In order to provide you the best services, DrGlenn regularly posts articles and new security concerns. Check back often!

For the first time in history, cyber malicious actors have used Anthropic’s Claude Code, a generative AI coding assistant, to conduct cyber-attacks. The attackers are likely Chinese state-sponsored hackers and deployed the campaigns for cyber espionage purposes, said Anthropic in a report published on November 13. The targeted organizations included large tech companies, financial institutions, chemical manufacturing companies and government agencies. These victims of the cyber-attacks saw their systems infiltrated with minor human intervention. Anthropic assessed that the AI assistant, Claude Code, performed up to 80-90% of the tasks, with only four to six critical decision points per hacking campaign made by the hackers themselves. Sophisticated Features of New Generation AI...

In the rapidly evolving landscape of cyber threats, artificial intelligence is no longer a luxury: it’s a necessity. At Sophos, we recognized this reality early: we’ve been integrating sophisticated AI capabilities across our product portfolio since 2017. This deep, practical expertise has allowed us to build the industry’s largest AI-native security platform, combining both predictive machine learning (ML) and revolutionary generative AI (GenAI) to deliver faster detection and smarter, more automated responses. However, power requires principle. Our long-standing commitment to leveraging AI for defense is governed by a framework designed to ensure that our technologies are not only effective but are also developed and deployed with the highest standards of safety, ethics, and...

Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security 07 Nov 2025  •  , 7 min. read The cybersecurity community lost one of its luminaries with the passing of David Harley last week, at the age of 76. Despite being a self-described late entrant to IT, David went on to forge a long and distinguished career in cybersecurity that stretched from the early days of computer viruses until the age of modern ransomware and included a tenure as ESET Senior Research Fellow until his retirement in 2018. With an academic background in modern languages, social sciences, and computer science, David understood early that the most dangerous vulnerabilities weren’t always technical, but human. This lesson...

Parallel execution at scale CUAs perform tasks at machine speed and in parallel, allowing attackers to launch thousands of credential stuffing attempts simultaneously — orders of magnitude faster than manual attacks. How CUAs can transform social engineering and phishing attacks These same capabilities of CUA also allow attackers to take social engineering and phishing to an entirely new level. CUAs redefine how and where phishing occurs, shifting from email to social platforms and collaboration tools, where enterprise anti-phishing controls are usually not in place and are also less effective. Using natural language, an attacker can instruct a CUA to create accounts on social platforms, post messages, build credibility and then exploit that trust to deliver phishing links aimed...

Critical infrastructure is once again in the spotlight, as it is revealed that several UK water suppliers have reported cybersecurity incidents over the last two years.The disclosure that attackers are probing the systems relied on to manage the delivery of safe drinking water to millions of households comes in newly-released information from the Drinking Water Inspectorate (DWI), following a freedom of information request from The Record.Between January 2023 and late October 2024, the DWI - which ensures the safety and acceptability of drinking water supplies in England and Wales - received 15 notifications of incidents involving water companies' digital systems. Five of these were confirmed to be cybersecurity-related.Under the NIS regulations, which aim to enhance the security...

The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators' determination to sustain this specific type of public presence despite disruption," Trustwave SpiderLabs, a LevelBlue company, said in a report shared with The Hacker News. Scattered LAPSUS$ Hunters (SLH) emerged in early August, launching data extortion attacks against organizations, including those using Salesforce in recent months. Chief among its offerings is an extortion-as-a-service...

The fast development of quantum computing opens unprecedented opportunities and serious threats to the current cybersecurity systems. Although quantum technologies offer faster calculations and discoveries in diverse areas, they also endanger the traditional cryptographic systems, which constitute the basis of data protection policies. There is no doubt about when quantum threats will be realized but rather when they will be realized in the case of enterprises. It has become a business requirement to now have a quantum-resilient data protection strategy. Understanding the Quantum Threat Landscape Classical cryptography is based on computational problems that are infeasible to classical computers, i.e. mathematically complex problems that cannot be solved in a reasonable time by...

More than 10.5 million individuals have been affected by a 2024 data breach involving Conduent Business Services as the firm issues customer notices to those affected. The company has issued filings with various state attorney general offices regarding the data incident, highlighting the widespread reach and severity of the incident across multiple states. Conduent’s filings with the Oregon Department of Justice suggests that over 10.5 million have been affected and customers notices were sent in October 2025. The data breach also impacted over 4 million individuals in Texas, 76,000 in Washington and several hundred in Maine, according to reports. The cyber incident was first discovered on January 13, 2025, according to the customer notice. An unauthorized third party had access...

Counter Threat Unit™ (CTU) researchers are investigating exploitation of a remote code execution vulnerability (CVE-2025-59287) in Microsoft’s Windows Server Update Service (WSUS), a native IT management tool for Windows systems administrators. On October 14, 2025, Microsoft released patches for the affected versions of Windows Server. Following publication of a technical analysis of CVE-2025-59287 and the release of proof-of-concept (PoC) code on GitHub, Microsoft issued an out-of-band security update on October 23. Observations and analysis On October 24, Sophos detected abuse of the critical deserialization bug in multiple customer environments. The wave of activity, which spanned several hours and targeted internet-facing WSUS servers, impacted customers across a range of...

„Die Wiederherstellungsrate von 60 Prozent spiegelt mehrere technische und betriebliche Realitäten wider, die bei der Reaktion auf Vorfälle regelmäßig auftreten“, erklärt James John, Incident Response Manager bei der Cybersicherheitsfirma Bridewell, gegenüber CSO. „Erstens unterscheiden sich Ransomware-Betreiber erheblich in ihrer Raffinesse. Etablierte Gruppen wie LockBit oder ALPHV stellen in der Regel funktionierende Entschlüsselungsprogramme bereit, da sie einen ‚guten Ruf‘ zu wahren haben. Im Gegensatz dazu setzen kleinere Betreiber oft fehlerhafte Verschlüsselungsimplementierungen ein oder verschwinden nach der Zahlung einfach.“ Entschlüsselungsprogramme seien häufig langsam und unzuverlässig, fügt John hinzu. Solche Tools könnten Fehler enthalten oder Dateien beschädigen...

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers. Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio. All this and more is discussed in episode 440 of “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme. Host: Graham Cluley:  @grahamcluley.com  @[email protected] Guest: Scott Helme:  @Scott Helme Episode links: Sponsored by: ANON – Find, monitor and remove data about yourself online....

Oct 23, 2025Ravie LakshmananCyber Espionage / Threat Intelligence Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. "Some of these [companies' are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea's current efforts to scale up its drone program," ESET security researchers Peter Kálnai and Alexis Rapin said in a report shared with The Hacker News. It's assessed that the end goal of the campaign is to plunder proprietary information and manufacturing know-how using malware families such as ScoringMathTea and MISTPEN. The Slovak cybersecurity company said...

With the increase in digital ecosystems, cyber threats are growing in complexity and magnitude. Instead of just planning against the traditional attacks, nowadays organizations are planning against the disruptive ability of quantum computing. Quantum technology is set to deliver unprecedented computer capabilities, yet it is also likely to sabotage the cryptographic principles that modern cybersecurity is based on.  The future of cybersecurity is obvious with this duality: Quantum-Agile Architectures the architecture created to evolve and adapt to the demands of the quantum era, the architecture that will be able to stay on top of the threats.  This article discusses the basics of quantum agility, the reasons why enterprises should embrace quantum agility, and the solutions...

In the Netherlands, three 17-year-olds are suspected of providing services to a foreign power with one said to be in contact with an unnamed Russian-government affiliated hacker group. It was also confirmed that the suspect with links to the Russian hacking group instructed the other two to map Wi-Fi networks in The Hague on multiple occasions. This is according to a statement published by the Netherland’s National Public Prosecution Service on October 17. The collected information was shared by the suspect with the connection to the Russian group with the client for a fee. The information could be used for digital espionage and cyber-attacks. The Dutch Public Prosecution Service said there were no indications as yet that pressure was exerted on the suspect who was in contact with...

The Counter Threat Unit™ (CTU) research team analyzes security threats to help organizations protect their systems. Based on observations in July and August, CTU™ researchers identified the following noteworthy issues and changes in the global threat landscape: Ransomware remains a volatile threat despite disruptions Absent MFA allows exploitation of stolen credentials Legacy vulnerabilities maintain their value Ransomware remains a volatile threat despite disruptions Law enforcement actions have made an impact on the ransomware ecosystem but have not reduced the number of attacks. Ransomware continues to pose a major threat to organizations. Even though the number of victims posted to leak sites has declined since reaching an all-time peak in March 2025, the figures in July and...

AI is no longer an experiment in the security stack — it’s becoming the centerpiece. Foundry’s 2025 Security Priorities Study finds that 58% of organizations plan to boost spending on AI-enabled security tools next year, signaling a decisive shift from curiosity to commitment. And it’s not just budgets following the trend. The research finds 93% say they’re already using or are actively researching using AI in their security technologies over the next 12 months. The urgency makes sense. CISOs are watching attackers weaponize generative AI to automate phishing, create deepfakes, and craft more convincing social engineering campaigns. In response, they’re turning to agentic and generative AI to harden defenses, augment analysts, and improve resilience at scale. Foundry At the...

Law enforcement agencies in the United States and France have seized control of domains linked to the notorious BreachForums hacking forum, commonly used for the leaking of stolen data, and the sale of hacked credentials.However, observers are warning the takedown - although worthy and laudable - may be more symbolic than final, as a version of BreachForums on the dark web remains active.If you visit breachforums.hn today you will be greeted by an animated seizure announcement, featuring the logos of the United States Department of Justice, FBI, France’s BL2C cybercrime unit, and Paris Prosecutor’s Office.Rather than the usual messageboard where cybercriminals traded their wares, the site not points to a specialist subdomain of the website of the Internet Complaint Center (IC3),...

Oct 11, 2025Ravie LakshmananCloud Security / Network Security Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing." A significant chunk of the activity is said to have commenced on October 4, 2025, with more than 100 SonicWall SSL VPN accounts across 16 customer accounts having been impacted. In the cases investigated by Huntress, authentications on the SonicWall devices originated from the IP address 202.155.8[.]73. The company noted that in some instances, the...

Business email compromise, commonly known as “BEC” has become a major issue inthe corporate world. Globally, this condition has been a challenge for the legalauthorities as to exactly who is liable for the damages caused by BEC. South Africancompanies are suffering under the weight of BEC crimes as the courts grapple with themultitude of cases coming before them. This form of cyber attack is appearing in SouthAfrica as some of the highest around the world. As legal complications continue, SouthAfrican businesses are now turning their attention to methods they can use to protect theirfinances and reputations.The official definition of BEC is: “a criminal act where criminals illegally access anemail account and communicate as if they are the user”.  In other words, it’s a...

The Digital Personal Data Protection (DPDP) Act 2023 has reshaped the approach that enterprises take towards data protection. Compliance can no longer be a reactive practice; it must be smart, agile, and open. Business organizations must operate consent, facilitate early breach alerts, and keep responsibility in ever-more complicated internet ecosystems. The core of this transformation is technology. AI, blockchain, and automation are the keys to integrating privacy into operations, providing resilience, and transforming compliance into a strategic asset instead of a liability. The Importance of Technology to DPDP Act The DPDP Act lays emphasis on standards like consent, data minimization, purpose limitation, and breach notification. On the one hand, these principles sound simple,...