A Free WormGPT Clone Using DeepSeek, Gemini, and Kimi-K2 Models
A new open-source tool called KawaiiGPT has surfaced on GitHub, positioning itself as a “cute” but unrestricted version of artificial intelligence. Developed by a user known as…
Month: November 2025
Social data puts user passwords at risk in unexpected ways
Many CISOs already assume that social media creates new openings for password guessing, but new research helps show what that risk looks like in practice.…
Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets
The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology…
London Councils Hit by Cyberattack, Disrupts IT and Telephone Lines
The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham Council confirmed they were targeted in the incident that began…
Why password management defines PCI DSS success
Most CISOs spend their days dealing with noisy dashboards and vendor pitches that all promise a shortcut to compliance. It can be overwhelming to sort out…
Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments
A sophisticated, complex new cyber offensive has emerged from the “Scattered Lapsus$ Hunters,” a threat collective that has aggressively shifted toward exploiting supply-chain vulnerabilities. This…
Microsoft Blocks External Scripts in Entra ID Logins to Boost Security
Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from running during user logins. The…
Fragmented tooling slows vulnerability management
Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a…
Infosec products of the month: November 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1touch.io, Action1, Barracuda Networks, Bedrock Data, Bitdefender, Cyware, Firewalla, Forescout,…
Acronis names OpSys as its first MSSP partner in Australia
Acronis has appointed Adelaide-based Operational Systems (OpSys) as its first certified managed security service provider (MSSP) partner in Australia, enabling the company to deliver Managed…
BoM never planned to end reliance on ‘legacy’ site
After blowing past its budget to spend $96 million dollars on overhauling its website, generating a political pyroclastic cloud, the Bureau of Meteorology can’t end…
Vulnerable Codes in Legacy Python Packages Enables Attacks on Python Package Index Via Domain Compromise
Hidden vulnerabilities in legacy code often create unseen risks for modern development environments. One such issue recently surfaced within the Python ecosystem, where outdated bootstrap…