Latest news as of 11/15/2025, 7:37:22 PM
The Hacker News
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can
The Hacker News
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops Software invite you to a live webinar: “
The Hacker News
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to
Dark Reading
A ransomware last week left the Asahi brewery in Japan struggling to take orders and deliver its products domestically, as manufacturers become a favored target.
Bleeping Computer
Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that impacted the company's customers this year. [...]
Krebs on Security
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.
Bleeping Computer
The Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for all development teams at startups and SMBs. [...]
Dark Reading
Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms.
Bleeping Computer
Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model's behavior, and silently poison its data. [...]
Bleeping Computer
Google's AI assistant Gemini is vulnerable to ASCII smuggling, a well-documented attack method that could trick it into providing users with fake information, alter the model's behavior, and silently poison its data. [...]