Threat group reroutes software updates through hacked network gear
Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been…
Month: November 2025
Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin
SolarWinds has released security patches addressing three critical remote code execution vulnerabilities in Serv-U that could allow attackers with administrative privileges to execute arbitrary code…
New FortiWeb 0-Day Code Execution Flaw Actively Exploited
Fortinet has disclosed a critical OS command injection vulnerability affecting multiple versions of FortiWeb that is currently being exploited in the wild. The flaw, tracked…
ARC Data Sale Faces Heat Over Federal Warrantless Access
The ARC Data Sale to U.S. government agencies has come under intense scrutiny following reports of warrantless access to Americans’ travel records. After growing pressure…
WhatsApp Vulnerability Exposes 3.5 Billion Users’ Phone Numbers
A critical security flaw in WhatsApp has allowed researchers to expose the phone numbers of 3.5 billion users, marking one of the most significant data…
New ShadowRay Exploit Targets Vulnerability in Ray AI Framework to Attack AI Systems
Oligo Security researchers have uncovered an active global hacking campaign that leverages artificial intelligence to attack AI infrastructure. The operation, dubbed ShadowRay 2.0, exploits a…
CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs
Singapore, Singapore, November 19th, 2025, CyberNewsWire The collaboration advances enterprise grade application security into decentralized ecosystems, uniting Checkmarx’s AppSec expertise with Web3 specialization by CredShields.…
DoorDash Cybersecurity Incident Exposes User Data
American Food delivery platform DoorDash has disclosed a DoorDash cybersecurity incident after an unauthorized third party accessed certain user information through a targeted social engineering…
Eurofiber confirms November 13 hack, data theft, and extortion attempt
Eurofiber confirms November 13 hack, data theft, and extortion attempt Pierluigi Paganini November 19, 2025 Eurofiber says hackers exploited a flaw on November 13, breached…
Cybercrime Racket Exposed In India CCTV Hack
A disturbing case of hacking CCTV systems in India has exposed a widespread cybercrime racket through which intimate videos from a maternity ward were stolen…
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet Pierluigi Paganini November 19, 2025 Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers…
Metis: Open-source, AI-driven tool for deep security code review
Metis is an open source tool that uses AI to help engineers run deep security reviews on code. Arm’s product security team built Metis to…