495/68 Friday, November 28, 2025 A new report from the Google Threat Intelligence Group (GTIG) reveals emerging techniques used by threat actors who are experimenting with embedding large language models (LLMs)-such as Google Gemini and Hugging Face models-directly into malware. The goal is to enable malware to rewrite its own code or generate new attack […]
494/68 Thursday, November 27, 2025 Security researchers from AISLE have disclosed a severe vulnerability, tracked as CVE-2025-13016, found in the WebAssembly (Wasm) component of the Firefox web browser. The flaw remained undetected for more than six months and stems from a single-line error in Firefox’s Garbage Collection (GC) code. The issue leads to a stack […]
493/68 Thursday, November 27, 2025 Delta Dental of Virginia (DDVA), a major dental insurance provider in the state of Virginia, has disclosed a data breach that resulted in unauthorized access to the personal information of approximately 145,918 customers. The incident stemmed from a compromised employee email account, which allowed attackers to access certain personal data, […]
492/68 Thursday, November 27, 2025 The U.S. Federal Bureau of Investigation (FBI) has issued an urgent public warning following a sharp rise in Account Takeover (ATO) fraud. Since January 2025, cybercriminals have caused more than $262 million in financial losses, with the Internet Crime Complaint Center (IC3) receiving over 5,100 reports. Victims include individuals, businesses, […]
491/68 Wednesday, November 26, 2025 Cybercriminals are spreading the StealC V2 information-stealing malware through malicious Blender model files uploaded to 3D asset marketplaces such as CGTrader. The attackers exploit Blender’s ability to automatically run Python scripts (Auto Run), allowing malicious code to execute immediately when a user opens a .blend file. Many users enable this […]
490/68 Wednesday, November 26, 2025 Harvard University has disclosed a data breach affecting its Alumni Affairs and Development (AAD) system, which was compromised through a voice phishing (vishing) attack. The incident allowed unauthorized access to personal information of alumni, donors, students, staff, and related individuals. The breach was detected on November 18, 2025, and Harvard […]
489/68 Wednesday, November 26, 2025 A new and more sophisticated wave of ClickFix cyberattacks has been detected, leveraging highly convincing full-screen browser windows that mimic authentic Windows Update animations or authentication prompts. These fake screens are used to socially engineer victims into following instructions that ultimately execute malicious commands silently copied into the clipboard and […]
488/68 Tuesday, November 25, 2025 SonicWall has issued a security advisory regarding a high-severity buffer overflow vulnerability in the SonicOS SSLVPN service, identified as CVE-2025-40601 (CVSS 7.5). The flaw allows unauthenticated remote attackers to trigger a Denial-of-Service (DoS) condition, causing Gen7 and Gen8 firewalls to reboot or stop functioning. The vulnerability affects only devices with […]
487/68 Tuesday, November 25, 2025 Spanish airline Iberia has issued a customer alert regarding a data breach after a third-party service provider linked to the airline’s systems was hacked, resulting in unauthorized access to certain customer information. The attackers claim to possess up to 77 GB of data related to the airline. As Spain’s flag […]
486/68 Tuesday, November 25, 2025 Cybersecurity researchers from ThreatFabric have announced the discovery of a new and highly sophisticated Android malware variant named “Sturnus” on November 20, 2025. It is classified as a high-risk threat due to its advanced capabilities, which surpass those of typical malware. The most alarming feature is its ability to completely […]
