Latest Cybersecurity News and Articles

---

CTRL, ALT, HACKED: Women In Gaming. Facing A Culture Of Stereotypes, Harassment, & Misogyny.

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 7, 2025 – Listen to the podcast Over 40 percent of adolescent gamers in the U.S. avoid media depicting women in a “stereotypical and harmful way”, according to a new study. The post CTRL, ALT, HACKED: Women In Gaming. Facing A Culture Of Stereotypes, Harassment, & Misogyny. appeared first on Cybercrime Magazine.

---

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named "shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and

---

DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz

Google’s acquisition of Wiz is expected to close in 2026, but there are other reviews that need to be cleared. The post DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz appeared first on SecurityWeek.

---

The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures

The Congressional Budget Office confirmed it had been hacked, potentially disclosing important government data to malicious actors. The post The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures appeared first on SecurityWeek.

---

Chrome 142 Update Patches High-Severity Flaws

An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution. The post Chrome 142 Update Patches High-Severity Flaws appeared first on SecurityWeek.

---

Enterprise Credentials at Risk – Same Old, Same Old?

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web

---

Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector

Multiple state-sponsored Russian groups are targeting Ukrainian entities and European countries linked to Ukraine. The post Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector appeared first on SecurityWeek.

---

Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts

Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments. The approach is designed to tackle a common practice called review bombing, where online users intentionally post negative user reviews in an

---

18 Arrested in Crackdown on Credit Card Fraud Rings

Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million). The post 18 Arrested in Crackdown on Credit Card Fraud Rings appeared first on SecurityWeek.

---

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex," said it does not attempt to hide its malicious functionality. The extension was uploaded on

---

Researchers Hack ChatGPT Memories and Web Search Features

Tenable researchers discovered seven vulnerabilities, including ones affecting the latest GPT model. The post Researchers Hack ChatGPT Memories and Web Search Features appeared first on SecurityWeek.

---

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned. "InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link

---

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362

Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service

---

Truffle Security Raises $25 Million for Secret Scanning Engine

The investment will fuel the development of Truffle’s enterprise-grade secrets detection, verification, and remediation platform. The post Truffle Security Raises $25 Million for Secret Scanning Engine appeared first on SecurityWeek.

---

Cybercrime Magazine On Instagram: Hacking The Latest Cybersecurity Stories

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 6, 2025 – Listen to the podcast Taylor Fox, Instagram and social media contributor at Cybercrime Magazine, has been hacking away at the top cybersecurity stories since the beginning of this The post Cybercrime Magazine On Instagram: Hacking The Latest Cybersecurity Stories appeared first on Cybercrime Magazine.

---

Follow Pragmatic Interventions to Keep Agentic AI in Check

Agentic AI speeds operations, but requires clear goals, least privilege, auditability, red‑teaming, and human oversight to manage opacity, misalignment, and misuse. The post Follow Pragmatic Interventions to Keep Agentic AI in Check appeared first on SecurityWeek.

---

DeFi Protocol Balancer Starts Recovering Funds Stolen in $128 Million Heist

Hackers drained more cryptocurrency from Balancer by exploiting a rounding function and performing batch swaps. The post DeFi Protocol Balancer Starts Recovering Funds Stolen in $128 Million Heist appeared first on SecurityWeek.

---

From Tabletop to Turnkey: Building Cyber Resilience in Financial Services

Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in

---

Nevada Ransomware Attack Started Months Before It Was Discovered, Per Report

The ransomware attack discovered in August occurred as early as May when a state employee mistakenly downloaded malicious software. The post Nevada Ransomware Attack Started Months Before It Was Discovered, Per Report appeared first on SecurityWeek.

---

ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political