Month: November 2025

ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. Tracked as CVE-2025-59367, this vulnerability allows remote, unauthenticated attackers to log into unpatched devices exposed online in low-complexity attacks that don’t require user interaction. ASUS has released firmware version 1.1.2.3_1010 to address this vulnerability for DSL-AC51, […]

US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks.  An updated joint advisory from CISA, the FBI, the Department of Defense Cyber Crime Center (DC3), the Department of Health and Human Services (HHS), and several international partners alerts that Akira ransomware has expanded its […]

A self-spreading package published on npm spams the registry by spawning new packages every every seven seconds, creating large volumes of junk. The worm, dubbed ‘IndonesianFoods,’ due to its distinctive package naming scheme that picks random Indonesian names and food terms, has published over 100,000 packages according to Sonatype, and the number is growing exponentially. Although […]

The ImunifyAV malware scanner for Linux servers, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment. The issue affects versions of the AI-bolit malware scanning component prior to 32.7.4.0. The component is present in the Imunify360 suite, the paid ImunifyAV+, and […]

The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. The news organization is one of the largest daily newspapers in the U.S. with approximately 2.5 million digital subscribers. Between July 10 and August 22, threat actors accessed parts of […]

Kerberoasting attacks remain an enduring headache for IT professionals, allowing hackers to escalate privileges and reach the highest levels of your Active Directory (AD) environment. But by enforcing robust passwords, encryption, and cybersecurity policies, you can disrupt the criminals before they even begin. The term Kerberoasting refers to ‘Kerberos’, the authentication protocol that Microsoft’s AD […]

Microsoft announced that passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden. This is possible after the Windows security team worked together with third-party managers to improve passwordless authentication by developing a passkey API for Windows 11.  The new feature has been introduced with […]

The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. According to security researchers at Zscaler ThreatLabz, there is a new variant of DanaBot, version 669, that has a command-and-control (C2) infrastructure using  Tor domains (.onion) and “backconnect” nodes. Zscaler also identified and […]