2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(494) November(510) December(403)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 31.12.25 | Microsoft Teams to let admins block external users via Defender portal | Microsoft announced that security administrators will soon be able to block external users from sending messages, calls, or meeting invitations to members of their organization via Teams. | Security | |
| 31.12.25 | MongoDB warns admins to patch severe vulnerability immediately | MongoDB has warned IT admins to immediately patch a high-severity memory-read vulnerability that may be exploited by unauthenticated attackers remotely. | Vulnerebility | |
| 31.12.25 | FBI seizes domain storing bank credentials stolen from U.S. victims | The U.S. government has seized the 'web3adspanels.org' domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks. | BigBrothers | |
| 31.12.25 | Microsoft rolls out hardware-accelerated BitLocker in Windows 11 | Microsoft is rolling out hardware-accelerated BitLocker in Windows 11 to address growing performance and security concerns by leveraging the capabilities of system-on-a-chip and CPU. | OS | |
| 31.12.25 | WebRAT malware spread via fake vulnerability exploits on GitHub | The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. | Virus | |
| 31.12.25 | Malicious extensions in Chrome Web store steal user credentials | Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. | Virus | |
| 31.12.25 | Microsoft Teams strengthens messaging security by default in January | Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious. | Security | |
| 31.12.25 | Cyberattack knocks offline France's postal, banking services | The French national postal service's online services were knocked offline by "a major network incident" on Monday, disrupting digital banking and other services for millions. | CyberCrime | |
| 31.12.25 | Italy fines Apple $116 million over App Store privacy policy issues | Italy's competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. | BigBrothers | |
| 31.12.25 | Baker University says 2024 data breach impacts 53,000 people | Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. | Incindent | |
| 31.12.25 | Nissan says thousands of customers exposed in Red Hat breach | Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September. | Incindent | |
| 31.12.25 | New MacSync malware dropper evades macOS Gatekeeper checks | The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application. | Virus | |
| 31.12.25 | Interpol-led action decrypts 6 ransomware strains, arrests hundreds | An Interpol-coordinated initiative called Operation Sentinel led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents. | Ransom | |
| 31.12.25 | Malicious npm package steals WhatsApp accounts and messages | A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. | Social | |
| 31.12.25 | Romanian water authority hit by ransomware attack over weekend | Romanian Waters (Administrația Națională Apele Române), the country's water management authority, was hit by a ransomware attack over the weekend. | Ransom | |
| 31.12.25 | University of Phoenix data breach impacts nearly 3.5 million individuals | The Clop ransomware gang has stolen the data of nearly 3.5 million University of Phoenix (UoPX) students, staff, and suppliers after breaching the university's network in August. | Incindent | |
| 31.12.25 | Coupang breach affecting 33.7 million users raises data protection questions | Coupang disclosed a data breach affecting 33.7 million customers after unauthorized access to personal data went undetected for nearly five months. Penta Security explains how the incident highlights insider credential abuse risks and why encrypting customer data beyond legal requirements can reduce exposure and limit damage. | Incindent | |
| 31.12.25 | Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack | Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its | Hack | The Hacker News |
| 31.12.25 | DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide | The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that | Hack | The Hacker News |
| 31.12.25 | IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass | IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is | Vulnerebility | The Hacker News |
| 31.12.25 | Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry | Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last | Virus | The Hacker News |
| 31.12.25 | U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a | BigBrothers | The Hacker News |
| 31.12.25 | CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution | The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to | Vulnerebility | The Hacker News |
| 31.12.25 | Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware | The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT | Virus | The Hacker News |
| 31.12.25 | Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor | The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed | Virus | The Hacker News |
| 30.12.25 | MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide | A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The | Vulnerebility | The Hacker News |
| 30.12.25 | 27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials | Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the | Phishing | The Hacker News |
| 30.12.25 | Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors | In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025 , malicious | AI | The Hacker News |
| 27.12.25 | RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure | CRIL Uncovers a New Wave of Browser-Based e-Challan Phishing Powered by Shared Fraud Infrastructure. | Spam blog | |
| 27.12.25 | The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge | Vulnerabilities from Microsoft, Adobe and Fortinet are among those getting attention during a record week for new flaws. | Vulnerebility blog | |
| 27.12.25 | UNG0801: Tracking Threat Clusters obsessed with AV Icon Spoofing targeting Israel | Key Targets. Industries Affected. Geographical Focus. Infection Chain – Operation IconCat. Infection Chain – I. Infection Chain – II. Campaign-Analysis – Operation IconCat. Campaign-I Initial Findings. Looking into the malicious PDF File. Technical Analysis. Malicious PyInstaller implant – PYTRIC... | Vulnerebility blog | Seqrite |
| 27.12.25 | Indian Income Tax-Themed Phishing Campaign Targets Local Businesses | Introduction Over the past few months, tax-themed phishing and malware campaigns have surged, particularly during and after the Income Tax Return (ITR) filing season. With ongoing public discussions around refund timelines, these scams appear more credible, giving attackers the... | Phishing blog | Seqrite |
| 27.12.25 | PLAUSIBLE DENIABILITY IN CYBERSPACE : THE STRATEGIC USE OF HACKTIVIST PROXIES | EXECUTIVE SUMMARY Hacktivist Proxy Operations describe a class of deniable cyber pressure activities in which ideologically aligned, non-state cyber groups conduct | Hacking blog | Cyfirma |
| 27.12.25 | 2025: The Year of Network Device Exploitation Adds Three More | 2025 has been the year of network exploitation, with numerous CISA Emergency Directives issued about Cisco products, the F5 data breach, and an 8x increase in network device exploitation as reported by Verizon. | Hacking blog | Eclypsium |
| 27.12.25 | A brush with online fraud: What are brushing scams and how do I stay safe? | Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow. | Spam blog | |
| 27.12.25 | Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component | A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation | Vulnerebility blog | |
| 27.12.25 | New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory | A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE- | Vulnerebility | The Hacker News |
| 27.12.25 | Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code | Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 | Cryptocurrency | The Hacker News |
| 27.12.25 | China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware | A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System | APT | The Hacker News |
| 25.12.25 | Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection | A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses | Vulnerebility | The Hacker News |
| 25.12.25 | LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds | The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain | Incindent | The Hacker News |
| 25.12.25 | CISA flags ASUS Live Update CVE, but the attack is years old | An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. | Vulnerebility | |
| 25.12.25 | Ukrainian hacker admits affiliate role in Nefilim ransomware gang | A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. | Ransom | |
| 25.12.25 | Critical RCE flaw impacts over 115,000 WatchGuard firewalls | Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. | Exploit | |
| 25.12.25 | Docker Hardened Images now open source and available for free | More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. | Cyber | |
| 25.12.25 | RansomHouse upgrades encryption with multi-layered data processing | The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. | Ransom | |
| 25.12.25 | Microsoft confirms Teams is down and messages are delayed | Microsoft Teams is experiencing issues, with thousands reporting problems sending messages, including delays. | Social | |
| 25.12.25 | Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform | The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. | Phishing | |
| 25.12.25 | Microsoft 365 accounts targeted in wave of OAuth phishing attacks | Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. | Phishing | |
| 25.12.25 | New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock | The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. | Vulnerebility | |
| 25.12.25 | Over 25,000 FortiCloud SSO devices exposed to remote attacks | Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability. | Hack | |
| 25.12.25 | Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response | Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks' Cortex XSOAR | AI | |
| 25.12.25 | Denmark blames Russia for destructive cyberattack on water utility | Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations. | APT | |
| 25.12.25 | New critical WatchGuard Firebox firewall flaw exploited in attacks | WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. | Exploit | |
| 25.12.25 | FTC: Instacart to refund $60M over deceptive subscription tactics | Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. | BigBrothers | |
| 25.12.25 | Windows 10 OOB update released to fix Message Queuing (MSMQ) issues | This month's extended security update for Windows 11 broke Message Queuing (MSMQ), which is typically used by enterprises to manage background tasks. | OS | |
| 25.12.25 | University of Sydney suffers data breach exposing student and staff info | Hackers gained access to an online coding repository belonging to the University of Sydney and stole files with personal information of staff and students. | Incindent | |
| 25.12.25 | Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability | Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is | Exploit | The Hacker News |
| 25.12.25 | CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited | Exploit | The Hacker News |
| 25.12.25 | GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS | Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). | Cryptocurrency blog | AWS Security Blog |
| 25.12.25 | Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined. | BigBrother blog | AWS Security Blog |
| 25.12.25 | New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper | Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that's delivered by means of a digitally signed, notarized Swift application | Virus | The Hacker News |
| 25.12.25 | Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media | The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded | AI | The Hacker News |
| 24.12.25 | SEC Files Charges Over $14 Million Crypto Scam Using Fake AI-Themed Investment Tips | The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled | BigBrothers | The Hacker News |
| 24.12.25 | Italy Fines Apple €98.6 Million Over ATT Rules Limiting App Store Competition | Apple has been fined €98.6 million ($116 million) by Italy's antitrust authority after finding that the company's App Tracking Transparency (ATT) privacy framework restricted App Store | BigBrothers | The Hacker News |
| 23.12.25 | Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites | Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept | Hack | The Hacker News |
| 23.12.25 | INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty | A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued | BigBrothers | The Hacker News |
| 23.12.25 | U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme | The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud | BigBrothers | The Hacker News |
| 23.12.25 | Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances | A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain | Vulnerebility | The Hacker News |
| 23.12.25 | FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks | The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. | BigBrothers | The Hacker News |
| 23.12.25 | Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens | Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to | Social | The Hacker News |
| 23.12.25 | Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale | Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile | Virus | The Hacker News |
| 23.12.25 | Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence | Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting | APT | |
| 21.12.25 | Clop ransomware targets Gladinet CentreStack in data theft attacks | The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. | Ransom | |
| 21.12.25 | New password spraying attacks target Cisco, PAN VPN gateways | An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. | Hack | |
| 21.12.25 | US seizes E-Note crypto exchange for laundering ransomware payments | Law enforcement has seized the servers and domains of the E-Note cryptocurrency exchange, allegedly used by cybercriminal groups to launder more than $70 million. | Ransom | |
| 21.12.25 | NIS2 compliance: How to get passwords and MFA right | NIS2 puts identity and access controls under the spotlight, with weak passwords and poor authentication now a compliance risk. Specops Software explains how to align password policies and MFA with NIS2 requirements. | BigBrothers | |
| 21.12.25 | France arrests Latvian for installing malware on Italian ferry | French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel. | Virus | |
| 21.12.25 | HPE warns of maximum severity RCE flaw in OneView software | Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code remotely. | Vulnerebility | |
| 21.12.25 | Microsoft: Recent Windows updates break RemoteApp connections | Microsoft has confirmed that recent Windows updates trigger RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices in Azure Virtual Desktop environments. | OS | |
| 21.12.25 | Zeroday Cloud hacking event awards $320,0000 for 11 zero days | The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. | Vulnerebility | |
| 21.12.25 | France arrests suspect tied to cyberattack on Interior Ministry | French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France's Ministry of the Interior earlier this month. | CyberCrime | |
| 21.12.25 | Amazon: Ongoing cryptomining campaign uses hacked AWS accounts | Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM). | Cryptocurrency | |
| 21.12.25 | WhatsApp device linking abused in account hijacking attacks | Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. | Social | |
| 21.12.25 | Cisco warns of unpatched AsyncOS zero-day exploited in attacks | Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. | Exploit | |
| 20.12.25 | Sonicwall warns of new SMA1000 zero-day exploited in attacks | SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. | Exploit | |
| 20.12.25 | Critical React2Shell flaw exploited in ransomware attacks | A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. | Ransom | |
| 20.12.25 | Microsoft asks admins to reach out for Windows IIS failures fix | Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. | OS | |
| 20.12.25 | Cellik Android malware builds malicious versions from Google Play apps | A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. | Virus | |
| 20.12.25 | GhostPoster attacks hide malicious JavaScript in Firefox addon logos | A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. | Hack | |
| 20.12.25 | Amazon disrupts Russian GRU hackers attacking edge network devices | The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers' cloud infrastructure. | BigBrothers | |
| 20.12.25 | Texas sues TV makers for taking screenshots of what people watch | The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology. | Cyber | |
| 20.12.25 | Hackers exploit newly patched Fortinet auth bypass flaws | Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. | Exploit | |
| 20.12.25 | Cyberattack disrupts Venezuelan oil giant PDVSA's operations | Petróleos de Venezuela (PDVSA), Venezuela's state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations. | BigBrothers | |
| 20.12.25 | U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware | The U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme. The large-scale conspiracy | Virus | The Hacker News |
| 20.12.25 | Microsoft to block Exchange Online access for outdated mobile devices | Microsoft announced on Monday that it will soon block mobile devices running outdated email software from accessing Exchange Online services until they're updated. | OS | |
| 20.12.25 | European authorities dismantle call center fraud ring in Ukraine | European law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more than 10 million euros. | BigBrothers | |
| 20.12.25 | SoundCloud confirms breach after member data stolen, VPN access disrupted | Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database exposing users' email addresses and profile information. | Incindent | |
| 20.12.25 | Google is shutting down its dark web report feature in January | Google is discontinuing its "dark web report" security tool, stating that it wants to focus on other tools it believes are more helpful. | Cyber | |
| 20.12.25 | Askul confirms theft of 740k customer records in ransomware attack | Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. | Ransom | |
| 20.12.25 | New SantaStealer malware steals data from browsers, crypto wallets | A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. | Virus | |
| 20.12.25 | PornHub extorted after hackers steal Premium member activity data | Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. | Incindent | |
| 20.12.25 | Ongoing SoundCloud issue blocks VPN users with 403 server error | Users accessing the SoundCloud audio streaming platform through a virtual private network (VPN) connection are denied access to the service and see a 403 'forbidden' error. | Hack | |
| 20.12.25 | 700Credit data breach impacts 5.8 million vehicle dealership customers | 700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. | Incindent | |
| 20.12.25 | Microsoft: Recent Windows updates break VPN access for WSL users | Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. | OS | |
| 20.12.25 | Google links more Chinese hacking groups to React2Shell attacks | Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. | APT | |
| 20.12.25 | French Interior Ministry confirms cyberattack on email servers | The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. | BigBrothers | |
| 20.12.25 | Microsoft: December security updates cause Message Queuing failures | Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. | Vulnerebility | |
| 20.12.25 | Beware: PayPal subscriptions abused to send fake purchase emails | An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. | Phishing | |
| 20.12.25 | CyberVolk’s ransomware debut stumbles on cryptography weakness | The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. | Ransom | |
| 20.12.25 | Apple fixes two zero-day flaws exploited in 'sophisticated' attacks | Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. | Vulnerebility | |
| 20.12.25 | Coupang data breach traced to ex-employee who retained system access | A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. | Incindent | |
| 20.12.25 | I am not a robot: ClickFix used to deploy StealC and Qilin | The fake human verification process led to infostealer and ransomware infections | Ransom blog | SOPHOS |
| 20.12.25 | Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations | Winter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations | Cyber blog | SOPHOS |
| 20.12.25 | Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl | FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value. | Malware blog | FORTINET |
| 20.12.25 | Key Insights Insider recruitment is a growing cyber threat across banks, telecoms, and tech firms. ... | Cyber blog | CHECKPOINT | |
| 20.12.25 | Executive Summary Ink Dragon, a Chinese espionage group, has expanded from Asia and South America . | APT blog | CHECKPOINT | |
| 20.12.25 | Key Insights AI and automation have made holiday scams smarter and harder to detect. Over ... | Phishing blog | CHECKPOINT | |
| 20.12.25 | Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns | CRIL has identified a commodity loader being leveraged by various threat actors in targeted email campaigns. | Malware blog | |
| 20.12.25 | India Criminalizes Tampering with Telecommunication Identifiers and Unauthorized Radio Equipment Under the Telecommunications Act | India’s Telecommunications Act punishes SIM tampering and possession of unauthorized equipment, boosting accountability and telecom cybersecurity. | BigBrother blog | |
| 20.12.25 | Australia’s ACSC Releases Quantum Technology Primer for Cybersecurity Leaders | ACSC’s Technology Primer explains how Quantum Technology will impact cybersecurity, encryption, and long-term risk planning for organizations. | Cyber blog | |
| 20.12.25 | The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation | CRIL reports this week’s IT vulnerabilities, highlighting zero-days, active exploits, and trending threats across IT and industrial networks. | Vulnerebility blog | |
| 20.12.25 | APT36 LNK-BASED MALWARE CAMPAIGN LEVERAGING MSI PAYLOAD DELIVERY | EXECUTIVE SUMMARY CYFIRMA is dedicated to providing advanced warning and strategic analysis of the evolving cyber threat landscape. Our latest report analyzes a targeted malware campaign attributed to APT-36, which… | APT blog | |
| 20.12.25 | Quishing Campaigns : Advanced QR-Code Phishing Evaluation and Insights | EXECUTIVE SUMMARY CYFIRMA examines a sophisticated phishing campaign that leverages QR-code-based delivery, commonly referred to as “quishing,” to target employees with | Phishing blog | |
| 20.12.25 | The Hitch-hacker’s Guide to the Galaxy’s Edge: 2025 in Cyber Stats | We’re big fans of The Hitchhiker’s Guide to the Galaxy here at Eclypsium. We know as well as you that 42 is the answer to the question of the meaning of life, the universe, and everything. So in honor of the release of version 4.2 of our Supply Chain Security Platform, we pulled together a recap of some of the biggest cyber stats of the year from our own R&D and the broader cybersecurity research community. We made this video so you can see what we see. Think of it as a Spotify Wrapped for the cyber risk universe in 2025. | Cyber blog | Eclypsium |
| 20.12.25 | How to Operationalize NSA Guidance on UEFI Secure Boot at Scale | The NSA’s newly released Guidance for Managing UEFI Secure Boot signals a long-overdue but critical shift: firmware-level security is no longer a footnote in cybersecurity policy; it’s front and center. For those of us who’ve spent years addressing firmware risks across the enterprise, the guidance is welcome and timely, as malware that bypasses Secure Boot has grown increasingly common. The NSA’s guidance adds visibility and credibility to an issue that is reaching a tipping point in urgency. | BigBrother blog | Eclypsium |
| 20.12.25 | Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components | CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks. | Vulnerebility blog | Microsoft blog |
| 20.12.25 | React2Shell (CVE-2025-55182) Critical Unauthenticated RCE | SonicWall Capture Labs’ threat research team became aware of CVE-2025-55182 (React2Shell), assessed its impact and developed mitigation measures. React2Shell is a critical, unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) in React 19.0.0 through 19.2.0. | Vulnerebility blog | SonicWall |
| 20.12.25 | Fake ChatGPT delivers Real Cryptominer | ChatGPT (OpenAI) remains widely considered the most popular and visited AI tool. Due to this immense popularity, it is common for cybercriminals to create fake applications that mimic the official OpenAI interface to trick users into installing malware. This week, SonicWall Capture Labs Threat Research Team analyzed a trojanized .NET Webview2 ChatGPT wrapper that is used to silently deliver a cryptomining software. | AI blog | SonicWall |
| 20.12.25 | From Linear to Complex: An Upgrade in RansomHouse Encryption | RansomHouse is a ransomware-as-a-service (RaaS) operation run by a group that we track as Jolly Scorpius. Recent samples of the associated binaries used in RansomHouse operations reveal a significant upgrade in encryption. This article explores the upgrade of RansomHouse encryption and the potential impact for defenders. | Ransom blog | Palo Alto |
| 20.12.25 | Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation | In recent months, Check Point Research has identified a new wave of attacks attributed to the Chinese threat actor Ink Dragon. Ink Dragon overlaps with threat clusters publicly reported as Earth Alux, Jewelbug, REF7707, CL-STA-0049, among others. | APT blog | CHECKPOINT |
| 20.12.25 | GachiLoader: Defeating Node.js Malware with API Tracing | The YouTube Ghost Network is a malware distribution network that uses compromised accounts to promote malicious videos and spread malware, such as infostealers. | Malware blog | CHECKPOINT |
| 20.12.25 | UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager | Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance (ESA), and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance (SMA). | APT blog | |
| 20.12.25 | Adios 2025, you won’t be missed | This week, Joe laments on 2025, and what we can think of in 2026 in the wild world of cybersecurity. | Cyber blog | |
| 20.12.25 | Lexi DiScola’s guide to global teamwork and overflowing TBRs | Lexi DiScola shares how her unconventional path led her to global cyber threat analysis and highlights the power of diverse backgrounds on an international team | Cyber blog | |
| 20.12.25 | LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan | ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions | APT blog | |
| 20.12.25 | ESET Threat Report H2 2025 | A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | |
| 20.12.25 | Amadey Exploiting Self-Hosted GitLab to Distribute StealC | Discover how Amadey loader abuses compromised self-hosted GitLab infrastructure to distribute StealC infostealer, evading security controls through trusted platforms. | Malware blog | Trelix |
| 20.12.25 | The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR | Understanding how DCShadow works and how to detect it is critical for protecting your identity infrastructure, whether you're a SOC analyst, Active Directory administrator, or member of a red team or incident response function. | Malware blog | Trelix |
| 20.12.25 | Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers | A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and | Phishing | The Hacker News |
| 20.12.25 | Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware | Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and | Virus | The Hacker News |
| 19.12.25 | WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability | WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the | Exploit | The Hacker News |
| 19.12.25 | Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks | Authorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major | Phishing | The Hacker News |
| 19.12.25 | New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards | Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct | Vulnerebility | The Hacker News |
| 19.12.25 | China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware | A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and | APT | The Hacker News |
| 18.12.25 | HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution | Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical | Vulnerebility | The Hacker News |
| 18.12.25 | North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft | Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting | APT | The Hacker News |
| 18.12.25 | Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App | The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on | Virus | The Hacker News |
| 18.12.25 | CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities ( KEV ) | Exploit | The Hacker News |
| 18.12.25 | Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances | Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor | Exploit | The Hacker News |
| 18.12.25 | SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances | SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked | Vulnerebility | The Hacker News |
| 18.12.25 | Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks | A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top | BotNet | The Hacker News |
| 17.12.25 | APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign | The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, | APT | The Hacker News |
| 17.12.25 | New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails | The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian | APT | The Hacker News |
| 17.12.25 | China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware | The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia | Virus | The Hacker News |
| 17.12.25 | GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads | A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate | Virus | The Hacker News |
| 17.12.25 | Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign | An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management ( IAM ) credentials to enable | Cryptocurrency | The Hacker News |
| 17.12.25 | Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data | Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency | Cryptocurrency | The Hacker News |
| 17.12.25 | Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure | Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. | BigBrothers | The Hacker News |
| 17.12.25 | Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass | Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it | Hack | The Hacker News |
| 17.12.25 | React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors | The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks | Exploit | The Hacker News |
| 17.12.25 | Google to Shut Down Dark Web Monitoring Tool in February 2026 | Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal | CyberCrime | The Hacker News |
| 17.12.25 | Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats | A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered | AI | The Hacker News |
| 17.12.25 | FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE | Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an | Vulnerebility | The Hacker News |
| 17.12.25 | A Browser Extension Risk Guide After the ShadyPanda Campaign | In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat | APT | The Hacker News |
| 15.12.25 | Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector | Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer | Virus | The Hacker News |
| 15.12.25 | VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption | The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from | Ransom | The Hacker News |
| 14.12.25 | Fake ‘One Battle After Another’ torrent hides malware in subtitles | A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. | Virus | |
| 14.12.25 | Kali Linux 2025.4 released with 3 new tools, desktop updates | Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support. | OS | |
| 14.12.25 | New Windows RasMan zero-day flaw gets free, unofficial patches | Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. | Vulnerebility | |
| 14.12.25 | CISA orders feds to patch actively exploited Geoserver flaw | CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. | Exploit | |
| 14.12.25 | MITRE shares 2025's top 25 most dangerous software weaknesses | MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. | Cyber | |
| 14.12.25 | MKVCinemas streaming piracy service with 142M visits shuts down | An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. | Incindent | |
| 14.12.25 | Brave browser starts testing agentic AI mode for automated tasks | Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user. | AI | |
| 14.12.25 | Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks | Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and sharing. | Exploit | |
| 14.12.25 | Notepad++ fixes flaw that let attackers push malicious update files | Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. | Virus | |
| 14.12.25 | Malicious VSCode Marketplace extensions hid trojan in fake PNG file | A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. | Virus | |
| 14.12.25 | UK fines LastPass over 2022 data breach impacting 1.6 million users | The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. | Incindent | |
| 14.12.25 | Microsoft bounty program now includes any flaw impacting its services | Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. | OS | |
| 14.12.25 | New ConsentFix attack hijacks Microsoft accounts via Azure CLI | A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. | Hack | |
| 14.12.25 | AI is accelerating cyberattacks. Is your network prepared? | AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. | AI | |
| 14.12.25 | Hackers exploit unpatched Gogs zero-day to breach 700 servers | An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. | Exploit | |
| 14.12.25 | Microsoft fixes Windows Explorer white flashes in dark mode | Microsoft has fixed a known issue that caused bright white flashes when launching File Explorer in dark mode on Windows 11 systems after installing the KB5070311 optional update. | OS | |
| 14.12.25 | Google fixes eighth Chrome zero-day exploited in attacks in 2025 | Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. | Vulnerebility | |
| 14.12.25 | Google ads for shared ChatGPT, Grok guides push macOS infostealer malware | A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer "helpful" instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. | Virus | BleepingComputer |
| 14.12.25 | New DroidLock malware locks Android devices and demands a ransom | A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. | Virus | |
| 14.12.25 | Microsoft Teams to warn of suspicious traffic with external domains | Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. | Social | |
| 14.12.25 | Over 10,000 Docker Hub images found leaking credentials, auth keys | More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. | Incindent | |
| 14.12.25 | Why a secure software development life cycle is critical for manufacturers | Recent supply-chain breaches show how attackers exploit development tools, compromised credentials, and malicious NPM packages to infiltrate manufacturing and production environments. Acronis explains why secure software development life cycle (SSDLC) practices are now critical for evaluating partners and protecting systems. | Cyber | |
| 14.12.25 | New Spiderman phishing service targets dozens of European banks | A new phishing kit called Spiderman is being used to target customers of dozens of European banks and cryptocurrency holders with pixel-perfect cloned sites impersonating brands and organizations. | Phishing | |
| 14.12.25 | Ukrainian hacker charged with helping Russian hacktivist groups | U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. | BigBrothers | |
| 14.12.25 | CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited | Exploit | The Hacker News |
| 14.12.25 | Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild | Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in | Exploit | The Hacker News |
| 13.12.25 | SAP fixes three critical vulnerabilities across multiple products | SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. | Vulnerebility | |
| 13.12.25 | Windows PowerShell now warns when running Invoke-WebRequest scripts | Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. | OS | |
| 13.12.25 | Microsoft releases Windows 10 KB5071546 extended security update | Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. | OS | |
| 13.12.25 | Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws | Microsoft's December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. | OS | |
| 13.12.25 | Fortinet warns of critical FortiCloud SSO login auth bypass flaws | Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. | Vulnerebility | |
| 13.12.25 | Windows 11 KB5072033 & KB5071417 cumulative updates released | Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. | OS | |
| 13.12.25 | Ivanti warns of critical Endpoint Manager code execution flaw | American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. | Vulnerebility | |
| 13.12.25 | Maintaining enterprise IT hygiene using Wazuh SIEM/XDR | Poor IT hygiene, such as unused accounts, outdated software, and risky extensions, creates hidden exposure in your infrastructure. Wazuh, the open-source XDR and SIEM, shows how continuous inventory monitoring across endpoints helps teams spot drift and tighten security. | Cyber | |
| 13.12.25 | Spain arrests teen who stole 64 million personal data records | The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. | Incindent | |
| 13.12.25 | North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks | A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. | Virus | |
| 13.12.25 | Ransomware IAB abuses EDR for stealthy malware execution | An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. | Ransom | |
| 13.12.25 | Ransomware gangs turn to Shanya EXE packer to hide EDR killers | Several ransomware groups have been spotted using a packer-as-a-service (PaaS) platform named Shanya to assist in EDR (endpoint detection and response) killing operations. | Ransom | |
| 13.12.25 | Malicious VSCode extensions on Microsoft's registry drop infostealers | Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions. | Virus | |
| 13.12.25 | FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024 | A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. | Ransom | |
| 13.12.25 | Poland arrests Ukrainians utilizing 'advanced' hacking equipment | The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining "computer data of particular importance to national defense." | BigBrothers | |
| 13.12.25 | Google Chrome adds new security layer for Gemini AI agentic browsing | Google Chrome is introducing a new security architecture designed to protect upcoming agentic AI browsing features powered by Gemini. | AI | |
| 13.12.25 | How Agentic BAS AI Turns Threat Headlines Into Defense Strategies | Picus Security explains why relying on LLM-generated attack scripts is risky and how an agentic approach maps real threat intel to safe, validated TTPs. Their breakdown shows how teams can turn headline threats into reliable defense checks without unsafe automation. | AI | |
| 13.12.25 | Portugal updates cybercrime law to exempt security researchers | Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. | CyberCrime | |
| 13.12.25 | Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary | Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits a high level of technical sophistication, advanced operations security (OPSEC) skills, and extensive knowledge of cloud and virtual machine (VM) environments. | APT blog | CROWDTRIKE |
| 13.12.25 | Falcon Shield Evolves with AI Agent Visibility and Falcon Next-Gen SIEM Integration | CrowdStrike Falcon Shield will provide a centralized view of AI agents across applications and now integrates first-party SaaS telemetry into Falcon Next-Gen SIEM. | AI blog | CROWDTRIKE |
| 13.12.25 | A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up | Vulnerebility blog | SOPHOS | |
| 13.12.25 | React2Shell flaw (CVE-2025-55182) exploited for remote code execution | The availability of exploit code will likely lead to more widespread opportunistic attacks | Vulnerebility blog | SOPHOS |
| 13.12.25 | GOLD SALEM tradecraft for deploying Warlock ransomware | Analysis of the tradecraft evolution across 6 months and 11 incidents | Ransom blog | SOPHOS |
| 13.12.25 | Inside Shanya, a packer-as-a-service fueling modern attacks | The ransomware scene gains another would-be EDR killer | Ransom blog | SOPHOS |
| 13.12.25 | Sharpening the knife: GOLD BLADE’s strategic evolution | Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a | APT blog | SOPHOS |
| 13.12.25 | Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl | FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value. | Cyber blog | FORTINET |
| 13.12.25 | Cyber attacks against the United States are no longer isolated events or technical headaches. They ... | Cyber blog | CHECKPOINT | |
| 13.12.25 | The hyperconnected world has made it easier than ever for businesses and consumers to exchange | Phishing blog | CHECKPOINT | |
| 13.12.25 | In November 2025, global cyber activity continued its upward trend, with organizations experiencing an average ... | Ransom blog | CHECKPOINT | |
| 13.12.25 | New NIS-2 Law in Germany Expands Cybersecurity Oversight and Introduces Heavy Fines | The NIS-2 Implementation Act in Germany increases oversight, executive accountability, and penalties while organizations prepare for compliance. | BigBrother blog | |
| 13.12.25 | The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes | This week’s report looks at 12 IT and 6 ICS vulnerabilities at high risk of exploitation, affecting both consumer and enterprise environments. | Vulnerebility blog | |
| 13.12.25 | Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability | React2Shell (CVE-2025-55182) was exploited within minutes by China-nexus groups, exposing critical weaknesses in React Server Components. | Vulnerebility blog | |
| 13.12.25 | Deceptive Layoff-Themed HR Email Distributes Remcos RAT Malware | Over the past few months, job economy has been marked by uncertainty, with constant news about layoffs, restructuring, hiring freezes, and aggressive cost-cutting measures. This atmosphere has created widespread anxiety among both employees and organizations, and cybercriminals have quickly... | Malware blog | |
| 13.12.25 | Operation MoneyMount-ISO — Deploying Phantom Stealer via ISO-Mounted Executables | Table of Contents: Introduction: Targeted sectors: Initial Findings about Campaign: Analysis of Phishing Mail: Infection Chain: Technical Analysis: Stage-1: Analysis of Malicious ISO file. Stage-2: Analysis of Executable. Analysis of 1st Payload Analysis of 2nd Payload (Phantom Stealer) Conclusion:... | APT blog | Seqrite |
| 13.12.25 | Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia | Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia Contents Introduction Key Targets Geographical Focus Industries Affected LNK Cluster Initial Access: Archive Delivery Phishing Email and Decoys Malicious LNK and HTA Loader Obfuscated PowerShell Payload CVE Cluster Phishing Emails Chaining... | APT blog | Seqrite |
| 13.12.25 | NexusRoute: Attempting to Disrupt an Indian Government Ministry | EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors, targeting both organizations | Malware blog | |
| 13.12.25 | RTO Challan Fraud: A Technical Report on APK-Based Financial and Identity Theft | EXECUTIVE SUMMARY CYFRIMA’s research team uncovered a sophisticated mobile-based fraud operation distributing a malicious “RTO Challan / e-Challan” Android application | APT blog | |
| 13.12.25 | APT PROFILE – GROUP 123 | Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and | APT blog | |
| 13.12.25 | Holiday Hardware Hacking Gift Guide | Small, portable, and customizable hardware used for a wide variety of hacking tasks has become increasingly popular in the past few years. Since the release of the FlipperZero in 2022, many projects have been created to enable the same features available on the FlipperZero using less expensive hacking devices that support a wide range of functionality. | Hacking blog | Eclypsium |
| 13.12.25 | Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack | The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. | Hacking blog | Microsoft blog |
| 13.12.25 | Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know | CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). | Vulnerebility blog | |
| 13.12.25 | AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows | In this blog entry, Trend™ Research provides a comprehensive breakdown of GhostPenguin, a previously undocumented Linux backdoor with low detection rates that was discovered through AI-powered threat hunting and in-depth malware analysis. | AI blog | |
| 13.12.25 | Trend Vision One™ Stacks Up Against Scattered Spider and Mustang Panda in 2025 MITRE ATT&CK® Evaluations | Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations. | APT blog | |
| 13.12.25 | Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security | The integration between Trend Vision One and Security Hub CSPM is exactly that, two powerful platforms enhancing each other to keep your AWS infrastructure protected. | Cyber blog | |
| 13.12.25 | SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics | In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform. | Phishing blog | |
| 13.12.25 | CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation | CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise. | Vulnerebility blog | |
| 13.12.25 | Understanding SalatStealer: A Threat Actor’s Golang Stealer Toolset | This week, SonicWall Capture Labs Threat Research Team analyzed a sample of SalatStealer. This is a Golang malware capable of infiltrating a system and enumerating through browsers, files, cryptowallets and systems while embedding a complete array of monitoring tools to push and pull any data on disk. | Malware blog | SonicWall |
| 13.12.25 | Microsoft Security Bulletin Coverage for December 2025 | Microsoft’s December 2025 Patch Tuesday has 55 vulnerabilities, of which 27 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2025 and has produced coverage for 7 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 13.12.25 | Underground Sharp Infostealer Dev Sells Modded Gremlin Source Code | The SonicWall Capture Labs Threat Research Team has recently been tracking infostealer malware stemming from the Sharp malware family. While analyzing a variant of Sharp infostealer, we came across a reference to a Telegram channel that leads to a person claiming to be the developer of this malware. | Malware blog | SonicWall |
| 13.12.25 | React2Shell (CVE-2025-55182) Critical Unauthenticated RCE | SonicWall Capture Labs’ threat research team became aware of CVE-2025-55182 (React2Shell), assessed its impact and developed mitigation measures. React2Shell is a critical, unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) in React 19.0.0 through 19.2.0 | Vulnerebility blog | SonicWall |
| 13.12.25 | Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite | In recent months, we have been analyzing the activity of an advanced persistent threat (APT) known for its espionage activities against Arabic-speaking government entities. We track this Middle Eastern threat actor as Ashen Lepus (aka WIRTE). | Malware blog | Palo Alto |
| 13.12.25 | 01flip: Multi-Platform Ransomware Written in Rust | In June 2025, we observed a new ransomware family named 01flip targeting a limited set of victims in the Asia-Pacific region. 01flip ransomware is fully written in the Rust programming language and supports multi-platform architectures by leveraging the cross-compilation feature of Rust. | Ransom blog | |
| 13.12.25 | New Prompt Injection Attack Vectors Through MCP Sampling | This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. | AI blog | |
| 13.12.25 | Exploitation of Critical Vulnerability in React Server Components | Unit 42 has identified activity that reportedly shares overlap with North Korean (DPRK) Contagious Interview tooling, though no formal attribution has occurred at this time. Contagious Interview is a campaign where threat actors associated with the DPRK pose as recruiters to install malware on the devices of job seekers in the tech industry. | APT blog | |
| 13.12.25 | Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits | Check Point Research (CPR) presents a full dissection of the widely used ValleyRAT backdoor, also known as Winos/Winos4.0, covering its modular architecture and plugin system. | Malware blog | CHECKPOINT |
| 13.12.25 | New BYOVD loader behind DeadLock ransomware attack | Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks. | Ransom blog | |
| 13.12.25 | One newsletter to rule them all | Hazel embarks on a creative fitness journey, virtually crossing Middle-earth via The Conqueror app while sharing key cybersecurity insights. | Cyber blog | |
| 13.12.25 | Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities | The Patch Tuesday for December of 2025 includes 57 vulnerabilities, including two that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Microsoft assessed that exploitation of the two “critical” vulnerabilities is “less likely.” | Vulnerebility blog | |
| 13.12.25 | New in Snort3: Enhanced rule grouping for greater flexibility and control | Today, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall to give you greater flexibility in how you manage, organize, and prioritize detection rules. | Cyber blog | |
| 13.12.25 | Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p | Vulnerebility blog | |
| 13.12.25 | Your year-end infosec wrapped | Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. | Exploit blog | CISCO TALOS |
| 13.12.25 | Black Hat Europe 2025: Was that device designed to be on the internet at all? | Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found | Cyber blog | |
| 13.12.25 | Black Hat Europe 2025: Reputation matters – even in the ransomware economy | Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims | Cyber blog | |
| 13.12.25 | Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity | If you don’t look inside your environment, you can’t know its true state – and attackers count on that | Cyber blog | |
| 13.12.25 | Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece | Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. | Hacking blog | Eset |
| 13.12.25 | The big catch: How whaling attacks target top executives | Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe. | Hacking blog | Eset |
| 13.12.25 | A look at an Android ITW DNG exploit | Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. | Exploit blog | Project Zero |
| 13.12.25 | Silent Domain Hijack: Detecting DCSync with Trellix NDR | This blog provides a step-by-step breakdown of DCSync attacks, covering privilege escalation and replication requests. It also includes real-world command examples using tools like Mimikatz to carry out the attack and detection strategies that go beyond signature-based methods to detect behavioural anomalies in replication traffic. | Hacking blog | Trelix |
| 13.12.25 | Dark Web Roast – November 2025 Edition | The new security threat is speed. Learn why you must pause, verify, and secure your systems before deploying any AI-generated code. | Cyber blog | Trelix |
| 13.12.25 | Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads | Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based | Virus | The Hacker News |
| 13.12.25 | New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale | Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at | AI | The Hacker News |
| 12.12.25 | Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work | The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas . | AI | The Hacker News |
| 12.12.25 | New React RSC Vulnerabilities Enable DoS and Source Code Exposure | The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code | Vulnerebility | The Hacker News |
| 12.12.25 | React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of | Exploit | The Hacker News |
| 12.12.25 | CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities ( | Exploit | The Hacker News |
| 12.12.25 | NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems | Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) | Virus | The Hacker News |
| 12.12.25 | WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor | An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020 . Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ashen Lepus . | Virus | The Hacker News |
| 12.12.25 | Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks | A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new | Exploit | The Hacker News |
| 12.12.25 | Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw | Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID " 466192044 ." | Exploit | The Hacker News |
| 12.12.25 | Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution | Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected | Exploit | The Hacker News |
| 12.12.25 | React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors | React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency | Virus | The Hacker News |
| 12.12.25 | .NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL | New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. | Vulnerebility | The Hacker News |
| 10.12.25 | Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling | Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption ( IDE ) protocol specification that could expose | Vulnerebility | The Hacker News |
| 10.12.25 | Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known | Vulnerebility | The Hacker News |
| 10.12.25 | Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days | Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of | Vulnerebility | The Hacker News |
| 10.12.25 | Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws | Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The | Vulnerebility | The Hacker News |
| 10.12.25 | North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware | Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components (RSC) to deliver a | Virus | The Hacker News |
| 10.12.25 | Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure | Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader , strengthening the previous assessment that the tool is offered to other | Virus | The Hacker News |
| 10.12.25 | Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading | The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side- | APT | The Hacker News |
| 10.12.25 | Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats | Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence (AI) capabilities to the web browser. To | AI | The Hacker News |
| 9.12.25 | STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware | Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565 . Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. T | Ransom | The Hacker News |
| 9.12.25 | Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data | Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer | Virus | The Hacker News |
| 9.12.25 | Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT | Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a | Virus | The Hacker News |
| 8.12.25 | Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features | Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher , as another upgraded version of ClayRat has been | Virus | The Hacker News |
| 8.12.25 | Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks | A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in | Exploit | The Hacker News |
| 8.12.25 | MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign | The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command- | APT | The Hacker News |
| 7.12.25 | React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable | Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. | Exploit | |
| 7.12.25 | New wave of VPN login attempts targets Palo Alto GlobalProtect portals | A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. | Security | |
| 7.12.25 | Barts Health NHS discloses data breach after Oracle zero-day hack | Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. | Incindent | |
| 7.12.25 | FBI warns of virtual kidnapping scams using altered social media photos | The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. | Spam | |
| 7.12.25 | A Practical Guide to Continuous Attack Surface Visibility | Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface visibility. | Attack | |
| 7.12.25 | EU fines X $140 million over deceptive blue checkmarks | The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). | Social | |
| 7.12.25 | Cloudflare blames today's outage on React2Shell mitigations | Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. | Vulnerebility | |
| 7.12.25 | Pharma firm Inotiv discloses data breach after ransomware attack | American pharmaceutical firm Inotiv is notifying thousands of people that they're personal information was stolen in an August 2025 ransomware attack. | Ransom | |
| 7.12.25 | Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets | Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025. | Attack blog | CLOUDFARE |
| 7.12.25 | Smile, You’re on Camera: A Live Stream from Inside Lazarus Group’s IT Workers Scheme | his work is a collaboration between Mauro Eldritch from BCA LTD, a company dedicated to threat intelligence and hunting, Heiner García from NorthScan, a threat intelligence initiative uncovering North Korean IT worker infiltration, and ANY.RUN, the leading company in malware analysis and threat intelligence. | APT blog | ANYRUN |
| 7.12.25 | Analysing a malvertising attack targeting business Google accounts intercepted by Push | Our browser-based security platform recently intercepted a malvertising attack against Push customers. This attack was notable in that it used malvertising via Google Search as the delivery vector, circumventing email-based security controls. Here’s our breakdown. | Malware blog | PUSHSECURITY |
| 7.12.25 | Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts | We recently investigated a large-scale phishing campaign that demonstrated a number of advanced detection evasion techniques and social engineering tactics, specifically targeting accounts used to manage business ads. Here’s what you need to know. | Phishing blog | PUSHSECURITY |
| 7.12.25 | Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks | Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection | AI | The Hacker News |
| 7.12.25 | Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities ( KEV ) catalog following reports of active exploitation in the wild. | Exploit | The Hacker News |
| 7.12.25 | Critical React2Shell flaw actively exploited in China-linked attacks | Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. | APT | |
| 7.12.25 | Cloudflare down, websites offline with 500 Internal Server Error | Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare is investigating the reports. | Security | |
| 7.12.25 | Hackers are exploiting ArrayOS AG VPN flaw to plant webshells | Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. | Exploit | |
| 7.12.25 | Predator spyware uses new infection vector for zero-click attacks | The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement. | Virus | |
| 7.12.25 | CISA warns of Chinese "BrickStorm" malware attacks on VMware servers | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. | Virus | |
| 7.12.25 | Critical React, Next.js flaw lets hackers execute code on servers | A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. | Vulnerebility | |
| 7.12.25 | How strong password policies secure OT systems against cyber threats | OT environments rely on aging systems, shared accounts, and remote access, making weak or reused passwords a major attack vector. Specops Software explains how stronger password policies and continuous checks for compromised credentials help secure critical OT infrastructure. | Cyber | |
| 7.12.25 | Microsoft 365 license check bug blocks desktop app downloads | Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. | Security | |
| 7.12.25 | Marquis data breach impacts over 74 US banks, credit unions | Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. | Incindent | |
| 7.12.25 | Critical flaw in WordPress add-on for Elementor exploited in attacks | Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. | Vulnerebility | |
| 7.12.25 | French DIY retail giant Leroy Merlin discloses a data breach | Leroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised. | Incindent | |
| 7.12.25 | Freedom Mobile discloses data breach exposing customer data | Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. | Incindent | |
| 7.12.25 | Russia blocks Roblox over distribution of LGBT "propaganda" | Roskomnadzor, Russia's telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials. | BigBrothers | |
| 7.12.25 | Google expands Android scam protection feature to Chase, Cash App in U.S. | Google is expanding support for its Android's in-call scam protection to multiple banks and financial applications in the United States. | Spam | |
| 7.12.25 | Microsoft "mitigates" Windows LNK flaw exploited as zero-day | Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. | Exploit | |
| 7.12.25 | Deep dive into DragonForce ransomware and its Scattered Spider connection | DragonForce expanded its ransomware operation in 2025 by working with English-speaking hackers known for advanced social engineering and initial access. Acronis explains how the "Scattered Spider" collaboration enables coordinated, multistage intrusions across major environments. | Ransom | |
|
6.12.25 |
Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack | In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second. | BotNet | |
|
6.12.25 |
University of Phoenix discloses data breach after Oracle hack | The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. | Incindent | |
|
6.12.25 |
Korea arrests suspects selling intimate videos from hacked IP cameras | The Korean National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and then selling stolen footage to a foreign adult site. | CyberCrime | |
|
6.12.25 |
FTC settlement requires Illuminate to delete unnecessary student data | The Federal Trade Commission (FTC) is proposing that education technology provider Illuminate Education to delete unnecessary student data and improve its security to settle allegations related to an incident in 2021 that exposed info of 10 million students. | BigBrothers | |
|
6.12.25 |
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets | The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. | Virus | |
|
6.12.25 |
Microsoft Defender portal outage disrupts threat hunting alerts | Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities, including threat hunting alerts. | Security | |
|
6.12.25 |
Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure | Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service" economy lowers the barrier to entry and gives low-skill attackers on-demand access to advanced capabilities. | CyberCrime | |
|
6.12.25 |
North Korea lures engineers to rent identities in fake IT worker scheme | In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. | APT | |
|
6.12.25 |
Google fixes two Android zero days exploited in attacks, 107 flaws | Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. | OS | |
|
6.12.25 |
Fake Calendly invites spoof top brands to hijack ad manager accounts | An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. | Hack | |
|
6.12.25 |
Microsoft: KB5070311 triggers File Explorer white flash in dark mode | Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. | Incindent | |
|
6.12.25 |
University of Pennsylvania confirms new data breach after Oracle hack | The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. | Incindent | |
|
6.12.25 |
Windows 11 KB5070311 update fixes File Explorer freezes, search issues | Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. | OS | |
|
6.12.25 |
Glassworm malware returns in third wave of malicious VS Code packages | The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. | Virus | |
|
6.12.25 |
SmartTube YouTube app for Android TV breached to push malicious update | The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. | Virus | |
|
6.12.25 |
Microsoft says new Outlook can't open some Excel attachments | South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. | Incindent | |
|
6.12.25 |
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails | A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive | Hack | The Hacker News |
|
6.12.25 |
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch | A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity ( XXE ) injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on | Vulnerebility | The Hacker News |
|
6.12.25 |
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability | Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public | Vulnerebility | The Hacker News |
|
6.12.25 |
|
Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment |
||
|
6.12.25 |
In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workflows to |
|||
|
6.12.25 |
FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries |
|||
|
6.12.25 |
FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication. |
|||
|
6.12.25 |
|
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving. |
||
|
6.12.25 |
|
Google Threat Intelligence Group's findings on adversarial misuse of AI, including Gemini and other non-Google tools. |
||
|
6.12.25 |
Australia’s National AI Plan sets a roadmap for innovation, safety, and workforce readiness, shaping the nation’s long-term approach to responsible AI adoption. |
|||
|
6.12.25 |
V3G4 Botnet Evolves: From DDoS to Covert Cryptomining |
CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer. |
||
|
6.12.25 |
Ransomware and Supply Chain Attacks Neared Records in November |
Ransomware and supply chain attacks hit their second-highest levels ever in November, and the attack types are overlapping in concerning ways. |
||
|
6.12.25 |
South Africa Aligns Local Realities with Global Cybersecurity Standards |
South Africa shifts to a culturally informed, locally grounded cybersecurity strategy to combat rising threats and strengthen national digital resilience. |
||
|
6.12.25 |
Operation DupeHike : UNG0902 targets Russian employees with DUPERUNNER and AdaptixC2 |
Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... |
||
|
6.12.25 |
EXECUTIVE SUMMARY November 2025 witnessed a dynamic reshaping of the ransomware landscape, characterized by shifts in group activity and the evolution of attack |
|||
|
6.12.25 |
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases |
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious actors targeting both organizations |
||
|
6.12.25 |
APT36 Python Based ELF Malware Targeting Indian Government Entities |
EXECUTIVE SUMMARY CYFIRMA has uncovered an active cyber-espionage campaign conducted by APT36 (Transparent Tribe), a Pakistan-based threat actor known for persistent |
||
|
6.12.25 |
Strengthening Telecom Security in a Voluntary Compliance Landscape |
The recent decision by the Federal Communications Commission to roll back cybersecurity rules for telecom companies, will reshape the regulatory landscape for U.S. telecom carriers. As of January 2025, telecom companies were required to complete annual attestations and structured risk-management plans. |
||
|
6.12.25 |
Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp |
Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil. |
||
|
6.12.25 |
Project View: A New Era of Prioritized and Actionable Cloud Security |
In today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management. |
||
|
6.12.25 |
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know |
CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). |
||
|
6.12.25 |
This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. |
|||
|
6.12.25 |
The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen |
Users can work from a wider range of locations and devices, accessing full “desktops” inside a browser tab. Organizations can manage apps and browser access easier than through localized desktop software. This all allows for greater central management, lower costs and better flexibility. |
||
|
6.12.25 |
Critical Vulnerabilities in React Server Components and Next.js |
On Dec. 3, 2025, researchers publicly disclosed critical remote code execution (RCE) vulnerabilities in the Flight protocol used by React Server Components (RSC). These vulnerabilities are tracked as CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), which have been assigned a maximum severity rating of CVSS 10.0. |
||
|
6.12.25 |
CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration |
OpenAI Codex CLI is OpenAI’s command-line tool that brings AI model-backed reasoning into developer workflows. It can read, edit, and run code directly from the terminal, making it possible to interact with projects using natural language commands, automate tasks, and streamline day-to-day development One of its key features is MCP (Model Context Protocol) – a standardized way to integrate external tools and services into the Codex environment, allowing developers to extend the CLI’s capabilities with custom functionality and automated workflows. |
||
|
6.12.25 |
Generative AI is rapidly transforming cybersecurity for both defenders and attackers. This blog highlights current uses, emerging threats, and the evolving landscape as capabilities advance. |
|||
|
6.12.25 |
Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. |
|||
|
6.12.25 |
Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. |
|||
|
6.12.25 |
Do robots dream of secure networking? Teaching cybersecurity to AI systems |
This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. |
||
|
6.12.25 |
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p |
||
|
6.12.25 |
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture |
Identity is effectively the new network boundary. It must be protected at all costs. |
||
|
6.12.25 |
||||
|
6.12.25 |
Oversharing is not caring: What’s at stake if your employees post too much online |
|||
|
6.12.25 |
CVE-2025-55182: Critical Vulnerability, React2Shell, Allows for Unauthenticated RCE |
A critical vulnerability dubbed “React2Shell”, being tracked as CVE-2025-55182 with a CVSS score of 10.0, was recently discovered in React’s Server Components (RSC) that could allow for pre-authentication remote code execution |
||
|
6.12.25 |
Tracking RondoDox: Malware Exploiting Many IoT Vulnerabilities |
This month, we are looking into a relatively new threat actor who is attempting to distribute the RondoDox malware. It’s an interesting collection of residential IP addresses used for distribution, multi-platform malware, and shell scripts, along with intense targeting of IoT devices. |
||
|
6.12.25 |
In November 2025, security researchers at Cato Networks disclosed a novel indirect prompt injection technique they named ‘HashJack’. |
|||
|
6.12.25 |
The new security threat is speed. Learn why you must pause, verify, and secure your systems before deploying any AI-generated code. |
|||
| 5.12.25 | Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery | A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the | Virus | The Hacker News |
| 5.12.25 | CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored | Virus | The Hacker News |
| 5.12.25 | JPCERT Confirms Active Command Injection Attacks on Array AG Gateways | A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this | Hack | The Hacker News |
| 5.12.25 | Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China | The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine | Virus | The Hacker News |
| 4.12.25 | Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into Goldmines | A deep dive into GoldFactory’s evolving mobile fraud campaigns across APAC, including modified banking apps, new malware variants such as Gigaflower, shared criminal infrastructure, and insights from the Group-IB Fraud Matrix, with recommendations for organizations and end users. | Virus | GROUP-IB |
| 4.12.25 | Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp | Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil. | Phishing | Trend Micro |
| 4.12.25 | Critical Remote Code Execution (RCE) Vulnerabilities in React and Next.js | React (CVE-2025-55182) and Next.js (CVE-2025-66478) contain critical RCE vulnerabilities. Organizations should apply patches immediately. | Vulnerebility | ENDORLABS |
| 4.12.25 | GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections | Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, | Hack | The Hacker News |
| 4.12.25 | Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts | Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web | Attack | The Hacker News |
| 4.12.25 | Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution | A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, | Exploit | The Hacker News |
| 4.12.25 | Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation | Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates , according to | Exploit | The Hacker News |
| 4.12.25 | WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts | A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS | Hack | The Hacker News |
| 4.12.25 | Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud | The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and | Virus | The Hacker News |
| 3.12.25 | Retail giant Coupang data breach impacts 33.7 million customers | South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. | Incindent | |
| 3.12.25 | ShadyPanda browser extensions amass 4.3M installs in malicious campaign | A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. | APT | |
| 3.12.25 | Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic | Google is facing backlash on X after a viral post for its NotebookLM appeared to use a food blogger's work without credit. | AI | |
| 3.12.25 | Police takes down Cryptomixer cryptocurrency mixing service | Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder over €1.3 billion in Bitcoin since its launch in 2016. | Cryptocurrency | |
| 3.12.25 | Japanese beer giant Asahi says data breach hit 1.5 million people | Asahi Group Holdings, Japan's largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. | Incindent | |
| 3.12.25 | Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code | Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch | Vulnerebility | The Hacker News |
| 3.12.25 | Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems | Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to | Virus | The Hacker News |
| 3.12.25 | India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse | India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an | Mobil | The Hacker News |
| 3.12.25 | Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera | A joint investigation led by Mauro Eldritch, founder of BCA LTD , conducted together with threat-intel initiative NorthScan and ANY.RUN , a solution for interactive malware analysis and | APT | The Hacker News |
| 3.12.25 | GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools | The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating | Virus | The Hacker News |
| 3.12.25 | Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools | Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is | AI | The Hacker News |
| 3.12.25 | Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks | Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of | APT | The Hacker News |
| 2.12.25 | Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild | Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses | OS | The Hacker News |
| 2.12.25 | India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud | India's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on | BigBrothers | The Hacker News |
| 2.12.25 | ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware | A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions | Virus | The Hacker News |
| 2.12.25 | New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control | A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen | Virus | The Hacker News |
| 2.12.25 | Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets | The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish | BigBrothers | The Hacker News |
| 2.12.25 | CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities ( KEV ) catalog to include a security flaw impacting OpenPLC | Exploit | The Hacker News |