Daily CyberSecurity •

Australia Joins US, Slaps Sanctions on North Korean Cybercriminals for Funding WMD Programs

North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Cybercriminals

Australia Joins US, Slaps Sanctions on North Korean Cybercriminals for Funding WMD Programs

November 11, 2025

Telegram-Powered Phishing Campaign Targets European Businesses Using HTML Attachments to Steal Credentials

Cybercriminals

Telegram-Powered Phishing Campaign Targets European Businesses Using HTML Attachments to Steal Credentials

November 11, 2025

MSP Nightmare: Medusa & DragonForce Exploit SimpleHelp RMM Flaws for SYSTEM Access

RMM Ransomware

Cybercriminals

MSP Nightmare: Medusa & DragonForce Exploit SimpleHelp RMM Flaws for SYSTEM Access

November 10, 2025

US Treasury Sanctions 8 North Koreans and 2 Banks for Laundering Crypto to Fund WMD Programs

DPRK Sanctions, Crypto Money Laundering

Cybercriminals

US Treasury Sanctions 8 North Koreans and 2 Banks for Laundering Crypto to Fund WMD Programs

November 7, 2025

Malware Disguised as SteamCleaner Uses Valid Signature to Inject Node.js RCE Backdoor

steam

Malware

Malware Disguised as SteamCleaner Uses Valid Signature to Inject Node.js RCE Backdoor

November 13, 2025

Legacy Malware Resurfaces: DarkComet RAT Uses Bitcoin Wallet Lure to Deploy UPX-Packed Payload

DarkComet Bitcoin Lure, Legacy RAT

Malware

Legacy Malware Resurfaces: DarkComet RAT Uses Bitcoin Wallet Lure to Deploy UPX-Packed Payload

November 13, 2025

Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover

PatoRAT RMM Abuse, LogMeIn Hijacking

Malware

Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover

November 13, 2025

North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices

AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices

November 11, 2025

Laid-Off Intel Engineer Allegedly Stole 18,000 Confidential Files Before Disappearing

Intel Layoff Data Theft Jinfeng Luo Intel leadership change Intel SoftBank Intel Foundry, Semiconductor Market Intel Arrow Lake Refresh, Copilot+ PC Intel GPU Performance, Security Mitigations Mitigation Downfall Vulnerability

Data Leak

Laid-Off Intel Engineer Allegedly Stole 18,000 Confidential Files Before Disappearing

November 10, 2025

The Vanishing Act: Apple Forces GitHub to Delete 8,270 Repositories of Leaked App Store Code

Apple DMCA, App Store Source Code

Data Leak

The Vanishing Act: Apple Forces GitHub to Delete 8,270 Repositories of Leaked App Store Code

November 6, 2025

Dev Oversight: Apple Accidentally Leaked Entire App Store Web Source Code via SourceMap

App Store Source Code, SourceMap Leak

Data Leak

Dev Oversight: Apple Accidentally Leaked Entire App Store Web Source Code via SourceMap

November 5, 2025

Privacy Win: Firefox Mandates Clear Data Collection Disclosure for All Extensions

Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Data Leak

Privacy Win: Firefox Mandates Clear Data Collection Disclosure for All Extensions

October 28, 2025

No More Separate Passkeys: Windows 11 Adds API for Password Manager Integration Windows 11 Passkey API Password Manager Integration

Windows 11 Passkey API Password Manager Integration

No More Separate Passkeys: Windows 11 Adds API for Password Manager Integration

Ddos November 13, 2025

Seagate Exos 4U100 Unveiled: 3.2 PB Storage Density for AI and Edge Data Centers Seagate Exos 4U100 3.2 PB Storage Density

Seagate Exos 4U100 3.2 PB Storage Density

Seagate Exos 4U100 Unveiled: 3.2 PB Storage Density for AI and Edge Data Centers

Ddos November 13, 2025

Android Sideloading Crackdown: Google to Verify All Apps, But Promises Power-User Bypass Android Sideloading Verification Advanced Sideloading Android AI Scam Defense, iOS Scam Comparison

Android Sideloading Verification Advanced Sideloading Android AI Scam Defense, iOS Scam Comparison

Android Sideloading Crackdown: Google to Verify All Apps, But Promises Power-User Bypass

Ddos November 13, 2025

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking

Ddos November 13, 2025

Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation

Ddos November 13, 2025

ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year 251022_1762913325JHuqptvpKg

251022_1762913325JHuqptvpKg

ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year

cybernewswire November 13, 2025

Singapore, Singapore, 13th November 2025, CyberNewsWire

Google Launches Private AI Compute for Pixel 10, Blending Cloud Power with On-Device Privacy Private AI Compute, Gemini Cloud Privacy

Private AI Compute, Gemini Cloud Privacy

Google Launches Private AI Compute for Pixel 10, Blending Cloud Power with On-Device Privacy

Ddos November 13, 2025

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions

Ddos November 13, 2025

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution Wolfram Cloud RCE, Multi-Tenant JVM

Wolfram Cloud RCE, Multi-Tenant JVM

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution

Ddos November 13, 2025

How to Stop Incidents Early: Plan for CISOs image-9-2048x1135

image-9-2048x1135

How to Stop Incidents Early: Plan for CISOs

Ddos November 13, 2025

Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts Open WebUI XSS RCE, Prompt Injection

Open WebUI XSS RCE, Prompt Injection

Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts

Ddos November 13, 2025

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121) Lite XL RCE, Lua Autoloading

Lite XL RCE, Lua Autoloading

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121)

Ddos November 13, 2025

Chrome Emergency Fix: High-Severity V8 Flaw (CVE-2025-13042) Risks Remote Code Execution

Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome Emergency Fix: High-Severity V8 Flaw (CVE-2025-13042) Risks Remote Code Execution

Ddos November 12, 2025

Broadcom & CAMB.AI Developing AI Chip for Real-Time On-Device Dubbing Broadcom CAMB.AI Chip Real-Time On-Device Dubbing

Broadcom CAMB.AI Chip Real-Time On-Device Dubbing

Broadcom & CAMB.AI Developing AI Chip for Real-Time On-Device Dubbing

Ddos November 12, 2025

Apache OpenOffice Fixes 7 Flaws: Memory Corruption and Unprompted Remote Content Loading CVE-2022-47502 OpenOffice Auth Bypass, Memory Corruption

CVE-2022-47502 OpenOffice Auth Bypass, Memory Corruption

Apache OpenOffice Fixes 7 Flaws: Memory Corruption and Unprompted Remote Content Loading

Ddos November 12, 2025

Critical Apache OFBiz Flaw (CVE-2025-59118) Allows Remote Command Execution via Unrestricted File Upload Apache OFBiz RCE, Unrestricted File Upload CVE-2024-47208 and CVE-2024-48962

Apache OFBiz RCE, Unrestricted File Upload CVE-2024-47208 and CVE-2024-48962

Critical Apache OFBiz Flaw (CVE-2025-59118) Allows Remote Command Execution via Unrestricted File Upload

Ddos November 12, 2025

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation

Ddos November 12, 2025

Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3) Milvus Auth Bypass, Vector Database Flaw

Milvus Auth Bypass, Vector Database Flaw

Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3)

Ddos November 12, 2025

Rockwell Automation Fixes Critical Privilege Escalation Flaw in Verve Asset Manager (CVE-2025-11862, CVSS 9.9) Verve Asset Manager API OT Privilege Escalation Rockwell NAT Router, Critical Auth Bypass Rockwell ICS Privilege Escalation, MSI Repair Attack CVE-2025-7353 Critical vulnerability, industrial control systems Rockwell vulnerability, ICS security Rockwell Arena, Memory Abuse Rockwell Automation, RCE Vulnerability CVE-2025-24479 and CVE-2025-24480 - CVE-2025-0477

Verve Asset Manager API OT Privilege Escalation Rockwell NAT Router, Critical Auth Bypass Rockwell ICS Privilege Escalation, MSI Repair Attack CVE-2025-7353 Critical vulnerability, industrial control systems Rockwell vulnerability, ICS security Rockwell Arena, Memory Abuse Rockwell Automation, RCE Vulnerability CVE-2025-24479 and CVE-2025-24480 - CVE-2025-0477

Rockwell Automation Fixes Critical Privilege Escalation Flaw in Verve Asset Manager (CVE-2025-11862, CVSS 9.9)

Ddos November 12, 2025

Meta Open-Sources Omnilingual ASR: State-of-the-Art Speech Recognition for 1,600+ Languages Omnilingual ASR 1600 Languages Meta $600B Investment, AI Data Centers Meta AI strategy, Llama models Meta AI Glasses, Smart Glasses

Omnilingual ASR 1600 Languages Meta $600B Investment, AI Data Centers Meta AI strategy, Llama models Meta AI Glasses, Smart Glasses

Meta Open-Sources Omnilingual ASR: State-of-the-Art Speech Recognition for 1,600+ Languages

Ddos November 12, 2025