IT Security News Daily Summary 2025-11-12

178 posts were published in the last hour

• 22:36 : DHS Kept Chicago Police Records for Months in Violation of Domestic Espionage Rules
• 22:6 : SmartApeSG campaign uses ClickFix page to push NetSupport RAT, (Wed, Nov 12th)
• 22:6 : How BISOs enable CISOs to scale security across the business
• 22:6 : Google sues 25 China-based scammers behind Lighthouse ‘phishing for dummies’ kit
• 21:34 : Mindgard Finds Sora 2 Vulnerability Leaking Hidden System Prompt via Audio
• 21:34 : Google sues cybercriminal group Smishing Triad
• 20:34 : Cybersecurity firm Deepwatch lays off dozens, citing move to “accelerate” AI investment
• 20:34 : NDSS 2025 – Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
• 20:34 : NDSS 2025 – A Holistic Security Analysis Of Google Fuchsia’s (And gVisor’s) Network Stack
• 20:33 : Nile’s Bold Claim: Your LAN Architecture Is Fundamentally Broken
• 20:8 : Future-Proofing Retail Security: Preparing for Tomorrow’s Cyberthreats
• 20:8 : Elon Musk’s X botched its security key switchover, locking users out
• 20:8 : Operationalizing Threat Intelligence and AI-Powered Cyber Defense
• 20:8 : Using AI to Predict and Disrupt Evolving Cyberattacks
• 20:5 : IT Security News Hourly Summary 2025-11-12 21h : 6 posts
• 19:38 : CISA Identifies Ongoing Cyber Threats to Cisco ASA and Firepower Devices
• 19:38 : AppleScript Abused to Spread Fake Zoom and Teams macOS Updates
• 19:38 : New Danabot Windows version appears in the threat landscape after May disruption
• 19:38 : Massive Phishing Attack Impersonate as Travel Brands Attacking Users with 4,300 Malicious Domains
• 19:38 : Survey Surfaces Sharp Rise in Cybersecurity Incidents Involving AI
• 19:8 : Amazon Elastic Kubernetes Service gets independent affirmation of its zero operator access design
• 18:36 : NDSS 2025 – MALintent: Coverage Guided Intent Fuzzing Framework For Android
• 18:36 : Lion Safe-Zone
• 18:4 : DarkComet Spyware Resurfaces Disguised as Fake Bitcoin Wallet
• 18:4 : Phishing Campaign Exploits Meta Business Suite to Target SMBs
• 18:4 : Black Duck SCA Adds AI Model Scanning to Strengthen Software Supply Chain Security
• 18:4 : What Will Defense Contracting Look Like in 10 Years?
• 18:4 : Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks
• 18:4 : Smarter Scams, Sharper Awareness: How to Recognize and Prevent Financial Fraud in the Digital Age
• 17:33 : Attackers turned Citrix, Cisco 0-day exploits into custom-malware hellscape
• 17:33 : Companies want more from their threat intelligence platforms
• 17:5 : IT Security News Hourly Summary 2025-11-12 18h : 22 posts
• 17:4 : North Korean APT Uses Remote Wipe to Target Android Users
• 17:4 : Lawmakers warn Democratic governors that states are sharing drivers’ data with ICE
• 17:4 : China’s Cyber Silence is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says
• 17:4 : Google adds Emerging Threats Center to speed detection and response
• 17:4 : Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform
• 16:40 : Severe Ivanti Bugs Let Attackers Modify Files and Gain Access
• 16:40 : CISA Adds Three Known Exploited Vulnerabilities to Catalog
• 16:40 : Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell
• 16:40 : GitHub Copilot and Visual Studio Vulnerabilities Allow Attacker to Bypass Security Feature
• 16:40 : Multiple Apache OpenOffice Vulnerabilities Leads to Memory Corruption and Unauthorized Content Loading
• 16:40 : Beware of Malicious Steam Cleanup Tool Attack Windows Machines to Deploy Backdoor Malware
• 16:40 : Why your Business Need Live Threat Intel from 15k SOCs
• 16:40 : Phishing emails disguised as spam filter alerts are stealing logins
• 16:40 : How TTP-based Defenses Outperform Traditional IoC Hunting
• 16:40 : Queen City Con 0x3: Hacking And Embracing Resiliency
• 16:40 : Commvault Extends AI Ability to Ensure Cyber Resilience
• 16:40 : Commvault Cloud Unity platform delivers unified data security, recovery, and identity protection
• 16:40 : Securonix DPM Flex optimizes SIEM data management
• 16:40 : UK’s new Cyber Security and Resilience Bill targets weak links in critical services
• 16:39 : GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack
• 16:39 : ‘Shadow AI’ is widespread — and executives use it the most
• 16:39 : Sophisticated threat actor targeting zero-day flaws in Cisco ISE and Citrix
• 15:4 : File Formats
• 15:4 : How to Build a Strong Ransomware Defense Strategy for Your Organization?
• 15:4 : Hacker Claims Responsibility for University of Pennsylvania Breach Exposing 1.2 Million Donor Records
• 15:4 : User Privacy:Is WhatsApp Not Safe to Use?
• 15:4 : Bluetooth Security Risks: Why Leaving It On Could Endanger Your Data
• 15:4 : Cyware enhances cyber defense with AI Fabric merging generative and agentic AI
• 15:4 : Stellar Cyber 6.2 strengthens human-augmented autonomous SOC
• 15:4 : Black Duck expands SCA with AI Model Risk Insights to deliver visibility into AI model usage
• 14:39 : Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack
• 14:39 : Australia’s spy chief warns of China-linked threats to critical infrastructure
• 14:38 : New Phishing Attack Leverages Popular Brands to Harvest Login Credentials
• 14:38 : APT-C-08 Hackers Exploiting WinRAR Vulnerability to Attack Government Organizations
• 14:38 : Virtual Event Today: CISO Forum 2025 Virtual Summit
• 14:38 : Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws
• 14:38 : Cyber-Insurance Payouts Soar 230% in UK
• 14:38 : Amazon discovers APT exploiting Cisco and Citrix zero-days
• 14:38 : Hamburg Miniature Museum Hit By Hack
• 14:38 : GlobalLogic Confirms Data Breach
• 14:38 : Google Launches Private AI Compute
• 14:38 : Australia Warned Of China Sabotage
• 14:38 : UK Unveils Cyber Security Bill
• 14:6 : Payroll Pirates: One Network, Hundreds of Targets
• 14:6 : The Learning Counsel: 3 Steps to a Robust Zero-Trust Architecture in K-12 Schools This Year
• 14:6 : Intel Sues Ex-Employee It Claims Stole 18,000 Company Files
• 14:5 : IT Security News Hourly Summary 2025-11-12 15h : 12 posts
• 13:38 : Sweet Security Raises $75 Million for Cloud and AI Security
• 13:38 : Why It’s Time to Stop Saving Passwords in the Browser
• 13:38 : Aryaka advances converged networking and security with Unified SASE as a Service 2.0
• 13:9 : SecureVibes Introduces Multi-Language Vulnerability Scanner Powered by Claude AI
• 13:9 : AppleScript Used to Deliver macOS Malware Disguised as Zoom & Teams Updates
• 13:9 : Australian spy chief warns Chinese hackers are ‘probing’ critical networks for espionage and sabotage
• 13:9 : A Policy Roadmap for Secure AI by Design
• 13:9 : Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates
• 13:9 : Microsoft Investigating Teams Issue that Disables Users from Opening Apps
• 13:9 : Google Sues Chinese Cybercriminals Behind ‘Lighthouse’ Phishing Kit
• 13:9 : NSFOCUS Monthly APT Insights – September 2025
• 13:9 : IBM pushes toward quantum advantage by 2026 with new Nighthawk processor
• 12:36 : MastaStealer Exploits Windows LNK to Launch PowerShell and Bypass Defender
• 12:36 : The DSPM Paradox: Perceived Controls for an Uncontrollable Data Landscape
• 12:36 : Update now: November Patch Tuesday fixes Windows zero-day exploited in the wild
• 12:36 : High-Severity Vulnerabilities Patched by Ivanti and Zoom
• 12:36 : [Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR
• 12:4 : Hackers Exploit SSRF Flaw in Custom GPTs to Steal ChatGPT Secrets
• 12:4 : Why shadow AI could be your biggest security blind spot
• 12:4 : Google Paid Out $458,000 at Live Hacking Event
• 11:36 : Rhadamanthys Stealer Servers Reportedly Seized; Admin Urges Immediate Reinstallation
• 11:36 : Bitcoin bandit’s £5B bubble bursts as cops wrap seven-year chase
• 11:36 : Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215)
• 11:36 : Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack
• 11:36 : Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security
• 11:5 : IT Security News Hourly Summary 2025-11-12 12h : 19 posts
• 11:4 : Alibaba Founder Jack Ma’s Wife Buys London Mansion
• 11:4 : @facebookmail.com Invites Exploited to Phish Facebook Business Users
• 11:4 : Authentication Coercion: How Windows Machines Are Tricked into Leaking Credentials
• 11:4 : Authentication Coercion Attack Tricks Windows Machines into Revealing Credentials to Attack-controlled Servers
• 11:4 : Tor Browser 15.0.1 Released With Fix for Multiple Security Vulnerabilities
• 11:4 : How Malwarebytes stops the ransomware attack that most security software can’t see
• 11:4 : UK’s Cyber Security and Resilience Bill makes Parliamentary debut
• 11:4 : Chipmaker Patch Tuesday: Over 60 Vulnerabilities Patched by Intel
• 10:35 : Silicon UK AI For Your Business Podcast: AI for Acceleration — How Enterprises Are Turning Data into Faster Innovation
• 10:34 : Microsoft To Invest $10bn In Portugal Data Centre
• 10:34 : English-Speaking Cybercriminal Network ‘The COM’ Drives Global Cyberattacks
• 10:34 : This Is the Platform Google Claims Is Behind a ‘Staggering’ Scam Text Operation
• 10:34 : Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025
• 10:34 : Aviation watchdog says organized drone attacks will shut UK airports ‘sooner or later’
• 10:34 : Avast delivers AI-powered protection for Android and iOS
• 10:34 : Microsoft Fixes Windows Kernel Zero Day in November Patch Tuesday
• 10:6 : Meta Chief AI Scientist LeCun ‘To Quit’
• 10:6 : AI’s Hidden Weak Spot: How Hackers Are Turning Smart Assistants into Secret Spies
• 10:6 : UK Government Finally Introduces Cyber Security and Resilience Bill
• 9:36 : Bank Of England Defends Stablecoin Limits
• 9:36 : Microsoft SQL Server Vulnerability Allows Privilege Escalation
• 9:36 : New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options
• 9:36 : ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets
• 9:36 : Google Launches ‘Private AI Compute’ — Secure AI Processing with On-Device-Level Privacy
• 9:11 : Google To Invest $6.4bn In Germany
• 9:11 : Chrome Security Update Fixes Improper Implementation in V8 JavaScript Engine
• 9:10 : GitHub Copilot and Visual Studio Flaws Let Attackers Bypass Security Protections
• 8:38 : German Court Finds OpenAI Infringes Law Over Song Lyrics
• 8:38 : $7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK
• 8:38 : SecureVibes – AI-backed Tool Uses Claude AI Agents to Scan for Vulnerabilities Across 11 Languages
• 8:38 : Windows Remote Desktop Services Vulnerability Let Attackers Escalate Privileges
• 8:38 : New Phishing Attack Targeting Meta Business Suite Users to Steal Login Credentials
• 8:38 : ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider
• 8:38 : Google’s remote-wipe weapon, Qilin ransomware activity surges, GootLoader is back
• 8:11 : Chinese Bitcoin ‘Queen’ Handed Jail Term In London
• 8:5 : IT Security News Hourly Summary 2025-11-12 09h : 4 posts
• 7:36 : Tor Browser 15.0.1 Update Patches Several High-Risk Security Flaws
• 7:36 : Chrome Patches High-severity Implementation Vulnerability in V8 JavaScript engine
• 7:36 : New Google Study Reveals Threat Protection Against Text Scams
• 7:36 : University of Pennsylvania Hit by Hackers: Fake Emails, Data Leak Threats, and Political Backlash
• 7:4 : Google regulation by the CMA in the UK
• 7:4 : New Phishing Scam Targets iPhone Owners After Device Loss
• 7:4 : The Future of AI in Security: From Reactive to Proactive Protection
• 7:4 : Bringing AI to the SOC is not Intended to Replace Humans
• 7:4 : When every day is threat assessment day
• 6:34 : Lite XL Vulnerability Allows Attackers to Execute Arbitrary Code
• 6:34 : Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug
• 6:34 : ProxyBridge: Open-source proxy routing for Windows applications
• 6:33 : Autonomous AI could challenge how we define criminal behavior
• 6:9 : Phishing Attack Impersonates Travel Brands Using 4,300 Malicious Domains
• 6:8 : Ferocious Kitten APT Deploying MarkiRAT to Capture Keystroke and Clipboard Logging
• 6:8 : AI is forcing boards to rethink how they govern security
• 6:8 : Shadow AI risk: Navigating the growing threat of ungoverned AI adoption
• 6:8 : Industrial Phishing Kit QRR Discovered: New Cyber Threats Unveiled | Cybersecurity Today
• 5:36 : Windows Kernel 0-Day Under Active Exploitation for Privilege Escalation
• 5:36 : What the latest data reveals about hard drive reliability
• 5:5 : IT Security News Hourly Summary 2025-11-12 06h : 4 posts
• 5:4 : Chinese National Sentenced for Laundering Over £5 Billion from 128,000 Victims
• 5:4 : Mozilla Issues Urgent Firefox Update to Patch Critical Code Execution Flaws
• 5:4 : China hates crypto and scams, but is now outraged USA acquired bitcoin from a scammer
• 4:36 : New Quantum Route Redirect Tool Lets Attackers Launch One-Click Phishing Attacks on Microsoft 365 Users
• 4:4 : Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege
• 4:4 : Danabot Malware Resurfaced with Version 669 Following Operation Endgame
• 3:6 : Red Bull Racing’s secret weapon? An engineer who treats workflows like lap times
• 2:6 : ISC Stormcast For Wednesday, November 12th, 2025 https://isc.sans.edu/podcastdetail/9696, (Wed, Nov 12th)
• 2:6 : An Overview of Qualified Digital Certificates
• 2:6 : Improving Single Sign-On Experiences with OpenID Connect and SCIM
• 2:5 : IT Security News Hourly Summary 2025-11-12 03h : 1 posts
• 1:33 : Australia’s spy boss says authoritarian nations ready to commit ‘high-impact sabotage’
• 0:33 : IBM Infrastructure: Continuous Risk & Compliance
• 23:38 : 8 Recommended Account Takeover Security Providers
• 23:5 : IT Security News Hourly Summary 2025-11-12 00h : 4 posts
• 22:55 : IT Security News Daily Summary 2025-11-11