Latest Cybersecurity News and Articles

---

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization," Ontinue security researcher Rhys Downing said in a report

---

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under the

---

Asahi Data Breach Impacts 2 Million Individuals

Hackers stole the personal information of customers and employees before deploying ransomware and crippling Asahi’s operations in Japan. The post Asahi Data Breach Impacts 2 Million Individuals appeared first on SecurityWeek.

---

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.]com" by only letting scripts from trusted Microsoft domains run. "This update strengthens security and adds an extra

---

OpenAI User Data Exposed in Mixpanel Hack

Multiple Mixpanel customers were impacted by a recent cyberattack targeting the product analytics company.  The post OpenAI User Data Exposed in Mixpanel Hack appeared first on SecurityWeek.

---

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake

---

OBR chair ‘mortified’ by budget leak as ex-cybersecurity chief called in to investigate

Richard Hughes, head of Office for Budget Responsibility, says he has apologised to chancellor for ‘letting people down’How Rachel Reeves’s budget was leaked 40 minutes earlyBusiness live – latest updatesUK politics live – latest updatesThe chair of the Office for Budget Responsibility has said he felt “personally mortified” by the early release of its budget documents and said the former boss of the National Cyber Security Centre will be involved in an investigation into the incident.Richard Hughes said he had written to the chancellor, Rachel Reeves, and the chair of the Treasury select committee, Meg Hillier, to apologise, and launched the inquiry. Continue reading...

---

How to Stay Safe Online This Black Friday, According to a Cyber Expert

A cyber expert shares how individuals — and organizations — can stay safe during the holiday shopping season.

---

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not reveal the exact number of customers who were impacted, but its CEO, Chuck Ganapathi, said "we

---

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "

---

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.

---

London councils enact emergency plans after three hit by cyber-attack

Kensington and Westminster councils investigating whether data has been compromised as Hammersmith and Fulham also reports hackThree London councils have reported a cyber-attack, prompting the roll out of emergency plans as they investigate whether any data has been compromised.The Royal Borough of Kensington and Chelsea, and Westminster city council, which share some IT infrastructure, said a number of systems had been affected across both authorities, including phone lines. The councils shut down several computerised systems as a precaution to limit further possible damage. Continue reading...

---

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)

---

Clover Security Raises $36 Million to Secure Software by Design

The cybersecurity startup embeds AI agents into widely used tools to identify design flaws and eliminate them early. The post Clover Security Raises $36 Million to Secure Software by Design appeared first on SecurityWeek.

---

Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI

Cybercriminals impersonating financial institutions have targeted individuals, businesses, and organizations of different sizes. The post Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI appeared first on SecurityWeek.

---

Thousands of Secrets Leaked on Code Formatting Platforms

JSONFormatter and CodeBeautify users exposed credentials, authentication keys, configuration information, private keys, and other secrets. The post Thousands of Secrets Leaked on Code Formatting Platforms appeared first on SecurityWeek.

---

Cybersecurity Is Now a Core Business Discipline

Boardroom conversations about cyber can no longer be siloed apart from strategy, operations, or geopolitics. The post Cybersecurity Is Now a Core Business Discipline appeared first on SecurityWeek.

---

When Your $2M Security Detection Fails: Can your SOC Save You?

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations' security investments are asymmetrical, robust detection tools paired with an under-resourced SOC,

---

Ransomware Attack Disrupts Local Emergency Alert System Across US

The OnSolve CodeRED platform has been targeted by the Inc Ransom ransomware group, resulting in disruptions and a data breach. The post Ransomware Attack Disrupts Local Emergency Alert System Across US appeared first on SecurityWeek.

---

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The extension, named Crypto Copilot, was first published by a user named "sjclark76" on May 7, 2024. The developer describes the browser add-on as