Latest Cybersecurity News and Articles
24 November 2025
Without proper security controls, AI agents could perform malicious actions, such as data exfiltration and malware installation.
The post Microsoft Highlights Security Risks Introduced by New Agentic AI Feature appeared first on SecurityWeek.
24 November 2025
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack.
The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.
"The campaign introduces a new variant that executes malicious
24 November 2025
The Cl0p ransomware group has listed Mazda and Mazda USA as victims of the Oracle EBS campaign on its leak website.
The post Mazda Says No Data Leakage or Operational Impact From Oracle Hack appeared first on SecurityWeek.
24 November 2025
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.
Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI
24 November 2025
The company has notified its customers of the incident roughly a week after a threat actor claimed the theft of 77GB of data from Iberia’s systems.
The post Spanish Airline Iberia Notifies Customers of Data Breach appeared first on SecurityWeek.
24 November 2025
Names, Social Security numbers, ID numbers, and health information were stolen from a compromised email account.
The post 146,000 Impacted by Delta Dental of Virginia Data Breach appeared first on SecurityWeek.
24 November 2025
New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China.
"We found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it
24 November 2025
More than 1.6 Tb of data allegedly stolen from Cox was made public by the hackers.
The post Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims appeared first on SecurityWeek.
24 November 2025
The FCC has chosen to end the telecommunications cyber rules enacted after the Salt Typhoon espionage campaign.
24 November 2025
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.
"The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence Center (ASEC) said in a report published last week. "They then used PowerCat, an open-source
22 November 2025
The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time.
"In the period from 2024 to 2025, the Russian IT sector, especially companies working as contractors and integrators of solutions for government agencies,
22 November 2025
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2.
"This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems," Blackfog researcher Brenda Robb said in a Thursday report.
In
22 November 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated
21 November 2025
CrowdStrike became a global partner of Mercedes’ F1 team in 2019, but Kurtz’s purchase into the ownership group was his personally.
The post Mercedes F1 Team Principal Toto Wolff Sells 15% Stake to CrowdStrike CEO George Kurtz appeared first on SecurityWeek.
21 November 2025
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.
The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First
21 November 2025
Other noteworthy stories that might have slipped under the radar: surge in Palo Alto Networks scanning, WEL Companies data breach impacts 120,000 people, AI second-order prompt injection attack.
The post In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring appeared first on SecurityWeek.
21 November 2025
CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager.
The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek.
21 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 21, 2025 – Watch the YouTube video Fortune 500 chief information security officer Adam Keown says that “when it comes to artificial intelligence, we have to quit thinking of deepfakes or voice
The post AI-Powered Cyberattacks & Social Engineering. How to Detect and Defend Against Them. appeared first on Cybercrime Magazine.
21 November 2025
The number of participants in the cyber and physical grid security exercise increased by nearly 50% compared to two years ago.
The post Over 370 Organizations Take Part in GridEx VIII Grid Security Exercise appeared first on SecurityWeek.
21 November 2025
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.
The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad, and macOS devices, with plans to expand