Cybersecurity Articles

481/68 Friday, November 21, 2025 NHS England Digital has issued an alert regarding a security vulnerability in the 7-Zip file archiving software, identified as CVE-2025-11001 (CVSS 7.0), which is now being actively exploited. The flaw allows attackers to execute arbitrary code remotely (RCE). The 7-Zip development team has already released a fix in version 25.00, […]

480/68 Friday, November 21, 2025 A recent report from Push Security reveals that the Phishing-as-a-Service (PhaaS) toolkit known as Sneaky2FA has enhanced its capabilities by integrating Browser-in-the-Browser (BitB) techniques. This upgrade allows attackers to steal Microsoft 365 login credentials and session tokens with a high degree of realism. The BitB method enables the toolkit to […]

479/68 Thursday, November 20, 2025 Google has released an emergency security update to patch a Zero-Day vulnerability in Chrome that has been actively exploited. The flaw, tracked as CVE-2025-13223, is rated High Severity and stems from a Type Confusion bug in the V8 JavaScript engine. The issue was discovered by Clement Lecigne of Google’s Threat […]

478/68 Thursday, November 20, 2025 Microsoft has revealed that Azure DDoS Protection successfully detected and mitigated a massive Distributed Denial-of-Service (DDoS) attack on October 24, 2025. The attack reached a peak volume of 15.72 Tbps and 3.64 billion packets per second (pps), making it the largest cloud-based DDoS attack ever recorded. The target was a […]

477/68 Thursday, November 20, 2025 Cybersecurity experts are closely monitoring the rapid spread of RondoDox, a large-scale botnet now exploiting a critical vulnerability in the XWiki platform. The flaw, tracked as CVE-2025-24893, is a Remote Code Execution (RCE) vulnerability that allows attackers to execute arbitrary malicious code on vulnerable systems. The U.S. Cybersecurity and Infrastructure […]

476/68 Wednesday, November 19, 2025 The Everest ransomware group claims to have breached the systems of Under Armour, Inc., a major U.S. sportswear company, stealing over 343 GB of internal corporate data, including personal information belonging to millions of customers across multiple countries. The attackers published sample data on their Dark Web site to prove […]

475/68 Wednesday, November 19, 2025 DoorDash, the major U.S. food-delivery platform, has disclosed a data breach affecting customers, delivery drivers (Dashers), and merchants after one of its employees fell victim to a social engineering attack, allowing unauthorized actors to access personal information. The incident was discovered on October 25, 2025, and DoorDash has begun notifying […]

474/68 Wednesday, November 19, 2025 On November 18, 2025, internet users around the world were unable to access numerous websites and applications due to a major outage at Cloudflare-one of the world’s largest internet infrastructure providers, handling roughly 20% of global internet traffic. Dane Knecht, Cloudflare’s Chief Technology Officer (CTO), explained that the incident stemmed […]

473/68 Tuesday, November 18, 2025 Google is preparing to enforce stricter Play Store policies targeting Android apps that run excessively in the background and drain battery life, using a new metric called “Excessive Partial Wake Locks,” developed in collaboration with Samsung. Apps that exhibit such behavior may face reduced visibility in Play Store recommendations or […]

472/68 Tuesday, November 18, 2025 The American Israel Public Affairs Committee (AIPAC) has disclosed a data breach resulting from unauthorized access to systems belonging to an external third-party company. The organization reported the incident to the Attorney General’s Office on November 14, 2025. According to the disclosure, the breach affected 810 individuals, with unauthorized access […]