Microsoft Teams Adds Option to Report Misidentified Threat Messages
Microsoft Teams is rolling out a new feature that allows users to misreport messages flagged as security threats. The capability, rolling out by the end…
Author: Cybernoz
Single Click on CAPTCHA Triggers Destructive Akira Ransomware Attack on Malicious Website
A sophisticated Akira ransomware attack orchestrated by the Howling Scorpius group recently left a global data storage and infrastructure company grappling with massive operational disruption…
Hackers Exploit Tuoni C2 Framework to Stealthily Deploy In-Memory Payloads
In October 2025, Morphisec’s anti-ransomware prevention platform detected and neutralized a sophisticated cyberattack targeting a major U.S. real estate company. The campaign showcased the emerging…
Chinese PlushDaemon Hackers Exploit EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers
ESET researchers have uncovered a sophisticated attack chain orchestrated by the China-aligned threat actor PlushDaemon, revealing how the group leverages a previously undocumented network implant,…
CISA Alerts on Fortinet FortiWeb Vulnerability Exploited in Real-World Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical OS command injection vulnerability in Fortinet FortiWeb, warning that the…
Palo Alto Networks to acquire observability firm Chronosphere for $3.35 billion
Palo Alto Networks announced Wednesday it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity, marking the cybersecurity company’s latest…
WIRED Roundup: DHS’s Privacy Breach, AI Romantic Affairs, and Google Sues Text Scammers
Zoë Schiffer: So shifting gears, our next story deals with another inescapable fact of modern life, which is scam text messages. Brian, how many scam…
The Gentlemen” Ransomware Group Deploys Dual-Extortion Tactics, Encrypting and Exfiltrating Data
Cybereason Threat Intelligence Team has uncovered a sophisticated ransomware operation known as “The Gentlemen,” which emerged around July 2025 and quickly established itself as a…
Cyber stands at a critical point with the rise of agentic AI
“Agentic AI for security is at a firewall moment,” Grossman says. “It could be the first time since the advent of the firewall where defenders…
Five Eyes just made life harder for bulletproof hosting providers
The Treasury Department, along with officials from the United Kingdom and Australia, imposed sanctions Wednesday against two bulletproof hosting providers and key people involved in…
Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack
The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions. Sneaky2FA is a…
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to…