CISA warns Akira ransomware is an imminent threat, citing CVE‑2024‑40766 (SonicWall) and VMware ESXi abuse, plus AnyDesk/Ngrok C2. Patch KEVs, enforce MFA, maintain offline backups. thecyberexpress.com/akira-ransomwa… #infosec #Ransomware
A custom‑GPT SSRF can pull an Azure access token, giving an attacker cloud‑level access to OpenAI’s backend – reminds us to enforce outbound allow‑lists and tightly scope managed identities. securityweek.com/chatgpt-vulner… #infosec #SSRF #Azure #AIsec
WatchGuard Firebox CVE-2025-9242 (CVSS 9.3) enables unauthenticated RCE; actively exploited - patch now and review logs. securityweek.com/critical-watch… #infosec #CVE2025-9242 #WatchGuard
Amazon sees exploitation of Cisco ISE (CVE-2025-20337) and CitrixBleed 2 (CVE-2025-5777) as zero-days - patch now and monitor access. securityweek.com/cisco-ise-citr… #infosec #Cisco #Citrix #ZeroDay #CVE2025-20337
Chrome 142 and Firefox 145 patch high-sev bugs - sandbox bypasses and memory-corruption flaws. Deploy now to harden browsers before exploits appear. securityweek.com/firefox-145-an… #infosec #Chrome #Firefox
DanaBot drops Windows v669 after Operation Endgame—modular banking/credential stealing adds C2 domains, update detections. securityaffairs.com/184548/malware… #infosec #Malware #DanaBot
Phish emails spoof spam-filter alerts to steal credentials; users trust it. Enforce DMARC, train users verify alerts. malwarebytes.com/blog/news/2025… #infosec #phishing #SpamFilter
Google sued Smishing Triad for the ‘Lighthouse’ kit that spawned >194k phishing domains – cheap kits enable big attacks; block domains and train users. securityweek.com/google-sues-ch… #infosec #phishing #SmishingTriad
Nov Patch Tuesday patches a Windows zero‑day being exploited – update ASAP. malwarebytes.com/blog/news/2025… #infosec #Windows
China says the US hijacked LuBian's mining pool in 2020 by brute-forcing wallets built on a 32-bit PRNG - a reminder crypto services need real CSPRNGs or face huge theft and state-level fallout. thecyberexpress.com/china-cyberatt… #infosec #Crypto
Microsoft’s Nov 2025 Patch Tuesday adds 63 fixes and an exploited Windows Kernel zero‑day (CVE‑2025‑62215) that lets an auth user race to SYSTEM – patch and watch for alerts. thecyberexpress.com/microsoft-nove… #infosec #CVE2025-62215 #PatchTuesday
Microsoft patched the actively-exploited Windows kernel zero-day used for local privilege escalation - apply the update now across all Windows systems. securityweek.com/microsoft-patc… #infosec #ZeroDay #Windows
A critical Samsung mobile zero‑day is being weaponised in the wild to drop LANDFALL spyware, giving attackers full device control – apply Samsung’s patch now and check for rogue profiles. malwarebytes.com/blog/news/2025… #infosec #Samsung #ZeroDay #MobileSecurity
CISA adds a Samsung Android zero‑day used by LandFall spyware to its KEV list—agencies must patch now to stop nation‑state credential theft. infosecurity-magazine.com/news/cisa-zero… #infosec #ZeroDay #Samsung #LandFall
Three runC bugs (CVE‑2025‑31133, ‑52565, ‑52881) allow bind‑mount of host files such as /proc/sysrq-trigger, enabling container escape – upgrade to runC v1.2.8/1.3.3/1.4.0‑rc.3. thecyberexpress.com/cve-2025-31133… #infosec #runC
GlassWorm re‑appears in Open VSX and GitHub, infecting VS Code extensions post‑removal—shows third‑party extension stores are a weak link. securityaffairs.com/184427/malware… #infosec #SupplyChain #VSCode
China‑aligned UTA0388 weaponises LLM‑generated text in spear‑phishing, scaling email attacks. Update defenses to flag AI‑style language and monitor footprints. infosecurity-magazine.com/news/china-ali… #infosec #AIsec #Phishing
Cl0p lists ~30 firms compromised via Oracle EBS - unpatched EBS servers are still a prime ransomware vector; audit patches, segment networks and hunt web-shells. securityweek.com/nearly-30-alle… #infosec #OracleEBS #Ransomware #Cl0p
Europe’s first in‑orbit satellite CTF proved live telemetry and command links can be safely tested – a reminder satellite programs need security‑by‑design now. thecyberexpress.com/europe-hosts-f… #infosec #SpaceSecurity
OWASP’s AI Vulnerability Scoring System (AIVSS) adds autonomy and tool use to CVSS, letting you score AI risks like tool misuse and supply‑chain attacks. Map AI assets to AIVSS. thecyberexpress.com/owasp-ai-vulne… #infosec #AIsec #OWASP
United States Trends
- 1. Blue Origin 7,788 posts
- 2. Megyn Kelly 30K posts
- 3. New Glenn 8,714 posts
- 4. Vine 33.7K posts
- 5. Senator Fetterman 18.5K posts
- 6. CarPlay 4,367 posts
- 7. Brainiac 5,485 posts
- 8. #NXXT_JPMorgan N/A
- 9. World Cup 101K posts
- 10. Portugal 62.3K posts
- 11. Matt Gaetz 14K posts
- 12. GeForce Season 1,057 posts
- 13. Padres 28.6K posts
- 14. Eric Swalwell 26K posts
- 15. Black Mirror 5,197 posts
- 16. Katie Couric 9,720 posts
- 17. Man of Tomorrow 6,042 posts
- 18. Osimhen 100K posts
- 19. Grade 1 26.2K posts
- 20. Cynthia 112K posts
Something went wrong.
Something went wrong.