3 posts were published in the last hour 23:2 : Weaponized file name flaw makes updating glob an urgent job 22:58 : IT Security News Weekly Summary 47 22:55 : IT Security News Daily Summary 2025-11-23
Weaponized file name flaw makes updating glob an urgent job
PLUS: CISA issues drone warning; China-linked DNS-hijacking malware; Prison for BTC Samourai; And more Infosec In Brief Researchers have urged users of the glob file pattern matching library to update their installations, after discovery of a years-old remote code execution…
IT Security News Weekly Summary 47
210 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-11-23 18:6 : Iberia discloses security incident tied to supplier breach 17:5 : IT Security News Hourly Summary 2025-11-23 18h : 2 posts 17:4 :…
IT Security News Daily Summary 2025-11-23
25 posts were published in the last hour 18:6 : Iberia discloses security incident tied to supplier breach 17:5 : IT Security News Hourly Summary 2025-11-23 18h : 2 posts 17:4 : NDSS 2025 – GAP-Diff: Protecting JPEG-Compressed Images From…
Iberia discloses security incident tied to supplier breach
Iberia warns customers of a supplier-related data breach as a threat actor claims to hold 77GB of stolen airline data. Iberia is warning customers about a data breach after a third-party supplier was hacked by a threat actor who claims…
IT Security News Hourly Summary 2025-11-23 18h : 2 posts
2 posts were published in the last hour 17:4 : NDSS 2025 – GAP-Diff: Protecting JPEG-Compressed Images From Diffusion-Based Facial Customization 16:34 : Governments sanction Russian “bulletproof” host for aiding ransomware networks
NDSS 2025 – GAP-Diff: Protecting JPEG-Compressed Images From Diffusion-Based Facial Customization
SESSION Session 3D: AI Safety ———– ———– Authors, Creators & Presenters: Haotian Zhu (Nanjing University of Science and Technology), Shuchao Pang (Nanjing University of Science and Technology), Zhigang Lu (Western Sydney University), Yongbin Zhou (Nanjing University of Science and Technology),…
Governments sanction Russian “bulletproof” host for aiding ransomware networks
Authorities in the United States, the United Kingdom, and Australia have jointly imposed sanctions on a Russian bulletproof hosting provider accused of giving safe and long-term technical support to ransomware operators and other criminal groups. Officials say the newly…
Tycoon2FA Launches Nearly 1 Million Attacks Targeting Office 365 Accounts
Tycoon2FA, a sophisticated phishing-as-a-service platform tracked by Microsoft as Storm-1747, has emerged as the dominant threat targeting Office 365 accounts throughout 2025. The cybercriminal operation has launched an aggressive campaign involving nearly one million attacks, establishing itself as the most…
Samsung Zero-Day Exploit “Landfall” Targeted Galaxy Devices Before April Patch
A recently disclosed zero-day vulnerability affecting several of Samsung’s flagship smartphones has raised renewed concerns around mobile device security. Researchers from Palo Alto Networks’ Unit 42 revealed that attackers had been exploiting a flaw in Samsung’s image processing library,…
Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges
A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels. The flaw, categorized as an authentication bypass vulnerability, poses an immediate risk to organizations that rely on Azure Bastion for…
Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach
Welcome to this week’s edition of the Cybersecurity News Weekly Newsletter, where we analyze the critical incidents defining the current threat landscape. If this week has taught us anything, it is that the stability of our digital infrastructure is just…
Knownsec Breach Exposes Chinese State Cyber Weapons and Global Target List
A major data breach at the Chinese security firm Knownsec has exposed more than 12,000 classified documents, providing unprecedented insight into the deep connections between private companies and state-sponsored cyber operations in China. The leaked files reportedly detail a…
Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadAudio…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery RONINGLOADER: DragonBreath’s New Path to PPL Abuse npm…
Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
A critical security flaw (CVE-2025-11001) in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech,…
Mass Router Hijack Targets End-of-Life ASUS Devices
The research team has found an extensive cyber-espionage campaign known as Operation WrtHug, which has quietly infiltrated tens of thousands of ASUS routers across the globe, which is a sign that everyday network infrastructure is becoming increasingly vulnerable. A…
SonicWall flags SSLVPN flaw allowing firewall crashes
SonicWall warns of a high-severity buffer overflow flaw in SonicOS SSLVPN (CVE-2025-40601) that lets attackers crash Gen7 and Gen8 firewalls. A new high-severity SonicOS SSLVPN flaw, tracked as CVE-2025-40601 (CVSS score of 7.5), allows attackers to crash SonicWall Gen7 and…
Wireshark 4.4.1 Released, (Sun, Nov 23rd)
Wireshark release 4.6.1 fixes 2 vulnerabilities and 20 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4.1 Released, (Sun, Nov 23rd)
YARA-X 1.10.0 Release: Fix Warnings, (Sun, Nov 23rd)
YARA-X's 1.10.0 release brings a new command: fix warnings. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA-X 1.10.0 Release: Fix Warnings, (Sun, Nov 23rd)
When AI Goes Rogue, Science Fiction Meets Reality
The new movie Tron: Ares isn’t just sci-fi entertainment — it’s a mirror for today’s AI risks and realities. What happens when artificial intelligence systems don’t work as intended? The post When AI Goes Rogue, Science Fiction Meets Reality appeared…
Week in review: Stealth-patched FortiWeb vulnerability under active exploitation, Logitech data breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The tech that turns supply chains from brittle to unbreakable In this Help Net Security interview, Sev Kelian, CISO and VP of Security at Tecsys,…
IT Security News Hourly Summary 2025-11-23 09h : 2 posts
2 posts were published in the last hour 7:31 : CodeStepByStep – 17,351 breached accounts 7:31 : Microsoft Confirms Windows 11 24H2 Update Broken Multiple Core Features
CodeStepByStep – 17,351 breached accounts
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records. The impacted data included names, usernames and email addresses. This article has been indexed from Have I Been Pwned latest breaches Read the…