GitLab has released critical security patches addressing nine vulnerabilities across Community Edition (CE) and Enterprise Edition (EE), including a concerning prompt injection flaw in GitLab Duo that could expose sensitive information from confidential issues. The company is urging all self-managed installations to…
Category: EN
Malicious Chrome Extension Grants Full Control Over Ethereum Wallet
Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” published on the Chrome Web Store on November 12, 2024, that employs…
Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days
Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon’s threat intelligence researchers spotted an advanced threat actor exploiting two previously undisclosed zero-day flaws in Cisco Identity Service Engine (ISE)…
Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack
NHS provider Synnovis is notifying clients about the extent of a data breach 17 months after it suffered a ransomware attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Synnovis Finally Issues Breach Notification After 2024 Ransomware…
Formbook Delivered Through Multiple Scripts, (Thu, Nov 13th)
When I'm teachning FOR610[1], I always say to my students that reverse engineering does not only apply to “executable files†(read: PE or ELF files). Most of the time, the infection path involves many stages to defeat the Security Analyst…
Anthropic To Spend $50bn On US Data Centres
Amazon and Google-backed AI start-up Anthropic to spend $50bn on data centres in US, beginning with sites in Texas, New York This article has been indexed from Silicon UK Read the original article: Anthropic To Spend $50bn On US Data…
New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware
Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms. The campaign demonstrates how threat actors are exploiting legitimate search queries for cracked software to deliver…
CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding federal agencies. Failing to properly patch Cisco Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD) devices against actively exploited vulnerabilities. Under Emergency Directive 25-03, CISA has…
Microsoft SQL Server Vulnerability Let Attackers Escalate Privileges
Microsoft has released security updates to fix a serious vulnerability in SQL Server that allows attackers to gain higher system privileges. The flaw, tracked as CVE-2025-59499, was disclosed on November 11, 2025, and affects multiple versions including SQL Server 2016,…
Nokod Security launches Adaptive Agent Security to protect AI agents across the entire ADLC
Nokod Security announced the launch of Adaptive Agent Security, a solution that delivers real-time visibility, governance, and protection from threats across the Agent Development Lifecycle (ADLC). Citizen developers and business users are building and deploying AI agents that connect to…
OpenAI Challenges Discovery Order In Times Case
OpenAI asks judge to reconsider order to produce 20 million anonymised chat logs, as $500bn start-up fights New York Times copyright claims This article has been indexed from Silicon UK Read the original article: OpenAI Challenges Discovery Order In Times…
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3),…
Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608, carries a maximum CVSS severity score of…
New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices
A new phishing campaign is targeting iPhone owners who have lost their devices, exploiting their hope of recovery to steal Apple ID credentials. The National Cyber Security Centre (NCSC) has received multiple reports of cases where victims received text messages…
Healthcare security is broken because its systems can’t talk to each other
In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With hospitals, clinics, telehealth, and cloud partners all in the mix, maintaining visibility remains a complex task. Kracke…
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort. “The packages were systematically published over an extended…
Wanna bet? Scammers are playing the odds better than you are
Placing a bet has never been this easy, and that’s the problem. The convenience of online gambling is the same thing scammers are cashing in on. Whether it’s a fake app, a “can’t-miss” tipster, or a rigged casino, the game…
Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services.…
CISA Warns of Active Exploitation of WatchGuard Firebox Out-of-Bounds Write Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-9242, poses severe risks to organizations…
Beware of Fake Bitcoin Tools Concealing DarkComet RAT Malware
A newly discovered malware campaign is leveraging one of cybercriminals’ most effective lures cryptocurrency to distribute DarkComet RAT. This notorious remote access trojan continues to plague users despite being discontinued by its creator years ago. Security researchers have identified a…