Latest Cybersecurity News and Articles

---

How to Stay Safe Online This Black Friday, According to a Cyber Expert

A cyber expert shares how individuals — and organizations — can stay safe during the holiday shopping season.

---

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not reveal the exact number of customers who were impacted, but its CEO, Chuck Ganapathi, said "we

---

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "

---

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.

---

London councils enact emergency plans after three hit by cyber-attack

Kensington and Westminster councils investigating whether data has been compromised as Hammersmith and Fulham also reports hackThree London councils have reported a cyber-attack, prompting the roll out of emergency plans as they investigate whether any data has been compromised.The Royal Borough of Kensington and Chelsea, and Westminster city council, which share some IT infrastructure, said a number of systems had been affected across both authorities, including phone lines. The councils shut down several computerised systems as a precaution to limit further possible damage. Continue reading...

---

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)

---

Clover Security Raises $36 Million to Secure Software by Design

The cybersecurity startup embeds AI agents into widely used tools to identify design flaws and eliminate them early. The post Clover Security Raises $36 Million to Secure Software by Design appeared first on SecurityWeek.

---

Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI

Cybercriminals impersonating financial institutions have targeted individuals, businesses, and organizations of different sizes. The post Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI appeared first on SecurityWeek.

---

Thousands of Secrets Leaked on Code Formatting Platforms

JSONFormatter and CodeBeautify users exposed credentials, authentication keys, configuration information, private keys, and other secrets. The post Thousands of Secrets Leaked on Code Formatting Platforms appeared first on SecurityWeek.

---

Cybersecurity Is Now a Core Business Discipline

Boardroom conversations about cyber can no longer be siloed apart from strategy, operations, or geopolitics. The post Cybersecurity Is Now a Core Business Discipline appeared first on SecurityWeek.

---

When Your $2M Security Detection Fails: Can your SOC Save You?

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations' security investments are asymmetrical, robust detection tools paired with an under-resourced SOC,

---

Ransomware Attack Disrupts Local Emergency Alert System Across US

The OnSolve CodeRED platform has been targeted by the Inc Ransom ransomware group, resulting in disruptions and a data breach. The post Ransomware Attack Disrupts Local Emergency Alert System Across US appeared first on SecurityWeek.

---

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The extension, named Crypto Copilot, was first published by a user named "sjclark76" on May 7, 2024. The developer describes the browser add-on as

---

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch... The very tools that make your job easier might also be the reason your systems are at risk. These tools are run by the community. That means anyone can add or update packages. Some

---

Opti Raises $20 Million for Identity Security Platform

The cybersecurity startup plans to use the seed funding to accelerate product expansion and global growth. The post Opti Raises $20 Million for Identity Security Platform appeared first on SecurityWeek.

---

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs researcher Jacob Faires said in a Tuesday report. The activity has been attributed with medium-to-high

---

Dartmouth College Confirms Data Theft in Oracle Hack

Dartmouth College has disclosed a data breach after cybercriminals leaked over 226 Gb of files stolen from the university. The post Dartmouth College Confirms Data Theft in Oracle Hack appeared first on SecurityWeek.

---

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover (ATO) fraud schemes. The activity targets individuals, businesses, and organizations of varied sizes and across sectors, the agency said, adding the fraudulent schemes have led to more than $262

---

Russian Hackers Target US Engineering Firm Because of Work Done for Ukrainian Sister City

The attack on the engineering firm was identified by Arctic Wolf in September before it could disrupt the engineering company’s operations or spread further. The post Russian Hackers Target US Engineering Firm Because of Work Done for Ukrainian Sister City appeared first on SecurityWeek.

---

Why NDR Alone Is No Longer Enough: The Case for an Open, Unified SecOps Platform Built on a Strong NDR Core

The Shift From Point Tools to Unified Security Operations – Aimei Wei, Chief Technical Officer and Founder San Jose, Calif. – Nov. 25, 2025 In today’s cybersecurity arms race, visibility is everything—but context is king. Network Detection and Response (NDR) has long been one of The post Why NDR Alone Is No Longer Enough: The Case for an Open, Unified SecOps Platform Built on a Strong NDR Core appeared first on Cybercrime Magazine.