The English-speaking cybercriminal ecosystem known as “The COM” has evolved from a niche underground culture into a sophisticated, professional service-oriented economy that orchestrates some of the world’s most disruptive cyberattacks. Over the past decade, this decentralized network has transformed from…
This Is the Platform Google Claims Is Behind a ‘Staggering’ Scam Text Operation
Google is suing 25 people it alleges are behind a “relentless” scam text operation that uses a phishing-as-a-service platform called Lighthouse. This article has been indexed from Security Latest Read the original article: This Is the Platform Google Claims Is…
Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025
Synology fixed a critical BeeStation RCE flaw (CVE-2025-12686) shown at Pwn2Own, caused by unchecked buffer input allowing code execution. Synology patched a critical remote code execution (RCE) flaw, tracked as CVE-2025-12686 (CVSS score 9.8), in BeeStation, demonstrated during the hacking…
Aviation watchdog says organized drone attacks will shut UK airports ‘sooner or later’
Skies are open for mischief as hard-to-trace drones and fast-moving cyber raids promise new wave of disruption Britain’s aviation watchdog has warned it’s only a matter of time before organized drone attacks bring UK airports to a standstill.… This article…
Avast delivers AI-powered protection for Android and iOS
Avast launched Scam Guardian and Scam Guardian Pro for mobile devices. Building on the desktop product, this mobile expansion brings in AI-powered scam protection directly to people’s smartphones and tablets. Scam Guardian is available at no cost with Avast Mobile…
Microsoft Fixes Windows Kernel Zero Day in November Patch Tuesday
Microsoft has patched a zero-day vulnerability in the Windows Kernel under active exploitation by threat actors This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes Windows Kernel Zero Day in November Patch Tuesday
Meta Chief AI Scientist LeCun ‘To Quit’
Meta chief AI scientist LeCun reportedly plans to leave in coming months to found new start-up, amid shifts in AI strategy This article has been indexed from Silicon UK Read the original article: Meta Chief AI Scientist LeCun ‘To Quit’
AI’s Hidden Weak Spot: How Hackers Are Turning Smart Assistants into Secret Spies
As artificial intelligence becomes part of everyday life, cybercriminals are already exploiting its vulnerabilities. One major threat shaking up the tech world is the prompt injection attack — a method where hidden commands override an AI’s normal behavior, turning…
UK Government Finally Introduces Cyber Security and Resilience Bill
The UK government is overhauling cybersecurity laws for the first time since 2018 with the Cyber Security and Resilience Bill This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government Finally Introduces Cyber Security and Resilience Bill
Bank Of England Defends Stablecoin Limits
Bank of England deputy governor says proposed limits necessary to ensure financial stability amid adoption of new technology This article has been indexed from Silicon UK Read the original article: Bank Of England Defends Stablecoin Limits
Microsoft SQL Server Vulnerability Allows Privilege Escalation
Microsoft has disclosed a critical SQL injection vulnerability in SQL Server that could allow authenticated attackers to escalate their privileges over a network. Tracked as CVE-2025-59499 and assigned an Important severity rating, the vulnerability stems from improper neutralization of special…
New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options
A newly identified Android remote access trojan (RAT) dubbed KomeX has surfaced on underground hacker forums, generating widespread concern within the cybersecurity community. Marketed by a threat actor under the alias “Gendirector,” KomeX is built atop the infamous BTMOB RAT…
ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets
A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials. The bug, discovered by Open Security…
Google Launches ‘Private AI Compute’ — Secure AI Processing with On-Device-Level Privacy
Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company said it has built Private AI Compute to “unlock the full speed and…
Google To Invest $6.4bn In Germany
Investments over four years include spending on two data centres as company spends tens of billions on AI infrastructure This article has been indexed from Silicon UK Read the original article: Google To Invest $6.4bn In Germany
Chrome Security Update Fixes Improper Implementation in V8 JavaScript Engine
Google has released a new stable Chrome update that addresses a serious flaw in its V8 JavaScript engine. The update, now available as version 142.0.7444.162/.163 for Windows, 142.0.7444.162 for Mac, and 142.0.7444.162 for Linux, will roll out to users over…
GitHub Copilot and Visual Studio Flaws Let Attackers Bypass Security Protections
Microsoft has disclosed two critical security vulnerabilities affecting GitHub Copilot and Visual Studio Code that could allow attackers to bypass important security protections. Both flaws were reported on November 11, 2025, and carry “Important” severity ratings, posing immediate risks to…
German Court Finds OpenAI Infringes Law Over Song Lyrics
ChatGPT developer infringes authors’ rights by failing to pay licence fees for song lyrics in ‘clear’ violation of rules, court finds This article has been indexed from Silicon UK Read the original article: German Court Finds OpenAI Infringes Law Over…
$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK
“Bitcoin Queen” Zhimin Qian gets 11 years in London for laundering $7.3B from a crypto scam that defrauded 128K victims in China. A British court sentenced a Chinese woman, Zhimin Qian (47), also known as the “Bitcoin Queen,” to 11 years…
SecureVibes – AI-backed Tool Uses Claude AI Agents to Scan for Vulnerabilities Across 11 Languages
In the fast-paced world of “vibecoding,” where developers use AI to build applications rapidly, a new open-source tool is stepping up to tackle security risks. SecureVibes, created by developer Anshuman Bhartiya, leverages Anthropic’s Claude AI through a multi-agent system to…
Windows Remote Desktop Services Vulnerability Let Attackers Escalate Privileges
Microsoft has disclosed a significant vulnerability in Windows Remote Desktop Services (RDS) that could allow authorized attackers to escalate their privileges on affected systems. Tracked as CVE-2025-60703, the flaw stems from an untrusted pointer dereference, a classic memory safety issue that…
New Phishing Attack Targeting Meta Business Suite Users to Steal Login Credentials
A large-scale phishing campaign has emerged, exploiting Meta’s Business Suite to compromise credentials across thousands of small and medium-sized businesses worldwide. Check Point security researchers identified approximately 40,000 phishing emails distributed to more than 5,000 customers, primarily targeting industries including…
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider
An Aveva vulnerability also impacts Schneider Electric products and both vendors have published advisories. The post ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Google’s remote-wipe weapon, Qilin ransomware activity surges, GootLoader is back
Google’s Find Hub turns into remote-wipe weapon Qilin ransomware activity surges GootLoader is back Huge thanks to our sponsor, Vanta What’s your 2 AM security worry? Is it “Do I have the right controls in place?” Or “Are…