Latest Cybersecurity News and Articles
19 November 2025
Microsoft said the DDoS attack was aimed at an endpoint in Australia and reached 15.72 Tbps and 3.64 Bpps.
The post Largest Azure DDoS Attack Powered by Aisuru Botnet appeared first on SecurityWeek.
19 November 2025
The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.
EdgeStepper "redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure
19 November 2025
Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks.
The second-order prompt injection, according to AppOmni, makes use of Now Assist's agent-to-agent discovery to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive
19 November 2025
An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system.
The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.
19 November 2025
Microsoft announced new security capabilities for Defender, Sentinel, Copilot, Intune, Purview, and Entra.
The post Microsoft Unveils Security Enhancements for Identity, Defense, Compliance appeared first on SecurityWeek.
18 November 2025
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.
The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0.
"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute
18 November 2025
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale.
Push Security, in a report shared with The Hacker News, said it observed the use
18 November 2025
Major online services such as ChatGPT, X, and Shopify were disrupted in a, as well as transit and city services.
The post Cloudflare Outage Not Caused by Cyberattack appeared first on SecurityWeek.
18 November 2025
Britain’s domestic intelligence agency warned that Chinese nationals were ”using LinkedIn profiles to conduct outreach at scale” on behalf of the Chinese Ministry of State Security.
The post MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn appeared first on SecurityWeek.
18 November 2025
Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol.
The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and
18 November 2025
The total amount of money given to bug bounty hunters by the social media giant has reached $25 million.
The post Meta Paid Out $4 Million via Bug Bounty Program in 2025 appeared first on SecurityWeek.
18 November 2025
Learn why legacy approaches fail to stop modern API threats and show how dedicated API security delivers the visibility, protection, and automation needed to defend against today’s evolving risks.
The post Webinar Today: Protecting What WAFs and Gateways Can’t See – Register appeared first on SecurityWeek.
18 November 2025
The company will use the investment to accelerate product development, expand go-to-market operations, and hire new talent.
The post Apono Raises $34 Million for Cloud Identity Management Platform appeared first on SecurityWeek.
18 November 2025
The fresh investment will be used to accelerate product innovation and to expand the company’s go-to-market efforts.
The post Nudge Security Raises $22.5 Million in Series A Funding appeared first on SecurityWeek.
18 November 2025
Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control (C2) and red teaming framework known as Tuoni.
"The campaign leveraged the emerging Tuoni C2 framework, a relatively new, command-and-control (C2) tool (with a free license) that delivers stealthy, in-memory payloads,"
18 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 18, 2025 – Read the full story in Forbes The Sep. 2025 ransomware attack on European airports left tens of thousands of passengers stranded. Reuters reported that ENISA confirmed a cyberattack on
The post The Cybersecurity Path Forward for Airlines appeared first on Cybercrime Magazine.
18 November 2025
The Inc Ransom group has taken credit for the hack, claiming to have stolen several terabytes of data.
The post Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek.
18 November 2025
Hackers accessed a database containing information about alumni, donors, faculty, students, parents, and other individuals.
The post Princeton University Data Breach Impacts Alumni, Students, Employees appeared first on SecurityWeek.
18 November 2025
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.
The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented by the threat
18 November 2025
A threat actor exploited a vulnerability, exfiltrated data, and attempted to extort Eurofiber.
The post Data Stolen in Eurofiber France Hack appeared first on SecurityWeek.