Security boffins warn flaw is now being used for ransomware attacks against live networks Microsoft says attackers have already compromised "several hundred machines across a diverse set of organizations" via the React2Shell flaw, using the access to
Published: 2025-12-18T11:42:39
Folder permission changes cause queue failures and misleading error messages, no real fix yet Microsoft has good news for administrators: while some organizations now pay for security updates on older Windows versions, the inconsistent quality remain
Published: 2025-12-17T13:52:05
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more
Published: 2025-12-12T11:31:09
Google notified users in an email today that, beginning next month, it will stop sending its dark web reports, an opt-in feature that alerted users when Google detected their personal information on the dark web, as reported by 9to5Google. On January 15th, Google will stop scanning for that data, like contact info and home addresses, […] 
Google notified users in an email today that, beginning next month, it will stop sending its dark web reports, an opt-in feature that alerted users when Google detected their personal information on the dark web, as reported by 9to5Google. On Janua...
Published: 2025-12-15T12:30:23
The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. [...]
Published: 2025-12-19T14:05:32
Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. [...]
Published: 2025-12-19T12:19:04
Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations. [...]
Published: 2025-12-19T07:28:48
WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. [...]
Published: 2025-12-19T05:25:06
Hackers gained access to an online coding repository belonging to the University of Sydney and stole files with personal information of staff and students. [...]
Published: 2025-12-18T15:22:58
The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. [...]
Published: 2025-12-18T15:16:55
Written by: Aragorn Tseng, Robert Weiner, Casey Charrier, Zander Work, Genevieve Stark, Austin Larsen Introduction On Dec. 3, 2025, a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components, tracked as CVE-2025
Published: 2025-12-12T14:00:00
The post Farmworkers Are Frequently Exploited. But Few Farms Participate in a Program That Experts Say Could Prevent Abuse. appeared first on ProPublica. When Jon Esformes was in his 20s, farmworkers staged protests outside one of his family’s toma
Published: 2025-12-16T10:30:00
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering di
Published: 2025-12-19T15:14:55
Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings
Published: 2025-12-16T14:14:48
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vul... 
Published: 2025-12-09T23:18:29
Latest charges join the mountain of indictments facing alleged Tren de Aragua members A Venezuelan gang described by US officials as "a ruthless terrorist organization" faces charges over alleged deployment of malware on ATMs across the country, illegally siphoning millions of dollars.
Published: 2025-12-19T20:15:11
Newly disclosed vulnerability already being abused, users urged to lock down exposed firewalls WatchGuard is in emergency patch mode after confirming that a critical remote code execution flaw in its Firebox firewalls is under active attack.
Published: 2025-12-19T18:16:06
Attackers helped themselves to historical personal info on 27K people The University of Sydney is ringing around thousands of current and former staff and students after admitting attackers helped themselves to historical personal data stashed inside one of its online code repositories.
Published: 2025-12-19T17:06:14
Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform Hewlett Packard Enterprise has told customers to drop whatever they're doing and patch OneView after admitting a maximum-severity bug could let attackers run code on the management platform without so much as a login prompt.
Published: 2025-12-19T13:03:05
Officials admit 'there certainly has been a hack,' but refuse to confirm China link or data theft The UK's Foreign Office is investigating a confirmed cyberattack it learned about in October, senior ministers say.
Published: 2025-12-19T11:14:15
Ofcom survey finds 18-34s increasingly see life online as bad for society and their mental health Young Brits are souring on the internet, with increasing numbers seeing it as damaging to society and their mental health, according to latest research published by Ofcom.
Published: 2025-12-19T10:30:07
Practical lessons on securing AI and using AI to strengthen defence Sponsored Post AI is moving from experimentation to everyday use inside the enterprise. That shift brings new opportunities, but it also changes the security equation. Attacks are becoming faster and more convincing, while organizations are simultaneously trying to protect new assets like models, prompts, agent workflows, and the sensitive data those systems can access.
Published: 2025-12-19T09:01:23
Beijing wants to 'seize the initiative in the international competition in cyberspace' Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking research.
Published: 2025-12-19T02:59:34
Plus: Lazarus Group has a brand new BeaverTail Even Amazon isn't immune to North Korean scammers who try to score remote jobs at tech companies so they can funnel their wages to Kim Jong Un's coffers.
Published: 2025-12-18T23:39:13
Study finds built-in browsers across gadgets often ship years out of date Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn't the case for those that reside within game consoles, televisions, e-readers, cars, and other devices. These outdated, embedded browsers can leave you open to phishing and other security vulnerabilities.
Published: 2025-12-18T20:13:00
'Within 10 minutes of gaining initial access, crypto miners were operational' Your AWS account could be quietly running someone else's cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute Cloud (EC2) resources, in an ongoing operation that started on November 2.
Published: 2025-12-18T18:53:04
ByBit attack doing some seriously heavy lifting North Korea's yearly cryptocurrency thefts have accelerated, with Kim's state-backed cybercriminals plundering just over $2 billion worth of tokens in 2025.
Published: 2025-12-18T17:47:51
Flaw in remote-access appliance lets attackers chain bugs for root-level takeover SonicWall has warned customers of a zero-day flaw in its SMA 1000 remote-access appliance that's being actively exploited, potentially allowing attackers to escalate privileges and take over boxes.
Published: 2025-12-18T14:34:15
Justice Department claims unlicensed exchange funneled ransomware profits US feds have dismantled a crypto laundering service that they say helped cybercrooks wash tens of millions of dollars in dirty digital cash, seizing its servers and unsealing charges against an alleged Russian operator.
Published: 2025-12-18T13:52:24
Around 2,000 GP practices use its products Updated An NHS tech supplier is investigating a cyberattack that affected its systems in the early hours of Sunday.
Published: 2025-12-18T13:02:22
Security boffins warn flaw is now being used for ransomware attacks against live networks Microsoft says attackers have already compromised "several hundred machines across a diverse set of organizations" via the React2Shell flaw, using the access to execute code, deploy malware, and, in some cases, deliver ransomware.
Published: 2025-12-18T11:42:39
18-year-old platform crumbles under 94M daily requests while resellers flog 62 tests for 500 The UK's Driver and Vehicle Standards Agency (DVSA) has appointed a new chief exec to tackle spiraling waits for practical driving tests with bots overrunning its aging booking system.
Published: 2025-12-18T09:38:26
Investigatory Powers Commissioner says reforms have failed to close oversight gaps The UK's Investigatory Powers Act 2016 (IPA) has several regulatory gaps that must be plugged in future legislative reforms, according to Investigatory Powers Commissioner (IPC) Sir Brian Leveson.
Published: 2025-12-18T09:15:12
No timeline for a patch Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there's no timeline for a fix.
Published: 2025-12-17T22:51:46
Plus: automated SBOMs, $250,000 bounties ahead interview No good idea - like rewarding open source software developers and maintainers for their contributions - goes unabused by cybercriminals, and this was the case with the Tea Protocol and two token farming campaigns.
Published: 2025-12-17T22:29:10
Regulator makes various additional demands over alleged cybersecurity failings In proposing a settlement agreement, the Federal Trade Commission (FTC) says that Illusory Systems must repay users funds lost in a 2022 cyberattack.
Published: 2025-12-17T16:03:39
Buckle up to innovate at speed, says PwC Sponsored Post As AI spreads across the enterprise, so too do the security and compliance risks. Regulations are evolving, risk postures are shifting, and organizations must find a way to innovate responsibly without slowing down.
Published: 2025-12-17T16:01:33
Build a digital backbone faster than adversaries can evolve or lose the information war NATO is in an existential race to develop sovereign cloud-based technologies to underpin its mission, the alliance's Assistant Secretary General for Cyber and Digital Transformation told an audience at the Royal United Services Institute (RUSI) last week.
Published: 2025-12-17T14:54:57
Folder permission changes cause queue failures and misleading error messages, no real fix yet Microsoft has good news for administrators: while some organizations now pay for security updates on older Windows versions, the inconsistent quality remains free.
Published: 2025-12-17T13:52:05
Regulator proposes strict limits on screen-based testing, cites infrastructure concerns and lack of evidence for benefits Most students taking school and college GCSE, A-level, and AS-level exams in England will continue to use pen and paper, according to proposals from the sector's regulator for a very limited expansion of screen-based assessments.
Published: 2025-12-17T10:15:08
Misconfigured servers are in, 0-days out Chinese espionage crew Ink Dragon has expanded its snooping activities into European government networks, using compromised servers to create illicit relay nodes for future operations.
Published: 2025-12-16T23:19:08
An employee of the adult site could be responsible. Analytics vendor Mixpanel says it is not the source of data stolen from Pornhub and says the info was last accessed by an employee of the adult site.
Published: 2025-12-16T21:48:17
More than 8 million people have installed extensions that eavesdrop on chatbot interactions Ad blockers and VPNs are supposed to protect your privacy, but four popular browser extensions have been doing just the opposite. According to research from Koi Security, these pernicious plug-ins have been harvesting the text of chatbot conversations from more than 8 million people and sending them back to the developers.
Published: 2025-12-16T21:03:54
All I want for Christmas is all of your data A new, modular infostealer called SantaStealer, advertised on Telegram with a basic tier priced at $175 per month, promises to make criminals' Christmas dreams come true. It boasts that it can run "fully undetected" even on systems with the "strictest AntiVirus" and those belonging to governments, financial institutions, and other prime targets.
Published: 2025-12-16T18:58:42
Adult site, streaming platform, and Japanese retailer expose user info, but not credentials Three very different companies have now confirmed data breaches affecting millions of users each insisting the damage stopped well short of passwords and payment details.
Published: 2025-12-16T12:33:50
New spy boss says officers must master code alongside tradecraft as agency navigates 'space between peace and war' New MI6 chief Blaise Metreweli outlined her vision for technology-augmented intelligence gathering in her first public speech on December 15, warning that the UK operates "in a space between peace and war."
Published: 2025-12-16T11:45:23
PwC supports clients across the full cyber lifecycle Sponsored Post Managing cybersecurity risk has never been simple, but in today's threat landscape it can also become a source of strength. PwC believes that AI is now central to that transformation, helping organizations not just react faster to attacks, but evolve their defences with greater confidence.
Published: 2025-12-16T05:50:16
Bum note for 20 percent of users whose data leaked Music hosting and streaming service SoundCloud has admitted it suffered a cyberattack.
Published: 2025-12-16T05:20:04
'Sustained focus on Western critical infrastructure' Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin's snoops persistent access to sensitive networks, according to Amazon's security boss.
Published: 2025-12-15T23:34:40
Who hasn't exploited this max-severity flaw? At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, a maximum-severity flaw in the widely used React JavaScript library, according to Google.
Published: 2025-12-15T17:53:52
Watchdog links schedule change to replanning of UK payments system overhaul The European Central Bank's (ECB) decision to delay its move to a new messaging standard in 2022 ended up costing the Bank of England 23 million as it was forced to adjust migration to a new settlement system to avoid compounding risks.
Published: 2025-12-15T12:50:09
Automaker admits raid that crippled its factories in August led to the theft of sensitive info Jaguar Land Rover (JLR) has reportedly told staff the cyber raid that crippled its operations in August didn't just bring production to a screeching halt it also walked off with the personal payroll data of thousands of employees.
Published: 2025-12-15T12:08:20
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.
Published: 2025-12-15T11:01:11
Minister insists 'modest' bill is not an assault on privacy-preserving tech The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.
Published: 2025-12-15T10:40:06
I'm dreaming of a white hat mass Opinion It was 40 years ago that four young British hackers set about changing the law, although they didn't know it at the time. It was a cross-platform attack including a ZX Spectrum, a BBC Micro, and a Tatung Einstein slamming British Telecom's Prestel service over dial-up modems at 75 bits per second.
Published: 2025-12-15T09:30:15
PLUS: Drugs found in ink cartridges; Censorship fighters criticize Vultr; Coupang CEO resigns; And more! Asia In Brief A SpaceX executive has claimed that a Chinese satellite launch came within 200 meters of hitting a Starlink satellite.
Published: 2025-12-15T02:02:22
PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more Infosec In Brief The UK's National Cyber Security Centre (NCSC) has found that cyber-deception tactics such as honeypots and decoy accounts designed to fool attackers can be useful if implemented very carefully.
Published: 2025-12-14T23:26:27
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.
Published: 2025-12-12T22:29:33
And the earlier React2Shell patch is vulnerable If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.
Published: 2025-12-12T18:23:30
Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.
Published: 2025-12-12T13:35:12
Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.
Published: 2025-12-12T13:25:09
Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while leaving migrants unable to prove their lawful status.
Published: 2025-12-12T12:36:34
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.
Published: 2025-12-12T11:31:09
Judge said his fraud was on 'epic, generational scale' Terraform Labs founder Do Kwon will spend 15 years in jail after pleading guilty to committing fraud.
Published: 2025-12-12T01:53:15
Operators accidentally left a way for you to get your data back CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There's some bad news and some good news here.
Published: 2025-12-11T20:56:37
Plus: Cisco discloses a zero-day with no available patch, Venezuela accuses the US of a cyberattack, and more.
Published: 2025-12-20T11:30:00
From photos of former president Bill Clinton to images of strange scrapbooks, the Justice Department’s release is curious but far from revelatory.
Published: 2025-12-20T00:34:28
The agency plans to renew a sweeping cybersecurity contract that includes expanded employee monitoring as the government escalates leak investigations and casts internal dissent as a threat.
Published: 2025-12-18T19:14:50
Capable of creating “nearly perfect” face swaps during live video chats, Haotian has made millions, mainly via Telegram. But its main channel vanished after WIRED's inquiry into scammers using the app.
Published: 2025-12-18T17:45:46
Federal records show CBP is moving from testing small drones to making them standard surveillance tools, expanding a network that can follow activity in real time and extend well beyond the border.
Published: 2025-12-17T18:12:24
The weak RC4 for administrative authentication has been a hacker holy grail for decades.
Published: 2025-12-17T10:30:00
Plus: Travelers to the US may have to hand over five years of social media history, South Korean CEOs are resigning due to cyberattacks, and more.
Published: 2025-12-13T11:30:00
Experts tell US lawmakers that a crucial spy program’s safeguards are failing, allowing intel agencies deeper, unconstrained access to Americans’ data.
Published: 2025-12-11T22:15:56
A spoofed email address and an easily faked document is all it takes for major tech companies to hand over your most personal information.
Published: 2025-12-11T18:54:50
The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program years before the group targeted Cisco’s devices in a spy campaign.
Published: 2025-12-10T17:00:00
New records about the infamous sex offender are released seemingly every week. Here’s a quick rundown of who’s releasing the Epstein documents, what they contain and what they’re releasing next.
Published: 2025-12-10T15:26:18
Plus: Officials warn of a disturbingly stealthy Chinese malware specimen, a CISA nomination stalls, and more.
Published: 2025-12-06T11:30:00
An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.”
Published: 2025-12-05T11:00:00
The U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme. The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash. The indicted members are alleged to be part of Tren de Aragua (TdA, Spanish for
Published: 2025-12-20T19:18:00
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover attacks. The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare. The attacks involve using compromised email addresses belonging to government
Published: 2025-12-19T23:24:00
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader. The campaign "uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families," Cyderes Howler Cell Threat Intelligence
Published: 2025-12-19T21:04:00
WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. "This vulnerability affects both the
Published: 2025-12-19T16:53:00
Authorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme. The Nigeria Police Force National Cybercrime Centre (NPF NCCC) said investigations conducted in collaboration with
Published: 2025-12-19T15:56:00
Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input output memory management unit (IOMMU). UEFI and IOMMU are designed to enforce a security
Published: 2025-12-19T13:55:00
A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at least September 2023. "
Published: 2025-12-18T23:04:00
Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a
Published: 2025-12-18T20:09:00
This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become. Here’s the full rundown of what
Published: 2025-12-18T18:40:00
Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stole
Published: 2025-12-18T18:30:00
Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings. The result is an explosion of AI capabilities across
Published: 2025-12-18T17:00:00
The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express). "The threat actor leveraged QR codes and notification pop-ups to lure victims into installing and executing the malware on their mobile
Published: 2025-12-18T13:13:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise
Published: 2025-12-18T10:31:00
Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The networking equipment major said it became aware of the intrusion campaign on December 10, 2025, and that it
Published: 2025-12-18T09:40:00
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-40602 (CVSS score: 6.6), concerns a case of local privilege escalation that arises as a result of insufficient authorization in the appliance management console (AMC). It affects the following
Published: 2025-12-17T23:47:00
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab. "Kimwolf is a botnet compiled using the NDK [Native Development Kit]," the company said in a report
Published: 2025-12-17T23:39:00
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, a webmail and news service popular in Ukraine. The activity, observed by Recorded Future's Insikt Group between June 2024 and April 2025, builds upon prior findings from the cybersecurity company in May 2024 that
Published: 2025-12-17T21:00:00
The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian cybersecurity vendor said it detected the new activity in October 2025. The origins of the threat actor are presently unknown. "While the spring cyberattacks focused on organizations, the fall campaign honed in on
Published: 2025-12-17T20:24:00
Modern security teams often feel like they’re driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for their business. Breaking out of reactive defense is no longer optional. It’s the difference between preventing incidents and cleaning up after them. Below is the path from reactive firefighting to a
Published: 2025-12-17T17:00:00
The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by the broader cybersecurity community under the names CL-STA-0049, Earth Alux, and REF7707. The
Published: 2025-12-17T16:42:00
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud. The extensions have been collectively downloaded over 50,000 times, according to Koi Security, which discovered the campaign. The add-ons are no longer available.
Published: 2025-12-17T13:44:00
An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper
Published: 2025-12-16T22:05:00
Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer. The malicious package, named "Tracer.Fody.NLog," remained on the repository for nearly six years. It was published by a user named "csnemess" on February 26, 2020. It masquerades as "Tracer.Fody,"
Published: 2025-12-16T21:09:00
Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has
Published: 2025-12-16T17:57:00
AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as the surface area they must cover is expanding quickly while their staffing levels remain largely
Published: 2025-12-16T17:00:00
Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719
Published: 2025-12-16T16:28:00
The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a
Published: 2025-12-16T13:51:00
Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for new dark web breaches will be stopped on January 15, 2026, and the feature will cease to exist effective February 16, 2026. "While the report offered general
Published: 2025-12-16T11:32:00
A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity. The extension in question is Urban VPN Proxy, which has a 4.7 rating on the Google Chrome
Published: 2025-12-15T23:16:00
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below - CVE-2025-61675 (CVSS score: 8.6) - Numerous
Published: 2025-12-15T20:02:00
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on and in some cases, they started attacking before a fix was even ready. Below, we list the urgent updates you need to install right now to stop these active threats. Threat of the Week Apple and
Published: 2025-12-15T17:54:00
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into
Published: 2025-12-15T17:25:00
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payroll
Published: 2025-12-15T14:54:00
The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. According to SentinelOne, VolkLocker (aka CyberVolk 2.x) emerged in August 2025 and is capable of targeting both Windows
Published: 2025-12-15T11:03:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploited to achieve remote code
Published: 2025-12-13T18:03:00
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below - CVE-2025-43529 (CVSS score: N/A) - A use-after-free vulnerability in WebKit
Published: 2025-12-13T11:02:00
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing
Published: 2025-12-13T00:20:00
Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). The kit
Published: 2025-12-12T19:34:00
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often by copying/pasting sensitive information directly into prompts or uploading files. Traditional
Published: 2025-12-12T15:48:00
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in
Published: 2025-12-12T14:25:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects the React Server Components (RSC) Flight protocol. The underlying cause of the issue is an unsafe deserialization
Published: 2025-12-12T14:11:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to
Published: 2025-12-12T10:31:00
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open. The new Threatsday Bulletin
Published: 2025-12-11T19:10:00
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes. According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a
Published: 2025-12-11T18:46:00
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber
Published: 2025-12-11T17:00:00
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor has trained its
Published: 2025-12-11T16:30:00
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix for the issue is said to be currently in the
Published: 2025-12-11T16:00:00
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other disclosures, Google has opted to keep information about the CVE identifier, the affected component, and
Published: 2025-12-11T12:39:00
Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far. "Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization and remote code execution," security researcher Bryan Masters said.
Published: 2025-12-11T11:26:00
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based
Published: 2025-12-11T01:49:00
The U.S. Department of Justice has indicted 54 individuals over a multi-million-dollar ATM jackpotting fraud scheme. U.S. DoJ indicted 54 people for a nationwide ATM jackpotting scheme that stole millions via malware. The case links the crimes to the cybercrime group Tren de Aragua, including charges of fraud, money laundering, and material support to a […]
Published: 2025-12-20T21:07:39
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a WatchGuard Fireware OS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a WatchGuard Firebox OS vulnerability, tracked as CVE-2025-14733 (CVSS Score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. This flaw is a critical out-of-bounds write vulnerability in WatchGuard Fireware […]
Published: 2025-12-20T10:26:55
Denmark has blamed Russia for a destructive cyberattack on a water utility, calling it part of Moscow’s hybrid campaign against Western critical infrastructure. Denmark has accused Russia of orchestrating destructive cyberattacks against a water utility in 2024, framing them as part of broader hybrid attacks on Western critical infrastructure. Denmark’s Defence Intelligence Service attributed a […]
Published: 2025-12-20T00:46:25
The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign. The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign aimed at stealing sensitive data from organizations worldwide. Gladinet CentreStack is a software platform that allows organizations to turn their existing file servers, […]
Published: 2025-12-19T11:48:37
A new UEFI flaw exposes some ASRock, ASUS, GIGABYTE, and MSI motherboards to early-boot DMA attacks, bypassing IOMMU protections. Researchers warn of a new UEFI vulnerability that affects select ASRock, ASUS, GIGABYTE, and MSI motherboards, enabling early-boot DMA attacks that bypass IOMMU protections. UEFI (Unified Extensible Firmware Interface) is the modern firmware standard that initializes […]
Published: 2025-12-19T10:26:56
Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group. Cisco disclosed a critical zero-day, tracked as CVE-2025-20393, in Secure Email Gateway and Secure Email/Web Manager, which is actively exploited by a China-linked threat group. Cisco reported a December 10 campaign targeting certain […]
Published: 2025-12-19T08:53:41
Hewlett Packard Enterprise (HPE) fixed a critical OneView flaw that could allow attackers to achieve remote code execution. Hewlett Packard Enterprise (HPE) addressed a maximum-severity security vulnerability, tracked as CVE-2025-37164 (CVSS score of 10.0), in OneView Software. An attacker can exploit the flaw to achieve remote code execution. HPE OneView is an integrated IT management […]
Published: 2025-12-18T21:11:46
Resecurity reports a Q4 2025 surge in criminal use of DIG AI on Tor, enabling scalable illicit activity and posing new risks ahead of major 2026 events. During Q4 2025, Resecurity observed a notable increase in malicious actors utilizing DIG AI, accelerating during the Winter Holidays, when illegal activity worldwide reached a new record. With […]
Published: 2025-12-18T18:23:10
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Cisco reported a December 10 campaign […]
Published: 2025-12-18T10:18:02
Attackers abuse WhatsApp’s device-linking feature to hijack accounts via pairing codes in the GhostPairing campaign. Attackers are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes in a campaign dubbed GhostPairing, without requiring authentication. Gen Digital first observed the GhostPairing campaign in Czechia, but warns that it can spread globally via compromised accounts. The […]
Published: 2025-12-18T08:47:44