November Patch Tuesday does its chores
A cleanup month brings 63 patches… wait, no, 68… how about 61?
Similar Posts
Malware on Luxembourg public sector devices was active for almost a month
Bys sAlex Stevensson reports: Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said. The security breach was confirmed on 27 February but details were scant at the time, with LSAP deputy Ben Polidori……
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Bys sThe threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. “This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes,” Netcraft said in a new report shared with The Hacker News. “
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
Bys sIvanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below – CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without…
Hackers Threaten to Submit Artists’ Data to AI Models If Art Site Doesn’t Pay Up
Bys sMatthew Gault reports: An old school ransomware attack has a new twist: threatening to feed data to AI companies so it’ll be added to LLM datasets. Artists&Clients is a website that connects independent artists with interested clients. Around August 30, a message appeared on Artists&Clients attributed to the ransomware group LunaLock. “We have breached the……
Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
Bys sDimitar Abrashev reports: A computer specialist accused of leaking personal data from Bulgaria’s revenue administration has received a suspended nine-month sentence with three years’ probation, under a plea deal approved by the Sofia City Court. The case stems from a massive cyber breach in 2019 that exposed the personal details of millions of Bulgarians. Kristian…
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Bys sCybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. “The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico Paulo