ClickFix may be the biggest security threat your family has never heard of https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/

From Data Loss Prevention (DLP) to Modern Data Security https://www.trendmicro.com/en_us/research/25/k/dlp-to-modern-data-security.html

MITRE ATT&CK v18: What’s in it — and why it matters https://www.reversinglabs.com/blog/mitre-attck-v18-whats-in-it--and-why-it-matters

Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland https://www.bleepingcomputer.com/news/security/synology-fixes-beestation-zero-days-demoed-at-pwn2own-ireland/

Nov 26 | Women, Technology, and Peacemaking Webinar: 25 Years After UNSCR 1325 https://citizenlab.ca/2025/11/webinar-women-technology-and-peacemaking/

Microsoft: Windows 11 23H2 Home and Pro reach end of support https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-23h2-home-and-pro-reach-end-of-support/

Microsoft releases KB5068781 — The first Windows 10 extended security update https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb5068781-the-first-windows-10-extended-security-update/

Microsoft: Emergency Windows 10 update fixes ESU enrollment bug https://www.bleepingcomputer.com/news/microsoft/microsoft-emergency-windows-10-update-fixes-esu-enrollment-bug/

“Bitcoin Queen” gets 11 years in prison for $7.3 billion Bitcoin scam https://www.bleepingcomputer.com/news/security/bitcoin-queen-gets-11-years-in-prison-for-73-billion-bitcoin-scam/

SharpParty: Process Injection in C# https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/sharpparty-process-injection-in-c/

GlobalLogic warns 10,000 employees of data theft after Oracle breach https://www.bleepingcomputer.com/news/security/globallogic-warns-10-000-employees-of-data-theft-after-oracle-breach/

Webinar: Modern Patch Management – Strategies to patch faster with less risk https://www.bleepingcomputer.com/news/security/webinar-modern-patch-management-strategies-to-patch-faster-with-less-risk/

Cyber Action Toolkit: breaking down the barriers to resilience https://www.ncsc.gov.uk/blog-post/cat-breaking-down-resilience-barriers

You Thought It Was Over? Authentication Coercion Keeps Evolving https://unit42.paloaltonetworks.com/authentication-coercion/

Hack halts Dutch broadcaster, forcing radio hosts back to LPs https://www.bitdefender.com/en-us/blog/hotforsecurity/hack-halts-dutch-broadcaster-forcing-radio-hosts-back-to-lps

APT37 hackers abuse Google Find Hub in Android data-wiping attacks https://www.bleepingcomputer.com/news/security/apt37-hackers-abuse-google-find-hub-in-android-data-wiping-attacks/

Mozilla Firefox gets new anti-fingerprinting defenses https://www.bleepingcomputer.com/news/security/mozilla-firefox-gets-new-anti-fingerprinting-defenses/

Russian hacker to plead guilty to aiding Yanluowang ransomware group https://therecord.media/russian-hacker-to-plead-guilty-aiding-ransomware-group

Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide https://www.bleepingcomputer.com/news/security/quantum-route-redirect-phaas-targets-microsoft-365-users-worldwide/

Enforcement begins for New York’s algorithmic pricing law https://therecord.media/enforcement-begins-new-york-pricing-law

CISA orders feds to patch Samsung zero-day used in spyware attacks https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-samsung-zero-day-used-in-spyware-attacks/

Data privacy whistleblowers would get expanded protections under California proposal https://therecord.media/california-data-privacy-agency-whistleblower-protections-proposal

Yanluowang initial access broker to plead guilty to ransomware attacks https://www.bleepingcomputer.com/news/security/yanluowang-initial-access-broker-to-plead-guilty-to-ransomware-attacks/

Popular JavaScript library expr-eval vulnerable to RCE flaw https://www.bleepingcomputer.com/news/security/popular-javascript-library-expr-eval-vulnerable-to-rce-flaw/

Former Trump official named NSO Group executive chairman https://therecord.media/former-trump-official-named-nso-group-chairman

No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480/

Russian missile barrage disrupts internet, customs databases in Ukraine https://therecord.media/russian-missile-barrage-disrupts-internet-ukraine

A closer look at Python Workflows, now in beta https://blog.cloudflare.com/python-workflows/

5 reasons why attackers are phishing over LinkedIn https://www.bleepingcomputer.com/news/security/5-reasons-why-attackers-are-phishing-over-linkedin/

CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to OS command injection https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000102.html

Europe to decide if 6 GHz is shared between Wi-Fi and cellular networks https://www.theregister.com/2025/11/09/europe_to_decide_if_6/

How to use new Windows 11 Start menu, now rolling out https://www.bleepingcomputer.com/news/microsoft/how-to-use-new-windows-11-start-menu-now-rolling-out/

Uutinen: Drilling Down on Uncle Sam’s Proposed TP-Link Ban https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/