Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-26 07:00 PST
- Microsoft: Security keys may prompt for PIN after recent updates
BleepingComputer • 2025-11-26 06:43 • www.bleepingcomputer.com
Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fido2-security-keys-may-prompt-for-pin-after-recent-windows-updates/ - Microsoft to secure Entra ID sign-ins from script injection attacks
BleepingComputer • 2025-11-26 05:26 • www.bleepingcomputer.com
Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-secure-entra-id-sign-ins-from-external-script-injection-attacks/ - Huawei and Chinese Surveillance
Schneier on Security • 2025-11-26 04:05 • www.schneier.comThis quote is from House of Huawei: The Secret History of China’s Most Powerful Company.
“Long before anyone had heard of Ren Zhengfei or Huawei, Wan Runnan had been China’s star entrepreneur in the 1980s, with his company, the Stone Group, touted as “China’s IBM.” Wan had believed that economic change could lead to political change. He had thrown his support behind the pro-democracy protesters in 1989. As a result, he had to flee to France, with an arrest warrant…
https://www.schneier.com/blog/archives/2025/11/huawei-and-chinese-surveillance.html - When Your $2M Security Detection Fails: Can your SOC Save You?
The Hacker News • 2025-11-26 03:55 • thehackernews.com
Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors.
As a result, most organizations’ security investments are asymmetrical, robust detection tools paired with an under-resourced SOC,
https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html - ASUS warns of new critical auth bypass flaw in AiCloud routers
BleepingComputer • 2025-11-26 03:41 • www.bleepingcomputer.com
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. […]
https://www.bleepingcomputer.com/news/security/asus-warns-of-new-critical-auth-bypass-flaw-in-aicloud-routers/ - Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools
The Hacker News • 2025-11-26 03:10 • thehackernews.com
If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch…
The very tools that make your job easier might also be the reason your systems are at risk.
These tools are run by the community. That means anyone can add or update packages. Some
https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html - Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps
The Hacker News • 2025-11-26 03:10 • thehackernews.com
Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that’s capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet.
The extension, named Crypto Copilot, was first published by a user named “sjclark76” on May 7, 2024. The developer describes the browser add-on as
https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html - Passwork 7: Self-hosted password and secrets manager for enterprise teams
BleepingComputer • 2025-11-26 02:12 • www.bleepingcomputer.com
Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black Friday savings. […]
https://www.bleepingcomputer.com/news/security/passwork-7-self-hosted-password-and-secrets-manager-for-enterprise-teams/ - Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
Securelist • 2025-11-26 02:00 • securelist.com
This article covers NTLM relay, credential forwarding, and other NTLM-related vulnerabilities and cyberattacks discovered in 2025.
https://securelist.com/ntlm-abuse-in-2025/118132/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
