CSP Bypasses: Advanced Exploitation Guide
Content Security Policies (CSPs) are often deployed as the last line of defense against client-side attacks such as cross-site scripting (XSS) and clickjacking. Since their…
Author: Cybernoz
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
Nov 30, 2025Ravie LakshmananHacktivism / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a…
Week in review: Fake “Windows Update” fuels malware, Salesforce details Gainsight breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Quantum encryption is pushing satellite hardware to its limitsIn this…
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware Pierluigi Paganini November 30, 2025 North Korea-linked actors behind Contagious Interview uploaded 197…
This month in security with Tony Anscombe – November 2025 edition
Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month’s cybersecurity news 28 Nov…
Albiriox Malware Emerges, Targeting Android Users for Full Device Takeover
A dangerous new Android malware called Albiriox has been discovered by security researchers, posing a serious threat to mobile banking and cryptocurrency users worldwide. The malware operates…
Mystery OAST Tool Exploits 200 CVEs Using Google Cloud for Large-Scale Attacks
A sophisticated threat actor has been operating a private Out-of-band Application Security Testing (OAST) service hosted on Google Cloud infrastructure to conduct a large-scale exploit…
Tomiris Hacker Group Unveils New Tools and Techniques for Global Attacks
A new wave of cyberattacks has been discovered targeting government officials and diplomats across Russia and Central Asia. The group, which has been active for…
Japanese beer giant Asahi says data breach hit 1.5 million people
Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. The…
HashJack Attack Uses URL ‘#’ to Control AI Browser Behavior – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
On November 25, 2025, cybersecurity firm Cato Networks revealed HashJack, a new threat where the simple pound sign (#) in a web address (URL) hides…
CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical flaw in OpenPLC ScadaBR, confirming…
The WIRED Guide to Digital Opsec for Teens
Expand your mind, man. Opsec is really all about time travel—taking small, protective steps now before you have a disaster on your hands later. If…