Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-03 07:00 PST
- XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)
SANS ISC Diary (full) • 2025-11-03 06:20 • isc.sans.eduXWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal “Guest” privileges, can use. The advisory included PoC code, so it is a bit odd that it took so long for the vulnerability to be widely exploited.
- Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
The Hacker News • 2025-11-03 05:18 • thehackernews.com
Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight.
The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the
https://thehackernews.com/2025/11/cybercriminals-exploit-remote.html - ⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More
The Hacker News • 2025-11-03 04:56 • thehackernews.com
Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe.
From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test.
https://thehackernews.com/2025/11/weekly-recap-lazarus-hits-web3-intelamd.html - AI Summarization Optimization
Schneier on Security • 2025-11-03 04:05 • www.schneier.comThese days, the most important meeting attendee isn’t a person: It’s the AI notetaker.
This system assigns action items and determines the importance of what is said. If it becomes necessary to revisit the facts of the meeting, its summary is treated as impartial evidence.
But clever meeting attendees can manipulate this system’s record by speaking more to what the underlying AI weights for summarization and importance than to their colleagues. As a result, you can expect some meeting attendees to use language more likely to be captured in summaries, timing their interventi…
https://www.schneier.com/blog/archives/2025/11/ai-summarization-optimization.html - The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations
The Hacker News • 2025-11-03 03:56 • thehackernews.com
Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the
https://thehackernews.com/2025/11/the-evolution-of-soc-operations-how.html - Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
The Hacker News • 2025-11-03 03:14 • thehackernews.com
Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices.
According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment
https://thehackernews.com/2025/11/researchers-uncover-bankbot-ynrk-and.html - New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
The Hacker News • 2025-11-03 02:42 • thehackernews.com
The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea.
Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file (“250908_A_HK이노션
https://thehackernews.com/2025/11/new-httptroy-backdoor-poses-as-vpn.html - Microsoft: Windows Task Manager won’t quit after KB5067036 update
BleepingComputer • 2025-11-03 02:12 • www.bleepingcomputer.com
Microsoft has confirmed a known issue that is preventing users from quitting the Windows 11 Task Manager after installing the October 2025 optional update. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-task-manager-wont-quit-after-kb5067036-update/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
