- Criminals Impersonate US Health Insurance Providers Target Chinese Speakers Residing in the United States
November 13, 2025
The Federal Bureau of Investigation (FBI) warns the public about an evolving financial fraud scheme targeting Chinese speaking individuals residing in the United States in which criminals impersonate US health insurance providers and Chinese law enforcement. Targeted individuals receive a call from a spoofed telephone number of a legitimate US health insurance provider’s claims department. The ...
- CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities
November 12, 2025
CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target ...
- Irish regulator launches investigation into X over handling of reports from users
November 12, 2025
Ireland’s media regulator has commenced a formal investigation into X over concerns about how it handles reported content. Coimisiún na Meán suspects the platform, formerly known as Twitter, may not be in compliance with its obligations under Article 20 of the Digital Services Act (DSA), which sets out rules on how complaints should be managed by ...
- Swedish Authority for Privacy Protection Investigates Data Breach Exposing 1.5 Million People
November 12, 2025
The Swedish Authority for Privacy Protection (IMY) is investigating a data breach at major government software supplier Miljödata that has compromised the personal information of 1.5 million people. Miljödata learned of the breach after experiencing system disruptions that affected government services, and a threat actor approached the company demanding 1.5 Bitcoin to avoid leaking the stolen ...
- Patch Tuesday – November 2025
November 11, 2025
Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely ...
- UK: NHS providers reviewing stolen data published by cyber criminals
November 11, 2025
Pathology supplier Synnovis is contacting NHS organisations which had data stolen and published online following a major cyber attack last year. Synnovis has now completed its investigation into patient and staff data published online by the cyber criminal gang on 20 June 2024, which includes personal data such as names, NHS numbers, test results and test ...
- You Thought It Was Over? Authentication Coercion Keeps Evolving
November 10, 2025
Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system.Instead, they can simply force your computer to authenticate to an attacker-controlled system, effectively commanding your machine to hand over valuable credentials. This attack ...
- Industrial computing systems at risk from “time bombs ” in malicious NuGet packages
November 10, 2025
Thousands of critical infrastructure organizations, as well as those working in other, equally important verticals, were targeted by a perfidious attack that sought to sabotage their industrial control devices (ICD) two years down the line, experts have discovered. Cybersecurity researchers Socket recently found nine packages on NuGet that contained sabotage payloads set to activate in 2027 ...
- Cyber Toufan leaks secret data on Iron Dome, Jericho missiles, and Australia’s Land 400 project
November 10, 2025
A hacking group believed to have ties to Iran has claimed responsibility for a massive cyberattack that exposed information linked to Australia’s $7 billion Land 400 defence program. The group, known as Cyber Toufan, says it accessed the data after breaching several Israeli defence companies. Cyber Toufan, a pro-Hamas group, shared the stolen material on Telegram. ...
- UK: BBC leaders resign amid scandal over misleading edit of Trump speech
November 10, 2025
Two top leaders at the BBC resigned on Sunday amid an escalating scandal over impartiality and bias that plunged Britain’s public broadcaster into one of its biggest crises in recent years. The BBC’s most senior executive, director general Tim Davie, and the chief executive of the news division, Deborah Turness, both quit after the leak of ...
- Threat Landscape of the Building and Construction Sector: IA, Supply Chain, and IoT
November 7, 2025
In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries such as China, Russia, Iran, and North Korea, are increasingly focusing their attacks on the building and construction ...