November Patch Tuesday does its chores
A cleanup month brings 63 patches… wait, no, 68… how about 61?
Similar Posts
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
Bys sCybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. “Enterprise organizations that are clients of these payment providers are the most likely to be impacted,” Silent Push said in a report…
KR: Yes24, the largest Internet bookstore in Korea, suffered its second ransomware attack in two months
Bys sThe following is translation by NAVER for Maiel Business Newspaper. DataBreaches is guessing that the “eat-dog” situation reference is what we call “dog-eat-dog” to refer to brutal competitor actions, but that’s just a guess. Kim Kyusik, Kim Yutae, and Yang Seiho report: Yes24, the largest Internet bookstore in Korea, suffered another “eat-dog” situation due to ransomware……
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Bys sCybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials. The extensions are advertised as a “multi-location network speed test plug-in” for developers and foreign trade personnel. Both the browser add-ons are available for download…
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
Bys sTrend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. “A vulnerability…
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Bys sCybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes. According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a
Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation’s Hardhat tool in order to steal sensitive data from developer systems. “By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics,