Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-28 12:00 PST
- Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison
BleepingComputer • 2025-11-28 10:25 • www.bleepingcomputer.com
A 44-year-old man was sentenced to seven years and four months in prison for operating an “evil twin” WiFi network to steal the data of unsuspecting travelers at various airports across Australia. […]
https://www.bleepingcomputer.com/news/security/man-behind-in-flight-evil-twin-wifi-attacks-gets-7-years-in-prison/ - Microsoft: Windows updates make password login option invisible
BleepingComputer • 2025-11-28 10:07 • www.bleepingcomputer.com
Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-updates-hide-password-icon-on-lock-screen/ - Public GitLab repositories exposed more than 17,000 secrets
BleepingComputer • 2025-11-28 09:43 • www.bleepingcomputer.com
After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. […]
https://www.bleepingcomputer.com/news/security/public-gitlab-repositories-exposed-more-than-17-000-secrets/ - Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
The Hacker News • 2025-11-28 08:27 • thehackernews.com
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
Software supply chain security company ReversingLabs said it found the “vulnerability” in bootstrap files provided by a build and deployment automation tool named “zc.buildout.”
“The
https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html - North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
The Hacker News • 2025-11-28 08:18 • thehackernews.com
The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month.
According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie.Some of the
https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html - French Football Federation discloses data breach after cyberattack
BleepingComputer • 2025-11-28 08:12 • www.bleepingcomputer.com
The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. […]
https://www.bleepingcomputer.com/news/security/french-football-federation-fff-discloses-data-breach-after-cyberattack/ - Prompt Injection Through Poetry
Schneier on Security • 2025-11-28 06:54 • www.schneier.comIn a new paper, “Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the models:
Abstract: We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across 25 frontier proprietary and open-weight models, curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90%. Mapping …
https://www.schneier.com/blog/archives/2025/11/prompt-injection-through-poetry.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
