North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview…
Hackers Use Fake “Battlefield 6” Hype to Spread Stealers and C2 Malware
The global gaming community is reeling after Bitdefender Labs revealed widespread malware operations exploiting the blockbuster launch of Electronic Arts’ Battlefield 6, a first-person shooter developed by DICE and released in October. As one of the year’s most anticipated titles,…
HashJack: A Novel Exploit Leveraging URL Fragments To Deceive AI Browsers
Security researchers at Cato CTRL have uncovered HashJack. This innovative indirect prompt-injection attack hides harmful commands in the fragment portion of URLs after the “#” symbol. This technique turns trusted websites into weapons against AI browser assistants like Perplexity’s Comet,…
Developers Expose Passwords and API Keys via Online Tools like JSONFormatter
Developers are unintentionally exposing passwords, API keys, and sensitive data in production information into online formatting tools such as JSONFormatter and CodeBeautify. New research from watchTowr shows that thousands of secrets from critical organizations have been publicly accessible for years…
Microsoft Details Security Risks of New Agentic AI Feature
In recent weeks, discussions have centered on Microsoft’s experimental agentic AI feature, which has introduced both advanced task automation and significant security concerns. This agentic capability, available to Windows insiders as part of Copilot Labs, is designed to allow digital…
London councils probe cyber incident as shared IT systems knocked offline
Three boroughs confirm investigation amid service outages, disrupted phone lines, and limited online access Two London councils are scrambling for answers after declaring a cybersecurity issue that began on Monday.… This article has been indexed from The Register – Security…
IT Security News Hourly Summary 2025-11-26 12h : 4 posts
4 posts were published in the last hour 11:3 : TSMC Sues Former Vice President Who Joined Intel 11:3 : Influencers in the crosshairs: How cybercriminals are targeting content creators 10:32 : HP Cuts Jobs, Reduces Outlook Amid Tariff Pressures…
TSMC Sues Former Vice President Who Joined Intel
TSMC sues former vice-president Lo Wei-Jun who retired in July to join Intel, alleging risk of intellectual property transfer This article has been indexed from Silicon UK Read the original article: TSMC Sues Former Vice President Who Joined Intel
Influencers in the crosshairs: How cybercriminals are targeting content creators
Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters. This article has been indexed from WeLiveSecurity Read the original article: Influencers in the crosshairs: How cybercriminals are…
HP Cuts Jobs, Reduces Outlook Amid Tariff Pressures
HP reduces profit outlook for fiscal 2026 as it shifts to manufacturing facilities outside of China, plans up to 6,000 job cuts This article has been indexed from Silicon UK Read the original article: HP Cuts Jobs, Reduces Outlook Amid…
HashJack Indirect Prompt Injection Weaponizes Websites
A new vulnerability dubbed “HashJack” could enable attackers to booby trap websites when they interact with AI browsers This article has been indexed from www.infosecurity-magazine.com Read the original article: HashJack Indirect Prompt Injection Weaponizes Websites
France Asks Court To Suspend Shein For Three Months
French government asks Paris court to suspend Shein’s main website for three months over sale of child-like sex dolls, illicit weapons This article has been indexed from Silicon UK Read the original article: France Asks Court To Suspend Shein For…
Dissecting a new malspam chain delivering Purelogs infostealer
The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and personal security remains under constant threat from increasingly sophisticated attack vectors, with malspam continuing to represent one…
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
This article covers NTLM relay, credential forwarding, and other NTLM-related vulnerabilities and cyberattacks discovered in 2025. This article has been indexed from Securelist Read the original article: Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
Paris, The Thinker, and why your WAF should block XSS by default
With Thales HQ in Paris, it felt right to detour to the Musée Rodin and stand before The Thinker, the bronze giant by Auguste Rodin whose clenched posture and chin-in-hand stance have become a universal symbol of deep judgment. Conceived…
Opti Raises $20 Million for Identity Security Platform
The cybersecurity startup plans to use the seed funding to accelerate product expansion and global growth. The post Opti Raises $20 Million for Identity Security Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Panasonic Batteries To Power Zoox Robotaxi Expansion
Panasonic to provide lithium-ion batteries to Amazon’s Zoox as company launches autonomous taxi services in San Francisco, Las Vegas This article has been indexed from Silicon UK Read the original article: Panasonic Batteries To Power Zoox Robotaxi Expansion
HashJack: New Attack Technique Tricks AI Browsers Using a Simple ‘#’
Security researchers at Cato CTRL have discovered a new indirect prompt injection technique called HashJack, which weaponises legitimate websites to manipulate AI browser assistants. The attack conceals malicious instructions after the “#” symbol within trusted URLs, enabling threat actors to conduct…
Top five cybersecurity Black Friday deals for businesses 2025
Smart cybersecurity investments during Black Friday 2025. The best enterprise security deals with up to 60 percent off Partner Content The annual Black Friday scramble isn’t just for consumers elbowing each other for discounted tellies. For IT directors and CISOs,…
Fraudulent email domain tracker: November 2025
Every month, we publish a snapshot of the email domains most actively used in fake account creation and related abuse across the websites and apps protected by Castle. The goal is to give fraud and security teams better visibility into…
London Councils Hit By Serious Cyber “Incidents”
At least three London local authorities are dealing with a major cybersecurity incident This article has been indexed from www.infosecurity-magazine.com Read the original article: London Councils Hit By Serious Cyber “Incidents”
Dutch Public Broadcaster Halts X Activity Over Hate Speech
Netherlands public broadcaster NOS said it has stopped posting on social media platform X over hate speech and disinformation This article has been indexed from Silicon UK Read the original article: Dutch Public Broadcaster Halts X Activity Over Hate Speech
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. “This is the first time that a RomCom payload has been observed being…
UBTech Deploys Humanoid Robots At China’s Border
UBTech Walker S2 humanoid robots to perform tasks including patrols and guiding travellers at China’s border with Vietnam This article has been indexed from Silicon UK Read the original article: UBTech Deploys Humanoid Robots At China’s Border