Latest Cybersecurity News and Articles
25 November 2025
CISA has described the techniques used by attackers and pointed out that the focus is on high-value individuals.
The post CISA Warns of Spyware Targeting Messaging App Users appeared first on SecurityWeek.
25 November 2025
Focusing on improving the resilience of AI agents, the startup will use the funding to accelerate deployments of its platform.
The post AI Agent Security Firm Vijil Raises $17 Million appeared first on SecurityWeek.
25 November 2025
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code.
Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of
25 November 2025
Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update.
"Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising," Acronis said in a
25 November 2025
A phone phishing attack led to the compromise of a system containing information about alumni, donors, students, staff, and other individuals.
The post Alumni, Student, and Staff Information Stolen From Harvard University appeared first on SecurityWeek.
25 November 2025
Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation.
The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek.
25 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 25, 2025 – Read the full story from American Enterprise Institute The annual cost of cybercrime is expected to reach $10.5 trillion in 2025, according to Cybersecurity Ventures, who says that
The post Society Bears A Huge Cybercrime Burden appeared first on Cybercrime Magazine.
25 November 2025
Palo Alto Networks has conducted an analysis of malicious LLMs that help threat actors with phishing, malware development, and reconnaissance.
The post WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation appeared first on SecurityWeek.
25 November 2025
Hackers stole corporate data such as accounting records and legal agreements, but did not deploy file-encrypting ransomware.
The post Major US Banks Impacted by SitusAMC Hack appeared first on SecurityWeek.
25 November 2025
The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy.
"This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user's browser, which can be used outside the perimeter of the compromised infrastructure to access
25 November 2025
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns.
The Storm on the Horizon
Global world instability, coupled with rapid technological advancement, will force security teams to adapt not just their
25 November 2025
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2.
"This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader," Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News.
"Users unknowingly
25 November 2025
The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories.
The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek.
25 November 2025
More than 100 alleged victims of the Oracle EBS campaign have been added to the Cl0p ransomware website.
The post Canon Says Subsidiary Impacted by Oracle EBS Hack appeared first on SecurityWeek.
25 November 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications.
"These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim's messaging app,
24 November 2025
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user's network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers.
24 November 2025
CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek.
24 November 2025
The company has confirmed that it terminated an insider who shared screenshots of his computer with cybercriminals.
The post CrowdStrike Insider Helped Hackers Falsely Claim System Breach appeared first on SecurityWeek.
24 November 2025
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures.
The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said in
24 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 24, 2025 – Listen to the podcast In “How I Rob Banks: And Other Such Places,” renowned ethical hacker and social engineer FC aka FreakyClown delivers a gripping and often hilarious discussion of
The post True Cybersecurity Story: How FreakyClown Robs Banks appeared first on Cybercrime Magazine.