Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram. This article has been indexed from Securelist Read the original article: Tomiris wreaks Havoc: New tools…
Tag: EN
New observational auditing framework takes aim at machine learning privacy leaks
Machine learning (ML) privacy concerns continue to surface, as audits show that models can reveal parts of the labels (the user’s choice, expressed preference, or the result of an action) used during training. A new research paper explores a different…
Social data puts user passwords at risk in unexpected ways
Many CISOs already assume that social media creates new openings for password guessing, but new research helps show what that risk looks like in practice. The findings reveal how much information can be reconstructed from public profiles and how that…
Black Friday Deal 2026: Reviewing The Ultimate SOC Analyst Bundle
With cyber threats on the rise, one thing is clear for your career: a booming demand for skilled… The post Black Friday Deal 2026: Reviewing The Ultimate SOC Analyst Bundle appeared first on Hackers Online Club. This article has been…
Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments
A sophisticated, complex new cyber offensive has emerged from the “Scattered Lapsus$ Hunters,” a threat collective that has aggressively shifted toward exploiting supply-chain vulnerabilities. This latest campaign targets Zendesk, a critical customer support platform, effectively turning a trusted business tool…
Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets
The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. While initial reports described it as a simple npm supply chain attack that flooded…
Why password management defines PCI DSS success
Most CISOs spend their days dealing with noisy dashboards and vendor pitches that all promise a shortcut to compliance. It can be overwhelming to sort out what matters. When you dig into real incidents involving payment data, a surprising number come…
Black Friday Scammers Are Impersonating Major Brands to Steal Your Money
Black Friday is supposed to be chaotic, sure, but not this chaotic. Amid genuine doorbusters and flash sales, a large-scale, highly polished scam campaign is hijacking web traffic and pushing shoppers to fake “survey reward” pages impersonating dozens of major…
KawaiiGPT: A Free WormGPT Clone Using DeepSeek, Gemini, and Kimi-K2 Models
A new open-source tool called KawaiiGPT has surfaced on GitHub, positioning itself as a “cute” but unrestricted version of artificial intelligence. Developed by a user known as MrSanZz (along with contributors Shoukaku07 and FlamabyX5), the project is attracting attention for offering a…
London Councils Hit by Cyberattack, Disrupts IT and Telephone Lines
The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham Council confirmed they were targeted in the incident that began on Monday, November 24. The attack has forced officials to shut down systems as a…
Microsoft Blocks External Scripts in Entra ID Logins to Boost Security
Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from running during user logins. The update is designed to stop unauthorized or injected code from executing on the login page.…
Get Your Cyber Security Career in 2026: Reviewing The Ultimate SOC Analyst Bundle
With cyber threats on the rise, one thing is clear for your career: a booming demand for skilled… The post Get Your Cyber Security Career in 2026: Reviewing The Ultimate SOC Analyst Bundle appeared first on Hackers Online Club. This…
Espionage and Intelligence – What Cybersecurity Professionals Can Learn
The Intersection of Espionage Techniques and Cybersecurity Threats This episode explores the parallels between espionage and cybersecurity, particularly focusing on social engineering tactics used in both domains. Hosted by Jim Love, the podcast features insights from Neil Bisson, a retired…
Fragmented tooling slows vulnerability management
Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a new report by Hackuity. Fragmented detection and slow remediation Organizations use a formalized approach to…
Infosec products of the month: November 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1touch.io, Action1, Barracuda Networks, Bedrock Data, Bitdefender, Cyware, Firewalla, Forescout, Immersive, Kentik, Komodor, Minimus, Nokod Security, and Synack. Action1 addresses Intune gaps with patching and…
Korean web giant Naver acquired crypto exchange Upbit, which reported a $30m heist a day later
Talk about buyer’s remorse South Korean web giant Naver has had an interesting week, after it acquired a cryptocurrency exchange that the next day revealed it had suffered a serious cyberattack.… This article has been indexed from The Register –…
Vulnerable Codes in Legacy Python Packages Enables Attacks on Python Package Index Via Domain Compromise
Hidden vulnerabilities in legacy code often create unseen risks for modern development environments. One such issue recently surfaced within the Python ecosystem, where outdated bootstrap scripts associated with the zc.buildout tool expose users to domain takeover attacks. These scripts, designed…
Asahi says crooks stole data of approximately 2M customers and employees
Asahi says hackers stole data of approximately 2M customers and employees before a ransomware attack crippled its Japan operations. Threat actors hit Asahi with a ransomware attack in September, stealing personal data on about 2 million customers and employees and…
Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks
Digital calendars have become indispensable tools for managing personal and professional schedules. Users frequently subscribe to external calendars for public holidays, sports schedules, or community events to keep their agendas up to date. While these subscriptions offer convenience, they create…
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to…