Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices
SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.
Hack Read
UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp
The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stas_vl,” ran a long-running bulletproof hosting operation used by top ransomware groups.
Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach
Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info.
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications
Tel Aviv, Israel, 19th November 2025, CyberNewsWire
Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks
Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately.
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, 19th November 2025, CyberNewsWire
SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program
Orem, United States, November 18th, 2025, CyberNewsWire SecurityMetrics, a leading innovator in compliance and cybersecurity, today announced that…
Cline Bot AI Agent Vulnerable to Data Theft and Code Execution
Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution.
How to Achieve Ultra-Fast Response Time in Your SOC
ANY.RUN shows how early clarity, automation and shared data help SOC teams cut delays and speed up response during heavy alert loads.
CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs
Singapore, Singapore, 19th November 2025, CyberNewsWire
Cloudflare Outage Jolts the Internet – What Happened, and Who Was Hit
Cloudflare outage causes slow sites, login trouble and dashboard errors as users report problems even after the company says service is restored.
SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026
Austin, TX/USA, 18th November 2025, CyberNewsWire
Microsoft Azure Blocks 15.72 Tbps Aisuru Botnet DDoS Attack
Microsoft Azure halted a record 15.72 Tbps DDoS attack from the Aisuru botnet exposing risks created by exposed home devices exploited in large-scale cyber attacks.
Bitsgap vs HaasOnline: Advanced Features vs Smart Simplicity
Power vs Practicality in Crypto Automation
Alice Blue Partners with AccuKnox for Regulatory Compliance
Menlo Park, CA, November 17th, 2025, CyberNewsWire.
Everest Ransomware Says It Stole Data of Millions of Under Armour Users
Everest ransomware claims to have breached Under Armour, stealing 343GB of data, including customer info, product records, and internal company files.
Frentree Partners with AccuKnox to Expand Zero Trust CNAPP Security in South Korea
Menlo Park, California, USA, 17th November 2025, CyberNewsWire
EchoGram Flaw Bypasses Guardrails in Major LLMs
HiddenLayer reveals the EchoGram vulnerability, which bypasses safety guardrails on GPT-5.1 and other major LLMs, giving security teams just a 3-month head start.
AIPAC Discloses Data Breach, Says Hundreds Affected
AIPAC reports data breach after external system access, hundreds affected, investigation ongoing with added security steps.
DoorDash hit by data breach after an employee falls for social engineering scam
Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen.
