Many organisations are starting to recognise a security problem that has been forming silently in the background. Conversations employees hold with public AI chatbots can accumulate into a long-term record of sensitive information, behavioural patterns, and internal decision-making. As…
Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies
Scattered LAPSUS$ Hunters admin “Rey,” allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim. This article has been indexed from Hackread – Cybersecurity News, Data Breaches,…
IT Security News Hourly Summary 2025-11-27 18h : 3 posts
3 posts were published in the last hour 17:2 : Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets 17:2 : Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites 17:2 : FCC…
Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets
The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems. This new wave specifically targets GitHub Actions workflows, exploiting pull_request_target triggers to inject malicious…
Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites
ReliaQuest finds fresh crop of phishing domains and toxic tickets Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest.… This article has been indexed from…
FCC Warns of Hackers Hijacking Radio Equipment For False Alerts
Hackers have been hijacking US radio equipment to broadcast false emergency alerts, prompting FCC warnings This article has been indexed from www.infosecurity-magazine.com Read the original article: FCC Warns of Hackers Hijacking Radio Equipment For False Alerts
OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel
OpenAI warns some users that a cyberattack on analytics firm Mixpanel may have exposed their data. Mixpanel is a product analytics platform that companies use to understand how people interact with their apps or websites. Many tech companies use Mixpanel to…
OpenAI cuts off Mixpanel after analytics leak exposes API users
ChatGPT maker places other vendors under review following breach OpenAI says API users may be affected by a recent breach at its former data analytics provider, Mixpanel.… This article has been indexed from The Register – Security Read the original…
Asahi Data Breach Impacts 2 Million Individuals
Hackers stole the personal information of customers and employees before deploying ransomware and crippling Asahi’s operations in Japan. The post Asahi Data Breach Impacts 2 Million Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at…
Bloody Wolf Threat Actor Expands Activity Across Central Asia
A new Bloody Wolf campaign exploits legitimate remote-administration software for cyber-attacks on government targets in Central Asia This article has been indexed from www.infosecurity-magazine.com Read the original article: Bloody Wolf Threat Actor Expands Activity Across Central Asia
NVIDIA DGX Spark Vulnerabilities Let Attackers Execute Malicious Code and DoS Attacks
An urgent security update for its DGX Spark AI workstation after discovering 14 vulnerabilities in the system’s firmware that could allow attackers to execute malicious code and launch denial-of-service attacks. The most severe flaw has a CVSS score of 9.3…
Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks
GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem. The malware, an evolved version of “Shai-Hulud,” contains a dangerous feature that threatens to destroy user data if attackers lose…
Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP Breach
The “Korean Leaks” campaign has emerged as one of the most sophisticated supply chain attacks targeting South Korea’s financial sector in recent memory. This operation combined the capabilities of the Qilin Ransomware-as-a-Service (RaaS) group with potential involvement from North Korean…
Millions at risk after nationwide CodeRED alert system outage and data breach
A ransomware attack against the CodeRED emergency alert platform has triggered warnings across the US. This article has been indexed from Malwarebytes Read the original article: Millions at risk after nationwide CodeRED alert system outage and data breach
Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0
Tel Aviv, Israel, 27th November 2025, CyberNewsWire The post Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0 appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM
Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been…
Lapsus$ Hunters Register 40+ Domains Impersonating Zendesk Environments
ReliaQuest’s Threat Research team has uncovered a significant new campaign from the notorious threat collective “Scattered Lapsus$ Hunters,” this time targeting users and organizations that leverage the widely adopted customer support platform Zendesk. The investigation revealed more than 40 typosquatted…
“Dead Man’s Switch” Triggers Massive npm Supply Chain Malware Attack
GitLab’s security team has discovered a severe, ongoing attack spreading dangerous malware through npm, the world’s most extensive code library. The malware uses an alarming “dead man’s switch,” a self-destruct trigger that threatens to erase user data if the attack…
Handala Hacker Group Targets Israeli High-Tech and Aerospace Professionals
A sophisticated cyber intimidation campaign by the Handala hacker group has targeted Israeli high-tech and aerospace professionals, publishing their personal information alongside aggressive, misleading descriptions that falsely label them as criminals. Security researchers monitoring dark web activity discovered the publication,…
Apache SkyWalking Flaw Allows Attackers to Launch XSS Attacks
A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalking up to 10.2.0. CVE…
OpenAI Reveals Mixpanel Data Breach Exposing User Details
OpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email…
Crypto Exchange Upbit Suffers Security Breach After $10B Deal
The timing is awful. The breach occurred just hours after its parent company, Dunamu Inc., unveiled a massive $10.3 billion takeover by tech giant Naver Corp. The post Crypto Exchange Upbit Suffers Security Breach After $10B Deal appeared first on…
When Buyers Discount MSPs With One Big Customer
Your biggest customer loves you. Three years together. They trust you, pay on time, and refer others. From where you sit, that’s loyalty. From where a buyer sits, that’s a $$$ discount on your exit. This perception gap kills more…