Latest news as of 11/21/2025, 7:43:17 AM
The Hacker News
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming
The Hacker News
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character
The Register
PLUS: Japan woos Micron, again; China launches chip dumping probe; Mitsubishi expands opsec empire; and more! Criminals appear to be moving cyber-scam centers to vulnerable countries.…
The Register
PLUS: China's Great Firewall springs a leak; FBI issues rare 'Flash Alert' of Salesforce attacks; $10m bounty for alleged Russian hacker; and more 15 ransomware gangs, Scattered Spider and Lapsus$, have announced that they are going dark, and say no more attacks will be carried out in their name.… Infosec In Brief including
Bleeping Computer
The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations' Salesforce environments to steal data and extort victims. [...]
Bleeping Computer
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. [...]
Bleeping Computer
On Friday, Microsoft reminded customers once again that Windows 10 will reach its end of support in 30 days, on October 14. [...]
Bleeping Computer
A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. [...]
The Register
Doing a simple system reset may not be enough to save you from fines and lawsuits With the end of Windows 10's regular support cycle fast approaching, and a good five years since the COVID pandemic spurred a wave of hardware replacements to support remote work, many IT departments are in the process of refreshing their fleets. But what they do with decommissioned systems is just as important as the shiny new ones they buy.…
The Hacker News
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said. UNC6395 is a