Hackers are Weaponizing Invoices to Deliver XWorm That Steals Login Credentials

Attackers are using fake invoice emails to spread XWorm, a remote-access trojan that quietly steals login credentials, passwords, and sensitive files from infected computers. The script immediately...

Nov 15, 2025 MALWARE

Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies

The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (...

Nov 15, 2025 LEGAL

Decades-old ‘Finger’ protocol abused in ClickFix malware attacks

Threat actors are abusing the decades-old “finger” command to execute malicious commands on Windows devices, reviving a previously known LOLBIN technique. The Finger protocol, once commonly used fo...

Nov 15, 2025 RESEARCH

The State of Ransomware – Q3 2025

During the third quarter of 2025, we monitored more than 85 active data leak sites (DLS) that collectively listed 1,592 new victims. Compared to the 1,607 victims reported in Q2 2025, the publicati...

Nov 13, 2025 RESEARCH

Siemens COMOS

Siemens COMOS, a software used in critical manufacturing, is affected by two vulnerabilities that could allow attackers to execute arbitrary code or infiltrate data. Siemens has released updates to...

Nov 13, 2025 VULNS

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

A sophisticated phishing campaign, potentially originating from Russian-speaking threat actors, has been identified targeting customers in the hospitality industry. Since the beginning of the year,...

Nov 13, 2025 SECURITY

Inside the Great Firewall Part 3 - Geopolitical and Societal Ramifications

At its core, the GFW’s domestic function is ideological containment: a technical means to preempt the circulation of narratives, symbols, or software deemed threatening to Party legitimacy. The fil...

Nov 13, 2025 RESEARCH

Extra, extra, read all about it - Washington Post clobbered in Clop caper

The Washington Post has confirmed a data breach affecting nearly 10,000 employees and contractors, stemming from the Clop ransomware gang’s exploitation of an Oracle E-Business Suite (EBS) vulnerab...

Nov 13, 2025 BREACH

SIEM Modernization and Optimization - Step 2 - Define Your Goals

SIEM modernization requires clearly defined goals to minimize residual risk, optimize capabilities, and safeguard the solution against attacks. The overarching aim should be to ensure the Security ...

Nov 12, 2025 RESEARCH

Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell

An advanced hacking group is actively exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems. These attacks, spotted in real-world operations, allow hackers ...

Nov 12, 2025 CYBER SECURITY

Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform

Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform ...

Nov 12, 2025 CYBERSECURITY

2025-11-12 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-3146 PHPGurukul - Bus Pass M...

Nov 12, 2025 VULNERABILITIES

Zscaler warns industrial operations face mounting risk as IoT, OT attacks surge across energy, manufacturing sectors

Zscaler ThreatLabz reported a 67% surge in Android malware, with 40% of IoT attacks now targeting critical industries and hybrid work environments. Critical infrastructure in the energy sector expe...

Nov 11, 2025 INFRASTRUCTURE

Patch now Samsung zero-day lets attackers take over your phone

A critical vulnerability, CVE-2025-21042, affecting Samsung mobile devices is actively being exploited in the wild, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to add i...

Nov 11, 2025 MOBILE SECURITY

North Korean hackers exploit Google’s safety tools for remote wipe

North Korean threat actors are exploiting Google’s “Find Hub” service to remotely wipe data from Android devices, effectively turning a security feature into a weapon for espionage. This marks the ...

Nov 11, 2025 APT

Microsoft Patch Tuesday for November 2025 — Snort rules and prominent vulnerabilities

Microsoft’s November 2025 Patch Tuesday addresses 63 vulnerabilities across its product line, with five designated as critical. One vulnerability, CVE-2025-62215, is already being exploited in the ...

Nov 11, 2025 VULNS

2025-11-11 Daily Vulns

NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-10966 curl - curl curl...

Nov 11, 2025 VULNERABILITIES

Phishers try to lure 5K Facebook advertisers with fake business pages

A large-scale phishing campaign targeted over 5,000 businesses that actively advertise on Facebook. The attack involved tens of thousands of emails designed to steal credentials and data, impacting...

Nov 10, 2025 CYBERSECURITY

No Place Like Localhost Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. This now-patched n-day vulnerability...

Nov 10, 2025 SECURITY

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Nine NuGet packages have been discovered containing time-delayed payloads designed to disrupt databases and industrial control systems. The packages, published by an actor named “shanhai666,” were ...

Nov 10, 2025 RESEARCH