OpenAI Atlas browser hijacked
Researchers have discovered a new attack vector for OpenAI’s Atlas web browser, where its omnibox can be tricked into executing malicious prompts disguised as seemingly harmless URLs. If a user pastes one of these crafted URLs into the omnibox, Atlas interprets the input as trusted user intent, allowing attackers to redirect users, steal credentials, or even delete files from connected apps. The flaw stems from Atlas failing to strictly separate trusted user input from untrusted content, a common weakness in these kinds of browsers.
(The Register), (The Hacker News)
AI vs. Cybersecurity Vendors
If you had listened to The Department of Know yesterday, you would “know” this by now but Ex-CISA head Jen Easterly warned that AI could eventually make cybersecurity breaches the exception, not the norm, by spotting software flaws faster than ever. She says most cybercrime isn’t about advanced hackers, it’s about sloppy software, with old vulnerabilities like SQL injection and cross-site scripting still causing trouble decades later. She believes that AI can help defenders catch these flaws, clean up technical debt, and push software toward secure-by-design principles. The real way to cut risk, Easterly said, is demanding better software from vendors, not just reacting to attacks. What do you think?
Bye, bye Twitter birdie
It’s not a security breach, it’s the end of Twitter. X (formerly Twitter) caused a stir after announcing users must re-enroll their security keys by November 10 or risk account lockouts, initially without explanation. The platform later clarified the change is not due to a security breach: physical keys tied to the twitter.com domain must be re-registered under x.com ahead of the Twitter domain’s retirement.
Dante spyware surfaces
Italian spyware from Memento Labs, formerly the notorious Hacking Team, has been linked to attacks on Russian and Belarusian organizations, Kaspersky reports. The malware, known as Dante, was discovered while investigating Operation ForumTroll, a campaign that exploited a Chrome zero-day (CVE-2025-2783) to target media, universities, and government institutions. While Dante itself wasn’t used in that phishing campaign, Kaspersky traced the spyware in other ForumTroll operations.
(The Record), (Bleeping Computer), (CyberScoop)
Huge thanks to our sponsor, Conveyor
AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls.
Breathe easier—check out Conveyor at www.conveyor.com.
Millions of exploit attempts in WordPress plugin
Active attacks are exploiting three critical vulnerabilities in the GutenKit and Hunk Companion WordPress plugins, with roughly 9 million exploit attempts blocked since October 8, according to WordPress security firm Defiant. The flaws let attackers install plugins, execute code remotely, and take over sites, often using a malicious ZIP file on GitHub containing backdoors and scripts for persistence and mass defacement. Technically these vulnerabilities were patched over a year ago, but these new campaigns reveal the need for another round of plugin updates.
Iran cyber academy hacked
Iran’s state-linked Ravin Academy, which trains cyberattackers for the Ministry of Intelligence (MOIS), confirmed a breach exposing names, phone numbers, and Telegram usernames of students and associates. The stolen data also included national ID numbers and class details, with many affected linked to STEM fields at Western universities. Founded by MOIS-tied individuals and previously sanctioned by the US, UK, and EU, Ravin Academy sits within a broader Iranian cyber ecosystem that remains active despite sanctions.
BSOD fix?
Microsoft may have a solution to the impending doom that is the Blue Screen of Death (BSOD). Microsoft is testing a new Windows 11 feature that prompts users to run a memory scan after a blue screen of death (BSOD) to catch potential memory issues before they cause more crashes. The proactive memory diagnostics run during the next reboot and notify users if issues are found and mitigated, though it’s not yet available on ARM64 devices or systems with certain security protections. The feature is rolling out to Windows Insiders in the Dev and Beta channels as part of builds 26220.6982 and 26120.6982.
Qilin’s Linux ransomware bypasses EDR
The Qilin ransomware group has launched cross-platform attacks using a Linux-based ransomware binary on Windows hosts, bypassing conventional Windows-focused security solutions and EDR platforms. The group deployed the malware via legitimate remote management and file transfer tools like AnyDesk, ATERA RMM, WinSCP, and ScreenConnect, targeting Veeam backup systems to steal credentials and block recovery options.