North Korean threat actors use JSON sites to deliver malware via trojanized code
17
Nov
2025

North Korean threat actors use JSON sites to deliver malware via trojanized code

North Korean threat actors use JSON sites to deliver malware via trojanized code Pierluigi Paganini November 17, 2025 North Korean…

New MobileGestalt Exploit for iOS 26.0.1 Enables Unauthorized Writes to Protected Data
17
Nov
2025

New MobileGestalt Exploit for iOS 26.0.1 Enables Unauthorized Writes to Protected Data

A sandbox escape vulnerability affecting iPhones and iPads running iOS 16.2 beta 1 or earlier versions. The proof-of-concept (POC) exploits…

AI-driven dynamic endpoint security is redefining trust
17
Nov
2025

AI-driven dynamic endpoint security is redefining trust

The network perimeter no longer exists. Employees are as likely to log in from a coffee shop or airport lounge…

North Korean Hackers Infiltrated 136 U.S. Companies to Generate $2.2 Million in Revenue
17
Nov
2025

North Korean Hackers Infiltrated 136 U.S. Companies to Generate $2.2 Million in Revenue

The U.S. Justice Department announced major actions against North Korean cybercrime, including five people admitting guilt and the government taking…

Hackers Exploiting XWiki Vulnerability in the Wild to Hire the Servers for Botnet
17
Nov
2025

Hackers Exploiting XWiki Vulnerability in the Wild to Hire the Servers for Botnet

A sharp increase in attacks targeting a critical vulnerability in XWiki servers. Multiple threat actors are actively exploiting CVE-2025-24893 to deploy botnets…

Two-thirds of finance firms use suppliers for AI agent development
17
Nov
2025

Getting started with agentic AI

A study by Boston Consulting Group (BCG) suggests that organisations that lead in technology development are gaining a first-mover advantage…

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
17
Nov
2025

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025 Pierluigi Paganini November 17, 2025 RondoDox botnet…

The researcher’s desk: CVE-2025-59287 - Blog Detectify
17
Nov
2025

The researcher’s desk: FortiWeb Authentication Bypass (CVE-2025-64446)

Welcome to The researcher’s desk  – a content series where the Detectify security research team conducts a technical autopsy on…

Unremovable Spyware on Samsung Devices Comes Pre-installed on Galaxy Series Devices
17
Nov
2025

Unremovable Spyware on Samsung Devices Comes Pre-installed on Galaxy Series Devices

Samsung has been accused of shipping budget Galaxy A and M series smartphones with pre-installed spyware that users can’t easily…

The next tech divide is written in AI diffusion
17
Nov
2025

The next tech divide is written in AI diffusion

AI is spreading faster than any major technology in history, according to a Microsoft report. More than 1.2 billion people…

week in security
17
Nov
2025

A week in security (November 10 – November 16)

November 14, 2025 – Contacted out of the blue for a virtual interview? Be cautious. Attackers are using fake interviews…

Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials
17
Nov
2025

Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials

A threat actor known as “888” has purportedly dumped sensitive data stolen from electronics giant LG Electronics, raising alarms in…