-
The SmartApeSG campaign, also known as ZPHP and HANEYMANEY, continues to evolve its infection tactics, pivoting to ClickFix-style attack vectors. Security researchers have documented the campaign’s latest methodology, which uses deceptive fake CA…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious Cl0p ransomware group has claimed responsibility for breaching the UK’s National Health Service (NHS), spotlighting vulnerabilities in Oracle’s E-Business Suite (EBS). The announcement, posted on Cl0p’s dark web leak site on November 11, 2026, accuses the NHS of prioritizing profits over patient security, stating, “The company doesn’t care about its customers; it ignored […] The post NHS Investigating Oracle EBS Hack Following Cl0p Ransomware Group Claim appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated campaign attributed to North Korean-aligned threat actors is weaponizing legitimate JSON storage services as an effective vector for deploying advanced malware to software developers worldwide. The “Contagious Interview” ope…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at least 11 user accounts, remained active in the regis…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have successfully extracted the system prompt from OpenAI’s Sora 2 video generation model by exploiting cross-modal vulnerabilities, with audio transcription proving to be the most effective extraction method. Sora 2, OpenAI&…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released urgent security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition. The company released versions 18.5.2, 18.4.4, and 18.3.6 to fix critical security issues that could allow attackers to compromise sensitive information and bypass access controls. The most concerning vulnerability involves prompt injection attacks in GitLab Duo’s review feature. Attackers […] The post Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic Security has disclosed critical vulnerabilities affecting Kibana that could enable attackers to execute Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks against vulnerable deployments. The vulnerabilities stem from inadequate origin validation in the Observability AI Assistant component. The primary vulnerability, tracked as CVE-2025-37734 under Elastic Security Advisory ESA-2025-24, involves an origin validation error in Kibana. […] The post Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has rolled out enhanced remediation capabilities in Defender for Office 365 (O365), enabling security teams to initiate automated investigations and other actions directly from the Advanced Hunting interface. This feature, launched on November 10, 2025, empowers admins and analysts to respond to email threats more swiftly without requiring policy modifications. The new actions Submit […] The post Microsoft Defender for O365 New Feature Allows Security Teams to Trigger Automated Investigations appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a new zero-day vulnerability in Microsoft Windows. This security flaw, tracked as CVE-2025-62215, affects the Windows Kernel and c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks has disclosed a critical denial-of-service vulnerability in its PAN-OS firewall software that allows unauthenticated attackers to remotely reboot firewalls by sending specially crafted packets. Tracked as CVE-2025-4619, the vulnerability poses significant risks to organizations relying on Palo Alto firewalls for network security. The flaw, identified as CWE-754 (Improper Check for Unusual or […] The post Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by Sending Malicious Packet appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
