Resilience for resilience: Managing burnout among cyber leaders
While organisations invest in cyber resilience, the resilience of those leading the charge, chief information security officers (CISOs), is often overlooked. The CISO role is…
Month: November 2025
Nevada ransomware attack traced back to malware download by employee
An August ransomware attack against the state of Nevada has been traced to a May intrusion, when a state employee mistakenly downloaded a malware-laced tool…
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part…
Government showcases UK quantum computing pledge
The government has announced 14 projects sharing £14m through Innovate UK’s Quantum Sensing Mission Primer awards, to support the development of next-generation sensors that could…
New Landfall spyware apparently targeting Samsung phones in Middle East
A new commercial-grade spyware has apparently been targeting Samsung Galaxy phones in the Middle East, but it’s not clear who’s behind it, researchers said in…
ID verification laws are fueling the next wave of breaches
The cybersecurity community has long lived by a simple principle: Don’t collect more data than you can protect. But ID laws and other legal mandates…
Hackers Can Attack Active Directory Sites to Escalate Privileges and Compromise the Domain
Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The Synacktiv security researchers…
Attackers Exploit Active Directory Sites to Escalate Privileges and Compromise Domain
Security researchers have uncovered a dangerous attack vector targeting Active Directory Sites, a critical yet often overlooked component of enterprise network infrastructure. According to a…
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
Sekoia, a cyber threat detection and response specialist, has released details on a widespread and ongoing cybercrime operation that first targets hotels and then directly…
Popular LLMs dangerously vulnerable to iterative attacks, says Cisco
Some of the world’s most widely used open-weight generative AI (GenAI) services are profoundly susceptible to so-called “multi-turn” prompt injection or jailbreaking cyber attacks, in…
Actively exploited firewall flaws now abused for DoS attacks
Cisco warned this week that two vulnerabilities, which have been used in zero-day attacks, are now being exploited to force ASA and FTD firewalls into reboot loops. The…
Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks
Microsoft’s upcoming Teams update, set for targeted releases in early November 2025 and worldwide by January 2026, will allow users to initiate chats with only…