**
Nov 25, 2025 **
Ravie Lakshmanan
Data Exposure / Cloud Security
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, …
Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under …
**
Nov 25, 2025 **
Ravie Lakshmanan
Malware / Vulnerability
The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target …
Four Ways AI Is Being Used to Strengthen Democracies Worldwide Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on …
**
Nov 25, 2025 **
Ravie Lakshmanan
Malware / Browser Security
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information …
**
Nov 25, 2025 **
Ravie Lakshmanan
Spyware / Mobile Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging …
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft …
**
Nov 24, 2025 **
Ravie Lakshmanan
Cloud Security / Vulnerability
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s …
**
Nov 24, 2025 **
Ravie Lakshmanan
Vulnerability / Container Security
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit , an open-source and lightweight telemetry agent, …
**
Nov 24, 2025 **
Ravie Lakshmanan
Cybersecurity / Hacking News
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and …
IACR Nullifies Election Because of Lost Decryption Key The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back …
**
Nov 24, 2025 **
Ravie Lakshmanan
Malware / Vulnerability
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute …
New research from CrowdStrike has revealed that DeepSeek’s artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain …
**
Nov 22, 2025 **
Ravie Lakshmanan
Cyber Espionage / Cloud Security
The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian …
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2.
“This …
**
Nov 22, 2025 **
Ravie Lakshmanan
Zero-Day / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity …
More on Rewiring Democracy It’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good.
Some of the …
**
Nov 21, 2025 **
Ravie Lakshmanan
Vulnerability / Threat Mitigation
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user …
**
Nov 21, 2025 **
Ravie Lakshmanan
Data Protection / Technology
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with …
Friday Squid Blogging: New “Squid” Sneaker I did not know Adidas sold a sneaker called “ Squid .”
As usual, you can also use this squid post to talk about the security stories in the news that I …
**
Nov 21, 2025 **
The Hacker News
Mobile Security / Data Protection
Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have.
Mobile devices are …
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly …
AI as Cyberattacker From Anthropic :
In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s …
**
Nov 21, 2025 **
Ravie Lakshmanan
Compliance / Cyber Attack
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, …
**
Nov 21, 2025 **
Ravie Lakshmanan
Data Breach / SaaS Security
Salesforce has warned of detected “unusual activity” related to Gainsight-published applications connected to the platform. …