Latest Cybersecurity News and Articles
10 November 2025
The flaws tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 have been patched.
The post Runc Vulnerabilities Can Be Exploited to Escape Containers appeared first on SecurityWeek.
10 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 10, 2025 – Listen to the podcast For the past five years—ever since a chance encounter at a dinner party—Byron Tau, an investigative reporter for The Associated Press and former reporter
The post How The Whole Of The Internet And Every Digital Device In The World Is Under Surveillance appeared first on Cybercrime Magazine.
10 November 2025
OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications.
The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first on SecurityWeek.
10 November 2025
Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.
But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fast
10 November 2025
Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well.
The post GlassWorm Malware Returns to Open VSX, Emerges on GitHub appeared first on SecurityWeek.
10 November 2025
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low.
What’s emerging isn’t just a blindspot. It’s a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI
10 November 2025
The Cl0p website lists major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland.
The post Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site appeared first on SecurityWeek.
10 November 2025
Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions.
The post QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland appeared first on SecurityWeek.
10 November 2025
Australia mirrored the US’s recent sanctions against bankers, financial institutions, and others allegedly involved in laundering funds for North Korea.
The post Australia Sanctions Hackers Supporting North Korea’s Weapons Program appeared first on SecurityWeek.
10 November 2025
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT.
"The attacker's modus operandi involved using a compromised email account to send malicious messages to multiple hotel establishments," Sekoia said. "This campaign
10 November 2025
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem.
The extensions in question, which are still available for download, are listed below -
ai-driven-dev.ai-driven-dev (3,402 downloads)
adhamu.history-in-sublime-merge (4,057
09 November 2025
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.
08 November 2025
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances.
This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to
07 November 2025
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East.
The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the "libimagecodec.quram.so" component that could allow remote attackers to execute arbitrary
07 November 2025
Other noteworthy stories that might have slipped under the radar: rogue ransomware negotiators charged, F5 hack prompts OT security guidance, Germany targets Huawei tech.
The post In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests appeared first on SecurityWeek.
07 November 2025
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues.
The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government
07 November 2025
Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East.
The post Landfall Android Spyware Targeted Samsung Phones via Zero-Day appeared first on SecurityWeek.
07 November 2025
When leaders redefine power as trust instead of control, teams unlock their potential — and organizations find their edge.
The post Radical Empowerment From Your Leadership: Understood by Few, Essential for All appeared first on SecurityWeek.
07 November 2025
The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks.
The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek.
07 November 2025
ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing.
The post ClickFix Attacks Against macOS Users Evolving appeared first on SecurityWeek.