Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-20 12:00 PST
- Mozilla Says It’s Finally Done With Two-Faced Onerep
KrebsOnSecurity • 2025-11-20 11:06 • krebsonsecurity.com
In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.
https://krebsonsecurity.com/2025/11/mozilla-says-its-finally-done-with-two-faced-onerep/ - Hacker claims to steal 2.3TB data from Italian rail group, Almavia
BleepingComputer • 2025-11-20 10:54 • www.bleepingcomputer.com
Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. […]
https://www.bleepingcomputer.com/news/security/hacker-claims-to-steal-23tb-data-from-italian-rail-group-almavia/ - WhatsApp compromise leads to Astaroth deployment
Sophos Threat Research • 2025-11-20 09:44 • news.sophos.com
Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence
https://news.sophos.com/en-us/2025/11/20/whatsapp-compromise-leads-to-astaroth-deployment/ - ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet
The Hacker News • 2025-11-20 09:24 • thehackernews.com
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet.
The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024. The attack, at its core,
https://thehackernews.com/2025/11/shadowray-20-exploits-unpatched-ray.html - UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers
Graham Cluley • 2025-11-20 09:13 • www.fortra.com
After years of delays, the UK government has finally introduced landmark cybersecurity legislation that could reshape how British organisations defend against digital attacks.Read more in my article on the Fortra blog.
https://www.fortra.com/blog/uks-new-cybersecurity-bill-takes-aim-ransomware-gangs-state-backed-hackers - GlobalProtect VPN portals probed with 2.3 million scan sessions
BleepingComputer • 2025-11-20 09:08 • www.bleepingcomputer.com
A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. […]
https://www.bleepingcomputer.com/news/security/globalprotect-vpn-portals-probed-with-23-million-scan-sessions/ - Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows
The Hacker News • 2025-11-20 08:57 • thehackernews.com
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that’s targeting Windows users.
Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky researcher Lisandro Ubiedo said in an analysis published today.
There are currently no details on how the botnet malware is propagated;
https://thehackernews.com/2025/11/tsundere-botnet-expands-using-game.html - Oracle Identity Manager Exploit Observation from September (CVE-2025-61757), (Thu, Nov 20th)
SANS ISC Diary (full) • 2025-11-20 08:51 • isc.sans.eduSearchlight Cyber today released a blog detailing CVE-2025-61757, a vulnerability they reported to Oracle. Oracle released a patch for the vulnerability as part of its October Critical Patch Update, which was released on October 21st.
- Salesforce investigates customer data theft via Gainsight breach
BleepingComputer • 2025-11-20 08:47 • www.bleepingcomputer.com
Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. […]
https://www.bleepingcomputer.com/news/security/salesforce-investigates-customer-data-theft-via-gainsight-breach/ - New SonicWall SonicOS flaw allows hackers to crash firewalls
BleepingComputer • 2025-11-20 07:56 • www.bleepingcomputer.com
American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. […]
https://www.bleepingcomputer.com/news/security/new-sonicwall-sonicos-flaw-allows-hackers-to-crash-firewalls/ - D-Link warns of new RCE flaws in end-of-life DIR-878 routers
BleepingComputer • 2025-11-20 07:38 • www.bleepingcomputer.com
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. […]
https://www.bleepingcomputer.com/news/security/d-link-warns-of-new-rce-flaws-in-end-of-life-dir-878-routers/ - Turn your Windows 11 migration into a security opportunity
BleepingComputer • 2025-11-20 07:05 • www.bleepingcomputer.com
Windows 11 migration is inevitable as Windows 10 support ends, and unsupported systems create major security and ransomware risks. Acronis explains how to use this migration to review backups, strengthen cybersecurity, and ensure data stays recoverable. […]
https://www.bleepingcomputer.com/news/security/turn-your-windows-11-migration-into-a-security-opportunity/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
