Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms. The campaign demonstrates how threat actors are exploiting legitimate search queries for cracked software to deliver…
CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding federal agencies. Failing to properly patch Cisco Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD) devices against actively exploited vulnerabilities. Under Emergency Directive 25-03, CISA has…
Microsoft SQL Server Vulnerability Let Attackers Escalate Privileges
Microsoft has released security updates to fix a serious vulnerability in SQL Server that allows attackers to gain higher system privileges. The flaw, tracked as CVE-2025-59499, was disclosed on November 11, 2025, and affects multiple versions including SQL Server 2016,…
Nokod Security launches Adaptive Agent Security to protect AI agents across the entire ADLC
Nokod Security announced the launch of Adaptive Agent Security, a solution that delivers real-time visibility, governance, and protection from threats across the Agent Development Lifecycle (ADLC). Citizen developers and business users are building and deploying AI agents that connect to…
OpenAI Challenges Discovery Order In Times Case
OpenAI asks judge to reconsider order to produce 20 million anonymised chat logs, as $500bn start-up fights New York Times copyright claims This article has been indexed from Silicon UK Read the original article: OpenAI Challenges Discovery Order In Times…
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3),…
IT Security News Hourly Summary 2025-11-13 09h : 4 posts
4 posts were published in the last hour 7:42 : Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges 7:13 : New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices 7:12 : Healthcare security is broken because…
Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608, carries a maximum CVSS severity score of…
New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices
A new phishing campaign is targeting iPhone owners who have lost their devices, exploiting their hope of recovery to steal Apple ID credentials. The National Cyber Security Centre (NCSC) has received multiple reports of cases where victims received text messages…
Healthcare security is broken because its systems can’t talk to each other
In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With hospitals, clinics, telehealth, and cloud partners all in the mix, maintaining visibility remains a complex task. Kracke…
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort. “The packages were systematically published over an extended…
Wanna bet? Scammers are playing the odds better than you are
Placing a bet has never been this easy, and that’s the problem. The convenience of online gambling is the same thing scammers are cashing in on. Whether it’s a fake app, a “can’t-miss” tipster, or a rigged casino, the game…
Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services.…
CISA Warns of Active Exploitation of WatchGuard Firebox Out-of-Bounds Write Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-9242, poses severe risks to organizations…
Beware of Fake Bitcoin Tools Concealing DarkComet RAT Malware
A newly discovered malware campaign is leveraging one of cybercriminals’ most effective lures cryptocurrency to distribute DarkComet RAT. This notorious remote access trojan continues to plague users despite being discontinued by its creator years ago. Security researchers have identified a…
Sprout: Open-source bootloader built for speed and security
Sprout is an open-source bootloader that delivers sub-second boot times and uses a clean, data-driven configuration format that works across operating systems. “We built Sprout because we were frustrated by how fragile and slow traditional bootloaders are,” said Alex Zenla,…
Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort. “The packages were systematically published over an extended…
BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration
New York, New York, 13th November 2025, CyberNewsWire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the original article: BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and…
Active Exploitation of Cisco and Citrix 0-Day Vulnerabilities Allows Webshell Deployment
Amazon’s threat intelligence team has uncovered a sophisticated cyber campaign exploiting previously undisclosed zero-day vulnerabilities in critical enterprise infrastructure. Advanced threat actors are actively targeting Cisco Identity Service Engine (ISE) and Citrix systems, deploying custom webshells to gain unauthorized administrative…
Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software
Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated attack campaign leveraging legitimate Remote Monitoring and Management (RMM) tools to deploy backdoor malware on unsuspecting users’ systems. The attacks abuse LogMeIn Resolve (GoTo Resolve) and PDQ Connect,…
Chinese National Jailed for Laundering Over £5 Billion by Defrauding Over 128,000 Victims
A Chinese national has been sentenced to over 11 years in prison following one of the most significant cryptocurrency fraud investigations in history. Zhimin Qian, 47, received an 11-year and eight-month sentence for possessing and transferring criminal property under the…
China’s Cyber Silence Is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says
NTT’s chief cybersecurity strategist Mihoko Matsubara on the new geopolitics of hacking, the “chicken and egg” problem of 5G, and the AGI threat to society. The post China’s Cyber Silence Is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says…
Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases
Google and Mozilla have released fresh Chrome and Firefox updates that address multiple high-severity security defects. The post Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Automation can’t fix broken security basics
Most enterprises continue to fall short on basic practices such as patching, access control, and vendor oversight, according to Swimlane’s Cracks in the Foundation: Why Basic Security Still Fails report. Leadership often focuses on broad resilience goals while the day-to-day…