18.11.2025

Graham Cluley Security blog 18.11.2025 09:54
One of the sad truths about this world of seemingly endless hacks and data breaches is that companies just won't apologise.

Even when customers, partners, and employees are left wondering when their data will be published by malicious hackers on the dark web, breached organisations will seemingly do everything they can to avoid saying what seems to be the hardest word of all: sorry.

Read more in my article on the Hot for Security blog.

Infosecurity Magazine 18.11.2025 09:45
Socura finds 460,000 compromised credentials belonging to FTSE 100 company employees

Heise Security 18.11.2025 09:38
Dells Sicherheitslösung zum Aufbewahren von Anmeldedaten ist verwundbar. Sicherheitsupdates sind verfügbar.

Heise Security 18.11.2025 09:35
Microsoft hat eine DDoS-Attacke mit einer Spitzenlast von 15,7 TBit/s verzeichnet. Seit Juni hat sich der Spitzenwert mehr als verdoppelt.

Spiegel Online 18.11.2025 08:34
Merz und Macron wollen auf einem Gipfel über die digitale Zukunft Europas diskutieren. Um bei KI aufzuholen, will die EU einige strenge Regeln aufweichen. Droht ein Ende der europäischen Werte im Digitalen?

The Hacker News 18.11.2025 08:17
Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack targeting a single endpoint in Australia that measured 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps).
The tech giant said it was the largest DDoS attack ever observed in the cloud, and that it originated from a TurboMirai-class Internet of

Golem 18.11.2025 08:16
Zur Ausnutzung der Chrome-Lücke reicht der bloße Aufruf einer bösartigen Webseite. Angreifer können daraufhin Schadcode zur Ausführung bringen. (Sicherheitslücke, Google)

Heise Security 18.11.2025 08:06
Microsoft verteilt für Windows 10 22H2 erneut ein Update außer der Reihe. Es korrigiert Probleme mit dem ersten ESU-Update.

Golem 18.11.2025 07:35
Die EU-Kommission will den Datenschutz zugunsten der KI-Nutzung schleifen. Verkauft wird das als "Vereinfachung". Eine Analyse von Friedhelm Greis (DSGVO, KI)

CSO Online 18.11.2025 07:00
CISOs have a burgeoning identity crisis on their hands.
According to Verizon’s 2025 Data Breach Investigation Report, cyber attackers have switched up their initial access vectors of choice, with stolen credentials a leading cause of data breaches, triggering 22% of all intrusions and 88% of basic web application attacks. These findings followed Varonis researchers’ conclusion that 57% of cyberattacks in 2024 started with compromised identities.

The Hacker News 18.11.2025 04:44
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes.
"Type

CSO Online 18.11.2025 02:59
It didn’t take long for some IT leaders who last month started paying to get Windows 10 security updates to face their first support problem.
Microsoft said the update issued last week on November Patch Tuesday — KB5068781 for Windows 10 22H2 builds 19044.6575 and 19045.6575 —  might fail to install on some commercial Windows 10 devices enrolled to receive Extended Security Updates (ESU).

Heise Security 17.11.2025 17:46
Die Cybersicherheitsbehörden Frankreichs und Deutschlands wollen Sicherheitsstandards für Cloud-Umgebungen gemeinsam weiterentwickeln – nicht zum ersten Mal.

Infosecurity Magazine 17.11.2025 16:00
Europol’s Referral Action Day removed extremist links across gaming and gaming-adjacent platforms, targeting radical content

CSO Online 17.11.2025 15:18
Cyberattack surfaces in the enterprise have been expanding in both extent and complexity for several years and this sprawl is showing no signs of slowing down.
The trend can be attributed to several factors, including:

Infosecurity Magazine 17.11.2025 15:00
New Immersive report finds cyber resilience and decision making are flatlining

Heise Security 17.11.2025 14:33
Eine neue Umfrage zeigt drastische finanzielle Folgen von Cyberangriffen: 70 Prozent der börsennotierten Unternehmen mussten ihre Gewinnprognosen anpassen.

CSO Online 17.11.2025 14:21
Forscher wollen den ersten großangelegten Cyberangriff entdeckt haben, der von einem KI-Modell ausgeführt wurde.
Das KI-Unternehmen Anthropic gab kürzlich bekannt, dass Unternehmen weltweit von einer KI-gestützten Spionage-Software attackiert wurden. Dabei soll es sich um den ersten öffentlich dokumentierten Fall einer Cyberattacke handeln, die von einem KI-Modell ausgeführt wurde.

Heise Security 17.11.2025 13:37
Über eine Oracle-Schwachstelle sind Kriminelle auch bei der Washington Post eingedrungen. Daten von fast 10.000 Menschen sind abgeflossen.

The Hacker News 17.11.2025 12:34
This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms.
It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it’s a business. And in some cases, they’re using the same

CSO Online 17.11.2025 12:26
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and several international partners, has issued a new advisory warning organizations about the growing threat posed by the Akira ransomware group to critical infrastructure.
The latest update shows the ransomware group has expanded its capabilities beyond VMware ESXi and Hyper-V environments and is now targeting Nutanix AHV virtual machines as well.

Heise Security 17.11.2025 12:19
Windows 11 23H2 in der Home- und Pro-Ausgabe sind am Lebensende angelangt. Unverwaltete Rechner stattet Microsoft nun mit 25H2 aus.

Schneier on Security 17.11.2025 12:05
The next three in this series on online events highlighting interesting uses of AI in cybersecurity are online: #4, #5, and #6. Well worth watching.

The Hacker News 17.11.2025 11:55
Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps.
LinkedIn in particular has become a hotbed for phishing attacks, and for good reason. Attackers are running sophisticated spear-phishing attacks against company executives, with recent campaigns seen targeting

CSO Online 17.11.2025 11:51
North Korea-linked Contagious Interview campaign is now luring developers with trojanized coding tasks and pulling obfuscated payloads from public JSON-storage services like JSON Keeper, JSONSilo, and npoint.io.
An NVISO Labs analysis of the campaign shows threat actors sending fake recruiter messages and demo projects that include configuration values pointing to JSON storage URLs. Those JSON blobs host heavily obfuscated JavaScript that, once decoded and executed by a Node.js test run, unpacks a BeaverTail infostealer and then stages the InvisibleFerret modular RAT.

CSO Online 17.11.2025 11:41
India has notified its Digital Personal Data Protection (DPDP) Rules, 2025, introducing strict consent and data retention requirements that will force large digital platforms and enterprise IT teams to overhaul how they collect, store, and erase personal data.
The rules mandate itemized user notices, verifiable parental consent, and fixed deletion timelines for sectors including e-commerce, gaming, and social media.

Heise Security 17.11.2025 11:22
Europol hat tausende URLs gemeldet, die zu rassistischen und fremdenfeindlichen Inhalten führen und auf Gaming-Plattformen verteilt wurden.

Infosecurity Magazine 17.11.2025 11:15
The five defendants allegedly assisted North Korean hackers with obtaining remote IT employment with US companies

Heise Security 17.11.2025 10:01
Ab Ubuntu 14.04 LTS (Trusty Tahr) können Interessierte nun 15 Jahre Support erhalten. Bis April 2029 lässt sich die Version sicher nutzen.

Infosecurity Magazine 17.11.2025 09:30
Carmaker JLR has posted $639m Q2 losses and a one-off $258m hit after a major ransomware attack

Heise Security 17.11.2025 08:53
Sicherheitsupdates schließen mehrere Schwachstellen in Ciscos Netzwerk-Kontrollzentrum Catalyst Center.

CSO Online 17.11.2025 08:04
Am 18.
Bundeskanzler Friedrich Merz (CDU) und Frankreichs Präsident, Emmanuel Macron, haben sich angekündigt zum Treffen der Digitalminister und IT-Fachleute in Berlin. Rund 900 Teilnehmer werden beim Europäischen Gipfel zur Digitalen Souveränität am Dienstag erwartet. Was lange Zeit ein Nischenthema für IT-Fachleute war, steht inzwischen weit oben auf der politischen Agenda. 

CSO Online 17.11.2025 07:00
CISOs may soon find themselves operating alongside a new colleague, the chief trust officer, as more organizations elevate trust as a business differentiator. With breaches, product safety concerns and uncertainty about AI, trust has taken a battering in the eyes of customers and prospects in recent years. It comes amid a wider erosion of trust, particularly across businesses and business leaders, according to Edelman’s 2025 Trust Barometer.
But that may be shifting as organizations create a flagship role that owns and oversees trust. To be effective, the role needs to be more than a rebrand of security and show measurable outcomes and tangible improvements.

The Hacker News 17.11.2025 06:02
Google has disclosed that the company's continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.
"We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was