Latest news as of 11/21/2025, 5:52:55 AM
The Register
Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.…
Bleeping Computer
One VMware-certified pro is a win. An entire certified team? That's a security multiplier. VMUG Advantage makes team-wide certification practical—building collaboration, resilience, and retention. [...]
Dark Reading
The malware, which has traits of Petya ransomware and the infamous NotPetya wiper, is designed to target UEFI-based systems, according to researchers.
The Hacker News
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. "These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks," HUMAN’s Satori Threat Intelligence and
Dark Reading
The cybercrime group, named after Japanese ghosts but believed to be from Morocco, uses a modified version of the Prince-Ransomware binary that includes a flaw allowing for partial data recovery. However, an extortion threat remains.
Krebs on Security
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
Graham Cluley
Luxury fashion group Kering - owner of the prestigious Gucci, Balenciaga, and Alexander McQueen brands, amongst others - has confirmed that hackers stole customer data from its systems in June 2025. Read more in my article on the Hot for Security blog.
Graham Cluley
In episode 68 of The AI Fix, our hosts open the show by launching the thing nobody asked for but everybody wanted: our shiny new merch store - yes, including the “Would YOU trust a pigeon???” t-shirt for when you need fashion alongside health and safety. Meanwhile, AI hoaxers send Manila firefighters racing to an imaginary blaze, Albania appoints an AI as a minister, and the godfather of AI gets dumped... by ChatGPT. Plus Mark shows off his ventriloquism skills, while Graham describes a near-telepathic wearable that lets you “talk” without moving your lips, and we look into how humanity and AI has joined forces to fight for AI rights. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.
Bleeping Computer
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. [...]
The Hacker News
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection," Acronis security researcher Eliad