Hackers Leverages Microsoft Entra Tenant Invitations to Launch TOAD Attacks
A new phishing campaign has emerged that weaponizes Microsoft Entra guest user invitations to deceive recipients into making phone calls to attackers posing as Microsoft…
Month: November 2025
Five men admit helping North Korean IT workers infiltrate US companies
US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This…
EVALUSION Campaign Using ClickFix Technique to deploy Amatera Stealer and NetSupport RAT
In November 2025, a new malware campaign emerged that combines social engineering tricks with advanced stealing tools. The attack starts when criminals trick users into…
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a…
Salesforce: CIOs closer to the bridge than ever due to agentic AI
Salesforce research into how CIOs are using agentic AI has found the technology to be making their roles more strategic than ever within their businesses.…
Researchers Detailed Techniques to Detect Outlook NotDoor Backdoor Malware
Outlook NotDoor backdoor malware first appeared in threat campaigns identified by Lab52, the intelligence arm of Spanish firm S2 Grupo. Linked to APT28/Fancy Bear, NotDoor…
Cybersecurity Incident Hits Eurofiber France
A cybersecurity incident at Eurofiber France was officially confirmed after the company identified unauthorized activity on November 13, 2025. The incident involved a software vulnerability…
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean threat actors use JSON sites to deliver malware via trojanized code Pierluigi Paganini November 17, 2025 North Korean Contagious Interview actors now host…
New MobileGestalt Exploit for iOS 26.0.1 Enables Unauthorized Writes to Protected Data
A sandbox escape vulnerability affecting iPhones and iPads running iOS 16.2 beta 1 or earlier versions. The proof-of-concept (POC) exploits weaknesses in the itunesstored and…
AI-driven dynamic endpoint security is redefining trust
The network perimeter no longer exists. Employees are as likely to log in from a coffee shop or airport lounge as from a corporate office.…
North Korean Hackers Infiltrated 136 U.S. Companies to Generate $2.2 Million in Revenue
The U.S. Justice Department announced major actions against North Korean cybercrime, including five people admitting guilt and the government taking more than $15 million in…
Hackers Exploiting XWiki Vulnerability in the Wild to Hire the Servers for Botnet
A sharp increase in attacks targeting a critical vulnerability in XWiki servers. Multiple threat actors are actively exploiting CVE-2025-24893 to deploy botnets and coin miners, and to…