Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-07 12:00 PST
- Microsoft testing faster Quick Machine Recovery in Windows 11
BleepingComputer • 2025-11-07 11:46 • www.bleepingcomputer.com
Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-testing-faster-quick-machine-recovery-in-windows-11/ - QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
BleepingComputer • 2025-11-07 10:24 • www.bleepingcomputer.com
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. […]
https://www.bleepingcomputer.com/news/security/qnap-fixes-seven-nas-zero-day-vulnerabilities-exploited-at-pwn2own/ - New LandFall spyware exploited Samsung zero-day via WhatsApp messages
BleepingComputer • 2025-11-07 10:23 • www.bleepingcomputer.com
A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. […]
https://www.bleepingcomputer.com/news/security/new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages/ - Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp
The Hacker News • 2025-11-07 10:00 • thehackernews.com
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.
The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary
https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html - From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
The Hacker News • 2025-11-07 08:07 • thehackernews.com
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues.
The organization, according to a report from Broadcom’s Symantec and Carbon Black teams, is “active in attempting to influence U.S. government
https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html - Cisco: Actively exploited firewall flaws now abused for DoS attacks
BleepingComputer • 2025-11-07 07:44 • www.bleepingcomputer.com
Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. […]
https://www.bleepingcomputer.com/news/security/cisco-actively-exploited-firewall-flaws-now-abused-for-dos-attacks/ - ID verification laws are fueling the next wave of breaches
BleepingComputer • 2025-11-07 07:05 • www.bleepingcomputer.com
ID laws are forcing companies to store massive amounts of sensitive data, turning compliance into a security risk. Acronis explains how integrated backup and cybersecurity platforms help MSPs reduce complexity and close the gaps attackers exploit. […]
https://www.bleepingcomputer.com/news/security/id-verification-laws-are-fueling-the-next-wave-of-breaches/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
