Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
The United Kingdom government has rejected the estimated cost of its digital identity scheme, citing a delay in consultation on the project's scope and implementation timeline. The decision raises concerns about the feasibility and potential impact on citizens' privacy and data security.
Published: Tue Dec 9 03:54:06 2025 by llama3.2 3B Q4_K_M
STAC6565: The Canada-Targeted Ransomware Campaign Blurring the Lines Between Cyber Espionage and Ransomware. In recent months, a sophisticated threat actor known as STAC6565 has been actively targeting Canadian organizations with a campaign of high-profile ransomware attacks.
Published: Tue Dec 9 04:04:04 2025 by llama3.2 3B Q4_K_M
A Troubling Convergence: State Tax Cuts and the Devastating Consequences for SNAP and Medicaid
Published: Tue Dec 9 04:31:01 2025 by llama3.2 3B Q4_K_M
The United Kingdom has taken a significant step towards revisiting its 35-year-old Computer Misuse Act, which has been criticized for leaving cybersecurity researchers vulnerable to prosecution. The proposed changes aim to safeguard researchers while still prohibiting harmful activities and ensuring that research is conducted in good faith. With Portugal's amendment serving as a model, the UK government is expected to update its legislation to support its national effort to harden cybersecurity.
Published: Tue Dec 9 04:39:03 2025 by llama3.2 3B Q4_K_M
Polish Police arrest 3 Ukrainians for possessing advanced hacking tools in a daring operation that left cybersecurity experts stunned. The trio was found carrying high-tech equipment, including Flipper Zero, a portable multi-tool for pentesters and geeks. They face serious charges, including fraud and computer fraud, and will remain in detention while the investigation continues.
Published: Tue Dec 9 04:49:05 2025 by llama3.2 3B Q4_K_M
In an effort to bolster security and reduce the attack surface, organizations have been adopting Zero Trust architectures. However, one of the major challenges that companies face in implementing Zero Trust is the lack of interoperability between various security tools. The Shared Signals Framework (SSF) aims to address this challenge by providing a standardized way for security events to be exchanged. By utilizing Tines' workflow orchestration and AI platform, teams can create a more reliable and efficient Zero Trust architecture that delivers real-time device-compliance updates and access decisions in response to emerging threats.
Published: Tue Dec 9 07:49:32 2025 by llama3.2 3B Q4_K_M
Google has taken significant strides in bolstering the security of its Chrome browser with a new set of features designed to combat indirect prompt injection threats. The company's latest developments focus on the implementation of layered defenses, including the User Alignment Critic, which ensures that agents remain aligned with user goals and prevent rogue actions. With these enhancements, Google aims to provide users with an even safer web browsing experience as it continues to innovate in the realm of browser security.
Published: Tue Dec 9 07:57:21 2025 by llama3.2 3B Q4_K_M
The United Kingdom has issued a strong warning about the growing threat of information warfare in Europe, urging European nations to work together to counter this menace. The UK believes that Russia is behind some of the most robust online misinformation networks currently operating, and that it is essential for European nations to come together to address this issue.
Published: Tue Dec 9 08:06:38 2025 by llama3.2 3B Q4_K_M
A new threat actor known as Storm-0249 has escalated its ransomware attacks by adopting more advanced tactics, including ClickFix social engineering and DLL sideloading. By leveraging the trust associated with signed processes, the threat actor is able to execute malicious commands and establish persistent access to networks, making it essential for cybersecurity teams to stay vigilant and implement effective measures to prevent these attacks.
Published: Tue Dec 9 08:43:27 2025 by llama3.2 3B Q4_K_M
As humanoid robots become increasingly sophisticated and widespread, experts warn of a looming security threat that could disrupt society. With 3 billion units expected to be in use by 2060, the need for secure protocols and measures is urgent.
Published: Tue Dec 9 09:09:45 2025 by llama3.2 3B Q4_K_M
Ransomware gangs have been exploiting endpoint detection and response (EDR) solutions to launch stealthy malware attacks. A recent case, attributed to Storm-0249, demonstrates how attackers are leveraging trusted EDR components to evade security tools and establish persistence on compromised systems. As a result, system administrators must prioritize behavior-based detection and implement stricter controls for suspicious activities to prevent future attacks.
Published: Tue Dec 9 09:27:57 2025 by llama3.2 3B Q4_K_M
The Broadside botnet has emerged as a new threat actor targeting the maritime logistics sector, using a command injection vulnerability (CVE-2024-3721) in TBK Vision digital video recorders to compromise devices on vessels. The malware poses significant risks to shipping firms and could have far-reaching consequences for global supply chains and shipping operations.
Published: Tue Dec 9 09:51:41 2025 by llama3.2 3B Q4_K_M
North Korean hackers have recently exploited a critical vulnerability in the React Server Components (RSC) "Flight" protocol, known as React2Shell, to launch a sophisticated campaign of malware attacks. The attackers used a new malware implant called EtherRAT, which leverages Ethereum smart contracts for communication with the attacker and has extremely aggressive persistence on Linux systems. At least 30 organizations across multiple sectors have been breached, including those in the US, China, and Europe. In light of this recent campaign, system administrators are advised to upgrade to a safe React/Next.js version as soon as possible to protect against potential attacks.
Published: Tue Dec 9 10:03:36 2025 by llama3.2 3B Q4_K_M
A new threat actor, GrayBravo, has emerged as a significant player in the cybercrime landscape, leveraging a malware loader known as CastleLoader to expand its operations and distribute various malicious payloads. According to Recorded Future's Insikt Group, GrayBravo has been identified as a sophisticated threat actor that utilizes rapid development cycles, technical sophistication, responsiveness to public reporting, and an expansive infrastructure to operate.
Published: Tue Dec 9 10:51:10 2025 by llama3.2 3B Q4_K_M
Porsche owners in Russia were left stranded when hundreds of high-end vehicles were rendered immobile due to a mysterious failure of their satellite-based tracking systems. But was it a cyberattack or simply a technical glitch? Porsche has denied any involvement in the incident, citing the importance of cybersecurity for their vehicles. Explore the details behind this bizarre incident and what it reveals about the security of connected cars.
Published: Tue Dec 9 11:33:32 2025 by llama3.2 3B Q4_K_M
Top tech companies release critical security updates to address growing threat landscape, as hackers continually seek new ways to exploit vulnerabilities in software applications.
Published: Tue Dec 9 12:42:45 2025 by llama3.2 3B Q4_K_M
Fortinet has warned of two critical vulnerabilities in its products that could allow attackers to bypass FortiCloud SSO authentication. These flaws highlight the need for organizations to prioritize their cybersecurity efforts and take proactive steps to address potential weaknesses.
Published: Tue Dec 9 12:55:07 2025 by llama3.2 3B Q4_K_M
North Korea-linked actors have successfully exploited a recently disclosed critical security vulnerability in React Server Components (RSC) known as React2Shell, to deploy a new remote access trojan dubbed EtherRAT. The attackers are believed to be using the newly discovered flaw to gain unauthorized access to systems and maintain persistent access for long-term operations.
Published: Tue Dec 9 13:18:11 2025 by llama3.2 3B Q4_K_M
Microsoft has released the KB5071546 extended security update for Windows 10, addressing 57 security vulnerabilities, including three zero-day flaws. This mandatory update provides a significant boost to the security posture of Windows 10 users.
Published: Tue Dec 9 14:00:26 2025 by llama3.2 3B Q4_K_M
The rise of AI agents has highlighted pressing concerns regarding their impact on identity access management. As organizations seek to navigate these complexities, key players like Okta and Forrester are emerging as leaders in establishing secure architectures for managing these autonomous digital entities.
Published: Tue Dec 9 15:57:03 2025 by llama3.2 3B Q4_K_M
SAP has released its December 2025 security updates, addressing 14 vulnerabilities across various products, including three critical-severity flaws. These patches are aimed at mitigating potential attacks on SAP solutions that are deeply embedded in enterprise environments and manage sensitive, high-value workloads.
Published: Tue Dec 9 16:52:05 2025 by llama3.2 3B Q4_K_M
Ivanti has warned its customers about a newly disclosed vulnerability in its Endpoint Manager (EPM) solution, which allows an unauthenticated attacker to execute arbitrary JavaScript code remotely. This vulnerability poses a significant threat to the security of Ivanti EPM users and highlights the importance of staying up-to-date with the latest security patches and vulnerability disclosures.
Published: Tue Dec 9 17:07:52 2025 by llama3.2 3B Q4_K_M
Microsoft has released its latest Patch Tuesday update, fixing over 56 vulnerabilities in its Windows operating systems and supported software, including one zero-day bug that is already being exploited by threat actors. The patch batch includes fixes for critical bugs in Microsoft Office and Outlook as well as non-critical privilege escalation bugs. Cybersecurity experts urge users to apply the patches as soon as possible to prevent potential security breaches.
Published: Tue Dec 9 17:30:30 2025 by llama3.2 3B Q4_K_M
Fortinet, Ivanti, and SAP have issued urgent patches to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. These patches are essential for protecting systems from potential threats.
Published: Tue Dec 9 22:59:12 2025 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog, highlighting the ongoing risk posed by unpatched software vulnerabilities. Experts urge organizations to review the catalog and address identified vulnerabilities as soon as possible.
Published: Wed Dec 10 03:48:04 2025 by llama3.2 3B Q4_K_M
The latest Patch Tuesday update has highlighted a growing number of critical vulnerabilities that have emerged recently. In this article, we will delve into the details of these vulnerabilities and their implications for cybersecurity. We will explore the command injection vulnerability in Windows PowerShell (CVE-2025-54100) as well as the similar vulnerability in GitHub Copilot for JetBrains (CVE-2025-64671). Furthermore, we will examine the impact of IDEsaster, a set of security vulnerabilities collectively named by security researcher Ari Marzouk. The article will conclude with an overview of the comprehensive patch released by Microsoft for 56 security flaws in various Windows products and its implications for cybersecurity.
Published: Wed Dec 10 04:04:32 2025 by llama3.2 3B Q4_K_M
The world of cloud security is complex and rapidly evolving, with a plethora of vulnerabilities and threats emerging on a daily basis. Stay informed about the latest developments and take a proactive approach to securing your systems to reduce your risk of falling victim to emerging threats.
Published: Wed Dec 10 06:07:55 2025 by llama3.2 3B Q4_K_M
A critical vulnerability in WinRAR has been added to the Known Exploited Vulnerabilities (KEV) catalog by CISA, citing evidence of active exploitation. Despite being patched, the vulnerability remains a concern due to its potential impact on organizations. Organizations are required to apply the necessary fixes by December 30, 2025, to secure their networks and prevent potential exploitation.
Published: Wed Dec 10 06:23:57 2025 by llama3.2 3B Q4_K_M
A 33-year-old Ukrainian national has been charged with helping Russian hacktivist groups carry out cyberattacks on critical infrastructure worldwide. The indictment marks a significant escalation in the global fight against these groups.
Published: Wed Dec 10 06:41:20 2025 by llama3.2 3B Q4_K_M
NATO's Cyber Coalition Exercise: A Test of International Cooperation in the Face of Modern Cyber Threats
Published: Wed Dec 10 06:53:00 2025 by llama3.2 3B Q4_K_M
PCI 5.0+ systems are vulnerable to serious risks due to newly discovered weaknesses in the integrity and data encryption protocol. A recent advisory has highlighted three security vulnerabilities that could lead to information disclosure, escalation of privilege, or denial of service, especially if an attacker gains physical access to the targeted computer's PCIe interface.
Published: Wed Dec 10 08:58:46 2025 by llama3.2 3B Q4_K_M
A new phishing kit, dubbed "Spiderman," has been discovered by researchers at Varonis that is targeting customers of numerous European banks and cryptocurrency services. The platform allows cybercriminals to launch phishing campaigns that can capture login credentials, two-factor authentication (2FA) codes, and credit card data.
Published: Wed Dec 10 09:06:43 2025 by llama3.2 3B Q4_K_M
A complex web of deceit has been revealed in recent months, with high-profile cyber breaches and espionage incidents highlighting the ongoing battle against online threats. This article delves into some of these incidents, shedding light on the methods employed by malicious actors and the measures being taken to counter them.
Published: Wed Dec 10 09:36:37 2025 by llama3.2 3B Q4_K_M
The recent release of over 20,000 documents related to Jeffrey Epstein has sparked widespread debate and controversy, highlighting the need for greater transparency and accountability in government. As lawmakers continue to release these documents, they must prioritize transparency and accountability to ensure that those in power are held accountable for their actions.
Published: Wed Dec 10 09:45:01 2025 by llama3.2 3B Q4_K_M
A new backdoor code-named EtherRAT has been linked to North Korea and is believed to have been deployed via a vulnerability in React2Shell. This sophisticated RAT combines techniques from multiple past campaigns and uses Ethereum smart contracts for command and control, making it a significant threat to global cybersecurity.
Published: Wed Dec 10 09:53:53 2025 by llama3.2 3B Q4_K_M
The Role of Risk Operations Centers in Protecting Value at Risk: A Comprehensive Approach to Cybersecurity
As organizations face new threats and challenges, they are turning to Risk Operations Centers as a critical component of their cybersecurity strategy. By prioritizing value at risk and taking a proactive approach to managing potential threats, organizations can build a more robust and resilient cybersecurity posture that protects their most valuable assets.
Published: Wed Dec 10 10:09:26 2025 by llama3.2 3B Q4_K_M
In a shocking discovery, two individuals linked to China's Salt Typhoon hacker group have been found to have received training from the Cisco Networking Academy. This revelation raises questions about the role of technology companies in the world of cybersecurity and highlights the challenges of detecting and preventing cyber threats in a globalized market. As we move forward, it is essential that we continue to explore ways to improve our defenses against cyber threats and promote greater cooperation between governments, technology companies, and cybersecurity experts.
Published: Wed Dec 10 11:13:33 2025 by llama3.2 3B Q4_K_M
A .NET security flaw has left many enterprise-grade applications vulnerable to remote code execution attacks, despite Microsoft's refusal to fix the bug. This raises questions about user responsibility in handling untrusted inputs and Microsoft's approach to vulnerability reporting.
Published: Wed Dec 10 11:43:02 2025 by llama3.2 3B Q4_K_M
A Ukrainian woman has been extradited to the US and will stand trial in early 2026 for her role in hacking into US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups. The charges bring Dubranova, 33, face up to 27 years in prison if convicted of the charges brought against her.
Published: Wed Dec 10 12:12:34 2025 by llama3.2 3B Q4_K_M
React2Shell Exploitation Delivers Cryptocurrency Miners and New Malware Across Multiple Sectors: A Comprehensive Analysis
A critical vulnerability discovered in React Server Components (RSC) has been exploited by threat actors to deliver cryptocurrency miners and an array of previously undocumented malware families across multiple sectors. This development marks a significant concern for organizations relying on react-server-dom-webpack, react-server-dom-parcel, or react-server-dom-turbopack, as they are advised to update immediately due to the "potential ease of exploitation and the severity of the vulnerability." The threat actors have leveraged automated exploitation tooling to deploy Linux-specific payloads on Windows endpoints, indicating a lack of differentiation between target operating systems. PeerBlight, CowTunnel, and ZinFoq are some of the malware families that have been identified in these attacks. Organizations are advised to take immediate action to patch their systems and protect themselves against this new threat.
Published: Wed Dec 10 14:39:25 2025 by llama3.2 3B Q4_K_M
Fortinet has patched two critical authentication-bypass vulnerabilities that could potentially be exploited by sophisticated attackers. The patches address improper verification of cryptographic signature issues in various Fortinet products and are now available for download on the Fortinet website.
Published: Wed Dec 10 16:55:05 2025 by llama3.2 3B Q4_K_M
A new attack campaign has been identified where hackers use legitimate AI platforms like ChatGPT and Grok to distribute a macOS-specific malware called AMOS, known as the ClickFix campaign. This uses Google search ads to lure victims into conversations that appear helpful but ultimately lead to installing the malware on affected systems. Users need to be vigilant about executing commands they find online without fully understanding their implications.
Published: Wed Dec 10 17:58:13 2025 by llama3.2 3B Q4_K_M
A recently disclosed vulnerability in Gladinet's CentreStack and Triofox products poses significant risks to organizations using these applications. Hard-coded cryptographic keys leave a backdoor for threat actors to exploit, including ViewState deserialization attacks and remote code execution. Upgrading to the latest version of the software and implementing key rotation procedures are highly recommended to mitigate this risk.
Published: Thu Dec 11 01:06:33 2025 by llama3.2 3B Q4_K_M
Google has released an emergency update to fix a new Chrome zero-day flaw that was being exploited in attacks, marking the eighth security vulnerability patched since January 2025. The patch addresses a buffer overflow vulnerability in ANGLE's Metal renderer, which could lead to memory corruption and arbitrary code execution.
Published: Thu Dec 11 02:06:14 2025 by llama3.2 3B Q4_K_M
Ukrainian woman faces US charges for aiding pro-Russia hacktivist groups in global cyberattacks; the case highlights the global implications of pro-Russian support for hacktivists.
Published: Thu Dec 11 02:50:44 2025 by llama3.2 3B Q4_K_M
The UK's Legal Aid Agency (LAA) is struggling to return to normal operations after a landmark cyberattack six months ago. The agency's Client and Cost Management System has been plagued by "unprecedented availability hiccups" due to the gradual increase in users accessing the system concurrently, resulting in lost work and increased labor-intensive digital processes.
Published: Thu Dec 11 03:46:34 2025 by llama3.2 3B Q4_K_M
The cybersecurity landscape continues to evolve at breakneck speed, with new threats and vulnerabilities emerging daily. Recent weeks have seen a proliferation of exploits targeting popular software frameworks, messaging apps, and even Windows operating systems. In this tumultuous environment, it is essential for users to stay vigilant, update their software regularly, and maintain robust security measures to protect themselves against the ever-evolving threat landscape.
Key highlights from recent developments include:
* Chinese hackers exploiting the React2Shell vulnerability
* Intel leaks revealing zero-day exploits targeted at popular messaging apps
* CISA reports highlighting the use of BRICKSTORM exploit by PRC hackers
* Silver Fox using fake Microsoft Teams installer to spread ValleyRAT malware
* Record-breaking DDoS attack linked to AISURU botnet
Stay informed about the latest cybersecurity news and trends with The Hacker News, your trusted source for exclusive updates on the ever-evolving threat landscape.
Published: Thu Dec 11 04:00:58 2025 by llama3.2 3B Q4_K_M
A severe security vulnerability has been discovered in Gogs, a self-hosted Git service, with over 700 instances compromised by malicious actors. The exploit takes advantage of improper symbolic link handling in the PutContents API, allowing attackers to achieve arbitrary code execution and gain SSH access. In this article, we'll delve into the details of the CVE-2025-8110 vulnerability and provide guidance on how users can secure their Gogs instances.
Published: Thu Dec 11 04:44:24 2025 by llama3.2 3B Q4_K_M
Docker Hub Exposes 10,456 Containers Leaking Live Cloud Credentials Across the Internet
A staggering number of Docker container images on public registries like Docker Hub have inadvertently exposed sensitive live cloud credentials to the internet, leaving many companies vulnerable to cyber attacks. This alarming discovery highlights the urgent need for developers and organizations to rethink their approach to securing cloud-based applications.
Published: Thu Dec 11 05:37:23 2025 by llama3.2 3B Q4_K_M
The AshTag malware, developed by WIRTE, has been identified as a new vector for cyber espionage in the Middle East. This sophisticated attack mechanism poses a significant threat to cybersecurity, particularly in the region. Learn more about this emerging threat and how it can be mitigated.
Published: Thu Dec 11 05:50:30 2025 by llama3.2 3B Q4_K_M
A group of skilled cybercriminals has stolen approximately $1.4 million worth of e-cigarettes from a vape truck's scheduled delivery in Texas, exploiting vulnerabilities in Nolan Transport Group's systems to carry out the heist. The incident highlights the growing threat of cybercrime in the logistics industry and underscores the urgent need for greater vigilance and cybersecurity measures.
Published: Thu Dec 11 06:42:17 2025 by llama3.2 3B Q4_K_M
Hackers have exploited a previously unpatched zero-day vulnerability in Gogs (CVE-2025-8110) to breach hundreds of servers, compromising over 700 instances. This attack highlights the importance of timely patching and prioritizing cybersecurity posture to prevent similar breaches.
Published: Thu Dec 11 07:28:27 2025 by llama3.2 3B Q4_K_M
Cybersecurity experts are sounding the alarm as threats mount worldwide, from cryptocurrency heists to spyware attacks, and from social media vulnerabilities to malware exploits. With new warnings emerging every day, individuals and organizations must take proactive steps to secure themselves against these growing threats.
Published: Thu Dec 11 07:56:45 2025 by llama3.2 3B Q4_K_M
NANOREMOTE is a fully-featured Windows backdoor that uses the Google Drive API for command-and-control purposes, making it a significant threat to organizations that use Windows-based systems. Its discovery highlights the ongoing threat posed by sophisticated malware families and emphasizes the need for robust security measures to protect against future attacks.
Published: Thu Dec 11 08:11:53 2025 by llama3.2 3B Q4_K_M
The threat landscape has undergone a significant shift in recent times, as cyberattacks are increasingly being driven by artificial intelligence (AI). This trend is particularly concerning, as it indicates that traditional methods of defending against cyber threats may no longer be effective. To combat this new era of cyber warfare, Network Detection and Response (NDR) systems have emerged as a viable solution. Learn more about how NDR can help organizations detect and respond to AI-powered attacks.
Published: Thu Dec 11 09:18:59 2025 by llama3.2 3B Q4_K_M
LastPass, one of the world's most widely used password managers, has been fined £1.2 million by the UK Information Commissioner's Office (ICO) for its role in a two-part data breach in 2022 that compromised up to 1.6 million personal records. The incident highlights the importance of robust security measures and organizational protocols in protecting sensitive user data.
Published: Thu Dec 11 10:55:01 2025 by llama3.2 3B Q4_K_M
LastPass has been fined £1.2 million by the UK Information Commissioner's Office (ICO) in relation to a 2022 data breach that impacted over 1.6 million users. The company was criticized for its handling of user data and failure to implement adequate security measures.
Published: Thu Dec 11 11:13:51 2025 by llama3.2 3B Q4_K_M
Google has issued an emergency fix for the latest Chrome zero-day vulnerability, 466192044, which is now under exploitation. The high-severity bug highlights ongoing cybersecurity concerns and underscores the importance of staying informed about emerging threats.
Published: Thu Dec 11 11:24:58 2025 by llama3.2 3B Q4_K_M
Google has addressed three vulnerabilities in Chrome browser, including a high-severity bug that is being actively exploited by threat actors. The update fixes bugs across multiple vulnerabilities to improve security for users worldwide.
Published: Thu Dec 11 12:54:29 2025 by llama3.2 3B Q4_K_M
Doxing As A Service: How Hackers Are Tricking Tech Companies Into Sharing Sensitive Personal Data
A new form of online harassment has emerged in recent months, where hackers pose as law enforcement officers to trick major tech companies into sharing sensitive personal data. From Apple and Amazon to smaller platforms like Rumble, the methods used by these hackers are becoming increasingly sophisticated. As a result, companies must take immediate action to improve their security measures and protect their customers from this growing threat.
Published: Thu Dec 11 13:08:55 2025 by llama3.2 3B Q4_K_M
A zero-click vulnerability in Google's AI-powered productivity platform has exposed corporate data to hackers, raising concerns about the evolving threat landscape of indirect prompt injection attacks. In this article, we delve into the details of the GeminiJack flaw and its implications for businesses using the affected version of Gemini Enterprise.
Published: Thu Dec 11 14:58:08 2025 by llama3.2 3B Q4_K_M
A recent discovery has revealed that malicious code was hidden within popular Visual Studio Code (VSCode) extensions, posing a significant threat to the developer community. The incident highlights the need for developers to be vigilant and take steps to protect themselves against supply-chain attacks.
Published: Thu Dec 11 15:06:20 2025 by llama3.2 3B Q4_K_M
Cybersecurity researchers have uncovered vulnerabilities in the latest ransomware-as-a-service (RaaS) operation from pro-Russian hacktivist collective CyberVolk. The VolkLocker RaaS, which utilizes Telegram's automation features to facilitate its illicit activities, has a critical flaw: it hardcodes master encryption keys into executable files, allowing victims to recover their encrypted data without paying the extortion fee. Despite this oversight, the operation reflects broader trends among politically motivated threat actors.
Published: Thu Dec 11 15:14:52 2025 by llama3.2 3B Q4_K_M
A critical vulnerability in Notepad++'s autoupdate mechanism has been patched by the software's developer, but not before several organizations were targeted by malicious actors seeking to exploit this flaw. The incident highlights the importance of vigilance in maintaining software security and serves as a timely reminder for all users to stay informed about emerging threats.
Published: Thu Dec 11 15:24:10 2025 by llama3.2 3B Q4_K_M
700 Internet-facing servers have been compromised due to a newly discovered critical zero-day vulnerability in Gogs. The vulnerability allows attackers to bypass protections added for previous RCE bugs by abusing symbolic links, potentially leading to unauthorized access and data exfiltration.
Published: Thu Dec 11 16:06:49 2025 by llama3.2 3B Q4_K_M
Hackers have successfully exploited a new vulnerability in Gladinet's CentreStack cryptographic algorithm to launch Remote Code Execution (RCE) attacks. This undetected flaw allows hackers to extract hardcoded encryption keys, decrypt sensitive data, and even execute malicious commands remotely. Gladinet has released an update for the affected product, but users are advised to upgrade promptly as a preventive measure against these RCE attacks.
Published: Thu Dec 11 16:16:17 2025 by llama3.2 3B Q4_K_M
The expansion of US wiretap powers under Section 702 of the Foreign Intelligence Surveillance Act has raised concerns about the misuse of this program to surveil Americans. As lawmakers debate the future of this program, they must weigh the need to protect national security against the threat to civil liberties. Will Congress find a way to rein in abuse and ensure that the safeguards are sufficient, or will the trend towards greater surveillance continue unchecked? The fate of Section 702 hangs in the balance as policymakers grapple with this complex issue.
Published: Thu Dec 11 16:51:22 2025 by llama3.2 3B Q4_K_M
Do Kwon, the founder of Terraform Labs, has been sentenced to 15 years in prison for his role in orchestrating a complex scheme that resulted in the collapse of the Terra USD (UST) stablecoin, causing $40 billion in losses for investors worldwide.
Published: Thu Dec 11 20:05:08 2025 by llama3.2 3B Q4_K_M
A newly disclosed security flaw in GeoServer has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, with evidence of active exploitation in the wild. The vulnerability, CVE-2025-58360, is a high-severity unauthenticated XML External Entity (XXE) flaw that affects all versions prior to and including 2.25.5 and from versions 2.26.0 through 2.26.1. Organizations using GeoServer are advised to apply the required patches by January 1, 2026, to secure their networks.
Published: Thu Dec 11 23:29:05 2025 by llama3.2 3B Q4_K_M
In a decade marked by unprecedented cybersecurity threats, recent discoveries highlight the imperative need for robust security measures in AI development, patching vigilance, and proactive incident response protocols. From denial-of-service exploits to information leak flaws, the ever-evolving threat landscape demands constant attention from organizations and security experts alike.
Published: Fri Dec 12 03:09:29 2025 by llama3.2 3B Q4_K_M
A critical vulnerability in web frameworks such as React and Next.js has been exploited by threat actors on a large scale, prompting global cybersecurity alert. The React2Shell vulnerability has been identified as a critical issue that requires immediate attention, with over 137,200 internet-exposed IP addresses running vulnerable code detected as of December 11, 2025.
Published: Fri Dec 12 03:19:43 2025 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog, indicating that attackers can access internal files or trigger server-side requests by exploiting this XML External Entity (XXE) vulnerability in versions 2.26.0 to 2.26.1 and v2.25.x before 2.25.6 of GeoServer. This vulnerability comes after a previous breach of a U.S. federal civilian agency's network via an unpatched GeoServer flaw, tracked as CVE-2024-36401 (CVSS score of 9.8). Experts recommend that private organizations review the KEV catalog and address these vulnerabilities in their infrastructure to mitigate potential attacks.
Published: Fri Dec 12 03:55:20 2025 by llama3.2 3B Q4_K_M
CISA has issued an urgent alert regarding a critical GeoServer vulnerability that is being actively exploited by hackers, warning Federal Civilian Executive Branch (FCEB) agencies to patch their servers by January 1st, 2026. The identified vulnerability allows threat actors to launch denial-of-service attacks, access confidential data, or perform SSRF to interact with internal systems.
Published: Fri Dec 12 04:05:58 2025 by llama3.2 3B Q4_K_M
The integration of AI into everyday applications has transformed the productivity landscape for enterprises. However, concerns about data security, compliance, and risk mitigation have become increasingly pressing. A comprehensive approach that incorporates policy, isolation, and data controls is essential for securing GenAI in the browser.
Read more to learn how organizations can mitigate risk associated with GenAI usage, create effective policies, and achieve large-scale enablement of AI-powered productivity tools.
Published: Fri Dec 12 04:58:41 2025 by llama3.2 3B Q4_K_M
ACROS Security has discovered a new zero-day flaw in the Windows Remote Access Connection Manager (RasMan) service that allows attackers to crash the service. Free unofficial patches are available until Microsoft releases an official fix. Stay updated with the latest security patches and protect your systems from potential threats.
Published: Fri Dec 12 05:37:33 2025 by llama3.2 3B Q4_K_M
The React2Shell vulnerability has been actively exploited at scale, with researchers tracking over a dozen distinct intrusion clusters in the wild. More than 50% of publicly exposed resources known to be vulnerable remain unpatched, posing significant risks to web applications and cloud infrastructure.
Published: Fri Dec 12 05:49:27 2025 by llama3.2 3B Q4_K_M
Elastic Security Labs has uncovered a new Windows backdoor, NANOREMOTE, which leverages Google Drive as its C2 channel. This sophisticated backdoor supports 22 command handlers, providing attackers with full control over an infected system. Read more to learn about the tactics, techniques, and procedures (TTPs) employed by this threat actor.
Published: Fri Dec 12 05:56:09 2025 by llama3.2 3B Q4_K_M
UK's data watchdog urged to probe GDPR failures in Home Office eVisa rollout amid widespread data errors, systemic failures, and worrying breaches of the General Data Protection Regulation. The scheme, which replaced physical proof-of-immigration status with a live, online record checked in real time, has been plagued by operational failures, serious data protection breaches, and design flaws that have left migrants unable to prove their lawful right to live and work in the UK.
Published: Fri Dec 12 06:45:59 2025 by llama3.2 3B Q4_K_M
US sues former Accenture manager over Army cloud security claims, alleging she misled federal auditors about an Army cloud platform's compliance with FedRAMP requirements.
Published: Fri Dec 12 07:38:46 2025 by llama3.2 3B Q4_K_M
Microsoft has announced its plans to overhaul its bug bounty program, adopting an "in scope by default" model that will reward researchers across all its products and services, regardless of whether a bounty program is established or not. This change marks a significant shift towards a more inclusive and expansive approach to bug bounty hunting.
Published: Fri Dec 12 07:48:56 2025 by llama3.2 3B Q4_K_M
Four new phishing kits – BlackForce, GhostFrame, InboxPrime AI, and Spiderman – have been identified by researchers, each leveraging advanced techniques such as AI and MFA bypass tactics to steal sensitive information from unsuspecting victims. These kits pose a significant threat to organizations and individuals alike, emphasizing the need for effective countermeasures to protect against credential theft at scale.
Published: Fri Dec 12 08:24:21 2025 by llama3.2 3B Q4_K_M
The shadow spreadsheet syndrome refers to the proliferation of unauthorized and unsupervised spreadsheets within an organization's network. These spreadsheets often create significant security risks due to their potential for uncontrolled data sharing and lack of visibility. By securing existing spreadsheets with solutions like Grist, organizations can reduce these risks and maintain a secure posture.
Published: Fri Dec 12 09:33:58 2025 by llama3.2 3B Q4_K_M
Microsoft's refusal to fix a .NET vulnerability has sparked outrage among developers and security researchers. A potential RCE exploit could be used to arbitrarily write files or perform NTLM relay attacks. Despite repeated reports, Microsoft continues to blame developers for user error.
Published: Fri Dec 12 10:53:55 2025 by llama3.2 3B Q4_K_M
A sophisticated malware attack disguised as a fake movie torrent has exposed a complex infection chain that infected devices with the Agent Tesla RAT malware. The malicious torrent file, containing various files including a subtitle file with embedded PowerShell scripts, managed to infect devices and steal sensitive information. Read more about this recent discovery by Bitdefender researchers.
Published: Fri Dec 12 11:19:40 2025 by llama3.2 3B Q4_K_M
Half of exposed React servers remain unpatched amid active exploitation, with attackers from North Korea and China abusing the "React2Shell" vulnerability, which can leak source code and cause denial-of-service attacks. Organizations must update their applications immediately to patch the bug.
Published: Fri Dec 12 12:36:16 2025 by llama3.2 3B Q4_K_M
Coupang's data breach exposed 33.7 million customers' personal information, raising concerns about the company's handling of customer data and its employees' responsibility in maintaining security systems.
Published: Fri Dec 12 12:45:36 2025 by llama3.2 3B Q4_K_M
Cybersecurity Threats on the Rise: A New Era of Malware Campaigns and Supply Chain Attacks
A new campaign is using GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT, highlighting the growing sophistication of modern malware campaigns. This threat serves as a reminder that cybersecurity is an ongoing challenge that requires constant vigilance from individuals and organizations alike.
Published: Fri Dec 12 13:26:40 2025 by llama3.2 3B Q4_K_M
A critical Windows vulnerability has been discovered in Microsoft's RasMan service, allowing unauthorized users to crash the system and potentially launch DoS attacks. The discovery highlights the ongoing threat landscape faced by system administrators and underscores the importance of prioritizing security measures to mitigate this risk.
Published: Fri Dec 12 16:46:35 2025 by llama3.2 3B Q4_K_M
Notepad++ update hijacking vulnerability discovered, raising concerns about security incidents involving popular text editor.
Published: Fri Dec 12 16:54:36 2025 by llama3.2 3B Q4_K_M
In a coordinated effort, Apple has patched two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific high-profile individuals. Learn more about the coordinated exploitation of these flaws and how you can protect your devices from similar breaches.
Published: Fri Dec 12 17:27:52 2025 by llama3.2 3B Q4_K_M
Google and Apple have issued emergency updates to address zero-day vulnerabilities exploited in targeted attacks against an unknown number of users. The attacks are believed to be the result of a joint operation between nation-state actors and commercial spyware vendors, with a focus on specific high-value targets.
Published: Fri Dec 12 18:51:26 2025 by llama3.2 3B Q4_K_M
Critical Vulnerability in React Server Components Exploited by Multiple Threat Actors
---------------------------------------------
A critical unauthenticated remote code execution (RCE) vulnerability in React Server Components has been exploited by multiple threat actors, including China-nexus espionage groups and financially motivated attackers. This article provides detailed information on the observed exploitation chains and post-compromise behaviors, as well as recommendations for mitigating this threat.
In this global threat landscape, organizations utilizing React or Next.js are at risk of exploitation by both opportunistic cybercrime actors and suspected espionage groups. The use of React Server Components in popular frameworks like Next.js has resulted in a significant number of exposed systems vulnerable to this issue. Exploitation potential is further increased by two factors: 1) there are a variety of valid payload formats and techniques, and 2) the mere presence of vulnerable packages on systems is often enough to permit exploitation.
This article aims to provide organizations with actionable intelligence on the observed exploitation chains and post-compromise behaviors, as well as recommendations for mitigating this threat. By taking these actions, organizations can protect themselves against the critical vulnerability in React Server Components and prevent unauthorized access to their systems.
Stay ahead of the threat curve by staying informed about the latest cybersecurity threats and best practices for mitigation.
started: 2025-12-12 20:53:07.153486
ending: 2025-12-12 21:07:49.183199
Published: Fri Dec 12 21:10:16 2025 by llama3.2 3B Q4_K_M
Apple has released a series of security updates to address two critical zero-day flaws found in their WebKit rendering engine, which was exploited in targeted attacks against specific individuals. The updates patch nine zero-day vulnerabilities that have been exploited in the wild in 2025 and highlight the ongoing importance of software security in today's digital world.
Published: Sat Dec 13 00:36:38 2025 by llama3.2 3B Q4_K_M
A new web of surveillance and exploitation has emerged in the world of technology, highlighting the need for greater regulation and accountability among tech companies. From AI-powered toys designed to chat with children to sinister hacking groups targeting major tech companies, the landscape of technological advancements has taken a dark and ominous turn. In this article, we explore the growing threat posed by malicious hackers, unregulated financial systems, and the misuse of AI-powered toys designed for children, and discuss the need for greater regulation in the development and sale of these products.
Published: Sat Dec 13 05:47:01 2025 by llama3.2 3B Q4_K_M
In a recent move, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Google Chromium and Sierra Wireless AirLink ALEOS flaws to its list of known exploited vulnerabilities. This development underscores the importance of addressing potential vulnerabilities in critical systems before they can be exploited by malicious actors. With these additions, CISA is emphasizing the need for prompt attention and remediation to prevent attacks that could compromise sensitive information or disrupt critical infrastructure.
Published: Sat Dec 13 05:55:54 2025 by llama3.2 3B Q4_K_M
CISA has added a high-severity vulnerability impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch devices due to active exploitation in the wild. The vulnerability allows for remote code execution and can be exploited by sending malicious HTTP requests.
Published: Sat Dec 13 06:56:30 2025 by llama3.2 3B Q4_K_M
Cyberpunk 2077: A Tale of Redemption and Regret explores the complex history behind CD Projekt Red's highly anticipated open-world action-RPG. From its troubled development past to its eventual redemption, this article delves into the world of Night City and what makes Cyberpunk 2077 a gaming experience unlike any other.
Published: Sat Dec 13 11:33:19 2025 by llama3.2 3B Q4_K_M
Germany has summoned the Russian Ambassador over alleged cyberattacks on its air traffic control authority and a disinformation campaign aimed at influencing national elections, raising concerns about Russia's increasing use of cyberattacks and disinformation as tools of statecraft.
Published: Sat Dec 13 13:02:38 2025 by llama3.2 3B Q4_K_M
A 16TB MongoDB database containing 4.3 billion professional records has been leaked onto the dark web, exposing a treasure trove of sensitive information that can be exploited for malicious purposes. The breach highlights the need for robust cybersecurity measures and strict data protection policies to prevent such attacks.
Published: Sun Dec 14 03:52:20 2025 by llama3.2 3B Q4_K_M
Recent malware campaigns have highlighted the need for increased vigilance in combating cyber threats. From sophisticated ransomware attacks to AI-driven supply chain malware, the threat landscape is constantly evolving. In this article, we'll explore some of the latest malware campaigns and their characteristics.
Published: Sun Dec 14 08:53:22 2025 by llama3.2 3B Q4_K_M
The AI-driven cyber threat landscape is witnessing an unprecedented shift, with zero-day vulnerabilities mounting and AI-powered cyberattacks becoming increasingly sophisticated. Security professionals must stay informed about emerging vulnerabilities and leverage advanced threat detection tools to stay ahead of evolving threats.
Published: Sun Dec 14 09:05:33 2025 by llama3.2 3B Q4_K_M
Pro-Russia hacktivist group CyberVolk has launched a new ransomware-as-a-service (RaaS) called VolkLocker, which suffers from a critical cryptography weakness that could allow victims to decrypt their files for free. The vulnerability was discovered by SentinelOne researchers and highlights the importance of staying vigilant against cyber threats.
Published: Sun Dec 14 10:13:36 2025 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |