A comprehensive phishing operation began targeting Indian companies in November 2025 by impersonating the Income Tax Department of India. The campaign employed remarkably authentic government communication templates, bilingual messaging in Hindi and English, and legal references to sections of the…
Threat Actors Leveraging Foxit PDF Reader to Gain System Control and Steal Sensitive Data
Cybercriminals have discovered a clever way to slip malware onto job seekers’ computers by disguising malicious files as legitimate recruitment documents. A new campaign called ValleyRAT targets people actively searching for employment through email messages containing fake job offers and…
Lazarus Group’s IT Workers Scheme Hacker Group Caught Live On Camera
Lazarus Group’s Famous Chollima unit has been caught “live on camera” running its remote IT worker scheme, after researchers funneled its operatives into fake laptops that were actually long‑running sandbox environments under full surveillance. The investigation exposes in unprecedented detail…
Darktrace / Email strengthens behavioral detection, DLP, and SOC integrations
Darktrace announced a series of enhancements to Darktrace / EMAIL designed to detect and stop attacks spanning communications channels, strengthen outbound email protections, and streamline SOC integrations. The new capabilities will help security teams catch sophisticated attacks that evade existing…
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now. This article has been indexed from Hackread – Cybersecurity News, Data Breaches,…
Canadian police trialling facial recognition bodycams
Facial recognition software has long been criticized for accuracy issues and past wrongful arrests. This article has been indexed from Malwarebytes Read the original article: Canadian police trialling facial recognition bodycams
Aisuru botnet turns Q3 into a terabit-scale stress test for the entire internet
Cloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks The internet has spent the past three months ducking for cover as the Aisuru botnet hurled record-shattering DDoS barrages from an army of up to 4 million…
Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT
The 25-page document outlines four principles for securely integrating AI with operational technology. The post Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users
A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. The post ShadyPanda’s Years-Long…
Coro 3.7 rolls out redesigned Actionboard, unified ticketing, and AI insights
Coro announced the latest release of its unified platform. Coro 3.7 introduces user interface enhancements designed to accelerate remediation and streamline security management for SMBs. Coro has further refined its Actionboard, equipping IT professionals with essential information while minimizing unnecessary…
Newly Sold Albiriox Android Malware Targets Banks and Crypto Holders
Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service (MaaS) RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech,…
KnowBe4 Named a Leader in Gartner® Magic Quadrant™ for Email Security
KnowBe4, the platform that comprehensively addresses AI and human risk management, has been recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms for the second consecutive year and acknowledged specifically for its Ability to Execute…
iOS Zero-Day Exploit Chain Leveraged by Mercenary Spyware for Device Surveillance
A new iOS zero-day exploit chain has been linked to mercenary spyware used for silent device surveillance against high‑risk users. The operation, attributed to the commercial surveillance vendor Intellexa, chains multiple previously unknown flaws to move from a single link…
Freedom Mobile Data Breach Exposes Personal Information of Customers
Canadian wireless provider Freedom Mobile has disclosed a data breach affecting customer personal information following unauthorized access to its account management platform. On October 23, 2025, Freedom Mobile detected unauthorized activity on its customer account management system. The investigation revealed…
Update Chrome now: Google fixes 13 security issues affecting billions
Google has pushed out a Chrome update with 13 security fixes, including a high-severity flaw in Digital Credentials. This article has been indexed from Malwarebytes Read the original article: Update Chrome now: Google fixes 13 security issues affecting billions
DOJ Disrupts Major Myanmar-Based Scam Targeting TickMill Users
Taking action to demonstrate the United States’ commitment to combating transnational cyber-fraud networks, the Department of Justice has announced a decisive seizure of tickmilleas.com, a domain allegedly used by a sophisticated cryptocurrency investment scam originating in Burma, as a…
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the…
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has…
Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers
Akamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17, 2025, and the company says no action is needed from customers. The flaw is now…
Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections
A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive anti-analysis protections. Sold as malware-as-a-service (MaaS) and written in C++ for 64-bit Windows, Sryxen targets…
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due…
New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications, addressing a critical gap in the detection of CVE-2025-55182. New Detection Approach Challenges Existing Security Assumptions A newly available Python-based…
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to completely bypass PickleScan’s malware detection mechanisms, potentially facilitating large-scale supply…
The Louisiana Department of Wildlife and Fisheries Is Detaining People for ICE
Louisiana’s hunting and wildlife authority is one of more than 1,000 state and local agencies that have partnered with US immigration authorities this year alone. This article has been indexed from Security Latest Read the original article: The Louisiana Department…