CyberSecurity Updates

20 Nov

Mozilla Says It’s Finally Done With Two-Faced Onerep

Information, Insights

In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced its partnership with Onerep will officially…

Read More
19 Nov

The Cloudflare Outage May Be a Security Roadmap

Information, Insights

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic. At around 6:30 EST/11:30 UTC…

Read More
19 Nov

CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers

Attacks, Insights, Malware

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Bulletproof Hosting (BPH) providers. A BPH provider is an internet infrastructure provider that knowingly leases infrastructure to cybercriminals. These providers…

Read More
19 Nov

What if your romantic AI chatbot can’t keep a secret?

Information

Does your chatbot know too much? Here’s why you should think twice before you tell your AI companion everything. Phil Muncaster 17 Nov 2025  •  , 4 min. read In the movie “Her” the film’s hero strikes up an ultimately doomed romantic relationship with a sophisticated AI system. At the time of its release in 2013, such a scenario was firmly in the realms of science fiction. But with the emergence of generative AI (GenAI)…

Read More
16 Nov

Microsoft Patch Tuesday, November 2025 Edition

Information, Insights

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses patched today affect all versions of Windows, including Windows 10. Affected products…

Read More
14 Nov

How password managers can be hacked – and how to stay safe

Information

Digital Security Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe Phil Muncaster 13 Nov 2025  •  , 5 min. read The average internet user has an estimated 168 passwords for their personal accounts, according to a study from 2024. That’s a massive 68% increase on the tally four years previously. Given the security risks associated with sharing credentials across accounts, and of…

Read More
14 Nov

Akira Ransomware Group Made $244 Million in Ransom Proceeds

Information, News

The Akira ransomware group has made over $244 million in proceeds from its malicious activities, according to an updated joint advisory from government agencies in the US, France, Germany, and the Netherlands. Active since at least March 2023, the hacking group is mainly known for deploying a ransomware variant tailored for VMware ESXi servers, in attacks targeting businesses and critical infrastructure organizations in North America, Europe, and Australia. This year, however, the group expanded its…

Read More
14 Nov

Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products

Attacks, Insights, Malware

CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated malicious actor to execute administrative commands on a system via specially crafted HTTP or HTTPS requests.  Fortinet recommends affected…

Read More
13 Nov

Watch out for SVG files booby-trapped with malware

Information, Malware

What you see is not always what you get as cybercriminals increasingly weaponize SVG files as delivery vectors for stealthy malware Camilo Gutiérrez Amaya 22 Sep 2025  •  , 4 min. read A recent malware campaign making the rounds in Latin America offers a stark example of how cybercriminals are evolving and finetuning their playbooks. But first, here’s what’s not so new: The attacks rely on social engineering, with victims receiving emails that are dressed…

Read More
13 Nov

Google Sues to Disrupt Chinese SMS Phishing Triad

Information, Insights

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. In a lawsuit filed in the Southern District of New York on November 12, Google sued to unmask and disrupt 25 “John Doe” defendants allegedly linked to the sale of…

Read More