The research team has found an extensive cyber-espionage campaign known as Operation WrtHug, which has quietly infiltrated tens of thousands of ASUS routers across the globe, which is a sign that everyday network infrastructure is becoming increasingly vulnerable. A…
SonicWall flags SSLVPN flaw allowing firewall crashes
SonicWall warns of a high-severity buffer overflow flaw in SonicOS SSLVPN (CVE-2025-40601) that lets attackers crash Gen7 and Gen8 firewalls. A new high-severity SonicOS SSLVPN flaw, tracked as CVE-2025-40601 (CVSS score of 7.5), allows attackers to crash SonicWall Gen7 and…
Wireshark 4.4.1 Released, (Sun, Nov 23rd)
Wireshark release 4.6.1 fixes 2 vulnerabilities and 20 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4.1 Released, (Sun, Nov 23rd)
YARA-X 1.10.0 Release: Fix Warnings, (Sun, Nov 23rd)
YARA-X's 1.10.0 release brings a new command: fix warnings. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA-X 1.10.0 Release: Fix Warnings, (Sun, Nov 23rd)
When AI Goes Rogue, Science Fiction Meets Reality
The new movie Tron: Ares isn’t just sci-fi entertainment — it’s a mirror for today’s AI risks and realities. What happens when artificial intelligence systems don’t work as intended? The post When AI Goes Rogue, Science Fiction Meets Reality appeared…
Week in review: Stealth-patched FortiWeb vulnerability under active exploitation, Logitech data breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The tech that turns supply chains from brittle to unbreakable In this Help Net Security interview, Sev Kelian, CISO and VP of Security at Tecsys,…
IT Security News Hourly Summary 2025-11-23 09h : 2 posts
2 posts were published in the last hour 7:31 : CodeStepByStep – 17,351 breached accounts 7:31 : Microsoft Confirms Windows 11 24H2 Update Broken Multiple Core Features
CodeStepByStep – 17,351 breached accounts
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records. The impacted data included names, usernames and email addresses. This article has been indexed from Have I Been Pwned latest breaches Read the…
Microsoft Confirms Windows 11 24H2 Update Broken Multiple Core Features
Microsoft has officially acknowledged a significant disruption affecting Windows 11 version 24H2 users, specifically after installing the cumulative update KB5062553 released in July 2025. The issue primarily affects environments using Virtual Desktop Infrastructure (VDI) and devices undergoing their first user…
U.S., International Partners Target Bulletproof Hosting Services
Agencies with the US and other countries have gone hard after bulletproof hosting services providers this month, including Media Land, Hypercore, and associated companies and individuals, while the FiveEyes threat intelligence alliance published BPH mitigation guidelines for ISPs, cloud providers,…
ADDA – 1,829,314 breached accounts
In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes. This article has been…
IT Security News Hourly Summary 2025-11-23 00h : 1 posts
1 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-11-22
IT Security News Daily Summary 2025-11-22
36 posts were published in the last hour 18:2 : BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks 18:2 : Salesforce: Some Customer Data Accessed via Gainsight Breach 17:5 : IT Security News Hourly Summary 2025-11-22 18h…
BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks
APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads, Google…
Salesforce: Some Customer Data Accessed via Gainsight Breach
An attack on the app of CRM platform-provider Gainsight led to the data of hundreds of Salesforce customers being compromised, highlighting the ongoing threats posed by third-party software in SaaS environments and illustrating how one data breach can lead to…
IT Security News Hourly Summary 2025-11-22 18h : 8 posts
8 posts were published in the last hour 17:2 : Quantum Computing Moves Closer to Real-World Use as Researchers Push Past Major Technical Limits 17:2 : China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services 16:34 : CrowdStrike…
Quantum Computing Moves Closer to Real-World Use as Researchers Push Past Major Technical Limits
The technology sector is preparing for another major transition, and this time the shift is not driven by artificial intelligence. Researchers have been investing in quantum computing for decades because it promises to handle certain scientific and industrial problems…
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time. “In the period from 2024…
CrowdStrike Fires Worker Over Insider Leak to Scattered Lapsus Hunters
CrowdStrike fired an insider for selling internal screenshots to Scattered Lapsus$ Hunters for $25,000. Read how the security team detected the activity and protected customers. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto…
How to Block Ads Across Your Entire Home Network and Reduce Online Threats
In today’s hyper-connected world, ads have become nearly impossible to escape. From phones and laptops to smart TVs, every screen you own is constantly serving you promotional content. And while most ads are simply irritating, some can be genuinely…
Metasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities
Rapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root privileges. CVE ID Vulnerability Type Affected Product Impact CVE-2025-64446…
CrowdStrike Fires Employee for Leaking Internal System Info to Hackers
Cybersecurity giant CrowdStrike has terminated an employee who allegedly shared sensitive internal system information with a notorious hacking collective. The incident involved the leak of internal screenshots posted on a public Telegram channel operated by the threat group known as…
Hackers Use Salesforce Gainsight Breach to Access Data from More Than 200 Companies
Salesforce has disclosed a significant security incident involving unauthorized access to customer data through compromised Gainsight-published applications. The breach, detected in mid-November 2025, potentially exposed sensitive information from over 200 organizations that use the customer success platform integrated with Salesforce.…
CISA Issues Warning as Hackers Target Oracle Identity Manager RCE Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Oracle vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that attackers are already exploiting it in real-world attacks. The bug, tracked as CVE-2025-61757, affects Oracle Identity Manager,…