-
Microsoft rolled out its November 2025 Patch Tuesday security updates today, addressing 63 vulnerabilities across its product and service ecosystem. Among these, one zero-day flaw has already been exploited in the wild, underscoring the urgency for organizations and users to apply patches promptly to mitigate potential threats. The updates cover Windows, Office, Azure, Visual Studio, […] The post Microsoft November 2025 Patch Tuesday – 63 Vulnerabilities, Including 1 Zero-Day Fixed appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mozilla has rolled out Firefox 145, addressing a series of high-severity vulnerabilities that could allow attackers to execute arbitrary code on users’ systems. Announced on November 11, 2025, the release patches flaws primarily in the browser’s graphics, JavaScript, and DOM components, urging immediate upgrades to mitigate risks from potential exploits. The update tackles 15 CVEs, […] The post Firefox Releases Security Update to Fix Multiple Vulnerabilities Allowing Arbitrary Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers from CyberProof have discovered significant connections between two advanced banking trojans targeting Brazilian users and financial institutions. The Maverick banking malware, identified through suspicious file downloads via WhatsApp, shares remarkable similarities with the earlier reported Coyote malware campaign. Both threats employ sophisticated infection chains and demonstrate nearly identical behavioral patterns. The discovery emerged […] The post Researchers Uncover the Strong Links Between Maverick and Coyote Banking Malwares appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has released critical security updates for Ivanti Endpoint Manager to address three high-severity vulnerabilities that could allow authenticated attackers to write arbitrary files to any location on affected systems. The company disclosed the se…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
VanHelsing has emerged as a sophisticated ransomware-as-a-service operation that fundamentally changes the threat landscape for organizations worldwide. First observed on March 7, 2025, this multi-platform locker represents a significant escalation in ransomware deployment strategies by providing affiliates with a streamlined service model. The operation requires a $5,000 deposit from new affiliates and rewards them with […] The post New VanHelsing Ransomware RaaS Model Attacking Windows, Linux, BSD, ARM, and ESXi Systems appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has rolled out security updates for its Endpoint Manager product, addressing three high-severity vulnerabilities that could let authenticated local attackers write arbitrary files anywhere on the system disk. The flaws, if exploited, pose significant risks to enterprise environments by potentially allowing malicious code execution or data tampering. The most recent issue, tracked as CVE-2025-10918, […] The post Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Arbitrary Files to Disk appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated remote data-wipe attack targeting Android devices has emerged, exploiting Google’s Find Hub service to execute destructive operations on smartphones and tablets across South Korea. This campaign represents the first documented case where state-sponsored threat actors weaponized a legitimate device protection service to remotely erase user data and disrupt normal device operations. The malware, […] The post Android Remote Data-Wipe Malware Attacking Users Leveraging Google’s Find Hub appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Synology has released an urgent security update addressing a critical remote code execution vulnerability in BeeStation OS that allows unauthenticated attackers to execute arbitrary code on affected devices. The vulnerability, tracked as CVE-2025-12686 and identified by ZDI-CAN-28275, carries a critical CVSS3 base score of 9.8, reflecting its severe impact and exploitability. The flaw stems from […] The post Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A surge in attacks exploiting iCalendar (.ics) files as a sophisticated threat vector that bypasses traditional email security defenses. These attacks leverage the trusted, plain-text nature of calendar invitations to deliver credential phishing campaigns, malware payloads, and zero-day exploits. Over the past year, calendar-based phishing has emerged as the third most common email social engineering […] The post Hackers Weaponizing Calendar Files as New Attack Vector Bypassing Traditional Email Defenses appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack has emerged, targeting industrial control systems through compromised .NET packages. The threat landscape shifted on November 5, 2025, when researchers identified nine malicious NuGet packages designed to inject destructive payloads into critical infrastructure environments. Published under the NuGet alias shanhai666 between 2023 and 2024, these packages accumulated nearly 9,500 downloads […] The post Weaponized NuGet Packages Inject Time-Delayed Destructive Payloads to Attack ICS Systems appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
