Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-19 12:00 PST
- Google Search is now using AI to create interactive UI to answer your questions
BleepingComputer • 2025-11-19 11:45 • www.bleepingcomputer.com
In a move that could redefine the web, Google is testing AI-powered, UI-based answers for its AI mode. […]
https://www.bleepingcomputer.com/news/artificial-intelligence/google-search-is-now-using-ai-to-create-interactive-ui-to-answer-your-questions/ - W3 Total Cache WordPress plugin vulnerable to PHP command injection
BleepingComputer • 2025-11-19 09:34 • www.bleepingcomputer.com
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. […]
https://www.bleepingcomputer.com/news/security/w3-total-cache-wordpress-plugin-vulnerable-to-php-command-injection/ - Russian bulletproof hosting provider sanctioned over ransomware ties
BleepingComputer • 2025-11-19 08:43 • www.bleepingcomputer.com
Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations. […]
https://www.bleepingcomputer.com/news/security/us-sanctions-russian-bulletproof-hosting-provider-media-land-over-ransomware-ties/ - Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
The Hacker News • 2025-11-19 08:27 • thehackernews.com
A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday.
The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025.
“The specific flaw exists
https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html - Unicode: It is more than funny domain names., (Wed, Nov 12th)
SANS ISC Diary (full) • 2025-11-19 07:59 • isc.sans.eduWhen people discuss the security implications of Unicode, International Domain Names (IDNs) are often highlighted as a risk. However, while visible and often talked about, IDNs are probably not what you should really worry about when it comes to Unicode. There are several issues that impact application security beyond confusing domain names.
- Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
The Hacker News • 2025-11-19 07:35 • thehackernews.com
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil.
“It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to
https://thehackernews.com/2025/11/python-based-whatsapp-worm-spreads.html - New WrtHug campaign hijacks thousands of end-of-life ASUS routers
BleepingComputer • 2025-11-19 06:35 • www.bleepingcomputer.com
Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. […]
https://www.bleepingcomputer.com/news/security/new-wrthug-campaign-hijacks-thousands-of-end-of-life-asus-routers/ - The hidden risks in your DevOps stack data—and how to address them
BleepingComputer • 2025-11-19 06:20 • www.bleepingcomputer.com
DevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups and fast recovery to secure your DevOps data. […]
https://www.bleepingcomputer.com/news/security/the-hidden-risks-in-your-devops-stack-data-and-how-to-address-them/ - The Cloudflare Outage May Be a Security Roadmap
KrebsOnSecurity • 2025-11-19 06:07 • krebsonsecurity.com
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic.
https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
