azMza - Security Updates

Security

Updates

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persist

05-12-2025 13:44

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addre

05-12-2025 11:10

Chinese Hackers Exploiting React2Shell Vulnerability

AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post appeared first on .

05-12-2025 07:33

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lure

04-12-2025 22:55

India Rolls Back Order to Preinstall Cybersecurity App on Smartphones

The Ministry of Communications on had asked smartphone makers to install the government’s “Sanchar Saathi” app within 90 days and to prevent users from disabling it. The post appeared first on .

04-12-2025 19:10

Cybersecurity M&A Roundup: 30 Deals Announced in November 2025

Significant cybersecurity M&A deals announced by Arctic Wolf, Bugcrowd, Huntress, Palo Alto Networks, and Zscaler. The post appeared first on .

04-12-2025 17:48

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the latest cyber stories

04-12-2025 17:28

5 Threats That Reshaped Web Security This Year [2025]

As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of

04-12-2025 17:00

AT&T Extends Deadline for Data Breach Settlement Claims

The deadline for 51 million affected customers to claim compensation from two massive data leaks is now Dec. 18. The post appeared first on .

04-12-2025 16:20

Protect Your Digital Life with a 5-Year iProVPN Plan for $20

Protect 10 devices with encrypted browsing, global server access, and long-term online privacy you control. The post appeared first on .

04-12-2025 15:41

Agentic Security Firm 7AI Raises $130 Million

Established in 2024 by Cybereason co-founders Lior Div and Yonatan Striem-Amit, the company has raised a total of $166 million in funding. The post appeared first on .

04-12-2025 15:18

Inotiv Says Personal Information Stolen in Ransomware Attack

Hackers stole the names, addresses, Social Security numbers, and financial and medical information of 9,542 people. The post appeared first on .

04-12-2025 15:02

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed

04-12-2025 14:57

Reporters Without Borders Targeted by Russian Hackers

The state-sponsored hackers relied on phishing emails to deliver a malicious payload to Reporters Without Borders (RSF). The post appeared first on .

04-12-2025 14:15

Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT

The 25-page document outlines four principles for securely integrating AI with operational technology. The post appeared first on .

04-12-2025 13:18

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web infrastructure and security company said, originated from a DDoS b

04-12-2025 12:22

Personal Information Compromised in Freedom Mobile Data Breach

Freedom Mobile says hackers stole customers’ personal information from its account management platform. The post appeared first on .

04-12-2025 11:58

Marquis Data Breach Impacts Over 780,000 People

The compromised personal and financial information includes names, addresses, Social Security numbers, and card numbers. The post appeared first on .

04-12-2025 11:13

Microsoft Silently Fixes 8-Year Windows Security Flaw

The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows' standard interface. The post appeared first on .

04-12-2025 10:16

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post appeared first on .

04-12-2025 10:06

India Scraps Mandatory App Preinstall Following Industry Pushback

The reversal comes just 48 hours after reports surfaced that Apple refused to comply with the order to preload the government's Sanchar Saathi app. The post appeared first on .

04-12-2025 05:25

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has

03-12-2025 23:49

Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar

Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country? Those days are over. Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals st

03-12-2025 23:26

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491

03-12-2025 23:16

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated att

03-12-2025 22:38

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks

03-12-2025 21:02

Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage

Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not lo

03-12-2025 15:26

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections. Picklescan, devel

03-12-2025 15:00

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Mach

03-12-2025 14:09

Niobium Raises $23 Million for FHE Hardware Acceleration

The startup will invest the funds in accelerating development of its second-generation fully homomorphic encryption (FHE) platforms. The post appeared first on .

03-12-2025 14:03

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post appeared first on .

03-12-2025 13:36

Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims

Arizona is the latest state to sue Temu and its parent company PDD Holdings over allegations that the Chinese online retailer is stealing customers’ data. The post appeared first on .

03-12-2025 12:24

ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal

Veza Security was recently valued at more than $800 million after raising $108 million in Series D funding. The post appeared first on .

03-12-2025 12:01

Penn and Phoenix Universities Disclose Data Breach After Oracle Hack

The University of Pennsylvania and the University of Phoenix confirm that they are victims of the recent Oracle EBS hacking campaign. The post appeared first on .

03-12-2025 11:30

re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities

AWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event. The post appeared first on .

03-12-2025 11:00

Microsoft Silently Mitigated Exploited LNK Vulnerability

Windows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post appeared first on .

03-12-2025 10:50

Chrome 143 Patches High-Severity Vulnerabilities

Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine. The post appeared first on .

03-12-2025 08:48

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number. To that end, messaging apps like

02-12-2025 23:16

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persisten

02-12-2025 20:32

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, an

02-12-2025 20:31

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the

02-12-2025 19:47

Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previou

02-12-2025 19:07

SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications

02-12-2025 17:00

Zafran Security Raises $60 Million in Series C Funding

The cybersecurity startup will use the investment to accelerate product innovation and global expansion. The post appeared first on .

02-12-2025 16:49

The Great Disconnect: Unmasking the ‘Two Separate Conversations’ in Security

When familiar security concepts carry unfamiliar meanings for different audiences, teams talk past each other without even realizing it. This silent disconnect weakens communication, clarity, and outcomes. The post appeared first on .

02-12-2025 14:30

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. The post appeared first on .

02-12-2025 13:48

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of 107 security flaws spanning different components, including Fr

02-12-2025 12:47

Saporo Raises $8 Million for Identity Security Platform

The Swiss cybersecurity firm will scale its R&D, sales and marketing teams as it pursues expansion across Europe. The post appeared first on .

02-12-2025 12:17

MuddyWater: Snakes by the riverbank

MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook

02-12-2025 10:00

India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud

India's telecommunications ministry has ordered major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days. According to a report from Reuters, the app cannot be deleted or dis

01-12-2025 23:25

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as legitimate programs before malicious changes were introd

01-12-2025 22:59

⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us. One bad download can leak your keys. One weak vendor can

01-12-2025 18:17

Webinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams

The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window throug

01-12-2025 17:25

Global Futures Reopen After CME Suffers Data Center Cooling Failure

A data center cooling failure at CME Group’s Chicago site froze global derivatives trading for hours, exposing vulnerabilities in financial infrastructure. The post appeared first on .

01-12-2025 15:20

New Albiriox Android Malware Developed by Russian Cybercriminals

Albiriox is a banking trojan offered under a malware-as-a-service model for $720 per month. The post appeared first on .

01-12-2025 14:31

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices. The malwa

01-12-2025 14:15

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack

CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post appeared first on .

01-12-2025 11:06

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight

01-12-2025 10:37

Oversharing is not caring: What’s at stake if your employees post too much online

From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble.

01-12-2025 10:00

Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights

Michael Clapsis has been sentenced to 7 years and 4 months in prison for stealing sensitive information. The post appeared first on .

01-12-2025 09:03

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is

30-11-2025 14:53

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company

28-11-2025 21:57

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are design

28-11-2025 21:48

Why Organizations Are Turning to RPAM

As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators, con

28-11-2025 16:39

French Soccer Federation Hit by Cyberattack, Member Data Stolen

According to the federation, the unauthorized access was carried out using a compromised account. The post appeared first on .

28-11-2025 14:39

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections

28-11-2025 14:03

This month in security with Tony Anscombe – November 2025 edition

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news

28-11-2025 13:46

In Other News: HashJack AI Browser Attack, Charming Kitten Leak, Hacker Unmasked

Other noteworthy stories that might have slipped under the radar: Scattered Spider members plead not guilty, TP-Link sues Netgear, Comcast agrees to $1.5 million fine. The post appeared first on .

28-11-2025 10:24

Asahi Confirms Cyberattack Exposed Data of 1.5M Customers

The incident occurred in September, and the Japanese firm has now released its full internal investigation results. The post appeared first on .

28-11-2025 09:25

Microsoft Teams Guest Access Leaves Users Exposed to Attacks

A new report from Ontinue is raising major concerns about how Microsoft Teams handles cross-tenant collaboration. The post appeared first on .

28-11-2025 08:34

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbeki

27-11-2025 23:43

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience a

27-11-2025 21:07

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch... The very tools that make your job ea

27-11-2025 20:29

Asahi Data Breach Impacts 2 Million Individuals

Hackers stole the personal information of customers and employees before deploying ransomware and crippling Asahi’s operations in Japan. The post appeared first on .

27-11-2025 15:52

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real,

27-11-2025 15:33

Crypto Exchange Upbit Suffers Security Breach After $10B Deal

The timing is awful. The breach occurred just hours after its parent company, Dunamu Inc., unveiled a massive $10.3 billion takeover by tech giant Naver Corp. The post appeared first on .

27-11-2025 15:01

UK Budget 2025: Reactions From Tech Leaders

While many leaders welcome fresh commitments to AI infrastructure and innovation, others warn about limited investment and a lack of cyber resilience. The post appeared first on .

27-11-2025 14:18

Cyberattack Disrupts Services Across London Councils

Kensington and Chelsea, Westminster, and Hammersmith & Fulham councils have triggered their emergency response plans. The post appeared first on .

27-11-2025 13:55

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a large

27-11-2025 12:33

OpenAI User Data Exposed in Mixpanel Hack

Multiple Mixpanel customers were impacted by a recent cyberattack targeting the product analytics company. The post appeared first on .

27-11-2025 12:09

What parents should know to protect their children from doxxing

Online disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake.

27-11-2025 10:00

Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:

26-11-2025 23:38

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group,

26-11-2025 20:01

Rare APT Collaboration Emerges Between Russia and North Korea

Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure — a rare APT collaboration. The post appeared first on .

26-11-2025 18:45

When Your $2M Security Detection Fails: Can your SOC Save You?

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their s

26-11-2025 17:25

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The ext

26-11-2025 16:40

Clover Security Raises $36 Million to Secure Software by Design

The cybersecurity startup embeds AI agents into widely used tools to identify design flaws and eliminate them early. The post appeared first on .

26-11-2025 14:08

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distrib

26-11-2025 13:58

Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI

Cybercriminals impersonating financial institutions have targeted individuals, businesses, and organizations of different sizes. The post appeared first on .

26-11-2025 13:23

Price Drop: This Complete Ethical Hacking Bundle is Now $33

Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just $34.97 for a limited time. The post appeared first on .

26-11-2025 13:00

Thousands of Secrets Leaked on Code Formatting Platforms

JSONFormatter and CodeBeautify users exposed credentials, authentication keys, configuration information, private keys, and other secrets. The post appeared first on .

26-11-2025 12:58

Cybersecurity Is Now a Core Business Discipline

Boardroom conversations about cyber can no longer be siloed apart from strategy, operations, or geopolitics. The post appeared first on .

26-11-2025 12:00

Ransomware Attack Disrupts Local Emergency Alert System Across US

The OnSolve CodeRED platform has been targeted by the Inc Ransom ransomware group, resulting in disruptions and a data breach. The post appeared first on .

26-11-2025 11:38

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover (ATO) fraud schemes. The activity targets individual

26-11-2025 09:59

Opti Raises $20 Million for Identity Security Platform

The cybersecurity startup plans to use the seed funding to accelerate product expansion and global growth. The post appeared first on .

26-11-2025 09:42

Critical Firefox Bug Leaves 180M Users Exposed

A hidden WebAssembly bug in Firefox exposed 180 million users to potential code execution. The post appeared first on .

25-11-2025 22:30

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and

25-11-2025 22:19

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update. "Campaig

25-11-2025 19:48

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2

25-11-2025 17:06

3 SOC Challenges You Need to Solve Before 2026

2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns. The Storm

25-11-2025 17:00

source : hackernews, securityweek, techrepublicsecurity, welivesecurity