How To Hide Your Country Location on X (Twitter) by Switching to Region
X (formerly known as Twitter) has added a new location detail in its account transparency section. It shows…
Hack Read
Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack
The Shai Hulud worm's "Second Coming" has compromised over 26,000 public repositories. We detail the attacker's mistake, the target packages, and mandatory security tips.
Elite Cyber Veterans Launch Blast Security with $10M to Turn Cloud Detection into Prevention
Tel Aviv, Israel, 24th November 2025, CyberNewsWire
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious 'prettier-vscode-plus' extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data.
New RadzaRat Spyware Poses as File Manager to Hijack Android Devices
Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files.
Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
A critical security flaw (CVE-2025-11001) in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now.
CrowdStrike Fires Worker Over Insider Leak to Scattered Lapsus Hunters
CrowdStrike fired an insider for selling internal screenshots to Scattered Lapsus$ Hunters for $25,000. Read how the security team detected the activity and protected customers.
New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse
Sturnus, an advanced Android banking trojan, has been discovered by ThreatFabric. Learn how this malware bypasses end-to-end encryption on Signal and WhatsApp, steals bank credentials using fake screens, and executes fraudulent transactions.
ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms
ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens.
Everest Ransomware Says It Breached Brazilian Energy Giant Petrobras
Everest ransomware claims to have stolen over 180GB of seismic survey data from Petrobras, demanding contact through qTox with a countdown in place.
New Eternidade Stealer Uses WhatsApp to Steal Banking Data
Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets.
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices
SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.
UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp
The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stas_vl,” ran a long-running bulletproof hosting operation used by top ransomware groups.
Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach
Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info.
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications
Tel Aviv, Israel, 19th November 2025, CyberNewsWire
Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks
Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately.
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, 19th November 2025, CyberNewsWire
SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program
Orem, United States, November 18th, 2025, CyberNewsWire SecurityMetrics, a leading innovator in compliance and cybersecurity, today announced that…
Cline Bot AI Agent Vulnerable to Data Theft and Code Execution
Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution.
How to Achieve Ultra-Fast Response Time in Your SOC
ANY.RUN shows how early clarity, automation and shared data help SOC teams cut delays and speed up response during heavy alert loads.
