Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-13 02:00 PST
- Formbook Delivered Through Multiple Scripts, (Thu, Nov 13th)
SANS ISC Diary (full) • 2025-11-13 00:47 • isc.sans.eduWhen I'm teachning FOR610[1], I always say to my students that reverse engineering does not only apply to “executable files†(read: PE or ELF files). Most of the time, the infection path involves many stages to defeat the Security Analyst or security controls. Here is an example that I found yesterday. An email was received via an attached ZIP archive. It cont…
https://isc.sans.edu/diary/rss/32480 - CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
The Hacker News • 2025-11-12 23:23 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including
https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html - Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
The Hacker News • 2025-11-12 20:58 • thehackernews.com
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.
“The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years,” Endor Labs
https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
