10.11.2025

Krebs Security 09.11.2025 18:14
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.

The Hacker News 08.11.2025 14:29
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances.
This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to

The Hacker News 07.11.2025 18:00
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East.
The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the "libimagecodec.quram.so" component that could allow remote attackers to execute arbitrary

The Hacker News 07.11.2025 16:07
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues.
The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government

Heise Security 07.11.2025 13:57
Ist die Firmen-IT zu gut geschützt, attackieren Angreifer gezielt Zulieferer. Knapp 28 Prozent der Firmen sind betroffen – viele davon mit spürbaren Folgen.

We Live Security 07.11.2025 13:46
Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security

Golem 07.11.2025 13:00
Microsoft ist offenbar nicht sehr darum bemüht, Ransomware aus dem VS-Code-Marketplace zu halten. Zumindest, solange sie schlecht programmiert ist. (Ransomware, Microsoft)

We Live Security 07.11.2025 12:34
ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report

CSO Online 07.11.2025 12:16
For years, organizations have relied on passwords and multi-factor authentication (MFA) based on shared secrets like SMS codes and one-time passwords (OTPs) as the foundation of identity security. The rise of computer-using agents (CUAs) will accelerate attackers’ ability to automate and scale phishing and credential-stuffing attacks with minimal effort. As a result, adopting phishing-resistant credentials has shifted from best practice to a necessity. Organizations must prioritize device-bound cryptographic solutions such as FIDO2, passkeys and certificate-based authentication to secure access to SaaS applications. Likewise, SaaS providers should ensure integration with identity platforms that support phishing-resistant credentials to strengthen the overall security posture.
Password usage patterns: The root cause

Schneier on Security 07.11.2025 12:01
Over the past few decades, it’s become easier and easier to create fake receipts. Decades ago, it required special paper and printers—I remember a company in the UK advertising its services to people trying to cover up their affairs. Then, receipts became computerized, and faking them required some artistic skills to make the page look realistic.
Now, AI can do it all:
Several receipts shown to the FT by expense management platforms demonstrated the realistic nature of the images, which included wrinkles in paper, detailed itemization that matched real-life menus, and signatures…

The Hacker News 07.11.2025 11:55
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.
According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named "shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and

CSO Online 07.11.2025 11:32
In a suspected test effort, unknown actors have successfully embedded a strain of ransomware-style behavior, dubbed Ransomvibe, into extensions listed for Visual Studio Code.
According to Secure Annex findings, the malicious code published to the VSCode extension marketplace was clearly vibe-coded, lacking any real sophistication.

Heise Security 07.11.2025 11:06
In der Groupware Zimbra haben die Entwickler mit aktualisierten Paketen mehrere Sicherheitslücken geschlossen.

CSO Online 07.11.2025 10:50
As someone who has spent over six years in the trenches of IT operations at Amazon, managing critical infrastructure that cannot afford downtime, I’ve witnessed firsthand how the convergence of cyberthreats and business continuity has fundamentally changed the game for executives.
The 3 am call that every CISO and CIO dreads isn’t just about a server crash anymore. It’s about sophisticated threat actors who understand that disrupting your operations can be more profitable than stealing your data. After managing IT infrastructure for one of the world’s largest companies and responding to countless incidents, I can tell you that the traditional approach to business continuity planning is dangerously outdated.

The Hacker News 07.11.2025 10:30
Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web

The Hacker News 07.11.2025 09:15
Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments.
The approach is designed to tackle a common practice called review bombing, where online users intentionally post negative user reviews in an

Spiegel Online 07.11.2025 08:45
Bauernfänger scheinen leichtes Spiel mit dem Facebook-Konzern zu haben. Einem Bericht zufolge winken automatische Überwachungssysteme viele manipulative Anzeigen durch. Finanziell lohnt sich das.

CSO Online 07.11.2025 08:08
Security Platformization ist eine Herausforderung – gut, wenn man vorher weiß, worauf es (nicht) ankommt.Jacob Lund / Shutterstock
Studienerkenntnissen zufolge sind in einem durchschnittlichen (Groß-)Unternehmen zwischen 40 und 80 separate Sicherheits-Tools im Einsatz. Wildwuchs dieser Art führt regelmäßig zu:

Heise Security 07.11.2025 07:32
Zum Missbrauch der seit Ende September bekannten Sicherheitslücken in Cisco-Firewalls haben Angreifer neue Wege gefunden. Tausende sind verwundbar.

CSO Online 07.11.2025 07:00
Seven years ago, I wrote about how cloud security configuration errors were putting enterprise data at risk. Amazon storage buckets were being left open to the public left and right, with millions of sensitive records exposed. Companies were new to the whole cloud thing, and cloud providers weren’t making it easy to lock everything down the way it should be.
You’d think that by now enterprises should have their cloud assets locked down. Shouldn’t they?

The Hacker News 07.11.2025 06:48
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded.
Secure Annex researcher John Tuckner, who flagged the extension "susvsex," said it does not attempt to hide its malicious functionality. The extension was uploaded on

Infosecurity Magazine 06.11.2025 12:00
ENISA report reveals DDoS accounted for 60% of public sector security incidents last year

Infosecurity Magazine 06.11.2025 09:45
Google warns of “just-in-time AI” malware using LLMs to evade detection and generate malicious code on-demand

We Live Security 06.11.2025 09:45
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025

Infosecurity Magazine 06.11.2025 09:00
Europe will likely face a combination of heightened cyber-physical attacks and information operations coming from nation-state groups in 2026

Infosecurity Magazine 05.11.2025 16:45
Operation “Chargeback” has dismantled global fraud networks misusing stolen card data from more than 4.3 million victims

Infosecurity Magazine 05.11.2025 16:00
A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups

Infosecurity Magazine 05.11.2025 10:30
Three of Anthropic’s Claude Desktop extensions were vulnerable to command injection – flaws that have now been fixed

Infosecurity Magazine 05.11.2025 10:15
Juniper Research predicts a $9bn drop in losses to SMS fraud next year

Infosecurity Magazine 05.11.2025 09:30
Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year

Infosecurity Magazine 04.11.2025 15:50
Nine alleged crypto scammers arrested in Cyprus, Germany and Spain

We Live Security 03.11.2025 10:00
When every minute counts, preparation and precision can mean the difference between disruption and disaster

We Live Security 31.10.2025 10:00
From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now

We Live Security 29.10.2025 10:00
Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams

We Live Security 28.10.2025 10:00
Here’s what to know about a recent spin on an insider threat – fake North Korean IT workers infiltrating western firms

We Live Security 27.10.2025 10:00
With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs

We Live Security 24.10.2025 11:53
Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures

We Live Security 23.10.2025 04:00
ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group

We Live Security 22.10.2025 09:00
Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts

We Live Security 16.10.2025 09:00
Some Minecraft mods don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod.

We Live Security 15.10.2025 09:00
Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.

We Live Security 13.10.2025 09:00
Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Here’s what to know about it.

We Live Security 07.10.2025 09:00
Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center

We Live Security 03.10.2025 09:00
Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging

We Live Security 02.10.2025 08:55
ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates

We Live Security 01.10.2025 14:49
We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals

We Live Security 29.09.2025 10:00
The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans

We Live Security 25.09.2025 08:59
Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers

We Live Security 22.09.2025 10:24
What you see is not always what you get as cybercriminals increasingly weaponize SVG files as delivery vectors for stealthy malware