Latest news as of 11/18/2025, 8:57:16 PM
The Register
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses The long-running XCSSET malware strain has evolved again, with Microsoft warning of a new macOS variant that expands its bag of tricks while continuing to target developers.…
The Register
CRM giant denies security shortcomings as claims allege stolen data used for ID theft Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data.…
The Register
Researchers say tens of thousands of instances remain publicly reachable Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.…
The Register
Operation Cronos didn’t kill LockBit – it just came back meaner Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi environments. …
Bleeping Computer
Generative AI can boost productivity—but without safeguards, it also opens the door to phishing, fraud & model manipulation. Learn more from Acronis TRU on why AI security must be built in from the start. [...]
Bleeping Computer
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands remotely without authentication. [...]
Bleeping Computer
Microsoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. [...]
The Hacker News
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a
The Register
More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.…
The Hacker News
Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. But none of that proves what matters most to a CISO: The