Latest news as of 11/15/2025, 7:33:25 AM
The Register
Crooks phish campus staff, slip into HR systems, and quietly reroute paychecks Microsoft's Threat Intelligence team has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems.…
The Hacker News
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious
The Hacker News
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and energy
The Hacker News
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. But not all AI SOC platforms are created equal. From prompt-dependent copilots to autonomous, multi-agent systems, the current market offers
The Register
US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called , with help from French cyber cops and the Paris prosecutor's office.… Scattered Lapsus$ Hunters
The Hacker News
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and
The Register
Prospect apologizes for cyber gaffe affecting up to 160K members UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.…
Bleeping Computer
The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs. [...]
The Hacker News
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. "We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of
Bleeping Computer
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. [...]