Western governments disrupt trifecta of cybercrime tools
The U.S. and eight other Western governments have jointly dismantled the computer infrastructure behind multiple popular cybercrime tools. In a three-day operation, law enforcement authorities took down more than 1,000 servers and 20 domains associated with the Rhadamanthys infostealer, the VenomRAT remote access Trojan and the Elysium botnet. Greek police arrested VenomRAT's suspected operator. READ MORE...
Logitech confirms data breach after Clop extortion attack
Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July. Logitech International S.A. is a Swiss multinational electronics company that sells hardware and software solutions, including computer peripherals, gaming, video collaboration, music, and smart home products. READ MORE...
DoorDash Says Personal Information Stolen in Data Breach
Food delivery company DoorDash is notifying users, Dashers, and merchants of a recent data breach that led to personal information compromise. The incident was discovered on October 25, the company says in the notifications sent to the impacted individuals, copies of which have been shared on social media. The data breach was the result of a social engineering attack that targeted one of DoorDash's employees, the company said in an incident notice on its website. READ MORE...
China's 'autonomous' AI-powered hacking campaign still required a ton of human work
Anthropic made headlines Thursday when it released research claiming that a previously unknown Chinese state-sponsored hacking group used the company's Claude AI generative AI product to breach at least 30 different organizations. The threat actor was able to bypass Claude's security guardrails using two methods: breaking up the work into discrete tasks to prevent it from recognizing the broader malicious intentions, and tricking it into believing it was conducting a legitimate security audit. READ MORE...
Five men admit helping North Korean IT workers infiltrate US companies
US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This group of domestic facilitators helped a sanctioned government move money, slip past hiring checks, and place foreign workers inside more than one hundred American firms, the US Department of Justice (DoJ) says. In Georgia, three US nationals admitted that they let overseas workers pose as them to land remote jobs. READ MORE...
Hardened Containers Look to Eliminate Common Source of Vulnerabilities
Containerization technology makes software development and cloud deployment easier, but the images that are the foundation of the ecosystem commonly have unnecessary components and hundreds of vulnerabilities. A Chainguard study, for example, found that popular Debian-based Docker images had 280 vulnerabilities, on average, while a study published by NetRise and based on a randomly selected sample of 70 different images found that the average container had 604 vulnerabilities. READ MORE...
Microsoft Patch Tuesday, November 2025 Edition
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses affect all versions of Windows, including Windows 10. READ MORE...
150,000 Packages Flood NPM Registry in Token Farming Campaign
Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security." The packages were part of a token farming campaign that targeted the tea.xyz protocol, which is a blockchain-based system designed to reward developers for open source contributions. The campaign marks the latest example of threat actors weaponizing NPM packages to compromise developers and conduct supply chain attacks. READ MORE...
Google, researchers see signs that Lighthouse text scammers disrupted after lawsuit
The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been hampered shortly after Google filed a lawsuit aimed at its creators. Google said on Thursday that Lighthouse had been shut down. Two other organizations that have tracked the suspected Chinese operators of Lighthouse said they saw signs it had at least been disrupted. READ MORE...
- ...in 1869, the Suez Canal opens in Egypt, linking the Mediterranean Sea and Red Sea.
- ...in 1942, American film director and producer Martin Scorsese ("Taxi Driver", "Goodfellas") is born in Queens, New York.
- ...in 1950, 15-year-old Tenzin Gyatso is enthroned as Tibet's 14th Dalai Lama.
- ...in 1978, the infamous "Star Wars Holiday Special" airs only once on CBS, but is not forgotten thanks to videotape and Youtube. Happy Life Day, everyone!
