2025 January(178) February(102) March(349) April(412) May(435) June(471) July(395) August(189) September(431) October(494) November(510) December(210)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 17.12.25 | APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign | The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, | APT | The Hacker News |
| 17.12.25 | New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails | The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian | APT | The Hacker News |
| 17.12.25 | China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware | The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia | Virus | The Hacker News |
| 17.12.25 | GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads | A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate | Virus | The Hacker News |
| 17.12.25 | Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign | An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management ( IAM ) credentials to enable | Cryptocurrency | The Hacker News |
| 17.12.25 | Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data | Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency | Cryptocurrency | The Hacker News |
| 17.12.25 | Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure | Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. | BigBrothers | The Hacker News |
| 17.12.25 | Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass | Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it | Hack | The Hacker News |
| 17.12.25 | React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors | The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks | Exploit | The Hacker News |
| 17.12.25 | Google to Shut Down Dark Web Monitoring Tool in February 2026 | Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal | CyberCrime | The Hacker News |
| 17.12.25 | Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats | A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered | AI | The Hacker News |
| 17.12.25 | FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE | Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an | Vulnerebility | The Hacker News |
| 17.12.25 | A Browser Extension Risk Guide After the ShadyPanda Campaign | In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat | APT | The Hacker News |
| 15.12.25 | Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector | Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer | Virus | The Hacker News |
| 15.12.25 | VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption | The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from | Ransom | The Hacker News |
| 14.12.25 | Fake ‘One Battle After Another’ torrent hides malware in subtitles | A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. | Virus | |
| 14.12.25 | Kali Linux 2025.4 released with 3 new tools, desktop updates | Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support. | OS | |
| 14.12.25 | New Windows RasMan zero-day flaw gets free, unofficial patches | Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. | Vulnerebility | |
| 14.12.25 | CISA orders feds to patch actively exploited Geoserver flaw | CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. | Exploit | |
| 14.12.25 | MITRE shares 2025's top 25 most dangerous software weaknesses | MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. | Cyber | |
| 14.12.25 | MKVCinemas streaming piracy service with 142M visits shuts down | An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. | Incindent | |
| 14.12.25 | Brave browser starts testing agentic AI mode for automated tasks | Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user. | AI | |
| 14.12.25 | Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks | Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and sharing. | Exploit | |
| 14.12.25 | Notepad++ fixes flaw that let attackers push malicious update files | Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. | Virus | |
| 14.12.25 | Malicious VSCode Marketplace extensions hid trojan in fake PNG file | A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. | Virus | |
| 14.12.25 | UK fines LastPass over 2022 data breach impacting 1.6 million users | The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. | Incindent | |
| 14.12.25 | Microsoft bounty program now includes any flaw impacting its services | Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. | OS | |
| 14.12.25 | New ConsentFix attack hijacks Microsoft accounts via Azure CLI | A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. | Hack | |
| 14.12.25 | AI is accelerating cyberattacks. Is your network prepared? | AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. | AI | |
| 14.12.25 | Hackers exploit unpatched Gogs zero-day to breach 700 servers | An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. | Exploit | |
| 14.12.25 | Microsoft fixes Windows Explorer white flashes in dark mode | Microsoft has fixed a known issue that caused bright white flashes when launching File Explorer in dark mode on Windows 11 systems after installing the KB5070311 optional update. | OS | |
| 14.12.25 | Google fixes eighth Chrome zero-day exploited in attacks in 2025 | Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. | Vulnerebility | |
| 14.12.25 | Google ads for shared ChatGPT, Grok guides push macOS infostealer malware | A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer "helpful" instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. | Virus | BleepingComputer |
| 14.12.25 | New DroidLock malware locks Android devices and demands a ransom | A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. | Virus | |
| 14.12.25 | Microsoft Teams to warn of suspicious traffic with external domains | Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. | Social | |
| 14.12.25 | Over 10,000 Docker Hub images found leaking credentials, auth keys | More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. | Incindent | |
| 14.12.25 | Why a secure software development life cycle is critical for manufacturers | Recent supply-chain breaches show how attackers exploit development tools, compromised credentials, and malicious NPM packages to infiltrate manufacturing and production environments. Acronis explains why secure software development life cycle (SSDLC) practices are now critical for evaluating partners and protecting systems. | Cyber | |
| 14.12.25 | New Spiderman phishing service targets dozens of European banks | A new phishing kit called Spiderman is being used to target customers of dozens of European banks and cryptocurrency holders with pixel-perfect cloned sites impersonating brands and organizations. | Phishing | |
| 14.12.25 | Ukrainian hacker charged with helping Russian hacktivist groups | U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. | BigBrothers | |
| 14.12.25 | CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited | Exploit | The Hacker News |
| 14.12.25 | Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild | Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in | Exploit | The Hacker News |
| 13.12.25 | SAP fixes three critical vulnerabilities across multiple products | SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. | Vulnerebility | |
| 13.12.25 | Windows PowerShell now warns when running Invoke-WebRequest scripts | Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executingExploit | OS | |
| 13.12.25 | Microsoft releases Windows 10 KB5071546 extended security update | Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. | OS | |
| 13.12.25 | Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws | Microsoft's December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. | OS | |
| 13.12.25 | Fortinet warns of critical FortiCloud SSO login auth bypass flaws | Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. | Vulnerebility | |
| 13.12.25 | Windows 11 KB5072033 & KB5071417 cumulative updates released | Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. | OS | |
| 13.12.25 | Ivanti warns of critical Endpoint Manager code execution flaw | American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. | Vulnerebility | |
| 13.12.25 | Maintaining enterprise IT hygiene using Wazuh SIEM/XDR | Poor IT hygiene, such as unused accounts, outdated software, and risky extensions, creates hidden exposure in your infrastructure. Wazuh, the open-source XDR and SIEM, shows how continuous inventory monitoring across endpoints helps teams spot drift and tighten security. | Cyber | |
| 13.12.25 | Spain arrests teen who stole 64 million personal data records | The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. | Incindent | |
| 13.12.25 | North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks | A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. | Virus | |
| 13.12.25 | Ransomware IAB abuses EDR for stealthy malware execution | An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. | Ransom | |
| 13.12.25 | Ransomware gangs turn to Shanya EXE packer to hide EDR killers | Several ransomware groups have been spotted using a packer-as-a-service (PaaS) platform named Shanya to assist in EDR (endpoint detection and response) killing operations. | Ransom | |
| 13.12.25 | Malicious VSCode extensions on Microsoft's registry drop infostealers | Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions. | Virus | |
| 13.12.25 | FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024 | A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. | Ransom | |
| 13.12.25 | Poland arrests Ukrainians utilizing 'advanced' hacking equipment | The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining "computer data of particular importance to national defense." | BigBrothers | |
| 13.12.25 | Google Chrome adds new security layer for Gemini AI agentic browsing | Google Chrome is introducing a new security architecture designed to protect upcoming agentic AI browsing features powered by Gemini. | AI | |
| 13.12.25 | How Agentic BAS AI Turns Threat Headlines Into Defense Strategies | Picus Security explains why relying on LLM-generated attack scripts is risky and how an agentic approach maps real threat intel to safe, validated TTPs. Their breakdown shows how teams can turn headline threats into reliable defense checks without unsafe automation. | AI | |
| 13.12.25 | Portugal updates cybercrime law to exempt security researchers | Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. | CyberCrime | |
| 13.12.25 | Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary | Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits a high level of technical sophistication, advanced operations security (OPSEC) skills, and extensive knowledge of cloud and virtual machine (VM) environments. | APT blog | CROWDTRIKE |
| 13.12.25 | Falcon Shield Evolves with AI Agent Visibility and Falcon Next-Gen SIEM Integration | CrowdStrike Falcon Shield will provide a centralized view of AI agents across applications and now integrates first-party SaaS telemetry into Falcon Next-Gen SIEM. | AI blog | CROWDTRIKE |
| 13.12.25 | A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up | Vulnerebility blog | SOPHOS | |
| 13.12.25 | React2Shell flaw (CVE-2025-55182) exploited for remote code execution | The availability of exploit code will likely lead to more widespread opportunistic attacks | Vulnerebility blog | SOPHOS |
| 13.12.25 | GOLD SALEM tradecraft for deploying Warlock ransomware | Analysis of the tradecraft evolution across 6 months and 11 incidents | Ransom blog | SOPHOS |
| 13.12.25 | Inside Shanya, a packer-as-a-service fueling modern attacks | The ransomware scene gains another would-be EDR killer | Ransom blog | SOPHOS |
| 13.12.25 | Sharpening the knife: GOLD BLADE’s strategic evolution | Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a | APT blog | SOPHOS |
| 13.12.25 | Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl | FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value. | Cyber blog | FORTINET |
| 13.12.25 | Cyber attacks against the United States are no longer isolated events or technical headaches. They ... | Cyber blog | CHECKPOINT | |
| 13.12.25 | The hyperconnected world has made it easier than ever for businesses and consumers to exchange | Phishing blog | CHECKPOINT | |
| 13.12.25 | In November 2025, global cyber activity continued its upward trend, with organizations experiencing an average ... | Ransom blog | CHECKPOINT | |
| 13.12.25 | New NIS-2 Law in Germany Expands Cybersecurity Oversight and Introduces Heavy Fines | The NIS-2 Implementation Act in Germany increases oversight, executive accountability, and penalties while organizations prepare for compliance. | BigBrother blog | |
| 13.12.25 | The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes | This week’s report looks at 12 IT and 6 ICS vulnerabilities at high risk of exploitation, affecting both consumer and enterprise environments. | Vulnerebility blog | |
| 13.12.25 | Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability | React2Shell (CVE-2025-55182) was exploited within minutes by China-nexus groups, exposing critical weaknesses in React Server Components. | Vulnerebility blog | |
| 13.12.25 | Deceptive Layoff-Themed HR Email Distributes Remcos RAT Malware | Over the past few months, job economy has been marked by uncertainty, with constant news about layoffs, restructuring, hiring freezes, and aggressive cost-cutting measures. This atmosphere has created widespread anxiety among both employees and organizations, and cybercriminals have quickly... | Malware blog | |
| 13.12.25 | Operation MoneyMount-ISO — Deploying Phantom Stealer via ISO-Mounted Executables | Table of Contents: Introduction: Targeted sectors: Initial Findings about Campaign: Analysis of Phishing Mail: Infection Chain: Technical Analysis: Stage-1: Analysis of Malicious ISO file. Stage-2: Analysis of Executable. Analysis of 1st Payload Analysis of 2nd Payload (Phantom Stealer) Conclusion:... | APT blog | Seqrite |
| 13.12.25 | Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia | Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia Contents Introduction Key Targets Geographical Focus Industries Affected LNK Cluster Initial Access: Archive Delivery Phishing Email and Decoys Malicious LNK and HTA Loader Obfuscated PowerShell Payload CVE Cluster Phishing Emails Chaining... | APT blog | Seqrite |
| 13.12.25 | NexusRoute: Attempting to Disrupt an Indian Government Ministry | EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors, targeting both organizations | Malware blog | |
| 13.12.25 | RTO Challan Fraud: A Technical Report on APK-Based Financial and Identity Theft | EXECUTIVE SUMMARY CYFRIMA’s research team uncovered a sophisticated mobile-based fraud operation distributing a malicious “RTO Challan / e-Challan” Android application | APT blog | |
| 13.12.25 | APT PROFILE – GROUP 123 | Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and | APT blog | |
| 13.12.25 | Holiday Hardware Hacking Gift Guide | Small, portable, and customizable hardware used for a wide variety of hacking tasks has become increasingly popular in the past few years. Since the release of the FlipperZero in 2022, many projects have been created to enable the same features available on the FlipperZero using less expensive hacking devices that support a wide range of functionality. | Hacking blog | Eclypsium |
| 13.12.25 | Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack | The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. | Hacking blog | Microsoft blog |
| 13.12.25 | Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know | CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). | Vulnerebility blog | |
| 13.12.25 | AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows | In this blog entry, Trend™ Research provides a comprehensive breakdown of GhostPenguin, a previously undocumented Linux backdoor with low detection rates that was discovered through AI-powered threat hunting and in-depth malware analysis. | AI blog | |
| 13.12.25 | Trend Vision One™ Stacks Up Against Scattered Spider and Mustang Panda in 2025 MITRE ATT&CK® Evaluations | Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations. | APT blog | |
| 13.12.25 | Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security | The integration between Trend Vision One and Security Hub CSPM is exactly that, two powerful platforms enhancing each other to keep your AWS infrastructure protected. | Cyber blog | |
| 13.12.25 | SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics | In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform. | Phishing blog | |
| 13.12.25 | CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation | CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise. | Vulnerebility blog | |
| 13.12.25 | Understanding SalatStealer: A Threat Actor’s Golang Stealer Toolset | This week, SonicWall Capture Labs Threat Research Team analyzed a sample of SalatStealer. This is a Golang malware capable of infiltrating a system and enumerating through browsers, files, cryptowallets and systems while embedding a complete array of monitoring tools to push and pull any data on disk. | Malware blog | SonicWall |
| 13.12.25 | Microsoft Security Bulletin Coverage for December 2025 | Microsoft’s December 2025 Patch Tuesday has 55 vulnerabilities, of which 27 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2025 and has produced coverage for 7 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 13.12.25 | Underground Sharp Infostealer Dev Sells Modded Gremlin Source Code | The SonicWall Capture Labs Threat Research Team has recently been tracking infostealer malware stemming from the Sharp malware family. While analyzing a variant of Sharp infostealer, we came across a reference to a Telegram channel that leads to a person claiming to be the developer of this malware. | Malware blog | SonicWall |
| 13.12.25 | React2Shell (CVE-2025-55182) Critical Unauthenticated RCE | SonicWall Capture Labs’ threat research team became aware of CVE-2025-55182 (React2Shell), assessed its impact and developed mitigation measures. React2Shell is a critical, unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) in React 19.0.0 through 19.2.0 | Vulnerebility blog | SonicWall |
| 13.12.25 | Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite | In recent months, we have been analyzing the activity of an advanced persistent threat (APT) known for its espionage activities against Arabic-speaking government entities. We track this Middle Eastern threat actor as Ashen Lepus (aka WIRTE). | Malware blog | Palo Alto |
| 13.12.25 | 01flip: Multi-Platform Ransomware Written in Rust | In June 2025, we observed a new ransomware family named 01flip targeting a limited set of victims in the Asia-Pacific region. 01flip ransomware is fully written in the Rust programming language and supports multi-platform architectures by leveraging the cross-compilation feature of Rust. | Ransom blog | |
| 13.12.25 | New Prompt Injection Attack Vectors Through MCP Sampling | This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. | AI blog | |
| 13.12.25 | Exploitation of Critical Vulnerability in React Server Components | Unit 42 has identified activity that reportedly shares overlap with North Korean (DPRK) Contagious Interview tooling, though no formal attribution has occurred at this time. Contagious Interview is a campaign where threat actors associated with the DPRK pose as recruiters to install malware on the devices of job seekers in the tech industry. | APT blog | |
| 13.12.25 | Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits | Check Point Research (CPR) presents a full dissection of the widely used ValleyRAT backdoor, also known as Winos/Winos4.0, covering its modular architecture and plugin system. | Malware blog | CHECKPOINT |
| 13.12.25 | New BYOVD loader behind DeadLock ransomware attack | Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks. | Ransom blog | |
| 13.12.25 | One newsletter to rule them all | Hazel embarks on a creative fitness journey, virtually crossing Middle-earth via The Conqueror app while sharing key cybersecurity insights. | Cyber blog | |
| 13.12.25 | Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities | The Patch Tuesday for December of 2025 includes 57 vulnerabilities, including two that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Microsoft assessed that exploitation of the two “critical” vulnerabilities is “less likely.” | Vulnerebility blog | |
| 13.12.25 | New in Snort3: Enhanced rule grouping for greater flexibility and control | Today, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall to give you greater flexibility in how you manage, organize, and prioritize detection rules. | Cyber blog | |
| 13.12.25 | Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p | Vulnerebility blog | |
| 13.12.25 | Your year-end infosec wrapped | Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. | Exploit blog | CISCO TALOS |
| 13.12.25 | Black Hat Europe 2025: Was that device designed to be on the internet at all? | Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found | Cyber blog | |
| 13.12.25 | Black Hat Europe 2025: Reputation matters – even in the ransomware economy | Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims | Cyber blog | |
| 13.12.25 | Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity | If you don’t look inside your environment, you can’t know its true state – and attackers count on that | Cyber blog | |
| 13.12.25 | Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece | Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. | Hacking blog | Eset |
| 13.12.25 | The big catch: How whaling attacks target top executives | Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe. | Hacking blog | Eset |
| 13.12.25 | A look at an Android ITW DNG exploit | Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. | Exploit blog | Project Zero |
| 13.12.25 | Silent Domain Hijack: Detecting DCSync with Trellix NDR | This blog provides a step-by-step breakdown of DCSync attacks, covering privilege escalation and replication requests. It also includes real-world command examples using tools like Mimikatz to carry out the attack and detection strategies that go beyond signature-based methods to detect behavioural anomalies in replication traffic. | Hacking blog | Trelix |
| 13.12.25 | Dark Web Roast – November 2025 Edition | The new security threat is speed. Learn why you must pause, verify, and secure your systems before deploying any AI-generated code. | Cyber blog | Trelix |
| 13.12.25 | Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads | Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based | Virus | The Hacker News |
| 13.12.25 | New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale | Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at | AI | The Hacker News |
| 12.12.25 | Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work | The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas . | AI | The Hacker News |
| 12.12.25 | New React RSC Vulnerabilities Enable DoS and Source Code Exposure | The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code | Vulnerebility | The Hacker News |
| 12.12.25 | React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of | Exploit | The Hacker News |
| 12.12.25 | CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities ( | Exploit | The Hacker News |
| 12.12.25 | NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems | Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) | Virus | The Hacker News |
| 12.12.25 | WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor | An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020 . Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ashen Lepus . | Virus | The Hacker News |
| 12.12.25 | Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks | A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new | Exploit | The Hacker News |
| 12.12.25 | Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw | Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID " 466192044 ." | Exploit | The Hacker News |
| 12.12.25 | Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution | Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected | Exploit | The Hacker News |
| 12.12.25 | React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors | React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency | Virus | The Hacker News |
| 12.12.25 | .NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL | New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. | Vulnerebility | The Hacker News |
| 10.12.25 | Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling | Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption ( IDE ) protocol specification that could expose | Vulnerebility | The Hacker News |
| 10.12.25 | Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known | Vulnerebility | The Hacker News |
| 10.12.25 | Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days | Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of | Vulnerebility | The Hacker News |
| 10.12.25 | Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws | Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The | Vulnerebility | The Hacker News |
| 10.12.25 | North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware | Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components (RSC) to deliver a | Virus | The Hacker News |
| 10.12.25 | Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure | Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader , strengthening the previous assessment that the tool is offered to other | Virus | The Hacker News |
| 10.12.25 | Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading | The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side- | APT | The Hacker News |
| 10.12.25 | Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats | Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence (AI) capabilities to the web browser. To | AI | The Hacker News |
| 9.12.25 | STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware | Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565 . Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. T | Ransom | The Hacker News |
| 9.12.25 | Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data | Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer | Virus | The Hacker News |
| 9.12.25 | Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT | Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a | Virus | The Hacker News |
| 8.12.25 | Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features | Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher , as another upgraded version of ClayRat has been | Virus | The Hacker News |
| 8.12.25 | Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks | A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in | Exploit | The Hacker News |
| 8.12.25 | MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign | The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command- | APT | The Hacker News |
| 7.12.25 | React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable | Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. | Exploit | |
| 7.12.25 | New wave of VPN login attempts targets Palo Alto GlobalProtect portals | A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. | Security | |
| 7.12.25 | Barts Health NHS discloses data breach after Oracle zero-day hack | Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. | Incindent | |
| 7.12.25 | FBI warns of virtual kidnapping scams using altered social media photos | The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. | Spam | |
| 7.12.25 | A Practical Guide to Continuous Attack Surface Visibility | Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface visibility. | Attack | |
| 7.12.25 | EU fines X $140 million over deceptive blue checkmarks | The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). | Social | |
| 7.12.25 | Cloudflare blames today's outage on React2Shell mitigations | Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. | Vulnerebility | |
| 7.12.25 | Pharma firm Inotiv discloses data breach after ransomware attack | American pharmaceutical firm Inotiv is notifying thousands of people that they're personal information was stolen in an August 2025 ransomware attack. | Ransom | |
| 7.12.25 | Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets | Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025. | Attack blog | CLOUDFARE |
| 7.12.25 | Smile, You’re on Camera: A Live Stream from Inside Lazarus Group’s IT Workers Scheme | his work is a collaboration between Mauro Eldritch from BCA LTD, a company dedicated to threat intelligence and hunting, Heiner García from NorthScan, a threat intelligence initiative uncovering North Korean IT worker infiltration, and ANY.RUN, the leading company in malware analysis and threat intelligence. | APT blog | ANYRUN |
| 7.12.25 | Analysing a malvertising attack targeting business Google accounts intercepted by Push | Our browser-based security platform recently intercepted a malvertising attack against Push customers. This attack was notable in that it used malvertising via Google Search as the delivery vector, circumventing email-based security controls. Here’s our breakdown. | Malware blog | PUSHSECURITY |
| 7.12.25 | Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts | We recently investigated a large-scale phishing campaign that demonstrated a number of advanced detection evasion techniques and social engineering tactics, specifically targeting accounts used to manage business ads. Here’s what you need to know. | Phishing blog | PUSHSECURITY |
| 7.12.25 | Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks | Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection | AI | The Hacker News |
| 7.12.25 | Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities ( KEV ) catalog following reports of active exploitation in the wild. | Exploit | The Hacker News |
| 7.12.25 | Critical React2Shell flaw actively exploited in China-linked attacks | Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. | APT | |
| 7.12.25 | Cloudflare down, websites offline with 500 Internal Server Error | Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare is investigating the reports. | Security | |
| 7.12.25 | Hackers are exploiting ArrayOS AG VPN flaw to plant webshells | Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. | Exploit | |
| 7.12.25 | Predator spyware uses new infection vector for zero-click attacks | The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement. | Virus | |
| 7.12.25 | CISA warns of Chinese "BrickStorm" malware attacks on VMware servers | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. | Virus | |
| 7.12.25 | Critical React, Next.js flaw lets hackers execute code on servers | A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. | Vulnerebility | |
| 7.12.25 | How strong password policies secure OT systems against cyber threats | OT environments rely on aging systems, shared accounts, and remote access, making weak or reused passwords a major attack vector. Specops Software explains how stronger password policies and continuous checks for compromised credentials help secure critical OT infrastructure. | Cyber | |
| 7.12.25 | Microsoft 365 license check bug blocks desktop app downloads | Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. | Security | |
| 7.12.25 | Marquis data breach impacts over 74 US banks, credit unions | Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. | Incindent | |
| 7.12.25 | Critical flaw in WordPress add-on for Elementor exploited in attacks | Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. | Vulnerebility | |
| 7.12.25 | French DIY retail giant Leroy Merlin discloses a data breach | Leroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised. | Incindent | |
| 7.12.25 | Freedom Mobile discloses data breach exposing customer data | Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. | Incindent | |
| 7.12.25 | Russia blocks Roblox over distribution of LGBT "propaganda" | Roskomnadzor, Russia's telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials. | BigBrothers | |
| 7.12.25 | Google expands Android scam protection feature to Chase, Cash App in U.S. | Google is expanding support for its Android's in-call scam protection to multiple banks and financial applications in the United States. | Spam | |
| 7.12.25 | Microsoft "mitigates" Windows LNK flaw exploited as zero-day | Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. | Exploit | |
| 7.12.25 | Deep dive into DragonForce ransomware and its Scattered Spider connection | DragonForce expanded its ransomware operation in 2025 by working with English-speaking hackers known for advanced social engineering and initial access. Acronis explains how the "Scattered Spider" collaboration enables coordinated, multistage intrusions across major environments. | Ransom | |
|
6.12.25 |
Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack | In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second. | BotNet | |
|
6.12.25 |
University of Phoenix discloses data breach after Oracle hack | The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. | Incindent | |
|
6.12.25 |
Korea arrests suspects selling intimate videos from hacked IP cameras | The Korean National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and then selling stolen footage to a foreign adult site. | CyberCrime | |
|
6.12.25 |
FTC settlement requires Illuminate to delete unnecessary student data | The Federal Trade Commission (FTC) is proposing that education technology provider Illuminate Education to delete unnecessary student data and improve its security to settle allegations related to an incident in 2021 that exposed info of 10 million students. | BigBrothers | |
|
6.12.25 |
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets | The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. | Virus | |
|
6.12.25 |
Microsoft Defender portal outage disrupts threat hunting alerts | Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities, including threat hunting alerts. | Security | |
|
6.12.25 |
Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure | Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service" economy lowers the barrier to entry and gives low-skill attackers on-demand access to advanced capabilities. | CyberCrime | |
|
6.12.25 |
North Korea lures engineers to rent identities in fake IT worker scheme | In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. | APT | |
|
6.12.25 |
Google fixes two Android zero days exploited in attacks, 107 flaws | Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. | OS | |
|
6.12.25 |
Fake Calendly invites spoof top brands to hijack ad manager accounts | An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. | Hack | |
|
6.12.25 |
Microsoft: KB5070311 triggers File Explorer white flash in dark mode | Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. | Incindent | |
|
6.12.25 |
University of Pennsylvania confirms new data breach after Oracle hack | The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. | Incindent | |
|
6.12.25 |
Windows 11 KB5070311 update fixes File Explorer freezes, search issues | Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. | OS | |
|
6.12.25 |
Glassworm malware returns in third wave of malicious VS Code packages | The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. | Virus | |
|
6.12.25 |
SmartTube YouTube app for Android TV breached to push malicious update | The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. | Virus | |
|
6.12.25 |
Microsoft says new Outlook can't open some Excel attachments | South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. | Incindent | |
|
6.12.25 |
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails | A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive | Hack | The Hacker News |
|
6.12.25 |
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch | A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity ( XXE ) injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on | Vulnerebility | The Hacker News |
|
6.12.25 |
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability | Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public | Vulnerebility | The Hacker News |
|
6.12.25 |
|
Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment |
||
|
6.12.25 |
In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workflows to |
|||
|
6.12.25 |
FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries |
|||
|
6.12.25 |
FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication. |
|||
|
6.12.25 |
|
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving. |
||
|
6.12.25 |
|
Google Threat Intelligence Group's findings on adversarial misuse of AI, including Gemini and other non-Google tools. |
||
|
6.12.25 |
Australia’s National AI Plan sets a roadmap for innovation, safety, and workforce readiness, shaping the nation’s long-term approach to responsible AI adoption. |
|||
|
6.12.25 |
V3G4 Botnet Evolves: From DDoS to Covert Cryptomining |
CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer. |
||
|
6.12.25 |
Ransomware and Supply Chain Attacks Neared Records in November |
Ransomware and supply chain attacks hit their second-highest levels ever in November, and the attack types are overlapping in concerning ways. |
||
|
6.12.25 |
South Africa Aligns Local Realities with Global Cybersecurity Standards |
South Africa shifts to a culturally informed, locally grounded cybersecurity strategy to combat rising threats and strengthen national digital resilience. |
||
|
6.12.25 |
Operation DupeHike : UNG0902 targets Russian employees with DUPERUNNER and AdaptixC2 |
Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... |
||
|
6.12.25 |
EXECUTIVE SUMMARY November 2025 witnessed a dynamic reshaping of the ransomware landscape, characterized by shifts in group activity and the evolution of attack |
|||
|
6.12.25 |
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases |
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious actors targeting both organizations |
||
|
6.12.25 |
APT36 Python Based ELF Malware Targeting Indian Government Entities |
EXECUTIVE SUMMARY CYFIRMA has uncovered an active cyber-espionage campaign conducted by APT36 (Transparent Tribe), a Pakistan-based threat actor known for persistent |
||
|
6.12.25 |
Strengthening Telecom Security in a Voluntary Compliance Landscape |
The recent decision by the Federal Communications Commission to roll back cybersecurity rules for telecom companies, will reshape the regulatory landscape for U.S. telecom carriers. As of January 2025, telecom companies were required to complete annual attestations and structured risk-management plans. |
||
|
6.12.25 |
Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp |
Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil. |
||
|
6.12.25 |
Project View: A New Era of Prioritized and Actionable Cloud Security |
In today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management. |
||
|
6.12.25 |
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know |
CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). |
||
|
6.12.25 |
This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. |
|||
|
6.12.25 |
The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen |
Users can work from a wider range of locations and devices, accessing full “desktops” inside a browser tab. Organizations can manage apps and browser access easier than through localized desktop software. This all allows for greater central management, lower costs and better flexibility. |
||
|
6.12.25 |
Critical Vulnerabilities in React Server Components and Next.js |
On Dec. 3, 2025, researchers publicly disclosed critical remote code execution (RCE) vulnerabilities in the Flight protocol used by React Server Components (RSC). These vulnerabilities are tracked as CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), which have been assigned a maximum severity rating of CVSS 10.0. |
||
|
6.12.25 |
CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration |
OpenAI Codex CLI is OpenAI’s command-line tool that brings AI model-backed reasoning into developer workflows. It can read, edit, and run code directly from the terminal, making it possible to interact with projects using natural language commands, automate tasks, and streamline day-to-day development One of its key features is MCP (Model Context Protocol) – a standardized way to integrate external tools and services into the Codex environment, allowing developers to extend the CLI’s capabilities with custom functionality and automated workflows. |
||
|
6.12.25 |
Generative AI is rapidly transforming cybersecurity for both defenders and attackers. This blog highlights current uses, emerging threats, and the evolving landscape as capabilities advance. |
|||
|
6.12.25 |
Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. |
|||
|
6.12.25 |
Join Bill Largent as he shares his passion for learning, the connection between reading and empathy, and offers fresh insights for the next generation of security professionals. |
|||
|
6.12.25 |
Do robots dream of secure networking? Teaching cybersecurity to AI systems |
This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. |
||
|
6.12.25 |
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p |
||
|
6.12.25 |
Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture |
Identity is effectively the new network boundary. It must be protected at all costs. |
||
|
6.12.25 |
||||
|
6.12.25 |
Oversharing is not caring: What’s at stake if your employees post too much online |
|||
|
6.12.25 |
CVE-2025-55182: Critical Vulnerability, React2Shell, Allows for Unauthenticated RCE |
A critical vulnerability dubbed “React2Shell”, being tracked as CVE-2025-55182 with a CVSS score of 10.0, was recently discovered in React’s Server Components (RSC) that could allow for pre-authentication remote code execution |
||
|
6.12.25 |
Tracking RondoDox: Malware Exploiting Many IoT Vulnerabilities |
This month, we are looking into a relatively new threat actor who is attempting to distribute the RondoDox malware. It’s an interesting collection of residential IP addresses used for distribution, multi-platform malware, and shell scripts, along with intense targeting of IoT devices. |
||
|
6.12.25 |
In November 2025, security researchers at Cato Networks disclosed a novel indirect prompt injection technique they named ‘HashJack’. |
|||
|
6.12.25 |
The new security threat is speed. Learn why you must pause, verify, and secure your systems before deploying any AI-generated code. |
|||
| 5.12.25 | Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery | A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the | Virus | The Hacker News |
| 5.12.25 | CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored | Virus | The Hacker News |
| 5.12.25 | JPCERT Confirms Active Command Injection Attacks on Array AG Gateways | A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this | Hack | The Hacker News |
| 5.12.25 | Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China | The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine | Virus | The Hacker News |
| 4.12.25 | Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into Goldmines | A deep dive into GoldFactory’s evolving mobile fraud campaigns across APAC, including modified banking apps, new malware variants such as Gigaflower, shared criminal infrastructure, and insights from the Group-IB Fraud Matrix, with recommendations for organizations and end users. | Virus | GROUP-IB |
| 4.12.25 | Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp | Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil. | Phishing | Trend Micro |
| 4.12.25 | Critical Remote Code Execution (RCE) Vulnerabilities in React and Next.js | React (CVE-2025-55182) and Next.js (CVE-2025-66478) contain critical RCE vulnerabilities. Organizations should apply patches immediately. | Vulnerebility | ENDORLABS |
| 4.12.25 | GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections | Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, | Hack | The Hacker News |
| 4.12.25 | Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts | Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web | Attack | The Hacker News |
| 4.12.25 | Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution | A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, | Exploit | The Hacker News |
| 4.12.25 | Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation | Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates , according to | Exploit | The Hacker News |
| 4.12.25 | WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts | A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS | Hack | The Hacker News |
| 4.12.25 | Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud | The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and | Virus | The Hacker News |
| 3.12.25 | Retail giant Coupang data breach impacts 33.7 million customers | South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. | Incindent | |
| 3.12.25 | ShadyPanda browser extensions amass 4.3M installs in malicious campaign | A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. | APT | |
| 3.12.25 | Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic | Google is facing backlash on X after a viral post for its NotebookLM appeared to use a food blogger's work without credit. | AI | |
| 3.12.25 | Police takes down Cryptomixer cryptocurrency mixing service | Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder over €1.3 billion in Bitcoin since its launch in 2016. | Cryptocurrency | |
| 3.12.25 | Japanese beer giant Asahi says data breach hit 1.5 million people | Asahi Group Holdings, Japan's largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. | Incindent | |
| 3.12.25 | Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code | Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch | Vulnerebility | The Hacker News |
| 3.12.25 | Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems | Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to | Virus | The Hacker News |
| 3.12.25 | India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse | India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an | Mobil | The Hacker News |
| 3.12.25 | Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera | A joint investigation led by Mauro Eldritch, founder of BCA LTD , conducted together with threat-intel initiative NorthScan and ANY.RUN , a solution for interactive malware analysis and | APT | The Hacker News |
| 3.12.25 | GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools | The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating | Virus | The Hacker News |
| 3.12.25 | Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools | Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is | AI | The Hacker News |
| 3.12.25 | Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks | Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of | APT | The Hacker News |
| 2.12.25 | Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild | Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses | OS | The Hacker News |
| 2.12.25 | India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud | India's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on | BigBrothers | The Hacker News |
| 2.12.25 | ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware | A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions | Virus | The Hacker News |
| 2.12.25 | New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control | A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen | Virus | The Hacker News |
| 2.12.25 | Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets | The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish | BigBrothers | The Hacker News |
| 2.12.25 | CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities ( KEV ) catalog to include a security flaw impacting OpenPLC | Exploit | The Hacker News |