Major US Banks Impacted by SitusAMC Hack
Real-estate lending and investing solutions provider SitusAMC over the weekend disclosed a data breach impacting some of the largest banks and financial institutions in the United States. The incident occurred on November 12 and resulted in a threat actor accessing certain information from SitusAMC's systems. "Corporate data associated with certain of our clients' relationship with SitusAMC such as accounting records and legal agreements has been impacted. READ MORE...
Code beautifiers expose credentials from banks, govt, tech orgs
Thousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter and CodeBeautify online tools that format and structure code. Researchers discovered more than 80,000 user pastes totaling over 5GB exposed through a feature called Recent Links provided by both services, which is freely accessible to anyone. READ MORE...
Dartmouth College confirms data breach after Clop extortion attack
?Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. The private Ivy League research university, founded in 1769, has an endowment of $9 billion as of June 30, 2025, over 40 academic departments and programs, and more than 4,000 undergraduate students, with a 7:1 undergraduate-to-faculty ratio. READ MORE...
'JackFix' Attack Circumvents ClickFix Mitigations
A new spin on the ClickFix attack is making the rounds, and it's designed to circumvent some of the strategies organizations have for mitigating them. ClickFix and its slightly more elegant offshoot, FileFix, are notorious for being almost inexplicably manipulative. Attackers persuade victims to run commands on their computers that they never otherwise would, and may never have before. Now there's a new variant, deemed "JackFix," that gives more logical context to those strange actions. READ MORE...
Shai-Hulud worm returns stronger and more automated than ever before
Security researchers and authorities are warning about a fresh wave of supply-chain attacks linked to a self-replicating worm that attackers have injected into almost 500 npm (node.js package manager) software packages, exposing more than 26,000 open-source repositories on GitHub. The trojanized npm packages were uploaded during a three-day period starting Friday and reference a new version of Shai-Hulud, malware that previously infected npm packages in September. READ MORE...
Krebs on Security: Is Your Android TV Streaming Box Part of a Botnet?
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user's network to relay Internet traffic for others, often tied to cybercrime activity such as advertising fraud and account takeovers. READ MORE...
Critical Flaw in Oracle Identity Manager Under Exploitation
A critical flaw in Oracle's Identity Manager has been exploited in the wild, marking the latest threat for customers of the enterprise software giant. CVE-2025-61757 is a remote code execution (RCE) vulnerability in the Identity Manager solution for Oracle Fusion Middleware. The flaw, which received a 9.8 CVSS score, was first disclosed and patched on Oct. 21 in Oracle's monthly security update along with 373 other vulnerabilities. READ MORE...
New research finds that Claude breaks bad if you teach it to cheat
According to Anthropic, its large language model Claude is designed to be a "harmless" and helpful assistant. But new research released by the company Nov. 21 shows that when Claude is taught to cheat in one area, it becomes broadly malicious and untrustworthy in other areas. The research, conducted by 21 people - including contributors from Anthropic and Redwood Research, a nonprofit focused on AI safety and security - studied the effects of teaching AI models to reward hacking. READ MORE...
- ...in 1914, New York Yankees great Joe DiMaggio, the owner of a still-unsurpassed 56-game hitting streak, is born in Martinez, CA.
- ...in 1920, actor Ricardo Montalban, best known as the villain Khan on "Star Trek" and Mr. Roarke on "Fantasy Island", is born in Mexico City.
- ...in 1952, Agatha Christie's mystery play "The Mousetrap" opens in London's West End. It ran continuously for over 68 years, and is the longest-running play in theatrical history.
- ...in 1963, President John F. Kennedy is buried at Arlington National Cemetery.
