Latest Cybersecurity News and Articles
13 November 2025
Federal agencies have reported as ‘patched’ ASA or FTD devices running software versions vulnerable to attacks.
The post CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks appeared first on SecurityWeek.
13 November 2025
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.
13 November 2025
Join us as speakers from Cisco outline important steps industrial organizations can take to safeguard operations, achieve compliance, and enable sustainable growth.
The post Webinar Today: The Future of Industrial Network Security appeared first on SecurityWeek.
13 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 13, 2025 – Read the full story from Smart Cities Dive According to Cybercrime Magazine, cybercrime costs are currently $10.5 trillion annually, and state and local governments have become prime targets
The post How NASPO Helps U.S. State & Local Governments Battle Cybercrime appeared first on Cybercrime Magazine.
13 November 2025
The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names.
The post Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm appeared first on SecurityWeek.
13 November 2025
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases.
The name of the extension is "Safery: Ethereum Wallet," with the threat actor describing it as a "secure wallet for managing Ethereum cryptocurrency with flexible settings." It was uploaded to the Chrome Web Store on
13 November 2025
The UK’s national healthcare system is working with the country’s National Cyber Security Centre to investigate the incident.
The post NHS Investigating Oracle EBS Hack Claims as Hackers Name Over 40 Alleged Victims appeared first on SecurityWeek.
13 November 2025
Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls.
The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek.
13 November 2025
The Race for Every New CVE
Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as actively targeted within days of public disclosure. Each new announcement now triggers a global race
13 November 2025
The ransomware attack on the pathology services provider disrupted operations at several London hospitals.
The post Synnovis Confirms Patient Information Stolen in Disruptive Ransomware Attack appeared first on SecurityWeek.
13 November 2025
Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust.
The activity, which is taking place between November 10 and 13, 2025, marks the latest phase of Operation Endgame, an ongoing operation designed to take down criminal infrastructures and combat ransomware enablers
13 November 2025
Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us.
But security teams are fighting back. They’re building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It’s a constant race — every
13 November 2025
Amazon has seen a threat actor exploiting CVE-2025-20337 and CVE-2025-5777, two critical Cisco and Citrix vulnerabilities, as zero-days.
The post Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon appeared first on SecurityWeek.
13 November 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including
13 November 2025
Google and Mozilla have released fresh Chrome and Firefox updates that address multiple high-severity security defects.
The post Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases appeared first on SecurityWeek.
12 November 2025
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.
"The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years," Endor Labs
12 November 2025
NTT’s chief cybersecurity strategist Mihoko Matsubara on the new geopolitics of hacking, the "chicken and egg" problem of 5G, and the AGI threat to society.
The post China’s Cyber Silence is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says appeared first on SecurityWeek.
12 November 2025
Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries.
The PhaaS kit is used to conduct large-scale SMS phishing attacks that exploit trusted brands like E-ZPass and USPS to
12 November 2025
Behavioral detection allows defenders to recognize activity patterns like privilege escalation, credential theft, and lateral movement—often ahead of encryption or data exfiltration.
The post How TTP-based Defenses Outperform Traditional IoC Hunting appeared first on SecurityWeek.
12 November 2025
From the evolving role of AI to the realities of cloud risk and governance, the CISO Forum Virtual Summit brings together CISOs, researchers, and innovators to share practical insights and strategies.
The post Virtual Event Today: CISO Forum 2025 Virtual Summit appeared first on SecurityWeek.