Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-11 07:00 PST
- Webinar: Modern Patch Management – Strategies to patch faster with less risk
BleepingComputer • 2025-11-11 05:10 • www.bleepingcomputer.com
Many organizations still struggle to patch fast enough to prevent breaches. Join us December 2 at 2PM ET to learn how modern patch management strategies can reduce risk and close the remediation gap. […]
https://www.bleepingcomputer.com/news/security/webinar-modern-patch-management-strategies-to-patch-faster-with-less-risk/ - Prompt Injection in AI Browsers
Schneier on Security • 2025-11-11 04:08 • www.schneier.comThis is why AIs are not ready to be personal assistants:
A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar.
In a realistic scenario, no credentials or user interaction are required and a threat actor can leverage the attack by simply exposing a maliciously crafted URL t…
https://www.schneier.com/blog/archives/2025/11/prompt-injection-in-ai-browsers.html - CISO's Expert Guide To AI Supply Chain Attacks
The Hacker News • 2025-11-11 03:58 • thehackernews.com
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations.
Download the full CISO’s expert guide to AI Supply chain attacks here.
TL;DRAI-enabled supply chain attacks are exploding in scale and sophistication – Malicious package uploads to open-source repositories jumped 156% in
https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html - Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories
The Hacker News • 2025-11-11 03:55 • thehackernews.com
Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to target GitHub-owned repositories.
“We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish
https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html - Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers
The Hacker News • 2025-11-11 03:44 • thehackernews.com
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.
According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,
https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
