A list of topics we covered in the week of November 17 to November 23 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (November 17 – November 23)
Tag: EN
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. “The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence…
DeepSeek-R1 Makes Code for Prompts With Severe Security Vulnerabilities
A concerning vulnerability in DeepSeek-R1, a Chinese-developed artificial intelligence coding assistant. When the AI model encounters politically sensitive topics related to the Chinese Communist Party, it produces code with severe security flaws at rates up to 50% higher than usual.…
Beware of North Korean Fake Job Platform Targeting U.S. Based AI-Developers
A sophisticated recruitment scam linked to North Korea has emerged, targeting American artificial intelligence developers, software engineers, and cryptocurrency professionals through an elaborate fake job platform. Validin security researchers have uncovered a new variant of what they call the “Contagious…
CrowdStrike insider catch, Spanish airline breach, AI not insurable
CrowdStrike catches insider feeding information to hackers Spanish airline Iberia suffers breach and data leak AI is too risky to insure, say insurers Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn’t just a tech problem—it’s a human one. …
Roblox introduces additional age-verification tools
Roblox will require age verification to limit interactions between minors and adults. The move is an attempt to prevent adults from communicating with children, after… The post Roblox introduces additional age-verification tools appeared first on Panda Security Mediacenter. This article…
cnspec: Open-source, cloud-native security and policy project
cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and compliance across all of it, which makes it easier to see…
Quantum encryption is pushing satellite hardware to its limits
In this Help Net Security interview, Colonel Ludovic Monnerat, Commander Space Command, Swiss Armed Forces, discusses how securing space assets is advancing in response to emerging quantum threats. He explains why satellite systems must move beyond traditional cryptography to remain…
Signing In to Online Accounts
Explore secure methods for signing into online accounts, including SSO, MFA, and password management. Learn how CIAM solutions enhance security and user experience for enterprises. The post Signing In to Online Accounts appeared first on Security Boulevard. This article has…
AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage
In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed,…
The privacy tension driving the medical data shift nobody wants to talk about
Most people assume their medical data sits in quiet storage, protected by familiar rules. That belief gives a sense of safety, but new research argues that the world around healthcare data has changed faster than the policies meant to guide…
Wireshark Vulnerabilities Let Attackers Crash by Injecting a Malformed Packet
The Wireshark Foundation has rolled out a crucial security update for its widely used network protocol analyzer, addressing multiple vulnerabilities that could lead to denial-of-service conditions. The latest release, version 4.6.1, specifically targets flaws discovered in the Bundle Protocol version…
Cryptology boffins’ association to re-run election after losing encryption key needed to count votes
The shoemaker’s children have new friends The International Association for Cryptologic Research will run a second election for new board members and other officers, after it was unable to complete its first poll due to a lost encryption key.… This…
What happens when vulnerability scores fall apart?
Security leaders depend on vulnerability data to guide decisions, but the system supplying that data is struggling. An analysis from Sonatype shows that core vulnerability indexes no longer deliver the consistency or speed needed for the current software environment. A…
Checkout.com Takes a Bold Stance, SolarWinds Case Dismissed, and FCC Reverses Mandate
In this episode, host David Shipley discusses some of the most pressing issues in cybersecurity today. Checkout.com refuses to pay a ransom to cyber extortion group Shiny Hunters and instead donates to cybersecurity research. The U.S. SEC ends its long-standing…
Email blind spots are back to bite security teams
The threat landscape is forcing CISOs to rethink what they consider normal. The latest Cybersecurity Report 2026 by Hornetsecurity, based on analysis of more than 70 billion emails and broad threat telemetry, shows attackers adopting automation, AI driven social engineering,…
CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to immediately address a critical security flaw in Oracle Identity Manager following reports of active exploitation. The vulnerability, tracked as CVE-2025-61757, allows unauthenticated remote attackers to execute arbitrary code on…
ISC Stormcast For Monday, November 24th, 2025 https://isc.sans.edu/podcastdetail/9712, (Mon, Nov 24th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, November 24th, 2025…
Why should I feel confident in adopting Agentic AI tech?
How Secure Are Non-Human Identities in Today’s Cloud Environment? Are you confident in the security of non-human identities (NHIs) within your organization? With digital continues to expand, securing NHIs—machine identities consisting of encrypted credentials and permissions—becomes paramount. These identities, akin…
Can I be reassured of data integrity with Agentic AI?
How Can Non-Human Identities Enhance Data Integrity in Agentic AI? Have you ever considered the silent guardians keeping your data safe, especially in a cloud-dominated environment? Non-Human Identities (NHIs) is a pivotal aspect of modern cybersecurity strategies, particularly when it…