November 2025

Years-old bugs in open source tool left every major cloud open to disruption

Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud…

Intrusion at real estate finance biz sparks concern for big banks

SitusAMC rules out ransomware, but accounting records for major institutions potentially affected Real estate finance business SitusAMC says thieves sneaked into its systems earlier this month and made off with confidential client data.…

Shai-Hulud worm returns, belches secrets to 25K GitHub repos

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within three days.…

FCC guts post-Salt Typhoon telco rules despite ongoing espionage risk

Months after China-linked spies burrowed into US networks, regulator tears up its own response The Federal Communications Commission (FCC) has scrapped a set of telecom cybersecurity rules introduced after the Salt Typhoon espionage campaign, reversing course on measures designed to stop state-backed snoops from slipping back into America's…

CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse

Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may…

ShinyHunters ‘does not like Salesforce at all,’ claims the crew accessed Gainsight 3 months ago

Shiny talks to The Reg EXCLUSIVE  ShinyHunters has claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers.…

Four charged over alleged plot to smuggle Nvidia AI chips into China

Prosecutors say front companies, falsified paperwork, and overseas drop points used to dodge US export rules Four people have been charged in the US with plotting to funnel restricted Nvidia AI chips into China, allegedly relying on shell firms, fake invoices, and covert routing to slip cutting-edge GPUs…

Russia-linked crooks bought a bank for Christmas to launder cyber loot

UK cops trace street-level crime to sanctions-busting networks tied to Moscow's war economy On Christmas Day 2024, a Russian-linked laundering network bought itself a very special present: a controlling stake in a Kyrgyzstan bank, later used to wash cybercrime profits and funnel money into Moscow's war machine, according…

ZTE Launches ZXCSec MAF security solution for large model

A multi-layered security framework protecting large-model applications from adversarial threats, data leakage, API abuse, and content risks Partner Content  At MWC Shanghai 2025, ZTE has officially launched its ZXCSec MAF product, a dedicated application-layer security protection device specifically designed for large model services.…

Google links Android’s Quick Share to Apple’s AirDrop, without Cupertino’s help

Relies on very loose permissions, but don’t worry – Google wrote it in Rust Google has linked Android’s wireless peer-to-peer file sharing tool Quick Share to Apple’s equivalent AirDrop.…

Copyright © 2026 Lugapel