November 2025 – Page 34

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress.
The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of initial infection.
“

SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor

SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. […]

Critical Triofox Vulnerability Exploited in the Wild

A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools.

The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek.

GlobalLogic warns 10,000 employees of data theft after Oracle breach

GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach. […]

How a CPU spike led to uncovering a RansomHub ransomware attack

A sudden CPU spike turned out to be the first clue of an in-progress RansomHub ransomware attack. Varonis breaks down how their team traced the attack from fake browser updates to domain-admin takeover, ultimately stopping the attack before files were encrypted. […]

New Firefox Protections Halve the Number of Trackable Users

Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users.

The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek.

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager

Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments.

The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek.

CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors

Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025.

The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek.

Webinar: Modern Patch Management – Strategies to patch faster with less risk

Many organizations still struggle to patch fast enough to prevent breaches. Join us December 2 at 2PM ET to learn how modern patch management strategies can reduce risk and close the remediation gap. […]

Honoring Our Veteran Readers: Thank You for Your Service

Your dedication to service, teamwork, and resilience is woven into the very fabric of cybersecurity.

The post Honoring Our Veteran Readers: Thank You for Your Service appeared first on SecurityWeek.

Month: November 2025