Update Defenses to Scattered Spider Tactics, Experts Urge

Major Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test
Car Giant Stellantis Says Customer Data Nicked After Partner Vendor Pwned

American Archive of Public Broadcasting Fixes Bug Exposing Restricted Media

Verified Steam Game Steals Streamer’s Cancer Treatment Donations

Lorain County (OH) Data Breach May Have Exposed Employee and Vendor Social Security, Bank Information

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

New EDR-Freeze Tool Uses Windows WER to Suspend Security Software

As Scientists Show They Can Read Inner Speech, Brain Implant ‘Pioneers’ Fight for Neural Data Privacy, Access Rights

9/19-21/2025

Russian State Hackers Gamaredon and Turla Collaborate in Attacks Against Ukraine

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware

White House Outlines TikTok Deal That Would Give U.S. Control of Algorithm

China’s ByteDance Will Get 1 of 7 Board Seats for TikTok’s U.S. Operations, Official Says

Lachlan Murdoch, Michael Dell, Ellison Involved in TikTok Deal, Trump Says

Failed Stopgap Funding Bill Puts Key Federal Cybersecurity Legislation in Jeopardy

DOJ: Scattered Spider Took $115 Million in Ransoms, Breached a U.S. Court System

Canada Dismantles TradeOgre Exchange, Seizes $40 Million in Crypto

MI6 Launches Darkweb Portal to Recruit Foreign Spies

Watchdog Finds MrBeast Improperly Collected Children’s Data
Airport Cyberattack Disrupts More and More Flights Across Europe

What We Know About the Cyberattack That Hit Major European Airports

Russia’s Main Airport in St. Petersburg Says Its Website Was Hacked

Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks

17,500 Lighthouse and Lucid Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

Ivanti EPMM Holes Let Miscreants Plant Shady Listeners, CISA Says

Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability

Transforming Cyber Frameworks to Take Control of Cyber-Risk

FBI Warns of Cybercriminals Using Fake FBI Online Crime Reporting Portals

ChatGPT Search is Now Smarter as OpenAI Takes on Google Search

9/18/2025

Senate Confirms Sutton as Pentagon Cyber Policy Chief

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

Cybercriminals Have a Weird New Way to Target You With Scam Texts

NCA Singles Out “The Com” as it Chairs Five Eyes Group

‘Scattered Spider’ Teens Charged Over London Transportation Hack

Cybersecurity Firm Netskope Notches $8.8 Billion Valuation as Shares Jump in Nasdaq Debut

CrowdStrike Pops Nearly 13% on Upbeat Long-Term Guidance at Investor Day

Brazil Enacts Sweeping Bill Requiring Online Age Verification, Safeguards for Children’s Data

Taliban Bans Fiber-Optic Internet in Several Afghan Provinces to Curb ‘Immorality’
Russian Regional Airline KrasAvia Disrupted by Suspected Cyberattack

Cloudflare DDoSed Itself with React useEffect Hook Blunder

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

SystemBC Malware Turns Infected VPS Systems Into Proxy Highway

PyPi Invalidates Tokens Stolen in Ghostaction Supply Chain Attack

WatchGuard Warns of Critical Vulnerability in Firebox Firewalls

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

OpenAI Fixes Zero-Click Shadowleak Vulnerability Affecting ChatGPT Deep Research Agent

9/17/2025

House Lawmakers Move to Extend Two Key Cyber Programs, for Now

Italy Enacts AI Law Covering Privacy, Oversight and Child Access

Israel’s Glilot Capital Raises $500 Million for New AI and Cybersecurity Investments

Five Point-Backed WaterBridge Raises $634 Million in U.S. IPO

Axiom Space Aims for Orbit With Its Orbital Data Center Node

TaskUs Employees Behind Coinbase Breach, U.S. Court Filing Alleges

Judge Rejects Meta Attempt to Overturn Flo Privacy Verdict

Labour Politician Charged Over ‘Honey Trap’ WhatsApp Messages Sent to MPs
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts

Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims

ShinyHunters Claims 1.5 Billion Salesforce Records Stolen in Drift Hacks

VC Firm Insight Partners Says Thousands of Staff and Limited Partners Had Personal Data Stolen in a Ransomware Attack

TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

SonicWall Warns Customers to Reset Credentials After Breach