Latest news 20/11/2025 22:37
Black Friday is a week away, but Amazon's Black Friday sale kicked off today. These are my favorite deals so far, like Govee outdoor lights for $200.
Black Friday is a week away, but Amazon's Black Friday sale kicked off today. These are my favorite deals so far, like Govee outdoor lights for $200.
Tuxedo Computers' Infinity Book Pro 14 is a sleek laptop with Linux preinstalled. But its performance is backed up by some smart design choices.
Stop sharing your AirPods when you can directly share your audio instead. Here's how to pair two sets to one device.
OpenAI's new feature enables up to 20 users to collaborate with the chatbot in a single, shared conversation.
Black Friday is just over a week away, and I'm tracking great deals on TVs and home theater equipment from Samsung, Sony, and more live.
Amazon's Kindle Scribe earned our Editor's Choice award for its excellent note-taking features and ease of use. Right now, it's on sale.
Pebblebee's Clip 5 finder tag attaches to a keyring, works with iOS and Android, and gets loud.
A few taps and a swipe are all it takes to make your Android phone run in double time - sort of.
The original Nano Banana generator went viral, and this one is even better. See what changed - and how to try it for free.
Remember when social media was fun and exciting?
A unique take on the software update gambit has allowed "PlushDaemon" to evade attention as it mostly targets Chinese organizations.
Have you ever given two seconds of thought to a browser notification? No? That's what hackers bent on phishing are counting on.
Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and phishing attacks.
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks.
A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.
When international corporations have to balance competing cyber laws from different countries, the result is fragmented, potentially vulnerable systems.
Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks.
Initially though to be a DDoS attack, the incident was actually due to a routine change in permissions that caused widespread software failure.
In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mo...
Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva. [...]
A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. [...]
Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. [...]
American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. [...]
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. [...]
Windows 11 migration is inevitable as Windows 10 support ends, and unsupported systems create major security and ransomware risks. Acronis explains how to use this migration to review backups, strengthen cybersecurity, and ensure data stays recoverable. [...]
Photocall, a TV piracy streaming platform with over 26 million users annually, has ceased operations following a joint investigation by the Alliance for Creativity and Entertainment (ACE) and DAZN. [...]
The founders of the Samourai Wallet (Samourai) cryptocurrency mixing service have been sent to prison for helping criminals launder over $237 million. [...]
A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. [...]
OpenAI has started rolling out GPT 5.1-Codex-Max on Codex with a better performance on coding tasks. [...]
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024. The attack, at its core,
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky researcher Lisandro Ubiedo said in an analysis published today. There are currently no details on how the botnet malware is propagated;
This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used to attack people. Every day, there's a new story that shows how quickly things are
CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp’s familiar web interface, using social engineering tactics to trick users into compromising their accounts. Investigators identified thousands of malicious URLs
Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its ability to bypass encrypted messaging," ThreatFabric said in a report shared with The Hacker News. "By capturing content directly from the device screen after decryption, Sturnus can monitor
Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare are increasingly blurring, necessitating the need for a new category of warfare, the tech giant's
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote access and control, per a new report from Acronis Threat Research Unit (TRU). The campaign, per the
A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025. "The specific flaw exists