Everest ransomware claims breach at Spain’s national airline Iberia with 596 GB data theft

Everest claims large breaches at Iberia and Air Miles España with major data taken from both travel platforms placing millions of users at risk...

Detego Global Launches Case Management Platform for Digital Forensics and Incident Response Teams

Horsham, United Kingdom, 25th November 2025, CyberNewsWire...

Thinking Beyond Price: What Tech Teams Should Look for in a Hosting Provider

Discover why reliability, scalability, and local support matter more than cost when choosing Australian web hosting for your tech stack...

Update Firefox to Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users

AI security firm AISLE revealed CVE-2025-13016, a critical Firefox Wasm bug that risked 180M users for six months. Learn how the memory flaw allowed code execution...

How To Hide Your Country Location on X (Twitter) by Switching to Region

X formerly known as Twitter has added a new location detail in its account transparency section. It shows…...

Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack

The Shai Hulud worm's "Second Coming" has compromised over 26,000 public repositories. We detail the attacker's mistake, the target packages, and mandatory security tips...

Elite Cyber Veterans Launch Blast Security with $10M to Turn Cloud Detection into Prevention

Tel Aviv, Israel, 24th November 2025, CyberNewsWire...

Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer

Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious 'prettier-vscode-plus' extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data...

New RadzaRat Spyware Poses as File Manager to Hijack Android Devices

Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files...

Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update

A critical security flaw CVE-2025-11001 in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now...

CrowdStrike Fires Worker Over Insider Leak to Scattered Lapsus Hunters

CrowdStrike fired an insider for selling internal screenshots to Scattered Lapsus$ Hunters for $25,000. Read how the security team detected the activity and protected customers...

New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse

Sturnus, an advanced Android banking trojan, has been discovered by ThreatFabric. Learn how this malware bypasses end-to-end encryption on Signal and WhatsApp, steals bank credentials using fake screens, and executes fraudulent transactions...

ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms

ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens...

Everest Ransomware Says It Breached Brazilian Energy Giant Petrobras

Everest ransomware claims to have stolen over 180GB of seismic survey data from Petrobras, demanding contact through qTox with a countdown in place...

New Eternidade Stealer Uses WhatsApp to Steal Banking Data

Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets...

Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices

SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control...

UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp

The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stasvl,” ran a long-running bulletproof hosting operation used by top ransomware groups...

Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach

Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info...

Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications

Tel Aviv, Israel, 19th November 2025, CyberNewsWire...

Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks

Two FortiWeb vulnerabilities, including a critical unauthenticated bypass CVE-2025-64446, are under attack. Check logs for rogue admin accounts and upgrade immediately...

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Palo Alto, California, 19th November 2025, CyberNewsWire...

SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program

Orem, United States, November 18th, 2025, CyberNewsWire SecurityMetrics, a leading innovator in compliance and cybersecurity, today announced that…...

Cline Bot AI Agent Vulnerable to Data Theft and Code Execution

Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution...

How to Achieve Ultra-Fast Response Time in Your SOC

ANY.RUN shows how early clarity, automation and shared data help SOC teams cut delays and speed up response during heavy alert loads...

CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs

Singapore, Singapore, 19th November 2025, CyberNewsWire...

Cloudflare Outage Jolts the Internet – What Happened, and Who Was Hit

Cloudflare outage causes slow sites, login trouble and dashboard errors as users report problems even after the company says service is restored...

SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026

Austin, TX/USA, 18th November 2025, CyberNewsWire...

Microsoft Azure Blocks 15.72 Tbps Aisuru Botnet DDoS Attack

Microsoft Azure halted a record 15.72 Tbps DDoS attack from the Aisuru botnet exposing risks created by exposed home devices exploited in large-scale cyber attacks...

Bitsgap vs HaasOnline: Advanced Features vs Smart Simplicity

Power vs Practicality in Crypto Automation...

Alice Blue Partners with AccuKnox for Regulatory Compliance

Menlo Park, CA, November 17th, 2025, CyberNewsWire...

Everest Ransomware Says It Stole Data of Millions of Under Armour Users

Everest ransomware claims to have breached Under Armour, stealing 343GB of data, including customer info, product records, and internal company files...

Frentree Partners with AccuKnox to Expand Zero Trust CNAPP Security in South Korea

Menlo Park, California, USA, 17th November 2025, CyberNewsWire...

EchoGram Flaw Bypasses Guardrails in Major LLMs

HiddenLayer reveals the EchoGram vulnerability, which bypasses safety guardrails on GPT-5.1 and other major LLMs, giving security teams just a 3-month head start...

AIPAC Discloses Data Breach, Says Hundreds Affected

AIPAC reports data breach after external system access, hundreds affected, investigation ongoing with added security steps...

DoorDash hit by data breach after an employee falls for social engineering scam

Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen...

CISA Warns of Active Attacks on Cisco ASA and Firepower Flaws

CISA issues an urgent directive for all organizations to patch Cisco ASA and Firepower devices against CVE-2025-20362 and CVE-2025-20333, exploited in the ArcaneDoor campaign. Verify the correct version now!...

Chinese State Hackers Jailbroke Claude AI Code for Automated Breaches

Anthropic, the developer behind Claude AI, says a Chinese state sponsored group used its model to automate most of a cyber espionage operation against about 30 companies with Claude handling up to 90% of the technical work...

Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking

A massive data leak reportedly at Chinese firm Knownsec Chuangyu exposed 12,000 files detailing state-backed 'cyber weapons' and spying on over 20 countries. See the details, including 95GB of stolen Indian immigration data...

How Adversaries Exploit the Blind Spots in Your EASM Strategy

Internet-facing assets like domains, servers, or networked device endpoints are where attackers look first, probing their target’s infrastructure…...

Scammers Abuse WhatsApp Screen Sharing to Steal OTPs and Funds

A fast-spreading threat, known as the screen-sharing scam, is using a simple feature on WhatsApp to steal money…...

Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers

Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet...

SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk

CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover...

Top 3 Malware Families in Q4: How to Keep Your SOC Ready

Q3 showed sharp growth in malware activity as Lumma AgentTesla and Xworm drove access and data theft forcing SOC teams toward quicker behavior checks...

BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration

New York, New York, 13th November 2025, CyberNewsWire...

ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year

Singapore, Singapore, 13th November 2025, CyberNewsWire...

Mindgard Finds Sora 2 Vulnerability Leaking Hidden System Prompt via Audio

AI security firm Mindgard discovered a flaw in OpenAI's Sora 2 model, forcing the video generator to leak…...

DarkComet Spyware Resurfaces Disguised as Fake Bitcoin Wallet

Old DarkComet RAT spyware is back, hiding inside fake Bitcoin wallets and trading apps to steal credentials via keylogging...

Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack

North Korea-linked KONNI hackers used KakaoTalk and Google Find Hub to spy on victims and remotely wipe Android devices in a targeted phishing campaign...

@facebookmail.com Invites Exploited to Phish Facebook Business Users

If you manage Facebook advertising for a small or medium-sized business, open your inbox with suspicion, because attackers…...

8 Recommended Account Takeover Security Providers

In 2025, account takeover ATO attacks are a significant - and growing - cybersecurity threat, especially in the…...