11.11.2025

CSO Online 11.11.2025 02:47
Pervasive, evasive malware thought to have been eliminated has wormed its way back into development environments.
Just a little over two weeks after GlassWorm was declared “fully contained and closed” by the open source OpenVSX project, the self-propagating worm is once again targeting Visual Studio Code extensions, add-ons that enhance open source VS Code, providing new features, debuggers, and other tools to improve developer workflows. Researchers from Koi have discovered a new wave of infections and three more compromised extensions.

The Hacker News 10.11.2025 20:49
Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform.
The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads. 
The

The Hacker News 10.11.2025 20:29
The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control.
"Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs," the Genians

Infosecurity Magazine 10.11.2025 16:45
A new study has revealed 65% of top AI firms have leaked sensitive data on GitHub, risking $400bn in assets

Infosecurity Magazine 10.11.2025 16:00
Volexity has linked spear phishing operations to China-aligned UTA0388 in new campaigns using advanced tactics and LLMs

CSO Online 10.11.2025 15:51
Small and medium-size businesses (SMBs) face a daunting cybersecurity landscape. With 29% of businesses with fewer than 25 employees and nearly one in five midsize SMBs (19%) having experienced ransomware attacks in 2025, the threat is no longer theoretical; it’s a statistical inevitability. And as the holiday season approaches, these challenges intensify dramatically. Cyberattacks traditionally spike during this time, creating a perfect storm of vulnerability when businesses can least afford disruption.
The security challenges facing SMBs are compounded by inherent resource constraints. Unlike enterprise organizations with dedicated security teams and substantial budgets, SMBs operate with limited IT resources and minimal cybersecurity expertise. Resource-strapped SMBs often have unpatched operating systems with known vulnerabilities that provide entry points for data theft and frequently suffer from weak endpoint management, which creates pathways into company databases. These gaps leave them exposed to sophisticated attacks, and, even worse, some of them can bypass traditional defenses. Firmware-level attacks, for instance, can evade standard antivirus protections. 

Heise Security 10.11.2025 15:49
Statewatch beklagt eine unheilige Allianz zwischen Europol und US-Tech-Unternehmen, die massive Interessenkonflikte und Transparenzprobleme mit sich bringe.

CSO Online 10.11.2025 15:46
Die Stadtverwaltung Ludwigshafen wurde vermutlich von Hackern angegriffen.Deemerwha studio
In Ludwigshafen sind derzeit weder die Online-Services nutzbar, noch ist die Verwaltung per Telefon oder Mail zu erreichen. Und dies dürfte noch eine Weile so bleiben. Denn erst am Sonntag informierte die Stadt in einer öffentlichen Mitteilung darüber, dass „Überprüfungen des Datennetzes noch mindestens die gesamte kommende Woche andauern, möglicherweise auch länger“.

CSO Online 10.11.2025 14:29
Forscher haben eine Visual- Studio- Code-Erweiterung mit Ransomware-Funktionen entdeckt.
Der Sicherheitsspezialist Secure Annex stellte kürzlich fest, dass eine Schadsoftware namens „Ransomvibe” in Erweiterungen für den Quellcode-Editor Visual Studio Code eingebettet wurde. „Sobald die Erweiterung aktiviert ist, wird zunächst die Funktion zipUploadAndEcnrypt ausgeführt. Diese Funktion wendet alle für Ransomware und Erpressungssoftware typischen Techniken an“, heißt es im Forschungsbericht.

The Hacker News 10.11.2025 12:51
Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.
But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fast

CSO Online 10.11.2025 12:27
The European Commission is preparing sweeping revisions to the General Data Protection Regulation (GDPR) that could redefine how enterprises handle personal data — from cookie tracking to AI model training — in what privacy advocates warn could weaken the EU’s privacy framework.
According to a leaked draft reported by German advocacy group Netzpolitik.org, the Commission’s upcoming “Digital Omnibus” package would end the requirement for websites to seek explicit consent before setting tracking cookies and explicitly permit AI training on personal data when justified by companies’ “legitimate interests.”

Schneier on Security 10.11.2025 12:04
Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before:
Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an internal storage system and deliver them to the user. End-to-end encryption is sufficient in such a narrow context. But often we want our cloud providers to be able to perform computation on our raw data: search, analysis, AI model training or fine-tuning, and more. Without expensive, esoteric techniques, such as secure multiparty computation protocols or homomorphic encryption techniques that can perform calculations on encrypted data, cloud servers require access to the unencrypted data to do anything useful…

The Hacker News 10.11.2025 11:58
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low.
What’s emerging isn’t just a blindspot. It’s a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI

CSO Online 10.11.2025 11:47
Researchers at Microsoft have revealed a new side channel attack named Whisper Leak that can reveal the topic of encrypted conversations between users and language models, even without access to the underlying text.
The discovery highlights a growing blind spot in AI security where encryption alone no longer guarantees privacy in model interactions.

CSO Online 10.11.2025 11:30
Three newly disclosed high-severity bugs in the “runc” container runtime let attackers break out of containers despite standard hardening and isolation controls.
According to Aleksa Sarai, a senior software engineer at SUSE and an OCI board member, the bugs stem from logic flaws in how runc handles writes to certain procfs files, letting attackers inside containers hijack host privileges by abusing masked paths, console bind-mounts, and write gadgets.

Heise Security 10.11.2025 11:12
Behörden in Großbritannien prüfen, ob chinesische Elektrobusse per Fernzugriff deaktiviert werden können. Die Möglichkeit war in Norwegen entdeckt worden.

Heise Security 10.11.2025 11:00
Watchguard versieht die Firebox-Firewalls mit Standardpasswörtern. Angreifer können sich dadurch leicht Admin-Rechte verschaffen.

Infosecurity Magazine 10.11.2025 10:15
The UK’s National Crime Agency is warning men under 45 that crypto dreams can soon become a scam nightmare

Graham Cluley Security blog 10.11.2025 09:35
A Dutch TV and radio broadcaster has found itself at the mercy of cybercriminals after suffering a cyber attack, and leaving it scrambling to find ways to play music to its listeners.

Read more in my article on the Hot for Security blog.

CSO Online 10.11.2025 09:30
AI chatbots have opened a new frontier of attack vectors against users and their data, and not even industry leaders are immune. Following recent flaws discovered in Google’s Gemini and Anthropic’s Claude, it’s now ChatGPT’s turn.
Researchers from security firm Tenable discovered seven ways attackers could trick ChatGPT into disclosing private information from users’ chat histories. Most of these attacks are indirect prompt injections that exploit default tools and features OpenAI provides in ChatGPT, including its ability to remember conversation context long-term and its web search capabilities.

Infosecurity Magazine 10.11.2025 09:30
The UK’s National Cyber Security Centre has urged users of its Web Check and Mail Check services to find alternatives

The Hacker News 10.11.2025 09:11
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT.
"The attacker's modus operandi involved using a compromised email account to send malicious messages to multiple hotel establishments," Sekoia said. "This campaign

The Hacker News 10.11.2025 08:51
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem.
The extensions in question, which are still available for download, are listed below –

ai-driven-dev.ai-driven-dev (3,402 downloads)
adhamu.history-in-sublime-merge (4,057

Golem 10.11.2025 08:17
Angreifer nutzen schon seit Mitte 2024 eine Zero-Day-Lücke in Samsung-Smartphones aus, um eine bisher unbekannte Spyware einzuschleusen. (Spionage, Smartphone)

CSO Online 10.11.2025 08:00
In my previous article — Your SOC is the parachute — I wrote about how many security operations centers (SOCs) would fail the moment we pull the ripcord. They’re overloaded, reactive, and often disconnected from how breaches actually happen.
I want to move the discussion forward. If the SOC is the parachute, purple teaming should be the regular practice that keeps it ready to deploy. Yet most organizations still treat purple teaming as a one-off exercise rather than an ongoing discipline.

Heise Security 10.11.2025 07:35
Die NAS-Systeme von Qnap waren Ziel einiger Angriffe bei der diesjährigen Pwn2Own-Veranstaltung. Updates schließen die gefundenen Lücken.

CSO Online 10.11.2025 07:00
For most organizations, cybersecurity has always been seen as a cost center rather than a business enabler or revenue driver. Executives perceive cybersecurity as a necessary evil that pulls funds away from more important, income-generating functions like marketing and product development, even though cybersecurity budgets only amount to a small fraction of these costs.
This perception has only grown more acute over the years, even as CISOs gain access to their boards and CEO’s. Which is why, in multiple studies, including one from Ponemon Institute and Open Text, security leaders consider “using metrics to demonstrate the business value of the IT security program to the business” as their top priority.

Heise Security 10.11.2025 06:41
Ludwigshafen hat die IT-Systeme offline genommen und ist nicht mehr erreichbar. Hinweise auf einen Cyberangriff verdichten sich.