Month: November 2025

Written by Ido Shlomo, CTO and Co-Founder, Token Security As organizations rapidly adopt AI assistants and autonomous agents to streamline workflows and boost efficiency, they may be unwittingly expanding their attack surface. AI agents, whether embedded in IT operations, customer service processes, or LLM-based internal tools, are acting on our behalf, making decisions, accessing sensitive

The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. According to security researchers at Zscaler ThreatLabz, there is a new variant of DanaBot, version 669, that has a command-and-control (C2) infrastructure using  Tor domains (.onion) and “backconnect” nodes. Zscaler also identified and

Google has filed a lawsuit to dismantle “Lighthouse”, a phishing-as-a-service (PhaaS) platform used by cybercriminals worldwide to steal credit card information through SMS phishing (“smishing”) attacks that impersonate the U.S. Postal Service (USPS) and E-ZPass toll systems. The lawsuit aims to shut down the website infrastructure supporting the Lighthouse phishing-as-a-service (PhaaS), which Google says has

Microsoft announced that passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden. This is possible after the Windows security team worked together with third-party managers to improve passwordless authentication by developing a passkey API for Windows 11.  The new feature has been introduced with

The United Kingdom has introduced new legislation to boost cybersecurity defenses for hospitals, energy systems, water supplies, and transport networks against cyberattacks, linked to annual damages of nearly £15 billion ($19.6 billion). The Cyber Security and Resilience Bill, introduced in the UK Parliament on November 12, builds upon the existing Network and Information Systems (NIS)

Microsoft has released the KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support last month. On October 14, Microsoft released the final Windows 10 cumulative update, after which the operating system no longer receives bug fixes or free security updates. Both consumers and business customers can enroll in

Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. The security issue (CVE-2025-12686) is described as a ‘buffer copy without checking the size of input’ problem, and can be exploited to allow arbitrary code execution. It impacts multiple versions of BeeStation OS, the

The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers. Rhadamanthys is an infostealer malware that steals credentials and authentication cookies from browsers, email clients, and other applications. It is commonly distributed through campaigns promoted as software cracks, YouTube videos, or malicious

Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet’s Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. The security issue leveraged in the attack is CVE-2025-12480 and can be used to bypass authentication and obtain access to the application’s setup pages. Security researchers at Google Threat Intelligence Group (GTIG)

A Chinese woman known as the “Bitcoin Queen” was sentenced in London to 11 years and eight months in jail for laundering Bitcoin from a £5.5 billion ($7.3 billion) cryptocurrency investment scheme. The sentence follows a seven-year investigation by the Met’s Economic Crime team into international money laundering, which revealed that the 47-year-old woman, Zhimin Qian