November, 2025 - Security Ticks

Holiday Mobile Threats Quadrupled in 2024 — What’s Expected This Year?

Holiday Mobile Threats Quadrupled in 2024 — What’s Expected This Year? 2025-11-14 at 15:22 By With cyber threats only growing in sophistication and speed, it’s likely that retailers and shoppers alike will be facing another increase in attacks and scams this year. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View […]

Holiday Mobile Threats Quadrupled in 2024 — What’s Expected This Year? Read More »

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking

AV, Imunigy360, Vulnerabilities, vulnerability, website security / SecurityTicks

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking 2025-11-14 at 15:22 By Eduard Kovacs A vulnerability in ImunifyAV can be exploited for arbitrary code execution by uploading a malicious file to shared servers. The post Imunify360 Vulnerability Could Expose Millions of Sites to Hacking appeared first on SecurityWeek. This article is an excerpt from

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking Read More »

Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign

Uncategorized / SecurityTicks

Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign 2025-11-14 at 15:22 By State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a “highly sophisticated espionage campaign” in mid-September 2025. “The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree –

Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign Read More »

Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts

Uncategorized / SecurityTicks

Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts 2025-11-14 at 15:22 By Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device. “The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of

Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts Read More »

Tales from the pit: AI and the software engineer

Uncategorized / SecurityTicks

Tales from the pit: AI and the software engineer 2025-11-14 at 15:15 By Alain Dekker Exploring the evolving relationship between human engineers and their algorithmic assistants Feature Artificial intelligence is rapidly reshaping the way software gets built, tested, and maintained — but not in the simplistic, headline-grabbing sense of “AI replacing developers.”… This article is

Tales from the pit: AI and the software engineer Read More »

Checkout.com Discloses Data Breach After Extortion Attempt

Checkout, data breach, Data Breaches, ransom, ShinyHunters / SecurityTicks

Checkout.com Discloses Data Breach After Extortion Attempt 2025-11-14 at 15:14 By Ionut Arghire The information was stolen from a legacy cloud file storage system, not from its payment processing platform. The post Checkout.com Discloses Data Breach After Extortion Attempt appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Checkout.com Discloses Data Breach After Extortion Attempt Read More »

Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287

data breach, Emerging Threats, Threat Intelligence, Vulnerabilities / SecurityTicks

Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287 2025-11-14 at 15:10 By Fernando Martinez LevelBlue Labs is tracking a severe vulnerability in Windows Server Update Services (WSUS), CVE-2025-59287, that allows attackers to remotely execute code without authentication and is being exploited by threat actors to compromise vulnerable Windows Server users. This

Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287 Read More »

Art and Science: Cyber and Physical Security Convergence Deficiencies in the Louvre Heist

News, Vulnerabilities / SecurityTicks

Art and Science: Cyber and Physical Security Convergence Deficiencies in the Louvre Heist 2025-11-14 at 15:06 By William Evers and Anthony Abell Cyber meets physical security: Weak passwords and outdated systems may have opened the door to the thieves. A warning for all industries: The Louvre incident shows why converging cybersecurity and physical security is

Art and Science: Cyber and Physical Security Convergence Deficiencies in the Louvre Heist Read More »

Alibaba weighs deposit token as China clamps down on stablecoins: Report

Uncategorized / SecurityTicks

Alibaba weighs deposit token as China clamps down on stablecoins: Report 2025-11-14 at 14:41 By Cointelegraph by Adrian Zmudzinski Alibaba’s global e-commerce arm is reportedly developing a bank-backed deposit token for cross-border payments as Beijing tightens its crackdown on stablecoins. This article is an excerpt from Cointelegraph.com News View Original Source

Alibaba weighs deposit token as China clamps down on stablecoins: Report Read More »

Report blasts UK Ministry of Defence over Afghan data-handling failures

Uncategorized / SecurityTicks

Report blasts UK Ministry of Defence over Afghan data-handling failures 2025-11-14 at 14:40 By Connor Jones Public Accounts Committee tears into department responsible for the most dangerous breach in British history The UK Parliament’s Public Accounts Committee (PAC) says the Ministry of Defence (MoD) has failed to appropriately improve its data protection mechanisms, three years

Report blasts UK Ministry of Defence over Afghan data-handling failures Read More »

Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack

Cl0p, data breach, Data Breaches, Oracle E-Business Suite, Ransomware, The Washington Post / SecurityTicks

Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack 2025-11-14 at 14:40 By Eduard Kovacs The media company admitted that cybercriminals attempted to extort a payment after stealing personal information. The post Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack Read More »

Trillionaire fantasies, investor dreams, reality nightmares

Uncategorized / SecurityTicks

Trillionaire fantasies, investor dreams, reality nightmares 2025-11-14 at 14:30 By Steven J. Vaughan-Nichols Why Musk won’t ever realize the shareholder-approved Tesla payout Opinion At Tesla’s annual shareholder meeting in Austin, Texas, more than 75 percent of voting shares backed a compensation deal for CEO Elon Musk that would make him history’s first trillionaire.… This article

Trillionaire fantasies, investor dreams, reality nightmares Read More »

Proof of reserves is crypto’s key to rebuilding trust and transparency

Uncategorized / SecurityTicks

Proof of reserves is crypto’s key to rebuilding trust and transparency 2025-11-14 at 14:30 By Cointelegraph by Lennix Lai Transparency through proof of reserves is essential for restoring and maintaining trust in crypto exchanges, ensuring security through independent audits and verifiable reserves. This article is an excerpt from Cointelegraph.com News View Original Source

Proof of reserves is crypto’s key to rebuilding trust and transparency Read More »

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn

Defused, Don't miss, Fortinet, Hot stuff, News, PoC, Rapid7, vulnerability, WatchTowr, web application security / SecurityTicks

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn 2025-11-14 at 14:10 By Zeljka Zorz A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on vulnerable, internet-facing devices. Whether intentionally or accidentally, the vulnerability (or this specific path for triggering it) has

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn Read More »

Akira Ransomware Group Made $244 Million in Ransom Proceeds

Akira, Ransomware / SecurityTicks

Akira Ransomware Group Made $244 Million in Ransom Proceeds 2025-11-14 at 14:04 By Ionut Arghire Akira was seen exploiting SonicWall vulnerabilities and encrypting Nutanix Acropolis Hypervisor (AHV) VM disk files this year. The post Akira Ransomware Group Made $244 Million in Ransom Proceeds appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Akira Ransomware Group Made $244 Million in Ransom Proceeds Read More »

UK tribunal says reselling Microsoft licenses is A-OK

Uncategorized / SecurityTicks

UK tribunal says reselling Microsoft licenses is A-OK 2025-11-14 at 13:45 By Richard Speed Windows giant disagrees and plans to appeal Microsoft’s attempt to claim that its software can’t be resold has hit a wall at the UK Competition Appeal Tribunal, which decided that Office having clipart does not mean customers can’t sell their licenses

UK tribunal says reselling Microsoft licenses is A-OK Read More »

XRP ETF debut outshines all 2025 launches with $250M inflows, record volume

Uncategorized / SecurityTicks

XRP ETF debut outshines all 2025 launches with $250M inflows, record volume 2025-11-14 at 13:43 By Cointelegraph by Zoltan Vardai Canary Capital’s XRP ETF outperformed all 900 ETF launches of 2025, inspiring a bullish rotation among the industry’s most successful traders, who are now betting on XRP’s price increasing. This article is an excerpt from

XRP ETF debut outshines all 2025 launches with $250M inflows, record volume Read More »

Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign

Amazon, Application Security, Big Red, IndonesianFoods, NPM, worm / SecurityTicks

Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign 2025-11-14 at 12:40 By Ionut Arghire A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign. The post Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign Read More »

Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns

Uncategorized / SecurityTicks

Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns 2025-11-14 at 12:37 By Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure. 14 new ransomware brands launched this quarter, proving

Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns Read More »

Aave to offer zero-fee stablecoin ramps in Europe after MiCA approval

Uncategorized / SecurityTicks

Aave to offer zero-fee stablecoin ramps in Europe after MiCA approval 2025-11-14 at 10:31 By Cointelegraph by Ezra Reguerra Aave said compliant, audited payment pathways are crucial for onboarding new users to decentralized finance. This article is an excerpt from Cointelegraph.com News View Original Source

Aave to offer zero-fee stablecoin ramps in Europe after MiCA approval Read More »

November 2025