Pakistan-linked cyberespionage group APT36 (Transparent Tribe) has escalated its campaign against Indian government institutions with the deployment of sophisticated Python-based ELF malware specifically designed to compromise Linux-based BOSS operating environments, according to research published by CYFIRMA. The threat actor, historically…
Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen
Microsoft has confirmed a bizarre user interface bug affecting Windows 11 version 24H2 devices that renders the password sign-in icon invisible on the lock screen. The issue, stemming from the August 2025 non-security preview update (KB5064081) and persisting in subsequent…
Enterprise password audits made practical for busy security teams
Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more credentials into the mix. Some sit in proper vaults, others…
Offensive cyber power is spreading fast and changing global security
Offensive cyber activity has moved far beyond a handful of major powers. More governments now rely on digital operations to project influence during geopolitical tension, which raises new risks for organizations caught in the middle. A new policy brief from…
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. “These attacks highlight a notable shift in Tomiris’s…
Cybersecurity Today: QR Code Parking Scams, Evil Twin WiFi Attacks & Microsoft’s Teams Flaw
In this episode of Cybersecurity Today, host David Shipley discusses a range of pressing cybersecurity issues. Topics include the surge in QR code parking scams, with recent cases in Monaco, Ottawa, and across Europe; an Australian man sentenced for evil…
What zero trust looks like when you build it step by step
In this Help Net Security video, Jonathan Edwards, Managing Director at KeyData Cyber, walks us through what practical zero trust adoption looks like in stages. He explains why he dislikes the term itself, then shifts to steps teams can follow…
IT Security News Hourly Summary 2025-12-01 06h : 3 posts
3 posts were published in the last hour 5:4 : Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data 5:4 : PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability 5:4 : The weekend is prime…
Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data
A threat actor known as “zestix” has claimed responsibility for a significant data breach affecting Mercedes-Benz USA (MBUSA), allegedly exfiltrating 18.3 GB of sensitive legal and customer information. The threat actor posted the dataset for sale on a dark web…
PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability
A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. Dubbed “MonikerLink,” this flaw allows attackers to bypass Outlook’s security mechanisms, specifically the “Protected View,” to execute malicious…
The weekend is prime time for ransomware
Over half of organizations that experienced a ransomware event in the past year were hit during a weekend or holiday, according to a Semperis report. Those periods often come with thin staffing, slower investigation, and fewer eyes on identity systems.…
PlushDaemon Group Reroutes Software Updates to Deploy Espionage Tools
A cyberespionage group known in security research circles as PlushDaemon has been carrying out a long-running operation in which they take advantage of software update systems to secretly install their own tools on targeted computers. According to new analysis…
IT Security News Hourly Summary 2025-12-01 03h : 2 posts
2 posts were published in the last hour 2:2 : ISC Stormcast For Monday, December 1st, 2025 https://isc.sans.edu/podcastdetail/9718, (Mon, Dec 1st) 2:2 : Google and Apple ordered to stop fake government TXTs
ISC Stormcast For Monday, December 1st, 2025 https://isc.sans.edu/podcastdetail/9718, (Mon, Dec 1st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, December 1st, 2025…
Google and Apple ordered to stop fake government TXTs
PLUS: India wants to build big airliners; Half of South Koreans caught in data leak; Minimum wage for gig workers in Oz; And more! Asia in Brief Singapore’s government last week told Google and Apple to prevent fake government messages.……
Swiss government says give M365, and all SaaS, a miss as it lacks end-to-end encryption
PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; and more! Infosec In Brief Switzerland’s Conference of Data Protection Officers, Privatim, last week issued a resolution calling on Swiss public bodies…
IT Security News Hourly Summary 2025-12-01 00h : 4 posts
4 posts were published in the last hour 23:1 : IT Security News Weekly Summary December 22:58 : IT Security News Weekly Summary 48 22:55 : IT Security News Daily Summary 2025-11-30 22:31 : Over 2,000 Fake Shopping Sites Spotted…
IT Security News Weekly Summary December
210 posts were published in the last hour 22:58 : IT Security News Weekly Summary 48 22:55 : IT Security News Daily Summary 2025-11-30 22:31 : Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday 17:8 : SECURITY AFFAIRS MALWARE…
IT Security News Weekly Summary 48
210 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-11-30 22:31 : Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday 17:8 : SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73 16:3 : Security Affairs newsletter…
IT Security News Daily Summary 2025-11-30
15 posts were published in the last hour 22:31 : Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday 17:8 : SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73 16:3 : Security Affairs newsletter Round 552 by Pierluigi Paganini – INTERNATIONAL EDITION…
Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday
CloudSEK found over 2,000 fake sites impersonating Amazon and top brands before Cyber Monday and Black Friday. Learn the key fraud signs now to stay safe. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI,…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos…
Security Affairs newsletter Round 552 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers…
WhatsApp Enumeration Flaw Exposes Data of 3.5 Billion Users in Massive Scraping Incident
Security researchers in Austria uncovered a significant privacy vulnerability in WhatsApp that enabled them to collect the personal details of more than 3.5 billion registered users, an exposure they believe may be the largest publicly documented data leak to…