Microsoft has released an emergency out-of-band update to address a known issue preventing Windows 10 users from enrolling in the Extended Security Updates (ESU) program. […]
“Bitcoin Queen” gets 11 years in prison for $7.3 billion Bitcoin scam
A Chinese woman known as the “Bitcoin Queen” was sentenced in London to 11 years and eight months in jail for laundering Bitcoin from a £5.5 billion ($7.3 billion) cryptocurrency investment scheme. […]
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress.
The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of initial infection.
“
The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of initial infection.
“
SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor
SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. […]
Critical Triofox Vulnerability Exploited in the Wild
A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools.
The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek.
GlobalLogic warns 10,000 employees of data theft after Oracle breach
GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach. […]
How a CPU spike led to uncovering a RansomHub ransomware attack
A sudden CPU spike turned out to be the first clue of an in-progress RansomHub ransomware attack. Varonis breaks down how their team traced the attack from fake browser updates to domain-admin takeover, ultimately stopping the attack before files were encrypted. […]
New Firefox Protections Halve the Number of Trackable Users
Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users.
The post New Firefox Protections Halve the Number of Trackable Users appeared first on SecurityWeek.
SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager
Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments.
The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek.
CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors
Enforcement of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) requirements started on November 10, 2025.
The post CMMC Live: Pentagon Demands Verified Cybersecurity From Contractors appeared first on SecurityWeek.