Cybercrime
-
Gainsight says more customers affected as Salesforce revokes Gainsight-linked access tokens
Gainsight said suspicious activity tied to its applications affected more customers than initially reported and that Salesforce revoked related access tokens; the intrusion has been claimed by ShinyHunters while investigators and vendors take containment steps.
-
Qilin ransomware deployed in supply-chain attack hits South Korean financial firms
Security researchers say a supply‑chain compromise of a managed service provider enabled Qilin ransomware to hit multiple South Korean financial firms in September 2025, stealing more than 1 million files and about 2 TB of data in a campaign researchers call “Korean Leaks.”
-
ASUS issues firmware updates to fix critical AiCloud authentication bypass
ASUS has issued firmware updates to fix nine vulnerabilities, including a critical authentication bypass (CVE-2025-59366) in routers with AiCloud enabled, and advised users to update firmware or apply mitigations for end-of-life devices.
-
FBI says cybercriminals stole $262 million in account-takeover schemes since January
The FBI said cybercriminals impersonating banks have stolen more than $262 million in account-takeover attacks since January, with the IC3 receiving over 5,100 complaints; attackers use phishing, social engineering and fraudulent websites to capture credentials and move funds to cryptocurrency wallets.
-
Malicious Blender .blend files used to deliver StealC V2, researchers say
Researchers at Morphisec say a campaign has used malicious Blender .blend files uploaded to free 3D asset sites to execute embedded Python scripts and deliver the StealC V2 information stealer and a secondary Python stealer; the attack runs when Blender’s Auto Run option is enabled.
-
Dartmouth College confirms data breach after Clop posts Oracle EBS data
Dartmouth College said files taken from its Oracle E-Business Suite servers were posted by the Clop extortion group. A Maine filing identified 1,494 individuals whose records included names and Social Security numbers, and an appendix said financial account data was also taken. The college has not yet filed a New Hampshire notice and has not…
-
CISA warns of active spyware campaigns targeting messaging app users
CISA warned that threat actors are actively using commercial spyware and remote access trojans to compromise users of mobile messaging apps, citing multiple campaigns that used techniques such as zero‑click exploits, device‑linking QR codes and spoofed apps, and urged high‑value individuals to follow specific security guidance.
-
Researchers: ClickFix variants use fake Windows Update page and steganography to deliver infostealers
Researchers warn that ClickFix attack variants are using a full‑screen fake Windows Update page and steganography in PNG images to hide and deliver infostealer malware, with campaigns employing mshta, PowerShell, a .NET Stego Loader and in‑memory execution techniques.
-
Major US banks review exposure after SitusAMC data breach
SitusAMC, a mortgage services vendor, said attackers accessed its systems in a breach discovered Nov. 12 and confirmed Nov. 22; major banks including JPMorgan, Citi and Morgan Stanley are reviewing potential customer data exposure while the FBI and the company continue an investigation.
-
Shai‑Hulud campaign trojanises hundreds of npm packages and leaks CI/CD secrets to GitHub
A renewed Shai‑Hulud campaign has published thousands of trojanised npm packages that steal developer and CI/CD secrets and post them to GitHub; researchers at Aikido and Wiz say the operation modified legitimate packages, used compromised maintainer accounts and is leaking secrets in automatically created GitHub repositories.
