Latest Cybersecurity News and Articles

---

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical

---

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

---

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to

---

Ukrainian Extradited to US Faces Charges in Jabber Zeus Cybercrime Case

Yuriy Igorevich Rybtsov, aka MrICQ, was arrested in Italy and lost his appeal to avoid extradition to the US. The post Ukrainian Extradited to US Faces Charges in Jabber Zeus Cybercrime Case appeared first on SecurityWeek.

---

How Software Development Teams Can Securely and Ethically Deploy AI Tools

To deploy AI tools securely and ethically, teams must balance innovation with accountability—establishing strong governance, upskilling developers, and enforcing rigorous code reviews. The post How Software Development Teams Can Securely and Ethically Deploy AI Tools appeared first on SecurityWeek.

---

CISO Burnout – Epidemic, Endemic, or Simply Inevitable?

CISO burnout is increasing. Are we simply more aware of the condition? Or have demands on the CISO grown and burnout is now the inevitable result?  The post CISO Burnout – Epidemic, Endemic, or Simply Inevitable? appeared first on SecurityWeek.

---

Who is Zico Kolter? A Professor Leads OpenAI Safety Panel With Power to Halt Unsafe AI Releases

Kolter leads a panel at OpenAI that has the authority to halt the ChatGPT maker’s release of new AI systems if it finds them unsafe. The post Who is Zico Kolter? A Professor Leads OpenAI Safety Panel With Power to Halt Unsafe AI Releases appeared first on SecurityWeek.

---

Malware 2.0: 7 Strategies To Outsmart A Smarter Adversary

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 3, 2025 – Read the full story in Forbes Global cybercrime costs were predicted by Cybersecurity Ventures to grow by 15 percent per year over the past five years—with malware and ransomware The post Malware 2.0: 7 Strategies To Outsmart A Smarter Adversary appeared first on Cybercrime Magazine.

---

Claude AI APIs Can Be Abused for Data Exfiltration

An attacker can inject indirect prompts to trick the model into harvesting user data and sending it to the attacker’s account. The post Claude AI APIs Can Be Abused for Data Exfiltration appeared first on SecurityWeek.

---

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the

---

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test.

---

Cybersecurity M&A Roundup: 45 Deals Announced in October 2025

Significant cybersecurity M&A deals announced by Jamf, LevelBlue, Ping Identity, Twilio, and Veeam Software. The post Cybersecurity M&A Roundup: 45 Deals Announced in October 2025 appeared first on SecurityWeek.

---

The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations

Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the

---

Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data

Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment

---

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션

---

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks

PowerShell and .NET variants of the malware abuse AirWatch’s MDM API to establish a C&C communication channel. The post Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks appeared first on SecurityWeek.

---

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine. The post Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities appeared first on SecurityWeek.

---

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus."

---

Knee-jerk corporate responses to data leaks protect brands like Qantas — but consumers are getting screwed

When courts ban people from accessing leaked data – as happened after the airline’s data breach – only hackers and scammers winFollow our Australia news live blog for latest updatesGet our breaking news email, free app or daily news podcastIt’s become the playbook for big Australian companies that have customer data stolen in a cyber-attack: call in the lawyers and get a court to block anyone from accessing it.Qantas ran it after suffering a major cybersecurity attack that accessed the frequent flyer details of 5 million customers. Continue reading...

---

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an