Threat actors continue to exploit a dangerous vulnerability in user behavior by deploying fake software updates to deliver the SocGholish malware. This malware delivery framework has evolved significantly since its discovery in 2017, transforming from a simple web-based nuisance into…
ByteToBreach Cybercriminal Selling Sensitive Global Data from Airlines, Banks, and Governments
A cybercriminal operating under the alias ByteToBreach has emerged as a notable threat actor in the underground market, actively selling and leaking sensitive data from airlines, banks, universities, and government entities worldwide. Active since at least June 2025, this threat…
Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain
A critical security vulnerability has been discovered in the Angular framework that could allow attackers to steal sensitive user security tokens. The vulnerability, tracked as CVE-2025-66035, affects the Angular HttpClient and involves the accidental leakage of Cross-Site Request Forgery (XSRF) tokens. Angular applications…
Malicious Chrome Extension Silently Steal and Injects Hidden SOL Fees Into Solana Swaps
A new threat has emerged in the Solana trading community. Security researchers have discovered a malicious Chrome extension named Crypto Copilot that appears to offer convenient trading features but secretly siphons cryptocurrency from users during transactions. Published on the Chrome…
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
Shai-hulud 2.0 campaign features a sophisticated variant capable of stealing credentials and secrets from major cloud platforms and developer services, while automating the backdooring of NPM packages maintained by victims. Its advanced tactics enable rapid, stealthy propagation across the software…
You’re Not Technical? That Excuse Just Expired!
The world in which there are three groups of people, technical, not technical and those in between, is dead. AI just killed it, And if you’re a business leader still hiding behind “I’m not technical”, your time is up! Who…
OpenAI Warns of Mixpanel Data Breach Impacting API Users
The breach may have exposed OpenAI API customers’ data This article has been indexed from www.infosecurity-magazine.com Read the original article: OpenAI Warns of Mixpanel Data Breach Impacting API Users
IT Security News Hourly Summary 2025-11-27 12h : 5 posts
5 posts were published in the last hour 11:2 : Stock Exchanges Warn SEC Over Tokenisation 11:2 : Is your phone number safe? The story of how WhatsApp nearly leaked it 11:2 : ThreatsDay Bulletin: AI Malware, Voice Bot Flaws,…
Stock Exchanges Warn SEC Over Tokenisation
Stock exchange trade group warns US SEC that plans to offer regulatory exemptions for tokenised stocks risk harming investors This article has been indexed from Silicon UK Read the original article: Stock Exchanges Warn SEC Over Tokenisation
Is your phone number safe? The story of how WhatsApp nearly leaked it
When we think about protecting our personal data, we often think of our home address, passwords, or banking credentials. But a recent discovery of vulnerability in WhatsApp shows that our phone numbers deserve the same caution. This article has been…
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data,…
Fraud Fears But No Breach Spike Expected This Festive Season
Analysis of ICO records shows no surge in breaches during Q4 2024 with no seasonal spike in reported incidents This article has been indexed from www.infosecurity-magazine.com Read the original article: Fraud Fears But No Breach Spike Expected This Festive Season
China Said To Bar ByteDance From Using Nvidia
Chinese regulators reportedly restrict TikTok parent ByteDance from using Nvidia AI chips in new data centres in tech independence move This article has been indexed from Silicon UK Read the original article: China Said To Bar ByteDance From Using Nvidia
S&P Downgrades Tether Stablecoin To Lowest Level
S&P Global Ratings downgrades Tether’s USDT stablecoin to ‘weak’, citing exposure to high-risk assets, disclosure issues This article has been indexed from Silicon UK Read the original article: S&P Downgrades Tether Stablecoin To Lowest Level
Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads
Cybercriminals are launching increasingly sophisticated attacks against the telecommunications and media industry, focusing their efforts on deploying malicious payloads that compromise critical infrastructure. Recent security analysis reveals a concerning trend where threat actors are systematically targeting network operators, media platforms,…
OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed
The company has publicly revealed a security incident involving Mixpanel, a third-party analytics provider previously used to monitor activity on platform.openai.com, the frontend for its API product. The company emphasized transparency in its announcement, assuring users that the breach did not…
European Parliament Calls For Child Social Media Restrictions
European Parliament says under-16s should be barred from social media and AI chatbots unless parents consent This article has been indexed from Silicon UK Read the original article: European Parliament Calls For Child Social Media Restrictions
Scattered Lapsus$ Hunters Take Aim At Zendesk Users
New phishing domains point to a campaign from the notorious Scattered Lapsus$ Hunters collective This article has been indexed from www.infosecurity-magazine.com Read the original article: Scattered Lapsus$ Hunters Take Aim At Zendesk Users
France Takes Action Against AliExpress, Joom
French government to file legal complaints against AliExpress, Joom over sale of child-like sex dolls, amid Shein controversy This article has been indexed from Silicon UK Read the original article: France Takes Action Against AliExpress, Joom
New ASUS firmware patches critical AiCloud vulnerability
ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities, including a critical authentication bypass, tracked as CVE-2025-59366 (CVSS score of 9.2),…
Hackers Exploiting Fake Battlefield 6 Popularity to Deploy Stealers and C2 Agents
Since its release in October, Battlefield 6 has become one of the year’s most anticipated game launches. However, cybercriminals have quickly seized on this popularity to distribute malicious software. Attackers have created fake cracked versions of the game and fraudulent…
Key provisions of the UK Cyber Resilience Bill Revealed
Shona Lester, head of the Cyber Security and Resilience Bill team within the UK government, outlined some of the provisions that should be included in the future law This article has been indexed from www.infosecurity-magazine.com Read the original article: Key…
Uber, WeRide Go Fully Autonomous In Abu Dhabi
Companies offer robotaxi services without safety operator on Yas Island, with plans to expand to other parts of UAE capital This article has been indexed from Silicon UK Read the original article: Uber, WeRide Go Fully Autonomous In Abu Dhabi
AWS outage botnet smacks 28 countries, LLMs help malware authors evade detection, Anthropic pressed over Claude espionage
AWS outage botnet smacks 28 countries LLMs help malware authors evade detection Anthropic questioned over Claude espionage Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn’t just a tech problem—it’s a human one. That’s why KnowBe4‘s Human Risk Management…