A new chain of five critical vulnerabilities discovered in Fluent Bit has exposed billions of containerized environments to remote compromise. Fluent Bit, an open-source logging and telemetry agent deployed over 15 billion times globally, sits at the core of modern…
Alumni, Student, and Staff Information Stolen From Harvard University
A phone phishing attack led to the compromise of a system containing information about alumni, donors, students, staff, and other individuals. The post Alumni, Student, and Staff Information Stolen From Harvard University appeared first on SecurityWeek. This article has been…
IT Security News Hourly Summary 2025-11-25 15h : 10 posts
10 posts were published in the last hour 14:2 : LABScon25 Replay | Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations 14:2 : Clop’s Oracle EBS rampage reaches Dartmouth College 14:2 : WormGPT 4 and KawaiiGPT: New Dark…
EN, SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
LABScon25 Replay | Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations
Mei Danowski & Eugenio Benincasa unpack how Chinese firms running attack-defense exercises fuel state-linked offensive cyber operations. This article has been indexed from SentinelLabs – We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware,…
Clop’s Oracle EBS rampage reaches Dartmouth College
Uni notifies 1,400-plus Maine residents as zero-day fallout continues Dartmouth College has confirmed it’s the latest victim of Clop’s Oracle E-Business Suite (EBS) smash-and-grab.… This article has been indexed from The Register – Security Read the original article: Clop’s Oracle…
WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation
Palo Alto Networks has conducted an analysis of malicious LLMs that help threat actors with phishing, malware development, and reconnaissance. The post WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation appeared first on SecurityWeek. This article has been…
Fluent Bit Vulnerabilities Expose Cloud Services to Takeover
Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek. This article has been indexed from…
New FlexibleFerret Malware Chain Targets macOS With Go Backdoor
A new macOS malware chain using staged scripts and a Go-based backdoor has been attributed to FlexibleFerret, designed to steal credentials and maintain system access This article has been indexed from www.infosecurity-magazine.com Read the original article: New FlexibleFerret Malware Chain…
OpenSSL 3.2 End Of Life
OpenSSL 3.2 series has reached its End of Life (EOL). As such it will no longer receive publicly available security fixes. This article has been indexed from Blog on OpenSSL Library Read the original article: OpenSSL 3.2 End Of Life
Thinking Beyond Price: What Tech Teams Should Look for in a Hosting Provider
Discover why reliability, scalability, and local support matter more than cost when choosing Australian web hosting for your tech stack. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the original…
How CloudGuard WAF Lowers Risk and Total Cost of Ownership (TCO)
Security teams must protect apps and APIs without drowning in rule maintenance or false-positive triage. Many traditional WAFs pile on hidden expenses like manual tuning, lot of false-positives, and breach fallout that increase costs and drain resources. Check Point CloudGuard…
The 2026 Tech Tsunami: AI, Quantum, and Web 4.0 Collide
The year 2026 will not be defined by incremental upgrades. It will be shaped by an unprecedented collision of forces: next-generation computing, hyper-automation, and a global cyber security reckoning. Technological convergence and the rise of autonomous systems will redefine global…
MDR is the answer – now, what’s the question?
Why your business needs the best-of-breed combination of technology and human expertise This article has been indexed from WeLiveSecurity Read the original article: MDR is the answer – now, what’s the question?
Update Firefox to Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users
AI security firm AISLE revealed CVE-2025-13016, a critical Firefox Wasm bug that risked 180M users for six months. Learn how the memory flaw allowed code execution. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI,…
Tool Sprawl Taxes Your Business More Than You Think
Ross Brouse has a name for what he sees every day. The Frankenstack. “The lack of operational simplicity comes from piling on tools, building that Frankenstack, as I call it,” says Brouse, President and COO of Continuous Networks, an MSP…
Threat Actors Exploiting Black Friday Shopping Hype – 2+ Million Attacks Recorded
The 2025 Black Friday shopping season has become a prime hunting ground for cybercriminals, with threat actors recording over 2 million phishing attacks targeting online gamers and shoppers worldwide. As global e-commerce continues to grow at 7-9% annually, attackers have…
Threat Actors Leverage Blender Foundation Files to Deliver Notorious StealC V2 Infostealer
Cybercriminals have discovered a new attack vector targeting the creative design community by exploiting Blender, a widely used open-source 3D modeling application. Threat actors are uploading malicious files to popular asset platforms like CGTrader, containing embedded Python scripts that execute…
Germany’s Cyber Skills Shortage Leaves Companies Exposed to Record Cyberattacks
Germany faces a critical shortage of cybersecurity specialists amid a surge in cyberattacks that caused record damages of €202.4 billion in 2024, according to a study by Strategy&, a unit of PwC. The study found that nine out of…
ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. “This attack allows them to obtain tokens for the OAuth…
ClickFix Attack Uses Steganography to Hide Malware in Fake Windows Security Update
Cybersecurity researchers at Huntress have uncovered a sophisticated ClickFix campaign that leverages steganography to conceal malicious code within PNG images disguised as Windows Update screens. The attack chain delivers multiple variants of information-stealing malware, including LummaC2 and Rhadamanthys, through a…
Critical Fluent Bit Vulnerabilities Allow Remote Attacks on Cloud Environments
Five newly discovered critical vulnerabilities in Fluent Bit, the open-source log processor embedded in billions of containers, are sending shockwaves through the cloud security community. Oligo Security’s research uncovers attack chains that enable adversaries to bypass authentication, perform path traversal,…
Major Data Breach at Delta Dental of Virginia Hits Over 146,000 Customers’ Info
Delta Dental of Virginia, a non-profit dental benefits organization based in Roanoke, has announced a significant data breach affecting approximately 145,918 individuals. The unauthorised access to an external system exposed sensitive personal information, marking one of the more substantial healthcare…
Russian and North Korean Hackers Forge Global Cyberattack Alliance
State-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persistent threat (APT) group, and Lazarus, North Korea’s primary cyber…
Microsoft Warns of Security Risks in New Agentic AI Feature
Microsoft is sounding the alarm on critical security considerations as it introduces agentic AI capabilities to Windows through experimental features like Copilot Actions. The company is rolling out a new agent workspace feature in private preview that establishes isolated environments…