TECHZONE™

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service

From Tabletop to Turnkey: Building Cyber Resilience in Financial Services https://thehackernews.com/2025/11/from-tabletop-to-turnkey-building-cyber.html Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in

ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political

Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response https://thehackernews.com/2025/11/bitdefender-named-representative-vendor.html Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine. "This hidden environment, with its lightweight

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach https://thehackernews.com/2025/11/sonicwall-confirms-state-sponsored.html SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor - was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a

How social engineering works | Unlocked 403 cybersecurity podcast (S2E6) https://www.welivesecurity.com/en/videos/how-social-engineering-works-unlocked-403-cybersecurity-podcast-s2e6/ Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly https://thehackernews.com/2025/11/google-uncovers-promptflux-malware-that.html Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is written in VBScript and interacts with Gemini's API to request specific VBScript obfuscation and

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data https://thehackernews.com/2025/11/researchers-find-chatgpt.html Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI's GPT-4o and GPT-5 models. OpenAI has

Securing the Open Android Ecosystem with Samsung Knox https://thehackernews.com/2025/11/securing-open-android-ecosystem-with.html Raise your hand if you’ve heard the myth, “Android isn’t secure.” Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking its full potential. The truth is, with work happening everywhere, every device connected to your

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions https://thehackernews.com/2025/11/mysterious-smudgedserpent-hackers.html A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud https://thehackernews.com/2025/11/us-sanctions-10-north-korean-entities.html The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of

Why SOC Burnout Can Be Avoided: Practical Steps https://thehackernews.com/2025/11/why-soc-burnout-can-be-avoided.html Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’t through working harder, but through working smarter, together. Here are three practical steps every SOC can

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence https://thehackernews.com/2025/11/cisa-adds-gladinet-and-cwp-flaws-to-kev.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to

A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces https://thehackernews.com/2025/11/a-cybercrime-merger-like-no-other.html The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators'

Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep https://thehackernews.com/2025/11/europol-and-eurojust-dismantle-600.html Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on charges of involvement in

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks https://thehackernews.com/2025/11/critical-react-native-cli-flaw-exposed.html Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli's

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.html Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News. Following responsible disclosure in March

Ransomware Defense Using the Wazuh Open Source Platform https://thehackernews.com/2025/11/ransomware-defense-using-wazuh-open.html Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide. A ransomware attack typically begins when the malware infiltrates a system through various vectors such as

Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors https://thehackernews.com/2025/11/operation-skycloak-deploys-tor-enabled.html Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs obfs4 for