Latest news as of 11/11/2025, 6:33:13 AM
The Hacker News
Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks. "Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection," ThreatFabric said in a report shared with
Bleeping Computer
Google announced today that the Chrome web browser will start warning users by default before connecting to insecure HTTP public websites beginning with Chrome 154 in October 2026. [...]
Bleeping Computer
Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel's SGX and TDX, and AMD's SEV-SNP. [...]
Dark Reading
Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures.
The Hacker News
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called BlueNoroff, which is also known as APT38,
Graham Cluley
In episode 74 of The AI Fix, we meet Amazon's AI-powered delivery glasses, an AI TV presenter who doesn't exist, and an Ohio lawmaker who wants to stop people from marrying their chatbot. Also, we learn how Geoffrey Hinton and Steve Wozniak have teamed up with the unlikely coupling of will.i.am and Steve Bannon to pull the brakes on "super-intelligence." Meanwhile, Graham wonders if you should really trust an AI browser with your passwords, or your credit card, or, frankly, anything at all, and Mark reveals what AGI really means - and how close we are to reaching it. It’s an episode packed with deepfaked sidebars, brain-rotted AIs, and humans who still can’t take selfies properly. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.
The Register
Noyb says New York-based facial recognition biz flouted GDPR orders and kept scraping anyway Privacy advocates at Noyb filed a criminal complaint against Clearview AI for scraping social media users' faces without consent to train its AI algorithms.…
Bleeping Computer
Attackers are abusing bidirectional text to make fake URLs look real, reviving a decade-old browser flaw now fueling new phishing tricks. Varonis reveals how the "BiDi Swap" technique works and what organizations need to watch out for. [...]
Bleeping Computer
A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. [...]
Bleeping Computer
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. [...]