19.11.2025

CSO Online 19.11.2025 00:11
AI ​​company Anthropic recently announced that companies worldwide have been attacked by an AI-powered cyber espionage campaign. It is purported to be the first publicly documented case of a cyberattack carried out by an AI model.
According to the research report, around 30 organizations worldwide were affected by the attacks. These included large technology companies, financial institutions, chemical companies, and government agencies. The attack was discovered in mid-September 2025. The hacking group GTG-1002, which is linked to China, is said to be behind the attack campaign.

The Hacker News 18.11.2025 18:31
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale.
Push Security, in a report shared with The Hacker News, said it observed the use

CSO Online 18.11.2025 18:16
For the third time in recent months, Google has found itself scrambling to fix a potentially serious zero-day flaw in the Chrome browser’s V8 JavaScript engine.
Addressed on Monday as part of an emergency ‘out-of-band’ patch, the vulnerability identified as CVE-2025-13223 was discovered by Clément Lecigne of Google’s in-house Threat Analysis Group (TAG).

Infosecurity Magazine 18.11.2025 16:30
One US cybersecurity leader described the short-term extension of the Cybersecurity Information Sharing Act as a “temporary patch” and called for a long-term solution

The Hacker News 18.11.2025 15:56
Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol.
The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and

Spiegel Online 18.11.2025 14:52
Technische Probleme beim Internetanbieter Cloudflare sind der Grund, warum viele Nutzer Social-Media-Plattformen und KI-Angebote am Nachmittag nicht erreichen. Maßnahmen zur Behebung laufen.

CSO Online 18.11.2025 14:30
Energieversorger müssen ihre Systeme vor immer raffinierteren Cyberangriffen schützen.
Die Energieversorgung ist das Rückgrat moderner Gesellschaften. Stromnetze, Gaspipelines und digitale Steuerungssysteme bilden die Grundlage für Industrie, Transport und öffentliche Dienstleistungen. Doch mit der zunehmenden Digitalisierung wächst auch die Angriffsfläche. In den vergangenen Jahren ist der Energiesektor verstärkt ins Visier von Cyberkriminellen und staatlich unterstützten Angreifern geraten. Studien europäischer und internationaler Einrichtungen zeigen: Nur eine Kombination aus Technologie, Künstlicher Intelligenz (KI) und internationaler Zusammenarbeit kann langfristig für Resilienz sorgen.

Infosecurity Magazine 18.11.2025 14:01
DoorDash has confirmed an October 2025 data breach that exposed customer names, phone numbers, addresses and email details

Heise Security 18.11.2025 14:00
Wiener Forscher haben alle WhatsApp-Nummern abgerufen. Die 3,5 Milliarden Profile sind der größte Datenabfluss der Geschichte – und übler, als man meinen würde.

The Hacker News 18.11.2025 14:00
Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control (C2) and red teaming framework known as Tuoni.
"The campaign leveraged the emerging Tuoni C2 framework, a relatively new, command-and-control (C2) tool (with a free license) that delivers stealthy, in-memory payloads,"