IT Security News Daily Summary 2025-11-26

166 posts were published in the last hour

• 22:3 : FBI: Account Takeover Scammers Stole $262 Million this Year
• 21:2 : For the first time, a RomCom payload has been observed being distributed via SocGholish
• 21:2 : Gainsight CEO downplays breach, says only a ‘handful’ of customers had data stolen
• 21:2 : AWS Private Certificate Authority now supports partitioned CRLs
• 20:31 : Xillen Stealer Evolves With AI-Like Evasion and Broader Targeting
• 20:5 : IT Security News Hourly Summary 2025-11-26 21h : 2 posts
• 20:2 : Teaching Claude to Cheat Reward Hacking Coding Tasks Makes Them Behave Maliciously in Other Tasks
• 19:32 : Multiple London councils report disruption amid ongoing cyberattack
• 19:2 : Dell ControlVault, Lasso, GL.iNet vulnerabilities
• 19:2 : Rare APT Collaboration Emerges Between Russia and North Korea
• 19:2 : Botnet takes advantage of AWS outage to smack 28 countries
• 19:2 : How to use the Secrets Store CSI Driver provider Amazon EKS add-on with Secrets Manager
• 18:31 : Rethinking the Software Supply Chain for Agents
• 18:31 : Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
• 18:2 : The Trust Crisis: Why Digital Services Are Losing Consumer Confidence
• 18:2 : Thanksgiving holiday weekend kicks off heightened threat environment for security teams
• 17:32 : Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
• 17:32 : How CTEM Helps Cyber Teams to Become More Proactive
• 17:32 : How User Education Can Become the Strongest Link in Casino Security
• 17:32 : Black Friday 2025: Smarter, Faster and AI-Powered Scams Drive a Surge in Cyber Threats
• 17:32 : Microsoft Security Keys May Require PIN After Recent Windows Updates
• 17:32 : 11 Best Enterprise Remote Access Software – 2025
• 17:31 : Water Gamayun APT Hackers Exploit MSC EvilTwin Vulnerability to Inject Malicious Code
• 17:31 : Mobile industry warns patchwork cyber regs are driving up costs
• 17:31 : How to Protect from Online Fraud This Holiday Season
• 17:5 : IT Security News Hourly Summary 2025-11-26 18h : 14 posts
• 17:2 : Care that you share
• 17:2 : AI Meeting Assistants Are Rising – But Is Your Data Safe? A Deep Look at TicNote AI
• 17:2 : The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’
• 17:2 : Anthropic Introduces Claude Opus 4.5 With Lower Pricing, Stronger Coding Abilities, and Expanded Automation Features
• 17:2 : Major US Bank Data Linked Through Breach At SitusAMC
• 17:2 : Gainsight CEO promises transparency as it responds to compromise of Salesforce integration
• 16:32 : Scaling Identity Governance Without Connectors: The LDAP Directory IGA Integration Pattern
• 16:31 : Cyber-Attack Disrupts OnSolve CodeRED Emergency Notification System
• 16:31 : Microsoft tightens cloud login process to prevent common attack
• 16:15 : Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks
• 16:15 : Bug in jury systems used by several US states exposed sensitive personal data
• 16:15 : Multiple London councils faced a cyberattack
• 16:15 : Russian-Backed Threat Group Uses SocGholish to Target U.S. Company
• 16:15 : Genesis Mission Launches as US Builds Closed-Loop AI System Linking National Laboratories
• 15:32 : Wordfence Intelligence Weekly WordPress Vulnerability Report (November 17, 2025 to November 23, 2025)
• 15:32 : Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist
• 15:3 : Chrome Extension Malware Secretly Adds Hidden SOL Fees to Solana Swap Transactions
• 15:3 : Registry: FeatureUsage
• 15:3 : New “JackFix” Attack Leverages Windows Updates into Executing Malicious Commands
• 15:3 : Akira Ransomware Uses SonicWall VPN Exploit to Exfiltrate Sensitive Data
• 15:3 : FBI Warns of Fake Internet Crime Complaint Center (IC3) Website Used for Phishing Attacks
• 15:3 : Malicious Prettier Extension on VSCode Marketplace Delivers Anivia Stealer Malware to Exfiltrate Login Credentials
• 15:3 : Scaling SOC Team Expertise With AI-powered Insights for Faster, Easier Understanding of Threats
• 15:3 : CodeRED emergency alert system CodeDEAD after INC ransomware attack
• 15:3 : The Attack Surface of Cloud-Based Generative AI Applications is Evolving
• 15:2 : UK Report Proposes Liability For Software Provider Insecurity
• 15:2 : CodeRED Cyberattack Disrupts Alerts
• 15:2 : Exchange Online Outage Blocks Mail
• 15:2 : FBI Reports 262 Million In Fraud
• 15:2 : Tor Adopts New Onion Relay Encryption
• 15:2 : Crime Rings Use Hackers To Hijack Trucks
• 14:32 : Thoughts on Analysis
• 14:32 : Unprecedented Complexity
• 14:32 : ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab
• 14:32 : Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware
• 14:32 : US Navy scuttles Constellation frigate program for being too slow for tomorrow’s threats
• 14:32 : Clover Security Raises $36 Million to Secure Software by Design
• 14:32 : Surge in £20k Keyless Car Theft Gadgets Sparks Security Concerns
• 14:32 : RansomHouse Ransomware Hits Fulgar, Key Supplier to H&M and Adidas
• 14:32 : Gainsight breach: Salesforce details attack window, issues investigation guidance
• 14:31 : FBI Warns of $262M Losses from Account Takeover Fraud in 2025
• 14:5 : IT Security News Hourly Summary 2025-11-26 15h : 14 posts
• 14:2 : INE Expands Cross-Skilling Innovations
• 14:2 : Employee Spotlight: Getting to Know Angel Salazar
• 14:2 : AI Has Become the New Enterprise Perimeter — and Gemini 3 Pro Just Proved It
• 14:2 : How Video Translation Enhances Multilingual User Training for SSO and Access Management Systems
• 13:32 : Samourai Wallet Founders Jailed in $237M Crypto Laundering Case
• 13:32 : Hackers Launch Active Attacks on Telecom and Media Industries
• 13:32 : Threat Actors Use Fake Update Lures to Deploy SocGholish Malware
• 13:32 : Massive Data Leak: ByteToBreach Offers Stolen Global Airline, Banking, and Government Records
• 13:32 : Price Drop: This Complete Ethical Hacking Bundle is Now $33
• 13:32 : Indirect-Shellcode-Executor Tool Exploits Windows API Vulnerability to Evade AV and EDR
• 13:31 : Hackers Sell Lifetime Access to WormGPT and KawaiiGPT for Just $220
• 13:31 : Hackers Exploit NTLM Authentication Flaws to Target Windows Systems
• 13:31 : Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI
• 13:31 : How to Choose the Right Virtual Data Room for Your Startup
• 13:2 : Thousands of Secrets Leaked on Code Formatting Platforms
• 13:2 : When Your $2M Security Detection Fails: Can your SOC Save You?
• 12:32 : Securing Converged AI-Blockchain Systems: Introducing the MAESTRO 7-Layer Framework
• 12:32 : Huawei and Chinese Surveillance
• 12:32 : New “HashJack” attack can hijack AI browsers and assistants
• 12:32 : Gainsight Cyber-Attack Affect More Salesforce Customers
• 12:2 : Emergency alerts go dark after cyberattack on OnSolve CodeRED
• 12:2 : How Thales Protects Online Retail Sites from AI-Driven Bots during Holiday Shopping Season
• 12:2 : Ransomware Attack Disrupts Local Emergency Alert System Across US
• 12:2 : Cybersecurity Is Now a Core Business Discipline
• 12:2 : Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps
• 12:2 : Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools
• 11:32 : The Golden Scale: ‘Tis the Season for Unwanted Gifts
• 11:32 : Fake Battlefield 6 Downloads Are Spreading Malware, Stealing Player Data
• 11:32 : Developers Are Exposing Passwords and API Keys Through Online Code Tools
• 11:32 : Tor Network Adopts Galois Onion Encryption To Strengthen User Protection
• 11:32 : Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware
• 11:32 : Hackers Use Fake “Battlefield 6” Hype to Spread Stealers and C2 Malware
• 11:32 : HashJack: A Novel Exploit Leveraging URL Fragments To Deceive AI Browsers
• 11:32 : Developers Expose Passwords and API Keys via Online Tools like JSONFormatter
• 11:32 : Microsoft Details Security Risks of New Agentic AI Feature
• 11:32 : London councils probe cyber incident as shared IT systems knocked offline
• 11:5 : IT Security News Hourly Summary 2025-11-26 12h : 4 posts
• 11:3 : TSMC Sues Former Vice President Who Joined Intel
• 11:3 : Influencers in the crosshairs: How cybercriminals are targeting content creators
• 10:32 : HP Cuts Jobs, Reduces Outlook Amid Tariff Pressures
• 10:32 : HashJack Indirect Prompt Injection Weaponizes Websites
• 10:2 : France Asks Court To Suspend Shein For Three Months
• 10:2 : Dissecting a new malspam chain delivering Purelogs infostealer
• 10:2 : Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
• 10:2 : Paris, The Thinker, and why your WAF should block XSS by default
• 10:2 : Opti Raises $20 Million for Identity Security Platform
• 9:31 : Panasonic Batteries To Power Zoox Robotaxi Expansion
• 9:31 : HashJack: New Attack Technique Tricks AI Browsers Using a Simple ‘#’
• 9:31 : Top five cybersecurity Black Friday deals for businesses 2025
• 9:31 : Fraudulent email domain tracker: November 2025
• 9:31 : London Councils Hit By Serious Cyber “Incidents”
• 9:2 : Dutch Public Broadcaster Halts X Activity Over Hate Speech
• 9:2 : RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
• 8:32 : UBTech Deploys Humanoid Robots At China’s Border
• 8:32 : Huawei Claims Performance Boost With New Kirin Chip
• 8:32 : Dartmouth College Confirms Data Theft in Oracle Hack
• 8:32 : CISA warns of app break-ins, StealC V2 spread through blender files, Russian entrepreneur arrested for treason
• 8:6 : AI Cybercriminals Target Black Friday and Cyber Monday
• 8:6 : The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle
• 8:5 : Ostorlab brings automated, proof-backed mobile app security testing
• 8:5 : Vectra AI unifies threat visibility across Microsoft environments
• 8:5 : IT Security News Hourly Summary 2025-11-26 09h : 3 posts
• 7:32 : Tor Adopts Galois Onion Encryption to Strengthen Defense Against Online Attacks
• 7:32 : Securing AI-Generated Code in Enterprise Applications: The New Frontier for AppSec Teams
• 7:32 : Are AI Firewalls Worth the Investment?
• 7:2 : How AI is Revolutionizing Cybersecurity Defense
• 7:2 : Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed
• 7:2 : Heineken CISO champions a new risk mindset to unlock innovation
• 6:31 : Small language models step into the fight against phishing sites
• 6:2 : Gamayun APT Exploits New MSC EvilTwin Vulnerability to Deliver Malicious Payloads
• 6:2 : ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access
• 6:2 : What I’m Thankful for in DevSecOps This Year: Living Through Interesting Times
• 6:2 : How AI Threats Have Broken Strong Authentication
• 6:2 : DeepTeam: Open-source LLM red teaming framework
• 6:2 : Black Friday 2025 for InfoSec: How to spot real value and avoid the noise
• 6:2 : Major US Bank Data Linked Through Breach At Ascensus
• 5:5 : IT Security News Hourly Summary 2025-11-26 06h : 5 posts
• 5:2 : Apache Syncope Vulnerability Allows Attacker to Access Internal Database Content
• 5:2 : Cobalt Strike 4.12 Released With New Process Injection, UAC Bypasses and Malleable C2 Options
• 5:2 : YAMAGoya – Real-Time Threat Monitoring Tool Using Sigma and YARA Rules
• 5:2 : How board members think about cyber risk and what CISOs should tell them
• 4:31 : FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams
• 4:2 : Akira Ramps up Ransomware Activity With New Variant And More Aggressive Intrusion Methods
• 3:31 : ISC Stormcast For Wednesday, November 26th, 2025 https://isc.sans.edu/podcastdetail/9716, (Wed, Nov 26th)
• 2:5 : IT Security News Hourly Summary 2025-11-26 03h : 2 posts
• 1:31 : SmbCrawler – SMB Share Discovery and Secret-Hunting
• 1:31 : Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like
• 1:2 : Understanding the Security of Passkeys
• 0:31 : Russian Hackers Target US Engineering Firm Because of Work Done for Ukrainian Sister City
• 0:2 : Lifetime access to AI-for-evil WormGPT 4 costs just $220
• 0:2 : How certain can I be of the security in NHIs?
• 0:2 : What makes NHIs a powerful tool in cybersecurity?
• 0:2 : Am I free to choose different Agentic AI frameworks?
• 0:2 : Is investing in advanced NHIs justified?
• 23:31 : AWS Secrets Manager launches Managed External Secrets for Third-Party Credentials
• 23:5 : IT Security News Hourly Summary 2025-11-26 00h : 6 posts
• 23:2 : Corporate predators get more than they bargain for when their prey runs SonicWall firewalls
• 22:55 : IT Security News Daily Summary 2025-11-25