Cybersecurity

Het gebruik van Amerikaanse clouddiensten voor de opslag van gevoelige overheidsdata is vaak onacceptabel, zo stelt Privatim, ...

Simone Smit wordt volgend jaar maart de nieuwe directeur van de AIVD en volgt daarmee Erik Akerboom op die eerder zijn vertrek ...

Het onderzoek naar een aparte domeinextensie voor overheidswebsites is nog gaande en wordt op zijn vroegst eind dit jaar ...

De Spaanse privacytoezichthouder AEPD heeft de Spaanse luchthavenbeheerder Aena een boete van 10 miljoen euro opgelegd wegens ...

De makers van het besturingssysteem GrapheneOS hebben hun servers weggehaald uit Frankrijk. Volgens de ontwikkelaars is het ...

Studenten en it-professionals hebben de afgelopen weken tientallen kwetsbaarheden in systemen van de Belgische overheid ...

Hardwarefabrikant D-Link waarschuwt gebruikers voor een botnet dat kwetsbare NAS-systemen aanvalt en roept op tot het vervangen ...

De Britse overheid roept mkb-bedrijven op om gebruik te maken van passphrases en een wachtwoordmanager en updates op tijd te ...

De meeste jonge cybercriminelen stoppen als ze de twintig zijn gepasseerd, wat overeenkomt met andere vormen van criminaliteit, ...

De Franse uitgever Conde Nast heeft een boete van 750.000 euro gekregen omdat het illegaal cookies plaatste bij bezoekers van ...

Black fungus found growing inside Chernobyl's destroyed reactor may be feeding on radiation, and researchers have tested samples of the same species aboard the International Space Station to explore whether it could eventually shield astronauts from cosmic rays. Ukrainian scientist Nelli Zhdanova first discovered the melanin-rich mould colonizing the walls and ceilings of the exploded reactor building during a May 1997 survey. Her research indicated that the fungal hyphae were actually growing toward sources of ionizing radiation rather than merely tolerating it. In 2007, nuclear scientist Ekaterina Dadachova at the Albert Einstein College of Medicine found that melanised fungi grew 10% faster when exposed to radioactive caesium compared to control samples, leading her to propose "radiosynthesis" -- a process where organisms convert radiation into metabolic energy. The same strain, Cladosporium sphaerospermum, traveled to the ISS in December 2018 and grew an average of 1.21 times faster over 26 days compared to Earth-based controls. Nils Averesch, a biochemist at the University of Florida and co-author of that study, remains cautious about attributing the growth boost to radiation harvesting since zero gravity could also be responsible.

Read more of this story at Slashdot.

Europe's Airbus said on Friday it was ordering immediate repairs to 6,000 of its widely used A320 family of jets in a sweeping recall affecting more than half the global fleet, threatening upheaval during the busiest travel weekend of the year in the United States and disruption worldwide. From a report: The setback appears to be among the largest recalls affecting Airbus in its 55-year history and comes weeks after the A320 overtook the Boeing 737 as the most-delivered model. At the time Airbus issued its bulletin to the plane's more than 350 operators, some 3,000 A320-family jets were in the air. The fix mainly involves reverting to earlier software and is relatively simple, but must be carried out before the planes can fly again, other than repositioning to repair centres, according to the bulletin to airlines seen by Reuters. Airlines from the United States to South America, Europe, India and New Zealand warned the repairs could potentially cause flight delays or cancellations.

Read more of this story at Slashdot.

EU antitrust regulators will examine whether Apple's Apple Ads and Apple Maps should be subject to the onerous requirements of the bloc's digital rules after both services hit key criteria, with the U.S. tech giant saying they should be exempted. From a report: Apple's App Store, iOS operating system and Safari web browser were designated core platform services under the Digital Markets Act two years ago aimed at reining in the power of Big Tech and opening up the field to rivals so consumers can have more choice. The European Commission said that Apple has notified it that Apple Ads and Apple Maps met the Act's two thresholds to be considered "gatekeepers." The DMA designates companies with services with more than 45 million monthly active users and $79 billion in market capitalisation as gatekeepers subject to a list of dos and don'ts.

Read more of this story at Slashdot.

A new study published in Communications Earth & Environment has reconstructed the climate conditions of the ancient Indus River Valley civilization between 3000 and 1000 B.C., finding that four intense droughts -- each lasting more than 85 years -- likely drove the gradual decline of one of the world's earliest advanced societies. The research team, led by Hiren Solanki at the Indian Institute of Technology, Gandhinagar, combined paleoclimate data from cave formations and lake records with computer models to determine that the region shifted from wetter-than-present monsoon conditions to prolonged dry spells as the tropical Pacific Ocean warmed. The third drought, peaking around 1733 B.C., proved the most severe: it lasted 164 years, reduced annual rainfall by 13%, and affected nearly the entire region. Overall temperatures rose by 0.5 degrees Celsius and rainfall dropped between 10 and 20%. These changes shrank lakes and rivers, dried soils, and made agriculture increasingly difficult in areas away from major waterways. Harappan settlements progressively relocated eastward toward the Indus River over roughly 2,000 years. The civilization's long survival under repeated climate stress -- through crop switching, trade diversification, and settlement relocation -- offers lessons for modern communities facing environmental pressures, the researchers said.

Read more of this story at Slashdot.

The bitter standoff between Dutch chipmaker Nexperia -- which supplies basic chips crucial to 49% of European automakers, over 85% of medical device companies, and the entire defense industry -- and its Chinese parent company Wingtech escalated on Friday when both Wingtech and Nexperia's Chinese unit accused the Dutch business of secretly building a supply chain that would cut China out entirely. The accusations came one day after Nexperia's Dutch headquarters published an open letter claiming it had repeatedly tried and failed to contact its Chinese unit. Nexperia China demanded the Dutch side halt its overseas expansion plans, specifically a $300 million investment in a Malaysian plant, and alleged an internal company target to source 90% of production outside China by mid-2026. The Chinese unit also accused its European counterparts of deleting employee email accounts and cutting off access to IT systems. The dispute traces back to September when the Dutch government invoked a Cold War-era law to seize control of Nexperia on economic security grounds. An Amsterdam court subsequently stripped Wingtech of its ownership rights. Beijing retaliated by halting exports of finished Nexperia chips on October 4, triggering warnings of production shutdowns from automakers including Nissan and Bosch. Export curbs were relaxed in early November, and the Dutch government suspended its intervention last week following talks, but the court ruling remains in force. Wingtech warned that supply disruptions could return if the control issue remains unresolved.

Read more of this story at Slashdot.

Australia warned it's in danger of missing its 2035 climate targets without deeper pollution cuts, which in turn threatens the nation's ambitions to reach net zero by mid-century. From a report: Emissions are set to fall 48% by 2035 from 2005 levels based on current projections [non-paywalled source], the government said in a report on Thursday. That's short of an official pledge to cut greenhouse gases between 62% and 70%. The forecast doesn't take into account new action planned under the nation's Net Zero Plan. Still, the targets remain achievable and officials plan to take additional measures to meet them, Minister for Climate Change and Energy Chris Bowen said in a speech to parliament.

Read more of this story at Slashdot.

Singapore has claimed the top spot in the 2025 Global Talent Competitiveness Index for the first time, displacing Switzerland from a position the European nation had held since the ranking's inception in 2013. The index, produced by business school INSEAD and the Portulans Institute, measured 135 economies across 77 indicators spanning soft skills, AI talent concentration, and formal education systems. The city-state ranked first globally in formal education and what the report calls "Generalist Adaptive Skills," a category covering soft skills, digital literacy, and innovation-oriented thinking. A key factor in Singapore's rise was a seven-place jump in talent retention, moving from 38th to 31st. The United States fell from third place in 2023 to ninth this year, its weakest showing in 12 years, due to declines in openness and lifelong learning metrics. High-income European countries continue to dominate the top ten, holding seven positions.

Read more of this story at Slashdot.

European leaders have spent years warning that the continent risked falling behind the U.S., China and Russia in the global contest for economic, technological and military dominance, and officials now believe they have reached that point. The mood darkened over the summer when Europe found itself on the sidelines as Washington and Beijing negotiated a reset of global trade rules, and turned bleak this month when the White House presented a Ukraine cease-fire plan without consulting European capitals. In July, the EU accepted a trade deal allowing the U.S. to impose 15% tariffs without retaliation. President Trump ignored European calls to pressure Moscow before meeting Vladimir Putin in Alaska in August, telling reporters "this is not to do with Europe, Europe's not telling me what to do." Germany has eased its debt brake to pour $580 billion into a decade-long rearmament program, and the EU has set a 2030 rearmament goal -- defense spending across the region is set to exceed $560 billion this year, double what it was a decade ago. "Battle lines for a new world order, based on power, are being drawn right now," European Commission President Ursula von der Leyen said in September. "A new Europe must emerge."

Read more of this story at Slashdot.

Apple's Podcasts app on both iOS and Mac has been exhibiting strange behavior for months, spontaneously launching and presenting users with obscure religion, spirituality and education podcasts they never subscribed to -- and at least one of these podcasts contains a link attempting a cross-site scripting attack, 404 Media reports. Joseph Cox, a journalist at the outlet, documented the issue after repeatedly finding his Mac had launched the Podcasts app on its own, presenting bizarre podcasts with titles containing garbled code, external URLs to Spotify and Google Play, and in one case, what appears to be XSS attack code embedded directly in the podcast title itself. Patrick Wardle, a macOS security expert and creator of Objective-See, confirmed he could replicate similar behavior: simply visiting a website can trigger the Podcasts app to open and load an attacker-chosen podcast without any user prompt or approval. Wardle said this creates "a very effective delivery mechanism" if a vulnerability exists in the Podcasts app, and the level of probing suggests adversaries are actively evaluating it as a potential target. The XSS-attempting podcast dates from around 2019. A recent review in the app asked "How does Apple allow this attempted XSS attack?" Asked for comment five times by 404 Media, Apple did not respond.

Read more of this story at Slashdot.

Australia's streaming quotas have become law. Legislation requiring the likes of Netflix, Disney+ and HBO Max to spend a portion of their local earnings on original Australian content has been passed in parliament, and now comes into effect. From a report: The quotas were announced earlier this month. This will see global streamers with more than one million Australian subscribers made to spend 10% of their total Australian expenditure -- or 7.5% of their revenues -- on local originals, whether they are dramas, children's shows, docs, or arts and educational programs. Failing to comply with the rules will see streamers fined up to ten times their annual revenues in Australia. This is more than what broadcasters are liable for if they breach their quota rules laws. Streamers will be given three years to get their production operations in line. Streamers have long opposed government-set quotas and content levies, arguing they already meaningfully invest in the production sectors of the countries in which they operate. Producers, in general, have welcomed the systems, but remain wary that they could push streaming services out of their countries.

Read more of this story at Slashdot.

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials....

Crims claim to know which customers are marked 'vulnerable'

British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files....

Project cites fears of state access as cloud sovereignty row deepens

French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy....

Training outfit scrambles to fix all-male lineup before December kickoff

Cybersecurity training provider TryHackMe is scrambling to recruit women infosec pros to help with its Christmas challenge following backlash concerning a lack of gender diversity....

Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule

The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC) chief Ciaran Martin to sniff out how its Budget day forecast wandered onto the open internet before the Chancellor had even reached the dispatch box....

OBR says the scheme will cost £600M a year with no identified savings

The UK government has finally put a £1.8 billion price tag on its digital ID plans – days after the minister responsible refused to name a figure....

Talk about buyer’s remorse

South Korean web giant Naver has had an interesting week, after it acquired a cryptocurrency exchange that the next day revealed it had suffered a serious cyberattack....

ReliaQuest finds fresh crop of phishing domains and toxic tickets

Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest....

ChatGPT maker places other vendors under review following breach

OpenAI says API users may be affected by a recent breach at its former data analytics provider, Mixpanel....

Agency flags hijacks of insecure studio-to-transmitter gear after attackers pipe in fake alerts and vulgar audio

Malicious intruders have hijacked US radio gear to turn emergency broadcast tones into a profanity-laced alarm system....

NCEES explains why licensure matters for engineers and answers your top questions about the FE and PE exams. Source Views: 8

La entrada Thinking About Becoming a Licensed Engineer? Start Here. se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

View our compilation of online stories and resources highlighting the Hispanic community and their contributions to STEM. Source Views: 6

La entrada Celebrate Hispanic Heritage Month With SWE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of cybersecurity, especially in medical devices. As these devices become more and more interconnected and dependent on complex software ecosystems, the potential for exploitation through the supply chain has grown exponentially. One powerful tool […]

La entrada The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s […]

La entrada Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Rob Wright CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Original Post URL: https://www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity Category & Tags: – Views: 5

La entrada French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Riaz Lakhani Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities. Original Post URL: https://www.darkreading.com/cyberattacks-data-breaches/without-federal-help-cyber-defense-cisa Category & Tags: – Views: 9

La entrada Without Federal Help, Cyber Defense Is Up to the Rest of Us – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Gaurav Banga Here’s a scenario security teams increasingly face. A user—or an attacker pretending to be one—types something like: This is how many prompt injection attempts begin. The phrase looks harmless, but it’s a red flag: the user is telling the AI to forget its built‐in rules. What follows is often […]

La entrada Safer Conversational AI for Cybersecurity: The BIX Approach – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Sofia Naer Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057(016). The announcement promised a major disruption to the group’s activities. In this blog, we explore whether Operation Eastwood had any real impact on […]

La entrada Operation Eastwood: Measuring the Real Impact on NoName057(16) – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt Five months after the future of the CVE program was thrown in doubt, CISA this week released a roadmap that calls for steps to take for its new “quality era,” which includes public sponsorship, expanded public-private partnership, and modernization. The post CISA Lays Out Roadmap for CVE Program’s ‘Quality […]

La entrada CISA Lays Out Roadmap for CVE Program’s ‘Quality Era’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Marc Handelman via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Dual Roomba’ appeared first on Security Boulevard. Original Post URL: https://securityboulevard.com/2025/09/randall-munroes-xkcd-dual-roomba/?utm_source=rss&utm_medium=rss&utm_campaign=randall-munroes-xkcd-dual-roomba Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD Views: 8

La entrada Randall Munroe’s XKCD ‘Dual Roomba’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.

Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire

Cronos launches x402 PayTech Hackathon with $42K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools.

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…

Reliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights.

AI meeting assistants have become essential tools for professionals who want fast, accurate, and automated transcription. Yet behind…

New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite.

Cary, North Carolina, USA, 26th November 2025, CyberNewsWire

Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering $237M via their crypto mixer.

Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.

A vulnerability labeled as problematic has been found in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2025-6666. The physical device can be targeted for the attack. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Anjaliavv51 Retro up to 2.4.6. Affected is an unknown function. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-66036. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in xmall 1.1. This impacts an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-65540. The attack can be launched remotely. No exploit exists.

A vulnerability was found in krpano up to 1.23.1. It has been rated as problematic. This affects the function passQueryParameters of the component URL Handler. This manipulation of the argument xml causes cross site scripting. This vulnerability is handled as CVE-2025-65892. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in danny-avila LibreChat up to 0.8.1-rc1. It has been declared as critical. The impacted element is an unknown function of the component OpenAPI Handler. The manipulation results in server-side request forgery. This vulnerability is known as CVE-2025-66201. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in ricardoboss PubNet up to 1.1.2. It has been classified as critical. The affected element is an unknown function of the file /api/storage/upload. The manipulation of the argument author-id leads to missing authorization. This vulnerability is traded as CVE-2025-65112. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in shama willitmerge up to 0.2.1 and classified as critical. Impacted is an unknown function of the component User Control. Executing manipulation can lead to command injection. This vulnerability appears as CVE-2025-66219. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in jvde-github AIS-catcher up to 0.63 and classified as critical. This issue affects the function AIS::Message. Performing manipulation results in incorrect calculation of buffer size. This vulnerability is reported as CVE-2025-66216. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in kiteworks MFT up to 9.0.x. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2025-53897. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Kiteworks MFT up to 9.0.x. This affects an unknown part. This manipulation causes session expiration. This vulnerability is registered as CVE-2025-53896. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

https://security-tracker.debian.org/tracker/DSA-6065-1

https://security-tracker.debian.org/tracker/DSA-6064-1

https://security-tracker.debian.org/tracker/DSA-6063-1

https://security-tracker.debian.org/tracker/DSA-6062-1

https://security-tracker.debian.org/tracker/DSA-6061-1

https://security-tracker.debian.org/tracker/DSA-6060-1

https://security-tracker.debian.org/tracker/DSA-6059-1

https://security-tracker.debian.org/tracker/DSA-6058-1

https://security-tracker.debian.org/tracker/DSA-6057-1

https://security-tracker.debian.org/tracker/DSA-6056-1

The following revisions have been made: 1) In the Security Updates table, corrected the impact entries to Remote Code Execution. 2) The CVSS scores have been updated. These are informational changes only. Customers who have successfully installed the update do not need to take any further action.

Updated information to include CVSS scores. This is an informational change only.

Updated information to include CVSS scores. This is an informational change only.

Updated information to include CVSS scores. This is an informational change only.

Updated acknowledgment.

Updated Security Impact values. This is an informational change only.

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.

Information published.

Corrected security updates table. This is an informational change only.

Mattermost heeft kwetsbaarheden verholpen in versies 11.0.x (tot en met 11.0.3), 10.12.x (tot en met 10.12.1), 10.11.x (tot en met 10.11.4) en 10.5.x (tot en met 10.5.12). De kwetsbaarheden stellen een geauthenticeerde aanvaller in staat om een account over te nemen via een zorgvuldig vervaardigd e-mailadres tijdens het authenticatieproces. Dit vereist specifieke instellingen die geconfigureerd moeten zijn, wat gebruikersaccounts bloot kan stellen aan ongeautoriseerde toegang. Daarnaast kan een geauthenticeerde aanvaller met teamcreatieprivileges de OAuth state token validatie misbruiken om een gebruikersaccount over te nemen door authenticatiegegevens te manipuleren, vooral als e-mailverificatie is uitgeschakeld. Voor deze laatste kwetsbaarheid moet de kwaadwillende beschikken over twee accounts, waarvan er een nog niet eerder ingelogd is geweest. Misbruik is hiermee ingewikkeld te realiseren.

GitLab heeft kwetsbaarheden verholpen in zijn Community Edition (CE) en Enterprise Edition (EE) versies. De kwetsbaarheden omvatten onder andere de mogelijkheid voor niet-geauthenticeerde gebruikers om Denial of Service (DoS) condities te veroorzaken door het indienen van kwaadaardige JSON-verzoeken. Daarnaast konden niet-geauthenticeerde gebruikers zich aansluiten bij willekeurige organisaties door verzoekheaders te wijzigen, wat leidde tot ongeautoriseerde toegang tot organisatorische middelen. Geauthenticeerde gebruikers konden ook ongeautoriseerde toegang krijgen tot gevoelige tokens uit bepaalde logs, wat verdere exploitatie mogelijk maakte. Bovendien konden geauthenticeerde gebruikers met specifieke rechten een Denial of Service-conditie veroorzaken via HTTP-responsverwerking. Tot slot was er een risico op ongeautoriseerde toegang tot beveiligingsrapportinformatie in bepaalde configuraties. Deze kwetsbaarheden vereisten onmiddellijke aandacht van de leverancier om de integriteit en beschikbaarheid van de getroffen systemen te waarborgen.

SonicWall heeft kwetsbaarheden verholpen in SonicWall Email Security appliances. De kwetsbaarheden bevinden zich in de manier waarop SonicWall Email Security appliances omgaan met onbetrouwbare root filesystem images en directory-traversal. Een aanvaller kan deze kwetsbaarheden misbruiken om ongecontroleerde code uit te voeren of ongeautoriseerde toegang te krijgen tot bestanden buiten de aangewezen paden. Dit kan leiden tot ernstige beveiligingsrisico's.

Progress heeft een kwetsbaarheid verholpen in MOVEit Transfer (Specifiek voor versies vóór 2024.1.8 en van 2025.0.0 tot vóór 2025.0.4). De kwetsbaarheid betreft een server-side request forgery (SSRF). Deze kwetsbaarheid stelt aanvallers in staat om ongeautoriseerde verzoeken vanaf de server te verzenden, wat kan leiden tot ongeautoriseerde toegang tot interne bronnen. Dit kan ernstige gevolgen hebben voor de beveiliging van de interne infrastructuur, of mogelijk toegang tot gevoelige gegevens binnen de context van het slachtoffer.

Oracle heeft kwetsbaarheden verholpen in Oracle Fusion Middleware componenten. De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens via HTTP, wat kan leiden tot een gedeeltelijke Denial-of-Service. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores van 7.5, wat wijst op aanzienlijke impact op de beschikbaarheid. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot ongeautoriseerde toegang tot specifieke gegevens, met een CVSS-score van 5.3, wat duidt op een gematigd niveau van vertrouwelijkheidsimpact. Het NCSC ontvangt berichten dat er media-aandacht is voor de kwetsbaarheid met kenmerk CVE-2025-61757. Betrouwbare partners nemen scanverkeer waar, waarin actief gezocht wordt naar mogelijke uitvoer van willekeurige code. De kwetsbaarheid bevindt zich in **Oracle Identity Manager** en betreft een issue waarbij authenticatie kan worden omzeild omdat bestanden eindigend op de extensie `.wadl` vrijgesteld zijn van authenticatie. Zomaar `.wadl` toevoegen als extensie bij een willekeurige URL zal geen effect hebben, omdat dan een niet-bestaand bestand wordt benaderd. Echter, onderzoekers hebben ontdekt dat het toevoegen van een `;` aan de extensie in theorie code-executie mogelijk kan maken. In logging kan worden gezocht naar `;.wadl` als extensie. Dit duidt in elk geval op scanverkeer. Nadere analyse van de logging moet uitwijzen of uitvoer van code heeft plaatsgevonden. Op dit moment is (nog) geen indicatie ontvangen dat uitvoer van willekeurige code daadwerkelijk ergens heeft plaatsgevonden. Het NCSC kan daarom (nog) geen IoC's delen om de eigen logging te analyseren. Het NCSC verwacht vanwege de media-aandacht en de publicatie van de onderzoekers echter wel op korte termijn een toename van scanverkeer en mogelijk werkende Proof-of-Concept-code (PoC) en adviseert de updates zo spoedig mogelijk in te zetten, indien dit (nog) niet is gebeurd.

Arista heeft kwetsbaarheden verholpen in de Arista EOS-platform. De kwetsbaarheden zijn gerelateerd aan de verwerking van verkeerd gevormde berichten, wat kan leiden tot systeemcrashes en Denial-of-Service-omstandigheden. Aanvallers met hoge privileges kunnen deze kwetsbaarheden misbruiken, wat leidt tot ernstige operationele verstoringen. Daarnaast kan het verzenden van willekeurige bytes naar het CVX-systeem de ControllerOob-agent laten herstarten, wat ook kan resulteren in een Denial-of-Service. Bovendien heeft de Arista EOS-platform een kwetsbaarheid die systemen met IPsec beïnvloedt, waardoor de dataplane stopt met het verwerken van al het IPsec-verkeer. Dit kan een systeemreset vereisen, zonder garantie op herstel van de verkeersverwerking. Voor misbruik heeft de kwaadwillende geen authenticatie nodig. Tot slot kan een geauthenticeerde Redis-sessie volledige roottoegang krijgen tot alle servers binnen de CVX-cluster, wat een ernstige bedreiging vormt voor de beveiliging.

Fortinet heeft kwetsbaarheden verholpen in FortiOS (meerdere versies). De kwetsbaarheden omvatten een stack-gebaseerde buffer overflow die aanvallers in staat stelt om ongeautoriseerde code of commando's uit te voeren door speciaal vervaardigde pakketten te verzenden. Een specifieke kwetsbaarheid in de FortiOS CAPWAP-daemon stelt een externe, niet-geauthenticeerde aanvaller op een aangrenzend netwerk in staat om deze pakketten te verzenden, mits de aanvaller controle heeft over een geautoriseerde FortiAP en zich op hetzelfde lokale IP-subnet bevindt. Daarnaast kunnen geauthenticeerde beheerders de trusted host policy omzeilen door op maat gemaakte CLI-commando's uit te voeren, wat kan leiden tot ongeautoriseerde toegang of acties binnen de getroffen omgevingen.

Fortinet heeft een kwetsbaarheid verholpen in FortiWeb. De kwetsbaarheid bevindt zich in de wijze waarop Fortinet FortiWeb omgaat met HTTP-verzoeken en CLI-commando's. Geauthenticeerde aanvallers kunnen deze kwetsbaarheid misbruiken om ongeautoriseerde code uit te voeren via zorgvuldig samengestelde HTTP-verzoeken of CLI-commando's. Fortinet heeft bevestigd dat deze kwetsbaarheid actief wordt misbruikt. Er is (nog) geen publieke Proof-of-Concept-code (PoC) of exploit beschikbaar. Het NCSC verwacht dat PoC of Exploits op korte termijn beschikbaar komen, waarmee het risico op misbruik toeneemt.

Google heeft kwetsbaarheden verholpen in Chrome (Specifiek voor versies vóór 142.0.7444.175). De kwetsbaarheden bevinden zich in de V8-engine van Google Chrome en stelt externe aanvallers in staat om heap-corruptie te exploiteren via speciaal vervaardigde HTML-pagina's, wat kan leiden tot ongeautoriseerde acties, zoals toegang tot gevoelige gegevens of uitvoer van willekeurige code. Google meldt informatie te hebben dat de kwetsbaarheid met kenmerk CVE-2025-13223 actief is misbruikt. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide pagina te bezoeken.

Cisco heeft kwetsbaarheden verholpen in Cisco Unified Contact Center Express (CCX). De kwetsbaarheden bevinden zich in de Java RMI-proces en de Contact Center Express Editor van Cisco Unified CCX. Ongeauthenticeerde aanvallers kunnen deze kwetsbaarheden misbruiken om bestanden te uploaden, commando's uit te voeren met rootrechten en administratieve machtigingen te verkrijgen voor het maken en uitvoeren van scripts. Dit stelt aanvallers in staat om de authenticatiemechanismen te omzeilen en hun privileges te verhogen, wat een ernstige bedreiging vormt voor de integriteit en beveiliging van de getroffen systemen.

De Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV) heeft het Cybersecuritybeeld Nederland 2025 (CSBN) gepubliceerd. Het CSBN schetst een beeld van een digitaal dreigingslandschap dat steeds complexer en onvoorspelbaarder wordt. Cyberaanvallen worden geavanceerder terwijl digitale systemen onderling sterk van elkaar afhankelijk zijn. Deze ontwikkeling vraagt om een brede, proactieve aanpak om digitale weerbaarheid te vergroten. In dit bericht belichten we de belangrijkste aandachtspunten uit het CSBN voor Nederlandse organisaties en bedrijven.

Op dinsdag 18 november organiseerden het NCSC, de NCTV en RDI een webinar over de aankomende Cyberbeveiligingswet voor Cbw-organisaties.

Vandaag heeft het NCSC samen met 27 partijen het convenant samenwerking Cyclotron ondertekend op de ONE Conference. De ondertekenaars zijn een groot aantal private partijen en daarnaast ook de AIVD, MIVD, Politie en het NCTV. De ondertekening is een volgende belangrijke stap in de samenwerking met als doel om het beeld op cyberdreigingen en incidenten te versterken door het structureel delen van informatie, het gezamenlijk analyseren van informatie en het verstrekken van informatie uit die analyses aan belanghebbende organisaties. Hiermee wordt de digitale weerbaarheid van Nederland verhoogd.

Voor kleine bedrijven die een financiële drempel ervaren bij het (laten) uitvoeren van cybermaatregelen, is tijdelijk een subsidie beschikbaar: Mijn Cyberweerbare Zaak. Deze subsidie dekt 50% van de kosten van diverse cybermaatregelen, tot een maximum van € 1.250. Kleinere bedrijven met 1 tot en met 50 medewerkers voor wie cybersecurity vaak niet een kerntaak is, kunnen nu met deze subsidie van het ministerie van Economische Zaken de nodige stappen zetten om hun bedrijf beter te beschermen tegen de toenemende cyberdreigingen en eisen die andere bedrijven in de bedrijfsketen stellen.

De cyberweerbaarheid van Nederland is niet langer op te vangen met losse initiatieven. Deze tijd vraagt om één samenhangend netwerk: het Cyberweerbaarheidsnetwerk, kortweg CWN. In het CWN komen publieke en private organisaties samen. Daar brengen ze hun kennis, expertise en ervaring in om gezamenlijk aan opgaven te werken die bijdragen aan de cyberweerbaarheid van alle organisaties in het Koninkrijk der Nederlanden, en daarmee ook de overzeese gebieden. Want alleen samen worden we weerbaarder.

Recentelijk kwam een wereldwijde malwareinfectie van Windows computers aan het licht dankzij software die gebruikers zelf installeerden. Het NCSC adviseert daarom toegang tot de betreffende C2-domeinen te blokkeren, te controleren op de aanwezigheid van de applicaties “Manualfinder”, “PDF-editor” en varianten daarvan, te controleren op de aanwezigheid van JavaScript bestanden met een op een GUID lijkende naam in de directory /AppData/Local/TEMP en om eindgebruikers er met klem op te wijzen om geen externe, onvertrouwde tools te installeren.

Er zijn nieuwe kwetsbaarheden in Citrix Netscaler ontdekt. Met een eerder gepubliceerd detectiescript van het NCSC kan compromittatie worden gedetecteerd.

Eefje Zents wordt met ingang van 15 september 2025 Chief Relations Officer/directeur Samenwerking Digitale weerbaarheid bij het Nationaal Cyber Security Centrum (NCSC) van het ministerie van Justitie en Veiligheid.

Via deze pagina biedt het NCSC een update op de eerdere berichtgeving. We bieden hierin de publicatie van twee nieuwe checkscripts die voorzien zijn van nieuwe indicators of compromise, aanvullende context waarbij we belichten dat het hier om een geraffineerde aanval gaat waarbij meerdere Nederlandse organisaties succesvol aangevallen zijn. Daarnaast deelt het NCSC aanvullende adviezen in het licht van deze digitale aanval. Hiermee willen we organisaties aansporen en ondersteunen om hun digitale weerbaarheid verder te verhogen en zich op de juiste elementen van digitale veiligheid te richten.

Op deze pagina gaat het NCSC verder in op de recent ontdekte kwetsbaarheden in Microsoft SharePoint Server en bieden we handelingsperspectief in het omgaan met deze kwetsbaarheden.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mattermost Server ausnutzen, um Informationen offenzulegen und einen nicht näher spezifizierten Angriff durchzuführen.

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen im Mattermost Server ausnutzen, um Sicherheitsmaßnahmen zu umgehen und so eine Kontoübernahme durchzuführen.

Ein Angreifer kann mehrere Schwachstellen in Redis ausnutzen, um beliebigen Programmcode auszuführen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuführen, und um Informationen offenzulegen.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xwayland und X.Org X11 ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.

Ein Angreifer kann mehrere Schwachstellen in Mattermost Server und Mobile ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen.

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Redis ausnutzen, um beliebigen Programmcode auszuführen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Dovecot ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen.

Ein Angreifer kann mehrere Schwachstellen in libssh ausnutzen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, und potentiell weitere nicht spezifizierte Auswirkungen zu verursachen.

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und weitere nicht näher spezifizierte Auswirkungen zu erzielen.

De multiples vulnérabilités ont été découvertes dans Liferay. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Une vulnérabilité a été découverte dans Fortinet FortiWeb. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. Fortinet indique que la vulnérabilité CVE-2025-64446 est activement exploitée.

De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Google indique que la vulnérabilité CVE-2025-13223 est activement exploitée.

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerability" in bootstrap files provided by a build and deployment automation tool named "zc.buildout." "The

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie. Some of the

As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators, contractors and third-party vendors now require secure access to critical systems from any location and on any device, without compromising

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization," Ontinue security researcher Rhys Downing said in a report

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under the

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.]com" by only letting scripts from trusted Microsoft domains run. "This update strengthens security and adds an extra

If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch... The very tools that make your job easier might also be the reason your systems are at risk. These tools are run by the community. That means anyone can add or update packages. Some

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not reveal the exact number of customers who were impacted, but its CEO, Chuck Ganapathi, said "we

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." The

The incident occurred in September, and the Japanese firm has now released its full internal investigation results.

The post Asahi Confirms Cyberattack Exposed Data of 1.5M Customers appeared first on TechRepublic.

A new report from Ontinue is raising major concerns about how Microsoft Teams handles cross-tenant collaboration.

The post Microsoft Teams Guest Access Leaves Users Exposed to Attacks appeared first on TechRepublic.

The timing is awful. The breach occurred just hours after its parent company, Dunamu Inc., unveiled a massive $10.3 billion takeover by tech giant Naver Corp.

The post Crypto Exchange Upbit Suffers Security Breach After $10B Deal appeared first on TechRepublic.

While many leaders welcome fresh commitments to AI infrastructure and innovation, others warn about limited investment and a lack of cyber resilience.

The post UK Budget 2025: Reactions From Tech Leaders appeared first on TechRepublic.

Kensington and Chelsea, Westminster, and Hammersmith & Fulham councils have triggered their emergency response plans.

The post Cyberattack Disrupts Services Across London Councils appeared first on TechRepublic.

Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure — a rare APT collaboration.

The post Rare APT Collaboration Emerges Between Russia and North Korea appeared first on TechRepublic.

Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just $34.97 for a limited time.

The post Price Drop: This Complete Ethical Hacking Bundle is Now $33 appeared first on TechRepublic.

A hidden WebAssembly bug in Firefox exposed 180 million users to potential code execution.

The post Critical Firefox Bug Leaves 180M Users Exposed appeared first on TechRepublic.

A cyberattack on fintech firm SitusAMC has major US banks scrambling to assess potential data exposure tied to mortgages and real estate loans.

The post SitusAMC Cyber Breach Sparks Fallout for JPMorgan, Citi, and Morgan Stanley appeared first on TechRepublic.

Learn five easy ways to avoid scams and stay cyber safe while holiday shopping, with expert tips to protect your accounts, devices, and personal info.

The post Shopping Online This Holiday Season? 5 Ways to Stay Cyber Safe appeared first on TechRepublic.

A 44-year-old man was sentenced to seven years and four months in prison for operating an "evil twin" WiFi network to steal the data of unsuspecting travelers at various airports across Australia. [...]

Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional. [...]

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. [...]

The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. [...]

Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement. [...]

GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks. [...]

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]

A new Mirai-based botnet malware named 'ShadowV2' has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities. [...]

The NordVPN Black Friday Deal is now live, and you can get the best discount available: 77% off that applies automatically when you follow our link. If you've been waiting for the right moment to upgrade your online security, privacy, and streaming freedom, this is the one VPN deals this Black Friday. [...]

A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. [...]

The Cybersecurity Coalition, an industry group of almost a dozen vendors, is urging the Trump Administration and Congress now that the government shutdown is over to take a number of steps to strengthen the country's cybersecurity posture as China, Russia, and other foreign adversaries accelerate their attacks.

The post Cybersecurity Coalition to Government: Shutdown is Over, Get to Work appeared first on Security Boulevard.

Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire

The post One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM appeared first on Security Boulevard.

Tel Aviv, Israel, 27th November 2025, CyberNewsWire

The post Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0 appeared first on Security Boulevard.

The FBI says that account takeover scams this year have resulted in 5,100-plus complaints in the U.S. and $262 million in money stolen, and Bitdefender says the combination of the growing number of ATO incidents and risky consumer behavior is creating an increasingly dangerous environment that will let such fraud expand.

The post FBI: Account Takeover Scammers Stole $262 Million this Year appeared first on Security Boulevard.

Session 4B: Audio Security

Authors, Creators & Presenters:

PAPER
VoiceRadar: Voice Deepfake Detection using Micro-Frequency And Compositional Analysis
Recent advancements in synthetic speech generation, including text-to-speech (TTS) and voice conversion (VC) models, allow the generation of convincing synthetic voices, often referred to as audio deepfakes. These deepfakes pose a growing threat as adversaries can use them to impersonate individuals, particularly prominent figures, on social media or bypass voice authentication systems, thus having a broad societal impact. The inability of state-of-the-art verification systems to detect voice deepfakes effectively is alarming. We propose a novel audio deepfake detection method, VoiceRadar, that augments machine learning with physical models to approximate frequency dynamics and oscillations in audio samples. This significantly enhances detection capabilities. VoiceRadar leverages two main physical models: (i) the Doppler effect to understand frequency changes in audio samples and (ii) drumhead vibrations to decompose complex audio signals into component frequencies. VoiceRadar identifies subtle variations, or micro-frequencies, in the audio signals by applying these models. These micro-frequencies are aggregated to compute the observed frequency, capturing the unique signature of the audio. This observed frequency is integrated into the machine learning algorithm's loss function, enabling the algorithm to recognize distinct patterns that differentiate human-produced audio from AI-generated audio. We constructed a new diverse dataset to comprehensively evaluate VoiceRadar, featuring samples from leading TTS and VC models. Our results demonstrate that VoiceRadar outperforms existing methods in accurately identifying AI-generated audio samples, showcasing its potential as a robust tool for audio deepfake detection.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – VoiceRadar: Voice Deepfake Detection Using Micro-Frequency And Compositional Analysis appeared first on Security Boulevard.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Heart Mountain’ appeared first on Security Boulevard.

According to the Thales Consumer Digital Trust Index 2025, global confidence in digital services is slipping fast. After surveying more than 14,000 consumers across 15 countries, the findings are clear: no sector earned high trust ratings from even half its users. Most industries are seeing trust erode — or, at best, stagnate. In an era..

The post The Trust Crisis: Why Digital Services Are Losing Consumer Confidence appeared first on Security Boulevard.

Peak e-commerce season hits retailers every year just as the Halloween decorations start to come down. Unsurprisingly, cyber criminals see this time as an opportunity to strike, and criminal activity online spikes alongside sales. Shockingly, 4.6% of attempted e-commerce transactions during the 2024 Black Friday period were suspected to be digital fraud. In the UK..

The post How to Protect from Online Fraud This Holiday Season appeared first on Security Boulevard.

3 min readAs AI platforms grow more complex and interdependent, small failures can cast long shadows. That’s what happened inside the open-source CrewAI platform, where a vulnerability in its error-handling logic surfaced during a provisioning failure. The resulting “exception response” – the message a service returns when it encounters an unhandled error during a request – contained [...]

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Aembit.

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Security Boulevard.

The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor.

The post Russian-Backed Threat Group Uses SocGholish to Target U.S. Company appeared first on Security Boulevard.

Topic: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Risk: High Text:# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 # Author: nu11secur1ty # Date: 11/17/2025 # Vendor: https://www...

Topic: Royal Elementor Addons - Unauthenticated Remote Code Execution Risk: High Text:#!/usr/bin/env python3 # Title Royal Elementor Addons - Unauthenticated Remote Code Execution CVE-2023-5360 # Author @ibrahim...

Topic: Oracle WebLogic Server and allows remote code execution Risk: Medium Text:# CVE-2025-61757 -- Proof‐of‐Concept (Private) `NOT` (Public) **Author:** nu11secur1ty **Status:** *Confirmed exploitab...

Topic: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Risk: Medium Text:# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 # Author: nu11secur1ty # Date: 11/17/2025 # Vendor: https://www...

Topic: Fortinet FortiWeb Auth. Bypass Risk: High Text:# Titles: Fortinet FortiWeb Auth. Bypass CVE-2025-64446 # Author: nu11secur1ty # Date: 11/15/2025 # Vendor: https://www.fort...

Topic: Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion Risk: Medium Text:#!/usr/bin/env python3 # # # Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion # # # Vendor: Logitech | General...

Topic: is-localhost-ip 2.0.0 - SSRF via Restrictions bypass Risk: Medium Text:# Titles: is-localhost-ip 2.0.0 - SSRF via Restrictions bypass # Author: nu11secur1ty # Date: 11/09/2025 # Vendor: https://g...

Topic: moew.government.bg Cross-site scripting (reflected) Risk: Low Text:## Titles: moew.government.bg Cross-site scripting (reflected) ## Author: nu11secur1ty ## Date: 11/10/2025 ## Vendor: https...

Topic: hop.bg | web app | Cross-site scripting (reflected) Risk: Low Text:## Titles: hop.bg | web app | Cross-site scripting (reflected) ## Author: nu11secur1ty ## Date: 11/03/2025 ## Vendor: https...

Topic: 3kits template via imgGallery.php SQL Injection id parameter Risk: Medium Text:#Exploit Title: 3kits - Sql Injection #Google Dork: "Designed & Developed by 3kits" #Date: 2025-11-02 #Exploit Author: Hosse...

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user's network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers.

In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic.

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses patched today affect all versions of Windows, including Windows 10.

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.

The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru's overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company's domain name system (DNS) service.

A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus."

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I gave up on the IoT water meter reader. Being technical and thinking you can solve everything with technology is both a blessing and a curse; dogged persistence has given me the life I have today, but it has also burned serious amounts of time because I never want to

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

This week, it was an absolute privilege to be at Europol in The Hague, speaking about cyber offenders and at the InterCOP conference and spending time with some of the folks involved in the Operation Endgame actions. The latter in particular gave me a new sense of just how much

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

What. A. Week. It wasn't just the preceding weeks of technical pain as we tried to work out how to get this data loaded, it was all the subsequent queries we had to deal with too. Some of them are totally understandable, whilst others just resulted in endless

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I hate hyperbolic news headlines about data breaches, but for the "2 Billion Email Addresses" headline to be hyperbolic, it'd need to be exaggerated or overstated - and it isn't. It's rounded up from the more precise number of 1,957,476,

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

The 2 billion email address stealer log breach I talk about this week is almost ready to go at the time of writing. It's been massively time-consuming, massively expensive (we turned the cloud up to 11) and enormously frustrating. I've written about why in the draft

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Tracking down bugs in software is a pain that all of us who write code must bear. When we're talking about outright errors in a web page, you typically have something to get you started (such as output in the console), but that wasn't the case

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to victims and frustratingly noisy to process. I have to be confident enough that it&

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Where is your data on the internet? I mean, outside the places you've consciously provided it, where has it now flowed to and is being used and abused in ways you've never expected? The truth is that once the bad guys have your data, it often

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

You're not going to believe this - the criminals that took the Qantas data ignored the injunction 😮 I know, I know, we're all a bit stunned that making crime illegal hasn't appeared to stop it, but here we are. Just before the time

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

This week's video was recorded on Friday morning Aussie time, and as promised, hackers dumped data the following day. Listening back to parts of the video as I write this on a Sunday morning, pretty much what was predicted happened: data was dumped, it included Qantas, and the

A meter-long flying neon squid (Ommastrephes bartramii) was found dead on an Israeli beach. The species is rare in the Mediterranean.

In a new paper, “Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the models:

Abstract: We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across 25 frontier proprietary and open-weight models, curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90%. Mapping prompts to MLCommons and EU CoP risk taxonomies shows that poetic attacks transfer across CBRN, manipulation, cyber-offence, and loss-of-control domains. Converting 1,200 ML-Commons harmful prompts into verse via a standardized meta-prompt produced ASRs up to 18 times higher than their prose baselines. Outputs are evaluated using an ensemble of 3 open-weight LLM judges, whose binary safety assessments were validated on a stratified human-labeled subset. Poetic framing achieved an average jailbreak success rate of 62% for hand-crafted poems and approximately 43% for meta-prompt conversions (compared to non-poetic baselines), substantially outperforming non-poetic baselines and revealing a systematic vulnerability across model families and safety training approaches. These findings demonstrate that stylistic variation alone can circumvent contemporary safety mechanisms, suggesting fundamental limitations in current alignment methods and evaluation protocols...

This quote is from House of Huawei: The Secret History of China’s Most Powerful Company.

“Long before anyone had heard of Ren Zhengfei or Huawei, Wan Runnan had been China’s star entrepreneur in the 1980s, with his company, the Stone Group, touted as “China’s IBM.” Wan had believed that economic change could lead to political change. He had thrown his support behind the pro-democracy protesters in 1989. As a result, he had to flee to France, with an arrest warrant hanging over his head. He was never able to return home. Now, decades later and in failing health in Paris, Wan recalled something that had happened one day in the late 1980s, when he was still living in Beijing...

Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from AI, but there are also opportunities.

We have just published the book Rewiring Democracy: How AI will Transform Politics, Government, and Citizenship. In it, we take a clear-eyed view of how AI is undermining confidence in our information ecosystem, how the use of biased AI can harm constituents of democracies and how elected officials with authoritarian tendencies can use it to consolidate power. But we also give positive examples of how AI is transforming democratic governance and politics for the better...

The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”) and Eurocrypt since the 1980s—had to nullify an online election when trustee Moti Yung lost his decryption key.

For this election and in accordance with the bylaws of the IACR, the three members of the IACR 2025 Election Committee acted as independent trustees, each holding a portion of the cryptographic key material required to jointly decrypt the results. This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares...

I did not know Adidas sold a sneaker called “Squid.”

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

It’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good.

Some of the book’s forty-three chapters are available online: chapters 2, 12, 28, 34, 38, and 41.

We need more reviews—six on Amazon is not enough, and no one has yet posted a viral TikTok review. One review was published in Nature and another on the RSA Conference website, but more would be better. If you’ve read the book, please leave a review somewhere.

My coauthor and I have been doing all sort of book events, both online and in person. This ...

From Anthropic:

In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves.

The threat actor—­whom we assess with high confidence was a Chinese state-sponsored group—­manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention...

Google has filed a complaint in court that details the scam:

In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card numbers, or banking information, often by impersonating well-known brands, government agencies, or even people the victim knows.”

These branded “Lighthouse” kits offer two versions of software, depending on whether bad actors want to launch SMS and e-commerce scams. “Members may subscribe to weekly, monthly, seasonal, annual, or permanent licenses,” Google alleged. Kits include “hundreds of templates for fake websites, domain set-up tools for those fake websites, and other features designed to dupe victims into believing they are entering sensitive information on a legitimate website.”...

Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.

Thirty years ago, a debate raged over whether vulnerability disclosure was good for computer security. On one side, full disclosure advocates argued that software bugs weren’t getting fixed and wouldn’t get fixed if companies that made insecure software wasn’t called out publicly. On the other side, companies argued that full disclosure led to exploitation of unpatched vulnerabilities, especially if they were hard to fix. After blog posts, public debates, and countless mailing list flame wars, there emerged a compromise solution: coordinated vulnerability disclosure, where vulnerabilities were disclosed after a period of confidentiality where vendors can attempt to fix things. Although full disclosure fell out of fashion, disclosure won and security through obscurity lost. We’ve lived happily ever after since...

The French Soccer Federation (FFF) disclosed a data breach after hackers used a compromised account to steal member data. A compromised account allowed attackers to breach the French Soccer Federation (FFF), stealing data belonging to its members. The organization confirmed the cyberattack on Thursday, but did not disclose the number of members impacted. “The FFF […]

Users of JSONFormatter and CodeBeautify leaked thousands of sensitive secrets, including credentials and private keys, WatchTowr warns. WatchTowr’s latest research reveals massive leaks of passwords, secrets, and keys across developer formatting platforms like JSONFormatter and CodeBeautify. Despite past incidents, exposed credentials remain rampant, sometimes even for critical systems. WatchTowr researchers highlight how easily sensitive data […]

ShadowV2, a new Mirai-based botnet, briefly targeted vulnerable IoT devices during October’s AWS outage, likely as a test run. During the late-October AWS disruption, FortiGuard Labs researchers observed the Mirai-based ‘ShadowV2’ malware exploiting IoT vulnerabilities across multiple countries and industries. The botnet was active only during the outage, suggesting a test run for future attacks. […]

Asahi says hackers stole data of approximately 2M customers and employees before a ransomware attack crippled its Japan operations. Threat actors hit Asahi with a ransomware attack in September, stealing personal data on about 2 million customers and employees and severely disrupting the company’s operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is […]

OpenAI warns some users that a cyberattack on analytics firm Mixpanel may have exposed their data. Mixpanel is a product analytics platform that companies use to understand how people interact with their apps or websites. Many tech companies use Mixpanel to make data-driven decisions about features, performance, and customer journeys. OpenAI is alerting some users about […]

ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities, including a critical authentication bypass, tracked as CVE-2025-59366 (CVSS score of 9.2), affecting routers with AiCloud enabled. “Researchers have reported potential vulnerabilities in ASUS Router. ASUS has […]

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time […]

Multiple London councils, including Chelsea and Westminster, faced a cyberattack that may have exposed resident data. Authorities are actively investigating the incident. A cyberattack struck multiple London councils, including Kensington & Chelsea and Westminster, which share IT systems. Officials say residents’ data may have been compromised and have notified the UK Information Commissioner’s Office. The […]

Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies. A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification services used by U.S. state and local governments, police, and fire agencies. OnSolve CodeRED is a cloud-based emergency alert system used by U.S. state and local governments to […]

The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and personal security remains under constant threat from increasingly sophisticated attack vectors, with malspam continuing to represent one of the most widespread and effective initial infection vectors for distributing malware on a large […]

Join the early access program for this new product.

At the Autonomous University of Yucatán (UADY), technology has long been central to supporting academic excellence. As the university expanded to serve more than 20,000 students across five campuses, its IT team faced increasing pressure on an aging cybersecurity infrastructure. Manual patching, limited firmware support, and rising costs made it harder to defend against evolving […]

Expanding customer choice and bringing Sophos Central closer to customers and partners across the Middle East.

Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence

Tips to better protect your network over extended breaks.

From certified MDR services to open threat intelligence frameworks, Sophos is delivering the clarity, context, and confidence organizations need to stay ahead of evolving threats.

“From logging in and connecting to Entra ID to seeing our first actionable findings — it took less than 45 minutes."

Credential theft isn’t just an inconvenience. It’s often the first move in a chain reaction that ends in full-scale compromise. Beyond the dreaded password reset process, information stealers, as shown in several recent cyberattacks, can have far more consequential follow-on effects. For many small and mid-sized organizations, a single stolen identity can lead to […]

A milestone that reflects our constant progress in email security.

As higher education institutions come under fire from threat actors, 24/7 vigilance is key