ICYMI: 2025-11-19
Latest Headlines
Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
WIRED Roundup: DHS’s Privacy Breach, AI Romantic Affairs, and Google Sues Text Scammers
Vaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance Boom
Amazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical Strikes
Watch Now: Protecting What WAFs and Gateways Can’t See – Register
Mate Emerges From Stealth Mode With $15.5 Million in Seed Funding
Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week
Microsoft Unveils Security Enhancements for Identity, Defense, Compliance
Hackers Actively Exploiting 7-Zip RCE Vulnerability in the Wild
Sysmon – Go-to Tool for IT Admins, Security Pros, and Threat Hunters Coming to Windows
‘The Gentlemen’ Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data
Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide
Hackers Using Leverage Tuoni C2 Framework Tool to Stealthily Deliver In-Memory Payloads
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack
Google’s Gemini 3 is living up to the hype and creating games in one shot
Google Search is now using AI to create interactive UI to answer your questions
W3 Total Cache WordPress plugin vulnerable to PHP command injection
Russian bulletproof hosting provider sanctioned over ransomware ties
New WrtHug campaign hijacks thousands of end-of-life ASUS routers
The hidden risks in your DevOps stack data—and how to address them
Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters
California man admits to laundering crypto stolen in $230M heist
Cloudflare blames this week’s massive outage on database issues
‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
– MTZ