CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-26829 OpenPLC ScadaBR Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses…
Cybersecurity Coalition to Government: Shutdown is Over, Get to Work
The Cybersecurity Coalition, an industry group of almost a dozen vendors, is urging the Trump Administration and Congress now that the government shutdown is over to take a number of steps to strengthen the country’s cybersecurity posture as China, Russia,…
Do Modern iGaming Platforms Offer Better Cyber Protections Than Traditional Apps?
Modern iGaming security has evolved quickly, and users notice the difference. Stronger protections, more transparent communication, and more innovative tools give people far more confidence than older platforms ever did. At the same time, the number of online poker sites…
French Football Federation Reports Data Breach – Hackers Access Club Software Admin Controls
The French Football Federation (FFF) has confirmed a significant cybersecurity incident resulting in the theft of personal data belonging to members and licensees. The federation revealed that cybercriminals had infiltrated the centralized administrative software used by football clubs across the…
IT Security News Hourly Summary 2025-11-28 18h : 4 posts
4 posts were published in the last hour 17:2 : What parents should know to protect their children from doxxing 17:2 : North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware 17:2 : Legacy Python Bootstrap Scripts…
What parents should know to protect their children from doxxing
Online disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake. This article has been indexed from WeLiveSecurity Read the original article: What parents should know to protect their children from doxxing
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to…
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it…
PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was “the largest and most impactful security incident” it’s ever experienced after attackers slipped malicious releases into its…
New GreyNoise IP Checker Helps Users Identify Botnet Activity
Cybersecurity firm GreyNoise has launched a new, free utility designed to answer a question most internet users never think to ask: Is my home router secretly attacking other computers? The newly released GreyNoise IP Check is a simple, web-based tool…
ShinyHunters Develop Sophisticated New Ransomware-as-a-Service Tool
In a significant escalation of the global cyber threat landscape, the notorious threat group ShinyHunters appears to be transitioning from data theft to full-scale ransomware operations. Cybersecurity researchers have identified an early build of a new Ransomware-as-a-Service (RaaS) platform dubbed…
Gainsight Verifies Token Breach Linked to Salesforce Advisory, Issues New IOCs
Gainsight, the leading customer success platform, has confirmed that a security incident involving its Salesforce integration compromised customer tokens for a small subset of its client base. The announcement follows a security advisory issued by Salesforce last week, which prompted…
Poland Arrests Suspected Russian Hacker Targeting Local Organizations’ Networks
Polish authorities have made a significant move in their cybercrime enforcement efforts by detaining a Russian national suspected of conducting unauthorized cyber attacks against local organizations. The arrest, made on November 16, 2025, marks a significant development in international cybercrime…
Cybercriminals Register 18,000 Holiday-Themed Domains to Launch Seasonal Scams
The holiday season has always been a magnet for increased online activity, but 2025 marks a new high-water mark in cybercrime intensity. FortiGuard Labs’ latest research spotlights a dramatic surge in the volume and sophistication of attacks targeting retailers, e-commerce…
Black Friday Deal 2025: Reviewing The Ultimate SOC Analyst Bundle
With cyber threats on the rise, one thing is clear for your career: a booming demand for skilled… The post Black Friday Deal 2025: Reviewing The Ultimate SOC Analyst Bundle appeared first on Hackers Online Club. This article has been…
GrapheneOS bails on OVHcloud over France’s privacy stance
Project cites fears of state access as cloud sovereignty row deepens French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company’s servers over concerns about France’s approach to digital…
Brit telco Brsk confirms breach as bidding begins for 230K+ customer records
Crims claim to know which customers are marked ‘vulnerable’ British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files.… This article has been indexed from The Register – Security Read…
Aisuru Botnet Launches 15.72 Tbps DDoS Attack on Microsoft Azure Network
Microsoft has reported that its Azure platform recently experienced one of the largest distributed denial-of-service attacks recorded to date, attributed to the fast-growing Aisuru botnet. According to the company, the attack reached a staggering peak of 15.72 terabits per…
Meta Cleared of Monopoly Charges in FTC Antitrust Case
A U.S. federal judge ruled that Meta does not hold a monopoly in the social media market, rejecting the FTC’s antitrust lawsuit seeking divestiture of Instagram and WhatsApp. The FTC, joined by multiple states, filed the suit in December 2020,…
Threat Actors Exploit Calendar Subscriptions for Phishing and Malware Delivery
BitSight research has revealed how threat actors exploit calendar subscriptions to deliver phishing links, malware and social engineering attacks through hijacked domains This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Exploit Calendar Subscriptions for Phishing…
Prompt Injection Through Poetry
In a new paper, “Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the models: Abstract: We present evidence that adversarial poetry functions as a universal…
French Soccer Federation Hit by Cyberattack, Member Data Stolen
According to the federation, the unauthorized access was carried out using a compromised account. The post French Soccer Federation Hit by Cyberattack, Member Data Stolen appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Bloody Wolf Widens Java RAT Campaign
The hacking group known as Bloody Wolf has been actively targeting Central Asian entities, specifically launching a campaign against Kyrgyzstan that began The post Bloody Wolf Widens Java RAT Campaign first appeared on CyberMaterial. This article has been indexed from…
Qilin Ransomware Hits Korean MSP
A complex cyber operation, involving a sophisticated supply chain attack, has severely impacted the South Korean financial sector through the deployment The post Qilin Ransomware Hits Korean MSP first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…