On November 14, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) officially added CVE-2025-64446 to its Known Exploited Vulnerabilities (KEV) catalog. This critical vulnerability a…

Cisco patched a High-severity EoP flaw (CVE-2025-20341) in Catalyst Center Virtual Appliance. A low-privileged Observer user can remotely elevate privileges to Administrator via a crafted HTTP request.

Symfony patched a High-severity flaw (CVE-2025-64500) in its Request component. Improper PATH_INFO parsing allows attackers to bypass access control rules in vulnerable applications.

North Korean threat actors in the "Contagious Interview" campaign are now using JSON storage services to host and deliver malicious payloads, signaling an evolving strategy to evade detection and maintain persistence.

Short-finned pilot wales (Globicephala macrorhynchus) eat at lot of squid: To figure out a short-finned pilot whale’s caloric intake, Gough says, the team had to combine data from a variety of sources, including movement data from short-lasting tags, daily feeding rates from satellite tags, body measurements collected via aerial drones, and sifting through the stomachs of unfortunate whales that ended up stranded on land. Once the team pulled all this data together, they estimated that a typical whale will eat between 82 and 202 squid a day. To meet their energy needs, a whale will have to consume an average of 140 squid a day. Annually, that’s about 74,000 squid per whale. For all the whales in the area, that amounts to about 88,000 tons of squid eaten every year...

The Washington Post data breach is one of more than 40 claimed by CL0P in a threat campaign targeting Oracle E-Business Suite vulnerabilities.

The U.S. Department of Justice announced that five individuals pleaded guilty to aiding North Korea's illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft.

Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July.

CrowdStrike Named Overall Leader in 2025 KuppingerCole ITDR Leadership Compass KuppingerCole recognizes CrowdStrike as the Overall Leader, achieving the top position in every evaluated category in its 2025 identity security report. CrowdStrike has been named the Overall Leader i ... Read more Published Date: Nov 14, 2025 (2 hours, 48 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384

The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors.

A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention.

Three U.S. nationals pleaded guilty to directly handing over their identities for use in North Korean IT worker scams, the Justice Department said, and two other people also admitted helping such schemes.

: More than a month after PoC made public

Federal prosecutors secured five guilty pleas from people who supported overseas remote IT workers, and seized $15 million in stolen cryptocurrency tied to the North Korean regime.

A kitchen-sink approach to building containers has loaded many with vulnerabilities. A handful of companies are trying to slim them down to address the issue.

A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz protocol.

Anthropic and AI security experts told CyberScoop that behind the hype, effective AI-driven cyberattacks still require skilled humans, with the attack possibly done to send a message as what’s possible.

Sara Duffer highlights the top lessons she brought back to her security role following three years in Amazon's shadow program.

Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…

Posted by Alan Coopersmith on Nov 14 https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/ announces: