Outlook NotDoor backdoor malware first appeared in threat campaigns identified by Lab52, the intelligence arm of Spanish firm S2 Grupo. Linked to APT28/Fancy Bear, NotDoor leverages malicious Outlook macros for persistent access and data theft. Attackers embed these macro payloads…
New MobileGestalt Exploit for iOS 26.0.1 Enables Unauthorized Writes to Protected Data
A sandbox escape vulnerability affecting iPhones and iPads running iOS 16.2 beta 1 or earlier versions. The proof-of-concept (POC) exploits weaknesses in the itunesstored and bookassetd daemons, enabling attackers to modify sensitive files on the device’s Data partition areas typically…
Iranian SpearSpecter Attacking High-Value Officials Using Personalized Social Engineering Tactics
A dangerous espionage campaign is targeting senior government and defense officials worldwide. Iranian hackers are using fake conference invitations and meeting requests to trick victims. The attackers spend weeks building trust before striking. They reach out through WhatsApp to make…
UK prosecutors seize £4.11M in crypto from Twitter mega-hack culprit
Civil recovery order targets PlugwalkJoe’s illicit gains while he serves US sentence British prosecutors have secured a civil recovery order to seize crypto assets worth £4.11 million ($5.39 million) from Twitter hacker Joseph James O’Connor, clawing back the proceeds of…
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users,…
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to…
Widespread Exploitation of XWiki Vulnerability Observed
The exploitation of the recent XWiki vulnerability has expanded to botnets, cryptocurrency miners, scanners, and custom tools. The post Widespread Exploitation of XWiki Vulnerability Observed appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Logitech Confirms Data Breach Following Designation as Oracle Hack Victim
Logitech was listed on the Cl0p ransomware leak website in early November, but its disclosure does not mention Oracle. The post Logitech Confirms Data Breach Following Designation as Oracle Hack Victim appeared first on SecurityWeek. This article has been indexed…
US: Five Plead Guilty in North Korean IT Worker Fraud Scheme
The five defendants allegedly assisted North Korean hackers with obtaining remote IT employment with US companies This article has been indexed from www.infosecurity-magazine.com Read the original article: US: Five Plead Guilty in North Korean IT Worker Fraud Scheme
IT Security News Hourly Summary 2025-11-17 12h : 5 posts
5 posts were published in the last hour 11:4 : Hackers Exploiting XWiki Vulnerability in the Wild to Hire the Servers for Botnet 11:4 : North Korean Hackers Infiltrated 136 U.S. Companies to Generate $2.2 Million in Revenue 10:34 :…
Hackers Exploiting XWiki Vulnerability in the Wild to Hire the Servers for Botnet
A sharp increase in attacks targeting a critical vulnerability in XWiki servers. Multiple threat actors are actively exploiting CVE-2025-24893 to deploy botnets and coin miners, and to establish unauthorized server access across the internet. Since the initial discovery on October 28, 2025,…
North Korean Hackers Infiltrated 136 U.S. Companies to Generate $2.2 Million in Revenue
The U.S. Justice Department announced major actions against North Korean cybercrime, including five people admitting guilt and the government taking more than $15 million in property linked to the crimes. These operations reveal how the Democratic People’s Republic of Korea…
New York’s official alert system hack: sent fraudulent messages
In a brazen attack, cybercriminals managed to hijack Mobile Commons. The company is a mass text messaging service provider that also serves as an official… The post New York’s official alert system hack: sent fraudulent messages appeared first on Panda…
AI-driven dynamic endpoint security is redefining trust
Network perimeters are gone. Modern security solutions must be proactive, dynamic and intelligent. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: AI-driven dynamic endpoint security is redefining trust
JWT Governance for SOC 2, ISO 27001, and GDPR — A Complete Guide
how proper JWT governance helps your organization stay compliant with SOC 2, ISO 27001, and GDPR. Explore best practices, governance frameworks, and how SSOJet ensures secure token management. The post JWT Governance for SOC 2, ISO 27001, and GDPR —…
Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials
A threat actor known as “888” has purportedly dumped sensitive data stolen from electronics giant LG Electronics, raising alarms in the cybersecurity community. The breach, first spotlighted on November 16, 2025, allegedly includes source code repositories, configuration files, SQL databases,…
Unremovable Spyware on Samsung Devices Comes Pre-installed on Galaxy Series Devices
Samsung has been accused of shipping budget Galaxy A and M series smartphones with pre-installed spyware that users can’t easily remove. The software in question, AppCloud, developed by the mobile analytics firm IronSource, has been embedded in devices sold primarily…
Cyber-Attack Costs Carmaker JLR $258m in Q2
Carmaker JLR has posted $639m Q2 losses and a one-off $258m hit after a major ransomware attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber-Attack Costs Carmaker JLR $258m in Q2
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE flaw CVE-2025-24893 (CVSS score of 9.8), pulling more devices into its…
A week in security (November 10 – November 16)
A list of topics we covered in the week of November 10 to November 16 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (November 10 – November 16)
Windows 10 update failure, autonomous AI cyberattack, Feds fumble Cisco patches
Microsoft warns of potential Windows 10 update failure China-backed hackers launch first large-scale autonomous AI cyberattack Feds fumbled Cisco patches requirements, says CISA Huge thanks to our episode sponsor, KnowBe4 Your email gateway isn’t catching everything — and cybercriminals know…
IT Security News Hourly Summary 2025-11-17 09h : 7 posts
7 posts were published in the last hour 8:4 : US Task Force Cracks Down On Crypto Scam Farms 7:38 : Decoding Binary Numeric Expressions, (Mon, Nov 17th) 7:38 : Alice Blue Partners With AccuKnox For Regulatory Compliance 7:6 :…
US Task Force Cracks Down On Crypto Scam Farms
US Department of Justice forms team to target industrial-scale crypto-based scam operations based in Southeast Asia This article has been indexed from Silicon UK Read the original article: US Task Force Cracks Down On Crypto Scam Farms
Decoding Binary Numeric Expressions, (Mon, Nov 17th)
In diary entry “Formbook Delivered Through Multiple Scripts”, Xavier mentions that the following line: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Decoding Binary Numeric Expressions, (Mon, Nov 17th)