Latest Cybersecurity News and Articles
19 November 2025
An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system.
The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.
19 November 2025
Microsoft announced new security capabilities for Defender, Sentinel, Copilot, Intune, Purview, and Entra.
The post Microsoft Unveils Security Enhancements for Identity, Defense, Compliance appeared first on SecurityWeek.
18 November 2025
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.
The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0.
"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute
18 November 2025
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale.
Push Security, in a report shared with The Hacker News, said it observed the use
18 November 2025
Major online services such as ChatGPT, X, and Shopify were disrupted in a, as well as transit and city services.
The post Cloudflare Outage Not Caused by Cyberattack appeared first on SecurityWeek.
18 November 2025
Britain’s domestic intelligence agency warned that Chinese nationals were ”using LinkedIn profiles to conduct outreach at scale” on behalf of the Chinese Ministry of State Security.
The post MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn appeared first on SecurityWeek.
18 November 2025
Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol.
The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and
18 November 2025
The total amount of money given to bug bounty hunters by the social media giant has reached $25 million.
The post Meta Paid Out $4 Million via Bug Bounty Program in 2025 appeared first on SecurityWeek.
18 November 2025
Learn why legacy approaches fail to stop modern API threats and show how dedicated API security delivers the visibility, protection, and automation needed to defend against today’s evolving risks.
The post Webinar Today: Protecting What WAFs and Gateways Can’t See – Register appeared first on SecurityWeek.
18 November 2025
The company will use the investment to accelerate product development, expand go-to-market operations, and hire new talent.
The post Apono Raises $34 Million for Cloud Identity Management Platform appeared first on SecurityWeek.
18 November 2025
The fresh investment will be used to accelerate product innovation and to expand the company’s go-to-market efforts.
The post Nudge Security Raises $22.5 Million in Series A Funding appeared first on SecurityWeek.
18 November 2025
Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control (C2) and red teaming framework known as Tuoni.
"The campaign leveraged the emerging Tuoni C2 framework, a relatively new, command-and-control (C2) tool (with a free license) that delivers stealthy, in-memory payloads,"
18 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 18, 2025 – Read the full story in Forbes The Sep. 2025 ransomware attack on European airports left tens of thousands of passengers stranded. Reuters reported that ENISA confirmed a cyberattack on
The post The Cybersecurity Path Forward for Airlines appeared first on Cybercrime Magazine.
18 November 2025
The Inc Ransom group has taken credit for the hack, claiming to have stolen several terabytes of data.
The post Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek.
18 November 2025
Hackers accessed a database containing information about alumni, donors, faculty, students, parents, and other individuals.
The post Princeton University Data Breach Impacts Alumni, Students, Employees appeared first on SecurityWeek.
18 November 2025
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.
The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented by the threat
18 November 2025
A threat actor exploited a vulnerability, exfiltrated data, and attempted to extort Eurofiber.
The post Data Stolen in Eurofiber France Hack appeared first on SecurityWeek.
18 November 2025
You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps you work faster, serve your customers better, and stay ahead.
But as your cloud setup grows, it gets harder to control who can access what.
Even one small mistake—like the wrong person getting access—can lead to big problems. We're talking data leaks, legal trouble, and serious
18 November 2025
Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management (AM), privileged access management (PAM), and identity threat detection and response (ITDR) are all integrated into a single, cohesive control plane.
Building on Gartner’s definition of “identity
18 November 2025
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites.
The malicious npm packages, published by a threat actor named "dino_reborn" between September and November 2025, are