Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-26 16:00 PST
- New ShadowV2 botnet malware used AWS outage as a test opportunity
BleepingComputer • 2025-11-26 14:24 • www.bleepingcomputer.com
A new Mirai-based botnet malware named ‘ShadowV2’ has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities. […]
https://www.bleepingcomputer.com/news/security/new-shadowv2-botnet-malware-used-aws-outage-as-a-test-opportunity/ - NordVPN Black Friday Deal: Unlock 77% off VPN plans in 2025
BleepingComputer • 2025-11-26 12:00 • www.bleepingcomputer.com
The NordVPN Black Friday Deal is now live, and you can get the best discount available: 77% off that applies automatically when you follow our link. If you’ve been waiting for the right moment to upgrade your online security, privacy, and streaming freedom, this is the one VPN deals this Black Friday. […]
https://www.bleepingcomputer.com/news/security/nordvpn-black-friday-deal-unlock-77-percent-off-vpn-plans-in-2025/ - Popular Forge library gets fix for signature verification bypass flaw
BleepingComputer • 2025-11-26 11:32 • www.bleepingcomputer.com
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. […]
https://www.bleepingcomputer.com/news/security/popular-forge-library-gets-fix-for-signature-verification-bypass-flaw/ - Comcast to pay $1.5M fine for vendor breach affecting 270K customers
BleepingComputer • 2025-11-26 10:30 • www.bleepingcomputer.com
Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers. […]
https://www.bleepingcomputer.com/news/security/comcast-to-pay-15-million-fine-after-a-vendor-data-breach-affecting-270-000-customers/ - Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
The Hacker News • 2025-11-26 10:08 • thehackernews.com
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry.
The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the “setup_bun.js” loader and the main payload “bun_environment.js.”
“
https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
