Month: November 2025

The University of Pennsylvania has confirmed that a hacker breached numerous internal systems related to the university’s development and alumni activities and stole data in a cyberattack.  In a new statement, Penn confirmed BleepingComputer’s reporting that the hackers breached its systems using compromised credentials, stating they were stolen in a social engineering attack. “On October 31, Penn

Under a new partnership with the government aimed at combating fraud, Britain’s largest mobile carriers have committed to upgrading their networks to eliminate scammers’ ability to spoof phone numbers within a year. This agreement is part of the new Telecoms Charter, which brings together law enforcement, government agencies, and Britain’s top mobile networks, including BT

The cybersecurity community has long lived by a simple principle: Don’t collect more data than you can protect. But ID laws and other legal mandates now force many organizations to store massive amounts of sensitive data, putting them in the precarious situation of dealing with information they don’t necessarily want but have to safeguard. The

With the first Patch Tuesday following Windows 10’s end of support approaching next week, users who continue to run the operating system should enroll in the Extended Security Updates (ESU) program to remain protected against newly discovered security vulnerabilities. On October 14, 2025, Windows 10 reached the end of support, meaning that Microsoft will no

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. GlassWorm is a campaign and malware that leverages Solana transactions to fetch a payload targeting GitHub, NPM, and OpenVSX account credentials, as well as cryptocurrency

AI Governance Solution Find and remove viral AI notetakers like Otter.ai Find every account for every AI app Stop the spread of unapproved tools Revoke integrations granting AI tools access to data Thank you! Your submission has been received! Oops! Something went wrong while submitting the form. Trusted by security teams everywhere Regain control of

Cisco warned this week that two vulnerabilities, which have been used in zero-day attacks, are now being exploited to force ASA and FTD firewalls into reboot loops. The tech giant released security updates on September 25 to address the two security flaws, stating that CVE-2025-20362 enables remote threat actors to access restricted URL endpoints without authentication, while CVE-2025-20333 allows authenticated attackers

A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. The security issue was patched this year in April, but researchers found evidence that the LandFall operation was active since at least July 2024, and targeted select Samsung

Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. The embedded malicious code uses a probabilistic trigger, so it may or may not activate depending on a set of parameters on the infected device. NuGet is an open-source package manager and software

QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. The flaws impact QNAP’s QTS and QuTS hero operating systems (CVE-2025-62847, CVE-2025-62848, CVE-2025-62849) and the company’s Hyper Data Protector (CVE-2025-59389), Malware Remover (CVE-2025-11837), and HBS 3 Hybrid Backup Sync (CVE-2025-62840, CVE-2025-62842) software.