CISOs Get Real About Hiring in the Age of AI – Dark Reading
Dark Reading Confidential Episode 12: Experts help cyber job seekers get noticed, make an argument for a need to return to the hacker ethos of a bygone era, and have…
2025
Chinese APT Infects Routers to Hijack Software Updates – Dark Reading
A unique take on the software update gambit has allowed “PlushDaemon” to evade attention as it mostly targets Chinese organizations. – Read More
Same Old Security Problems: Cyber Training Still Fails Miserably – Dark Reading
Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and…
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment – CSO Online
Only days after Fortinet was criticized by researchers for ‘silently’ patching a zero-day vulnerability without informing its customers, it has emerged that it did the same for a second zero-day…
Mozilla Says It’s Finally Done With Two-Faced Onerep – Krebs on Security
In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from…
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet – The Hacker News
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating…
‘Matrix Push’ C2 Tool Hijacks Browser Notifications for Phishing – Dark Reading
Have you ever given two seconds of thought to a browser notification? No? That’s what hackers are counting on. – Read More
A year of remastering: how Landmark raised the bar for environmental due diligence – Legal Futures
Landmark Information has launched its remastered residential environmental search reports, a milestone that marked the start of a strategy to enhance how environmental risk information is delivered. The post A…
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows – The Hacker News
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that’s targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a…
Data page – November 2025 – Law Gazette – Features
The latest data page figures, compiled by Moneyfacts, are now available. – Read More
WhatsApp ‘Eternidade’ Trojan Self-Propagates Through Brazil – Dark Reading
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks. – Read More
API-Exploit für AI-Browser Comet entdeckt – CSO Online
Sicherheitsforscher haben einen API-Exploit für den KI-Browser Comet offengelegt. Fajri Mulia Hidayat – shutterstock.com Der Security-Anbieter SquareX hat eine bisher nicht dokumentierte API innerhalb des KI-Browsers Comet offengelegt. Damit können…
3 ways CISOs can win over their boards this budget season – CSO Online
As the year comes to a close, CISOs are already deep into building next year’s cybersecurity budget. That’s a difficult task in itself — yet the most challenging part of…
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves – The Hacker News
This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, spies at work, and big power moves…
China‑linked PlushDaemon hijacks DNS via ‘EdgeStepper’ to weaponize software updates – CSO Online
PlushDaemon, a China-linked APT group, has been deploying a previously undocumented network implant dubbed EdgeStepper to hijack DNS traffic on compromised network devices. According to findings disclosed by ESET researchers,…