IT Security News Daily Summary 2025-11-19

171 posts were published in the last hour

• 22:36 : WIRED Roundup: DHS’s Privacy Breach, AI Romantic Affairs, and Google Sues Text Scammers
• 22:36 : News alert: Secure.com debuts AI-native ‘Digital Security Teammate’ to help lean security teams
• 22:36 : News alert: CredShields and Checkmarx partner to extend AppSec into Web3 and smart contracts
• 22:2 : How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago
• 22:2 : U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
• 22:2 : Fortinet Strengthens AWS Network Security with AI-Driven IPS Rule Enhancements
• 22:2 : Randall Munroe’s XKCD ‘’Continents”
• 22:2 : NDSS 2025 – Understanding Miniapp Malware: Identification, Dissection, And Characterization
• 21:6 : Iceberg Compaction and Fine-Grained Access Control: Performance Challenges and Solutions
• 21:6 : How to Solve Alert Overload in Your SOC
• 21:6 : Beyond Pay-Per-Crawl: How to Turn AI Agent Traffic Into Revenue
• 20:34 : Check Point Launches Managed Rules for AWS Network Firewall
• 20:34 : Simplify cloud security with managed rules from AWS Marketplace for AWS Network Firewall
• 20:6 : CISA Releases New Guides to Safeguard Critical Infrastructure from Unmanned Aircraft Systems Threats
• 20:6 : How to Clear Cache and Cookies on Mac and Safari
• 20:6 : Zero Trust in API Gateways: Building Bulletproof Infrastructure With Istio and OPA
• 20:6 : Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet
• 20:6 : 7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild
• 20:5 : IT Security News Hourly Summary 2025-11-19 21h : 2 posts
• 19:34 : CISA Urges Critical Infrastructure to Be Air Aware
• 19:33 : How to plan an IAM program strategy
• 19:4 : UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp
• 19:4 : ‘Largest Data Leak in History’: WhatsApp Flaw Exposed Billions of Users
• 19:4 : Operation WrtHug hijacks 50,000+ ASUS routers to Bìbuild global botnet
• 18:34 : Fake CAPTCHA Triggers 42-Day Akira Ransomware Attack
• 18:34 : Amazon security boss: Hostile countries use cyber targeting for physical military strikes
• 18:34 : Secure.com Raises $4.5 Million for Agentic Security
• 18:34 : Amazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical Strikes
• 18:34 : New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare
• 18:4 : DPDK Cryptography Build and Tuning Guide
• 17:32 : Attackers Actively Exploiting Critical Vulnerability in Post SMTP Plugin
• 17:31 : ShadowRay 2.0 Exploits Ray Vulnerability to Hijack AI Clusters
• 17:31 : US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks
• 17:31 : U.S. Agencies Consider Restrictions on TP-Link Routers Over Security Risks
• 17:5 : IT Security News Hourly Summary 2025-11-19 18h : 10 posts
• 17:4 : Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach
• 17:4 : Hackers Using Leverage Tuoni C2 Framework Tool to Stealthily Deliver In-Memory Payloads
• 17:4 : Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide
• 17:4 : Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers
• 17:4 : ‘The Gentlemen’ Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data
• 17:4 : Mac users warned about new DigitStealer information stealer
• 17:4 : NDSS 2025 – The Skeleton Keys: A Large Scale Analysis Of Credential Leakage In Mini-Apps
• 16:32 : Unicode: It is more than funny domain names., (Wed, Nov 12th)
• 16:31 : Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
• 16:31 : FCC plan to scrap telecom cyber rules draws congressional backlash
• 16:2 : Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications
• 16:2 : Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
• 16:2 : Europol Operation Disrupts $55m in Cryptocurrency For Piracy
• 15:32 : Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks
• 15:32 : RCE Vulnerability in glob CLI Poses Major CI/CD Security Risk
• 15:32 : Watch Now: Protecting What WAFs and Gateways Can’t See – Register
• 15:32 : Pro-Hamas Hackers Leak Alleged Redback IFV Plans and Israeli Defense Employee Data After Major Cyber Breach
• 15:32 : Veeam Data Platform v13 strengthens AI-driven analysis
• 15:5 : CISA Unveils Guide to Combat Bulletproof Hosting Cybercrime
• 15:5 : Google Issues Emergency Update for 2B Chrome Users
• 15:5 : Scrum, Kanban, and Scrumban: A Practical Comparison for Developers
• 15:5 : U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
• 15:5 : Destructive Akira Ransomware Attack with a Single Click on CAPTCHA in Malicious Website
• 15:5 : Microsoft Investigating Copilot Issue On Processing Files
• 15:5 : Why Oslo’s Bus Security Tests Highlight the Hidden Risks of Connected Vehicles
• 15:5 : Strata introduces AI Identity Gateway to secure and govern agentic systems
• 15:5 : Immersive unveils Dynamic Threat Range to transform cyber readiness testing
• 15:5 : 7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)
• 15:4 : Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime
• 15:4 : Danish Parties Targeted By Cyberattack
• 15:4 : France Hit By Major Cyberattack
• 15:4 : California Man Admits Crypto Laundering
• 15:4 : Russian Suspect Detained In Thailand
• 15:4 : RCMP Launches Cybercrime Reporting System
• 14:36 : The Cloudflare Outage May Be a Security Roadmap
• 14:36 : CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers
• 14:36 : Exam prep hacked: Study tips and tricks that really work
• 14:36 : AdGuard DNS: new mobile app promises faster DNS-based content blocking
• 14:5 : IT Security News Hourly Summary 2025-11-19 15h : 20 posts
• 14:4 : Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
• 14:4 : Security startup Guardio nabs $80M from ION Crossover Partners
• 14:4 : New ShadowRay Attack Exploit Ray AI-Framework Vulnerability to Attack AI Systems
• 14:4 : New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data
• 14:4 : Mate Emerges From Stealth Mode With $15.5 Million in Seed Funding
• 14:4 : Continuous Incident Response Is Redefining Cybersecurity Strategy
• 14:4 : USB Drives Are Handy, But Never For Your Only Backup
• 13:34 : DoorDash confirms data breach affecting users’ phone numbers and physical addresses
• 13:34 : Researchers claim ‘largest leak ever’ after uncovering WhatsApp enumeration flaw
• 13:34 : Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign
• 13:34 : Automating SaaS Onboarding: Simplifying and Testing Your Enterprise SSO Flows
• 13:33 : WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
• 13:5 : Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real
• 13:5 : Our CIO on Why Security Must Be Built Into AI from Day One
• 13:5 : New .NET Malware Hides Lokibot Malware within PNG/BMP Files to Evade Detection
• 13:5 : New npm Malware Campaign Verifies if the Visitor is a Victim or a Researcher Before Triggering Infection
• 13:5 : Multiple Vulnerabilities in D-Link EoL/EoS Routers Allows Remote Code Execution Attacks
• 13:5 : Microsoft Teams New Feature Let Users Report Messages Incorrectly Flagged as Security Threats
• 13:5 : CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild
• 13:5 : BigID uses agentic AI to automate privacy and compliance mapping
• 12:34 : AI Is Supercharging Phishing: Here’s How to Fight Back
• 12:34 : Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
• 12:9 : Cline Bot AI Agent Vulnerable to Data Theft and Code Execution
• 12:9 : Legal Restrictions on Vulnerability Disclosure
• 12:9 : Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)
• 12:9 : Black Kite launches AI Agent to automate third-party risk work
• 12:9 : PlushDaemon Hackers Unleash New Malware in China-Aligned Spy Campaigns
• 11:34 : Enhance workload security with confidential containers on Azure Red Hat OpenShift
• 11:34 : New Sneaky 2FA Phishing Kit with BitB Technique Attacking Users to Steal Microsoft Account Credentials
• 11:33 : Largest Azure DDoS Attack Powered by Aisuru Botnet
• 11:33 : Sue The Hackers – Google Sues Over Phishing as a Service
• 11:5 : IT Security News Hourly Summary 2025-11-19 12h : 14 posts
• 11:4 : Bill Largent: On epic reads, lifelong learning, and empathy
• 11:4 : From Exposure to Action: How Proactive Identity Monitoring Turns Breached Data into Defense
• 10:36 : How to Achieve Ultra-Fast Response Time in Your SOC
• 10:36 : Sharenting: are you leaving your kids’ digital footprints for scammers to find?
• 10:36 : Vaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance Boom
• 10:36 : IT threat evolution in Q3 2025. Mobile statistics
• 10:36 : Bridewell CEO gives cyber predictions for 2026
• 10:36 : Threat group reroutes software updates through hacked network gear
• 10:36 : ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
• 10:36 : EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
• 10:36 : China-Linked Operation “WrtHug” Hijacks Thousands of ASUS Routers
• 10:5 : IT threat evolution in Q3 2025. Non-mobile statistics
• 10:5 : WhatsApp Vulnerability Exposes 3.5 Billion Users’ Phone Numbers
• 10:5 : Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data
• 10:5 : Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal
• 10:4 : Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin
• 10:4 : Microsoft Integrated Azure Firewall With AI-powered Security Copilot
• 10:4 : Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week
• 10:4 : Half of Ransomware Access Due to Hijacked VPN Credentials
• 9:34 : Tens of thousands more ASUS routers pwned by suspected, evolving China operation
• 9:34 : Arctic Wolf expands MDR capabilities with Abnormal AI behavioral email intelligence
• 9:34 : Sophos adds Intelix threat intelligence to Microsoft Security and 365 Copilot
• 9:2 : Microsoft Adds Azure Firewall With AI-Powered Security Copilot
• 9:2 : Critical SolarWinds Serv-U Flaws Allow Remote Admin-Level Code Execution
• 9:2 : New npm Malware Campaign Checks If Visitor Is a Victim or Researcher Before Initiating Infection
• 9:2 : New FortiWeb 0-Day Code Execution Flaw Actively Exploited
• 9:2 : New ShadowRay Exploit Targets Vulnerability in Ray AI Framework to Attack AI Systems
• 9:2 : Selling technology investments to the board: a strategic guide for CISOs and CIOs
• 9:2 : Eurofiber confirms November 13 hack, data theft, and extortion attempt
• 9:2 : Vanta’s Agentic Trust Platform redefines how enterprises earn, prove, and scale trust
• 9:2 : Tanium integrates AI-driven Triage and Identity Insights into Microsoft Security Copilot
• 8:31 : CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs
• 8:31 : Cayosoft Guardian SaaS expands identity continuity with always-on hybrid protection
• 8:31 : FCC to torch Salt Typhoon rules, Group claims Danish party website hits, MI5 warns Chinese spies are on LinkedIn
• 8:5 : IT Security News Hourly Summary 2025-11-19 09h : 11 posts
• 8:4 : Germany To Bar China From 6G Networks
• 8:4 : New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet
• 8:4 : Microsoft Unveils Security Enhancements for Identity, Defense, Compliance
• 8:4 : authID Mandate Framework establishes governance model for secure agentic AI deployment
• 7:34 : New FortiWeb 0-Day Command Injection Vulnerability Exploited in the Wild
• 7:34 : F5 BIG-IP v21.0 accelerates enterprise AI initiatives
• 7:33 : CyberProof’s Agentic AI framework sets a new standard for flexible, threat-led defense
• 7:33 : Nightfall’s AI File Classifier Detectors bring LLM intelligence to unstructured IP protection
• 7:6 : AI you can trust: Simple ways brands keep you safe
• 7:6 : The long conversations that reveal how scammers work
• 7:6 : Bitwarden extends passkey login to Chromium-based browsers
• 6:31 : HR’s Role in Preventing Insider Threats: 4 Best Practices
• 6:31 : Metis: Open-source, AI-driven tool for deep security code review
• 6:6 : China recruiting spies in the UK with fake headhunters and ‘sites like LinkedIn’
• 6:6 : How to cut security tool sprawl without losing control
• 6:6 : Cybersecurity Today: CloudFlare Outage, Microsoft’s AI Risk, New Red Team Tool, and More!
• 5:5 : IT Security News Hourly Summary 2025-11-19 06h : 2 posts
• 5:4 : Product showcase: Proton Pass, a password manager with identity protection
• 5:4 : Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
• 3:31 : Cloudflare Discloses Technical Details Behind Massive Outage that Breaks the Internet
• 2:5 : IT Security News Hourly Summary 2025-11-19 03h : 6 posts
• 2:2 : ISC Stormcast For Wednesday, November 19th, 2025 https://isc.sans.edu/podcastdetail/9706, (Wed, Nov 19th)
• 2:2 : Dark Web Search Engines in 2025 – Enterprise Monitoring, APIs and IOC Hunting
• 2:2 : How to Enable Safe File Handling for Clinical and Research Portals
• 1:36 : Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise
• 1:36 : What is Single Sign-On and why do I need to create an account?
• 1:36 : Anthropic Disruption of an AI-Run Attack and What It Means for Agentic Identity
• 23:36 : 4 U.S. Citizens, Ukrainian Plead Guilty in N. Korea IT Worker Scheme
• 23:5 : IT Security News Hourly Summary 2025-11-19 00h : 7 posts
• 22:55 : IT Security News Daily Summary 2025-11-18