Latest Cybersecurity News and Articles
21 November 2025
The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories.
The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first on SecurityWeek.
21 November 2025
APT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads.
The post Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks appeared first on SecurityWeek.
21 November 2025
SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake.
The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek.
21 November 2025
Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have.
Mobile devices are essential for modern work—but with mobility comes risk. IT admins, like you, juggle protecting sensitive data while keeping teams productive. That’s why more enterprises are turning to Samsung for mobile security.
Hey—you're busy, so here's a quick-read article on what
21 November 2025
Logitech has confirmed it experienced a data breach, and security leaders are sharing their insights.
21 November 2025
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign.
"While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting
21 November 2025
The company has operated in stealth mode for four months and has signed dozens of customers, including eight unicorns.
The post Runlayer Emerges From Stealth Mode With $11 Million in Funding appeared first on SecurityWeek.
21 November 2025
The infamous ShinyHunters hackers have targeted customer-managed Gainsight-published applications to steal data from Salesforce instances.
The post Salesforce Instances Hacked via Gainsight Integrations appeared first on SecurityWeek.
21 November 2025
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack.
In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G. Brown, asked the court to voluntarily
21 November 2025
Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform.
"Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app's connection," the company said in an advisory.
The cloud services firm said it has taken the step of revoking all active access and refresh
20 November 2025
Thailand’s Cyber Crime Investigation Bureau said an FBI tip that the “world-class hacker” was traveling to Thailand led to his arrest in Phuket.
The post Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island appeared first on SecurityWeek.
20 November 2025
In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.
20 November 2025
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet.
The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024. The attack, at its core,
20 November 2025
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users.
Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky researcher Lisandro Ubiedo said in an analysis published today.
There are currently no details on how the botnet malware is propagated;
20 November 2025
The Android malware is in development and appears to be mainly aimed at users in Europe.
The post New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages appeared first on SecurityWeek.
20 November 2025
The AI-native social engineering defense (SED) platform will accelerate product innovation and expand its offerings.
The post Doppel Raises $70 Million at $600 Million Valuation appeared first on SecurityWeek.
20 November 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 20, 2025 – Read the full story from Astra With the global cost of cybercrime predicted to reach $10.5 trillion in 2025, there has never been a greater need for security measures
The post Everything You Always Wanted To Know About Security Audits But Were Afraid To Ask appeared first on Cybercrime Magazine.
20 November 2025
A Chinese threat actor is exploiting known vulnerabilities in discontinued Asus devices in an Operational Relay Box (ORB) facilitation campaign.
The post Over 50,000 Asus Routers Hacked in ‘Operation WrtHug’ appeared first on SecurityWeek.
20 November 2025
Media Land, Hypercore, and their leadership and employees are allegedly connected to various cybercriminal activities.
The post US and Allies Sanction Russian Bulletproof Hosting Service Providers appeared first on SecurityWeek.
20 November 2025
This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used to attack people.
Every day, there's a new story that shows how quickly things are