Latest Cybersecurity News and Articles
11 November 2025
Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp.
According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking applications.
11 November 2025
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress.
The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of initial infection.
"
11 November 2025
A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools.
The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek.
11 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 11, 2025 – Listen to the podcast Online romance fraud is a problem across the globe. It causes financial and emotional devastation, yet many people refuse to take it seriously. “Keanu
The post Keanu Reeves is Not in Love With You: The Murky World of Online Romance appeared first on Cybercrime Magazine.
11 November 2025
Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users.
The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek.
11 November 2025
Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments.
The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek.
11 November 2025
Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025.
The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek.
11 November 2025
Your dedication to service, teamwork, and resilience is woven into the very fabric of cybersecurity.
The post Honoring Our Veteran Readers: Thank You for Your Service appeared first on SecurityWeek.
11 November 2025
Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication.
The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek.
11 November 2025
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations.
Download the full CISO’s expert guide to AI Supply chain attacks here.
TL;DR
AI-enabled supply chain attacks are exploding in scale and sophistication - Malicious package uploads to open-source repositories jumped 156% in
11 November 2025
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned repositories.
"We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish
11 November 2025
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.
According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,
11 November 2025
Three veterans share their career journeys into cybersecurity.
10 November 2025
Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform.
The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.
The
10 November 2025
The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control.
"Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs," the Genians
10 November 2025
Wiz found the secrets and warned that they can expose training data, organizational structures, and private models.
The post Many Forbes AI 50 Companies Leak Secrets on GitHub appeared first on SecurityWeek.
10 November 2025
The flaws tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 have been patched.
The post Runc Vulnerabilities Can Be Exploited to Escape Containers appeared first on SecurityWeek.
10 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 10, 2025 – Listen to the podcast For the past five years—ever since a chance encounter at a dinner party—Byron Tau, an investigative reporter for The Associated Press and former reporter
The post How The Whole Of The Internet And Every Digital Device In The World Is Under Surveillance appeared first on Cybercrime Magazine.
10 November 2025
OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications.
The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first on SecurityWeek.
10 November 2025
Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.
But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fast