Latest news as of 11/10/2025, 7:06:15 PM
The Hacker News
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s
The Register
Biz says 'technical error' caused short-lived leak affecting small number of users A major UK lottery organization says it has resolved a technical error that exposed customer data to other users.…
The Register
Governments eye comms alternatives as sovereignty worries mount Decentralized communications network Matrix is hoping to be the beneficiary as European public and private sector organizations ponder alternatives to the messaging status quo.… Comment
Graham Cluley
If you live in the UK/EU/Canada/Hong Kong, LinkedIn has given you until Monday to stop AI from training on your profile. You have to opt-out if you don't want this to happen to your data. Take action now, and tell your friends. Read more in my article on the Hot for Security blog.
Dark Reading
A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked.
Graham Cluley
Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table. Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars. All this and more is discussed in episode 441 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Danny Palmer.
Bleeping Computer
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. [...]
Dark Reading
New research shows AI crawlers like Perplexity, Atlas, and ChatGPT are surprisingly easy to fool.
Dark Reading
In the "PhantomRaven" campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86,000 downloads.
Bleeping Computer
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. [...]