IT Security News Daily Summary 2025-11-13

179 posts were published in the last hour

• 22:40 : You Thought It Was Over? Authentication Coercion Keeps Evolving
• 22:40 : Enhanced Support Systems for Effective NHI Management
• 22:40 : Stay Reassured with Consistent NHI Security Updates
• 22:40 : Keeping NHIs Safe from Unauthorized Access
• 22:6 : EU ‘Plans’ Google Probe Over Publisher Rankings
• 22:6 : Multiple GitLab Vulnerabilities Allow Prompt Injection and Data Theft
• 21:36 : Tor vs. VPN: What They Do, Key Differences and Which Is Better
• 21:36 : How Adversaries Exploit the Blind Spots in Your EASM Strategy
• 21:10 : How 43,000 NPM Spam Packages Hid in Plain Sight for Two Years
• 21:10 : Hackers Exploiting RMM Tools LogMeIn and PDQ Connect to Deploy Malware as a Normal Program
• 21:10 : Why AI Red Teaming is different from traditional security
• 20:38 : Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data
• 20:38 : Ransomed CTO falls on sword, refuses to pay extortion demand
• 20:8 : SAP Patches Severe Code Injection Flaw Enabling System Takeover
• 20:8 : Dangerous runC Flaws Could Allow Hackers to Escape Docker Containers
• 20:8 : Operation Endgame Dismantles 1,025 Malware Servers
• 20:5 : IT Security News Hourly Summary 2025-11-13 21h : 7 posts
• 19:38 : Google Sues China-Based ‘Lighthouse’ Phishing Service After $1B+ Scams Target Millions
• 19:38 : Chrome extension “Safery” steals Ethereum wallet seed phrases
• 19:7 : Viasat and the terrible, horrible, no good, very bad day
• 19:7 : Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics
• 19:7 : Rust in Android: move fast and fix things
• 19:7 : Google Sues ‘Lighthouse’ Phishing-as-a-service Kit Behind Massive Phishing Attacks
• 19:7 : New Wave of Steganography Attacks: Hackers Hiding XWorm in PNGs
• 18:41 : ChatGPT Exploited Through SSRF Flaw in Custom GPT Actions
• 18:41 : HPE’s Post-Juniper Vision: AI-Driven Security at Enterprise Scale
• 18:8 : CISA, FBI and Partners Unveil Critical Guidance to Protect Against Akira Ransomware Threat
• 17:38 : Best Six Test Data Management Tools
• 17:38 : When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools
• 17:38 : Scammers Abuse WhatsApp Screen Sharing to Steal OTPs and Funds
• 17:38 : Siemens Software Center and Solid Edge
• 17:38 : Siemens COMOS
• 17:38 : Siemens SICAM P850 family and SICAM P855 family
• 17:38 : Siemens LOGO! 8 BM Devices
• 17:38 : Rockwell Automation AADvance-Trusted SIS Workstation
• 17:38 : Police take down three cybercrime operations in latest round of ‘whack-a-mole’
• 17:38 : Navigating Fraud in Customer Verification and Real-Time Payments
• 17:11 : CISA and Partners Release Advisory Update on Akira Ransomware
• 17:11 : CISA warns federal agencies to patch flawed Cisco firewalls amid ‘active exploitation’ across the US government
• 17:11 : MastaStealer Weaponizes Windows LNK Files, Executes PowerShell Command, and Evades Defender
• 17:10 : Fake spam filter alerts are hitting inboxes
• 17:10 : UK authorities propose law to set minimum cyber standards for critical sectors
• 17:5 : IT Security News Hourly Summary 2025-11-13 18h : 9 posts
• 16:38 : Metrics Every CISO Needs for Threat-Led Defense Success
• 16:38 : NDSS 2025 – Power-Related Side-Channel Attacks Using The Android Sensor Framework
• 16:38 : The Subtle Signs That Reveal an AI-Generated Video
• 16:11 : Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers
• 16:11 : Google Sues ‘Lighthouse’ Phishing Service After $1B+ Scams Target Millions
• 16:10 : Ubuntu 25.10’s Rusty sudo holes quickly welded shut
• 16:10 : ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure
• 16:10 : Book Review: The Business of Secrets
• 16:10 : How Rapid AI Adoption Is Creating an Exposure Gap
• 15:40 : Wordfence Intelligence Weekly WordPress Vulnerability Report (November 3, 2025 to November 9, 2025)
• 15:40 : A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet
• 15:40 : CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks
• 15:40 : 1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium
• 15:40 : “IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages
• 15:9 : Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study
• 15:9 : Google Sues to Disrupt Chinese SMS Phishing Triad
• 15:9 : Google Debuts Private AI Compute to Protect Data in Cloud AI
• 15:9 : A radical upgrade pushes quantum links 200x farther
• 15:9 : NHS Investigating Oracle EBS Hack Following Cl0p Ransomware Group Claim
• 15:9 : Microsoft Teams New Premium Feature Blocks Screenshots and Recordings During Meeting
• 15:9 : 1 million victims, 17,500 fake sites: Google takes on toll-fee scammers
• 15:9 : NordVPN Survey Finds Most Americans Misunderstand Antivirus Protection Capabilities
• 15:9 : Google Sues Cybercriminals Behind Lighthouse
• 15:9 : Google Sues Text Message Scammers
• 15:9 : CISA Warns Of WatchGuard Fireware Flaw
• 15:9 : Firefox Chrome Fix High Severity Bugs
• 14:38 : Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens
• 14:38 : Phishing Emails Alert: How Spam Filters Can Steal Your Email Logins in an Instant
• 14:38 : Firms in Japan at Risk of Ransomware Threats, Government Measures Insufficient
• 14:38 : WA Law Firm Faces Cybersecurity Breach Following Ransomware Reports
• 14:38 : “Patched” but still exposed: US federal agencies must remediate Cisco flaws (again)
• 14:38 : Hackers Demand 200K From Doctor Alliance
• 14:38 : Police Take Down Major Malware Operations
• 14:38 : Hyundai Breach Risks Drivers Data
• 14:7 : Webinar Today: The Future of Industrial Network Security
• 14:7 : CISO Pay Increases 7% As Budget Growth Slows
• 14:5 : IT Security News Hourly Summary 2025-11-13 15h : 19 posts
• 13:55 : SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
• 13:55 : OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio Data
• 13:55 : Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years
• 13:55 : Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code
• 13:55 : SmartApeSG Uses ClickFix to Deploy NetSupport RAT
• 13:55 : The State of Ransomware in Q3 2025
• 13:55 : Images
• 13:55 : Microsoft Defender for O365 New Feature Allows Security Teams to Trigger Automated Investigations
• 13:55 : Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks
• 13:55 : Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data
• 13:55 : Extra, extra, read all about it: Washington Post clobbered in Clop caper
• 13:55 : Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm
• 13:55 : Understanding Classroom Management Styles and How To Find the Right One for Your Students
• 13:55 : Professor Predicts Salesforce Will Be First Big Tech Company Destroyed by AI
• 13:55 : TrojAI Defend for MCP brings real-time security, visibility, and policy enforcement to agentic AI
• 13:55 : Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
• 13:54 : Government funding bill temporarily revives cybersecurity information-sharing law
• 13:9 : Are you paying more than other people? NY cracks down on surveillance pricing
• 13:9 : NHS Investigating Oracle EBS Hack Claims as Hackers Name Over 40 Alleged Victims
• 12:44 : Top 3 Malware Families in Q4: How to Keep Your SOC Ready
• 12:44 : CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation
• 12:44 : U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog
• 12:44 : Rhadamanthys malware admin rattled as cops seize a thousand-plus servers
• 12:44 : Critical WatchGuard Firebox Vulnerability Exploited in Attacks
• 12:44 : OWASP Top 10 Business Logic Abuse: What You Need to Know
• 12:44 : Operation Endgame 3.0 Dismantles Three Major Malware Networks
• 12:7 : Rhadamanthys infostealer operation disrupted by law enforcement
• 12:6 : Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown
• 12:6 : When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
• 11:36 : Operation Endgame – 1,000+ Servers Used by Rhadamanthys, VenomRAT, and Elysium Dismantled
• 11:36 : English-Speaking Cybercriminal Ecosystem ‘The COM’ Drives a Wide Spectrum of Cyberattacks
• 11:36 : NHS supplier ends probe into ransomware attack that contributed to patient death
• 11:36 : Synnovis Confirms Patient Information Stolen in Disruptive Ransomware Attack
• 11:15 : Unleashing the Kraken ransomware group
• 11:14 : Ex-Twitter Boss Agrawal’s AI Start-Up Raises $100m
• 11:14 : Operation Endgame: Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and Elysium
• 11:14 : Operation Endgame 3.0 – 2,046,030 breached accounts
• 11:14 : DNS DDoS Attacks Explained – And Why Cloud DNS Is The Solution
• 11:14 : How AI-Generated Content is Fueling Next-Gen Phishing and BEC Attacks: Detection and Defense Strategies
• 11:5 : IT Security News Hourly Summary 2025-11-13 12h : 5 posts
• 10:38 : Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks
• 10:38 : We opened a fake invoice and fell down a retro XWorm-shaped wormhole
• 10:38 : Beyond Passwords: How Behaviour and Devices Shape Stronger Logins
• 10:38 : ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories
• 10:38 : Improve Collaboration to Hit Back At Rising Fraud, Says techUK
• 10:4 : VW Prepares Winter Tests For Co-Developed EV Platform
• 10:4 : OpenAI Sora 2 Vulnerability Exposes System Prompts via Audio Transcripts
• 10:4 : CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks
• 10:4 : How Attackers Turn SVG Files Into Phishing Lures
• 10:4 : Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges
• 10:4 : New ClickFix Attack Tricks Users with ‘Fake OS Update’ to Execute Malicious Commands
• 10:4 : Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon
• 10:4 : Mobile blackout for Russian travelers, Windows 11 supports 3rd party passkeys, Synology patches BeeStation flaw
• 9:50 : Ireland Investigates X Over Content Moderation
• 9:50 : Portuguese Telcos To Invest €4.2bn In 5G, Fibre
• 9:50 : GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data Theft
• 9:50 : Malicious Chrome Extension Grants Full Control Over Ethereum Wallet
• 9:50 : Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days
• 9:50 : Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack
• 9:6 : Formbook Delivered Through Multiple Scripts, (Thu, Nov 13th)
• 8:36 : Anthropic To Spend $50bn On US Data Centres
• 8:36 : New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware
• 8:36 : CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices
• 8:36 : Microsoft SQL Server Vulnerability Let Attackers Escalate Privileges
• 8:36 : Nokod Security launches Adaptive Agent Security to protect AI agents across the entire ADLC
• 8:12 : OpenAI Challenges Discovery Order In Times Case
• 8:12 : CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
• 8:5 : IT Security News Hourly Summary 2025-11-13 09h : 4 posts
• 7:42 : Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges
• 7:13 : New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices
• 7:12 : Healthcare security is broken because its systems can’t talk to each other
• 7:12 : Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
• 6:42 : Wanna bet? Scammers are playing the odds better than you are
• 6:17 : Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks
• 6:17 : CISA Warns of Active Exploitation of WatchGuard Firebox Out-of-Bounds Write Flaw
• 6:17 : Beware of Fake Bitcoin Tools Concealing DarkComet RAT Malware
• 6:17 : Sprout: Open-source bootloader built for speed and security
• 6:17 : Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
• 5:42 : BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration
• 5:42 : Active Exploitation of Cisco and Citrix 0-Day Vulnerabilities Allows Webshell Deployment
• 5:42 : Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software
• 5:42 : Chinese National Jailed for Laundering Over £5 Billion by Defrauding Over 128,000 Victims
• 5:42 : China’s Cyber Silence Is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says
• 5:42 : Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases
• 5:42 : Automation can’t fix broken security basics
• 5:8 : Google Sues “Lighthouse” Over Massive Phishing Attacks
• 5:8 : The browser is eating your security stack
• 3:34 : Lite XL Text editor Vulnerability Let Attackers Execute Arbitrary Code
• 2:8 : ISC Stormcast For Thursday, November 13th, 2025 https://isc.sans.edu/podcastdetail/9698, (Thu, Nov 13th)
• 2:5 : IT Security News Hourly Summary 2025-11-13 03h : 1 posts
• 1:9 : ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year
• 0:36 : Ensuring Scalability in Your NHI Security Practices
• 0:36 : Confidently Managing Your NHIs’ Security Posture
• 0:36 : How Smart NHI Solutions Enhance Security Measures
• 0:36 : Creating Stability in NHI Management Across Multiple Clouds
• 23:8 : U.S. Launches Strike Force to Combat Global Crypto Fraud
• 23:8 : Cybersecurity firm Deepwatch lays off dozens, citing move to ‘accelerate’ AI investment
• 23:5 : IT Security News Hourly Summary 2025-11-13 00h : 5 posts
• 22:55 : IT Security News Daily Summary 2025-11-12