81Articles
9Categories
2025-12-01Date
🚨 CISA KEV 1[−]
1 Dec KEVCISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEVsubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.htmlSH.ITJUST.WORKS
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
1 DecPoC Released for Outlook “MonikerLink” RCE Flaw Allowing Remote Code ExecutionSecurity researchers have released a proof-of-concept (PoC) exploit for CVE-2024-21413, a critical remote code execution vulnerability in Microsoft Outlook dubbed “MonikerLink.” This flaw enables attackers to execute arbitrary code on victim systems via specially craf…GBHACKERS.COM
1 Dec KEVCISA Warns of ScadaBR Vulnerability After Hacktivist ICS AttackCISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek .SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
1 DecCybersecurity Today: QR Code Parking Scams, Evil Twin WiFi Attacks & Microsoft's Teams FlawIn this episode of Cybersecurity Today, host David Shipley discusses a range of pressing cybersecurity issues. Topics include the surge in QR code parking scams, with recent cases in Monaco, Ottawa, and across Europe; an Australian man sentenced for evil twin WiFi attacks targeti…CYBERSECURITYTODAY.LIBSYN.COM
1 DecLinux 6.18 Rolls Out With Major Hardware Support Upgrades and Driver EnhancementsLinus Torvalds has officially released Linux 6.18, the latest stable version of the Linux kernel. The announcement came on Sunday, November 30, 2025, marking another milestone for the open-source operating system that powers everything from smartphones to supercomputers. Torvalds…GBHACKERS.COM
1 DecPolice takes down Cryptomixer cryptocurrency mixing serviceLaw enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder stolen funds. [...]BLEEPINGCOMPUTER.COM
1 DecZilvia.net - 287,863 breached accountsIn November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to con…HAVEIBEENPWNED.COM
1 DecFrom Misconfigurations to Mission Control: Lessons from InfoSec World 2025 - ESW #435Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management an…YOUTUBE.COM
1 DecKorea’s Coupang says data breach exposed nearly 34M customers’ personal informationE-commerce company Coupang has confirmed a massive data breach affecting 33.7 million customer accounts in South Korea.TECHCRUNCH.COM
1 Dec⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & MoreHackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at o…THEHACKERNEWS.COM
1 DecAuthorities Shut Down ‘Cryptomixer’ Platform Used for Cybercrime and Money LaunderingLaw enforcement authorities from Switzerland and Germany, with support from Europol, have successfully dismantled a primary cryptocurrency mixing service called ‘Cryptomixer’ that was facilitating cybercrime and money laundering operations worldwide. The coordinated a…GBHACKERS.COM
1 DecOperation Hanoi Thief: Pseudo-Polyglot Payloads Targeting IT ProfessionalsSEQRITE Labs APT-Team has uncovered a sophisticated cyberattack campaign dubbed “Operation Hanoi Thief,” targeting IT departments and human resources recruiters across Vietnam with weaponized resume documents. The campaign, first detected on November 3, 2025, employs …GBHACKERS.COM
1 DecDevolutions Server Hit by SQL Injection Flaw Allowing Data TheftA critical security vulnerability has been discovered in Devolutions Server, a popular centralized password and privileged access management solution. The flaw, rated critical severity by experts, could allow attackers to steal sensitive data or modify internal records. Devolutio…GBHACKERS.COM
1 DecScammers Are Exploiting the Holiday Shopping SeasonUsers should be particularly wary of holiday-themed scams over the next few weeks, according to researchers at Malwarebytes. “Mobile-first shopping has become second nature, and during the holidays, it’s faster and more frantic than ever,” Malwarebytes says. “Fifty-five percent o…KNOWBE4.COM
1 DecThe CISO’s paradox: Enabling innovation while managing riskWe can keep it real here. One of the main jobs CISOs have is to stop being the “Department of No.” We have to figure out how to enable the rapid delivery of products and services for the business without introducing risks to the same business. That’s the paradox in a nutshell. In…CSOONLINE.COM
1 DecCritical Apache bRPC Framework Vulnerability Let Attackers Crash the Serversubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/apache-brpc-framework-vulnerability/SH.ITJUST.WORKS
1 Dec$29 Million Worth of Bitcoin Seized in Cryptomixer TakedownCryptomixer was targeted by law enforcement in Operation Olympia for facilitating cybercrime and money laundering. The post $29 Million Worth of Bitcoin Seized in Cryptomixer Takedown appeared first on SecurityWeek .SECURITYWEEK.COM
1 DecContagious Interview attackers go ‘full stack’ to fool developersResearchers at Socket have uncovered more details of a sophisticated software supply-chain operation linked to the Contagious Interview campaign attacking developers who rely on packages from NPM. They report finding a “full stack” operation behind the attacks, where code hosting…CSOONLINE.COM
1 DecBin ich Teil eines Botnets? Jetzt kostenlos nachprüfenZu Weihnachten die Rechner der Verwandtschaft auf Botnet-Aktivitäten überprüfen – der kostenlose GreyNoise IP Check machts möglich. Jaiz Anuar – Shutterstock.com Hacks greifen immer stärker Unternehmen an, weil die Beute in Form von Lösegeld und Daten dort aussichtreicher ist als…CSOONLINE.COM
1 DecMicrosoft gives Windows admins a legacy migration headache with WINS sunsetMicrosoft has given system administrators until 2034 to stop using WINS (Windows Internet Name Service) NetBIOS name resolution technology in their networks — but even nine years may not be enough notice for some: WINS is very much still in use, supporting a niche range of diffic…CSOONLINE.COM
1 DecNETSCOUT wins “Overall Network Security Solution of the Year”When it comes to cybersecurity, visibility is everything. Without it, even the most advanced tools can’t help teams detect, investigate, or respond effectively to threats lurking in their networks. That’s why we’re proud to announce that NETSCOUT’s Omnis Cyber Intelligence has be…CSOONLINE.COM
1 DecWhat are zero-day attacks and why do they work?Zero-day attacks have become a significant concern in the realm of cybersecurity, posing a formidable challenge to individuals and organizations alike. These attacks exploit vulnerabilities that are unknown to the software vendor, leaving systems exposed to potential breaches. As…CSOONLINE.COM
1 DecThe first line of defense is still the network. But that’s only the beginningFor years, the security industry has been captivated by the promises of new acronyms: EDR, XDR, CDR. Each wave has promised broader coverage, better detection, and faster responses. And although each of these tools provides value, recent research from Enterprise Strategy Group (E…CSOONLINE.COM
1 DecEuropean cops shut down crypto mixing website that helped launder 1.3 billion eurosEuropol announced the seizure of Cryptomixer’s official website, as well as 25 million euros and 12 terabytes of data from the mixer's service.TECHCRUNCH.COM
1 DecSmartTube YouTube app for Android TV breached to push malicious updateThe popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 1[−]
1 DecQualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot ProcessQualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechanism that protects devices fro…GBHACKERS.COM
📢 SECURITY ADVISORIES 13[−]
1 DecTomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government TargetsThe threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight a notable shift in Tomiri…THEHACKERNEWS.COM
1 Dec12 signs the CISO-CIO relationship is broken — and steps to fix itDespite the need for collaboration between security and IT, all is not well in the CISO-CIO relationship. And it’s not about newly minted CISOs trying to find their footing, as Gartner research has found that while around a third of CISOs with less than two years of experience re…CSOONLINE.COM
1 Dec KEVKevin Lancaster Joins the usecure Board to Accelerate North American Channel GrowthLancaster’s arrival brings significant North American channel experience and expertise, supporting usecure’s ambition to cement its position as the market-leading human risk management solution for MSPs. usecure today announced the appointment of Kevin Lancaster as a Non-Executiv…CSOONLINE.COM
1 DecChinese Front Companies Offering Advanced Steganography Tools for APT GroupsThe Chinese government’s cyber ecosystem continues to attract significant scrutiny from security researchers worldwide. Following revelations from Intrusion Truth, the i-Soon leaks, tracking of EagleMsgSpy, and exposure of Great Firewall components, a recent analysis has un…GBHACKERS.COM
1 DecIndia Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom FraudIndia's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days. According to a report from Reuters, the app cannot be deleted or disabled from users'…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 7[−]
1 DecWeekly Update 480Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well, I now have the answer to how Snapchat does age verification for under-16s: they give an underage kid the ability to change their …TROYHUNT.COM
1 DecBrsk confirms breach as bidding begins for 230K+ recordssubmitted by kid to cybersecurity 2 points | 0 comments https://www.theregister.com/2025/11/28/brsk_breach/SH.ITJUST.WORKS
1 DecKimJongRAT Strikes Windows Users via Malicious HTA FilesSecurity researchers have confirmed that KimJongRAT, a sophisticated remote access Trojan attributed to the Kimsuky group and believed to be backed by North Korea, is being actively distributed via weaponized .hta files targeting Windows users. The discovery reveals a carefully o…GBHACKERS.COM
1 DecHackers Shift to ‘Living Off the Land’ Tactics to Evade EDR on Windows SystemsSecurity researchers have discovered that modern attackers are abandoning traditional offensive tools and instead weaponizing legitimate Windows utilities to conduct cyberattacks without triggering security alarms. This shift in tactics, known as “Living Off the Land,”…GBHACKERS.COM
1 DecData copied in Kensington and Chelsea council cyber attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bbc.com/news/articles/crmd74j4ezpoSH.ITJUST.WORKS
1 DecRetail giant Coupang suffers data breach impacting 33.7 million peopleSouth Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. [...]BLEEPINGCOMPUTER.COM
1 DecBreachLock Named a Leader in 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for Third Consecutive YearNew York, New York, December 1st, 2025, CyberNewswire BreachLock, the global leader in Penetration Testing as a Service (PTaaS), has been named a Leader and Fast Mover in the 2025 GigaOm Radar Report for PTaaS for the third year in a row. The GigaOm Radar Report for PTaaS is publ…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 23[−]
1 DecISC Stormcast For Monday, December 1st, 2025 https://isc.sans.edu/podcastdetail/9718, (Mon, Dec 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 DecAPT36 Deploys Python-Based ELF Malware in Targeted Attacks on Indian Government AgenciesPakistan-linked cyberespionage group APT36 (Transparent Tribe) has escalated its campaign against Indian government institutions with the deployment of sophisticated Python-based ELF malware specifically designed to compromise Linux-based BOSS operating environments, according to…GBHACKERS.COM
1 DecAustralian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on FlightsMichael Clapsis has been sentenced to 7 years and 4 months in prison for stealing sensitive information. The post Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights appeared first on SecurityWeek .SECURITYWEEK.COM
1 DecErmittler zerschlagen Plattform für Online-GeldwäscheIm Zuge der Operation Olympia wurde die kriminelle Handelsplattform “cryptomixer.io” abgeschaltet. Bundeskriminalamt Ermittlern aus Deutschland und der Schweiz ist ein Schlag gegen Online-Geldwäsche mit Kryptowährungen gelungen. Wie die Behörden mitteilten, wurde die Serverinfras…CSOONLINE.COM
1 DecAppSec: It's All About Developer SkillsUnlock the true potential of AppSec by focusing on what really matters: the developer's skill set. It's not just about the tools; it's about empowering people to make security second nature. Let's shift the narrative and put the spotlight on the real game-changers. Subscribe to o…YOUTUBE.COM
1 DecLeak confirms OpenAI is preparing ads on ChatGPT for public roll outsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openai-is-preparing-ads-on-chatgpt-for-public-roll-out/SH.ITJUST.WORKS
1 DecPublic GitLab repositories exposed more than 17,000 secretssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/public-gitlab-repositories-exposed-more-than-17-000-secrets/SH.ITJUST.WORKS
1 DecScattered Lapsus$ Hunters target Zendesk users with fake domainssubmitted by kid to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/4097846/scattered-lapsus-hunters-target-zendesk-users-with-fake-domains.htmlSH.ITJUST.WORKS
1 DecBanning VPNsThis is crazy. Lawmakers in several US states are contemplating banning VPNs , because…think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105 / S.B. 13…SCHNEIER.COM
1 DecSecurity researchers caution app developers about risks in using Google Antigravitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/4097698/security-researchers-caution-app-developers-about-risks-in-using-google-antigravity.htmlSH.ITJUST.WORKS
1 DecAustralian Man Jailed for Running Fake Wi-Fi Attacks at Airports and Onboard FlightsA Perth man has been sent to jail for stealing private videos from women and creating a fake Wi-Fi network to trick airline passengers. The 44-year-old’s crimes have shocked the aviation industry and left many victims feeling violated. The Fake Wi-Fi Scheme The trouble star…GBHACKERS.COM
1 Dec KEVKevin Lancaster Joins the usecure Board to Accelerate North American Channel GrowthClaymont, Delaware, December 1st, 2025, CyberNewsWire Lancaster’s arrival brings significant North American channel experience and expertise, supporting usecure’s ambition to cement its position as the market-leading human risk management solution for MSPs. usecure today announce…GBHACKERS.COM
1 DecHackers Launch 2,000+ Fake Holiday Shops in Massive Payment Theft SchemeCybersecurity researchers have uncovered a massive network of over 2,000 fraudulent online storefronts deliberately activated during the Black Friday and Cyber Monday shopping season to harvest consumer payment information and execute unauthorized financial transactions. The disc…GBHACKERS.COM
1 DecShai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystemssubmitted by kid to cybersecurity 1 points | 0 comments https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.htmlSH.ITJUST.WORKS
1 DecContagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/185170/apt/contagious-interview-campaign-expands-with-197-npm-ppackages-spreading-new-ottercookie-malware.htmlSH.ITJUST.WORKS
1 DecNew Albiriox Android Malware Developed by Russian CybercriminalsAlbiriox is a banking trojan offered under a malware-as-a-service model for $720 per month. The post New Albiriox Android Malware Developed by Russian Cybercriminals appeared first on SecurityWeek .SECURITYWEEK.COM
1 DecFacial Recognition’s Trust ProblemTwo technologies — one for public safety, one for controlled entry — show why trust in facial recognition must be earned, not assumed. The post Facial Recognition’s Trust Problem appeared first on SecurityWeek .SECURITYWEEK.COM
1 DecKindness: The Leader's CurrencyIn the world of cybersecurity, kindness is more than just a virtue—it's the currency of effective leadership. Discover how replenishing your own energy and kindness can empower you to serve others better and strengthen your team's defenses. 🌟 Subscribe to our podcasts: https://se…YOUTUBE.COM
1 DecShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into SpywareA threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, accordin…THEHACKERNEWS.COM
1 DecSouth Korea's Coupang Confirms 34 Million Customer Data Leaksubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/south-korea-coupang-34m-customer/SH.ITJUST.WORKS
1 DecAlbiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Walletssubmitted by kid to cybersecurity 1 points | 0 comments https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets#6SH.ITJUST.WORKS
1 Dec KEVNews alert: usecure adds channel heavyweight Kevin Lancaster to guide North America pushCLAYMONT, Del., Dec. 1, 2025, CyberNewswire — usecure today announced the appointment of Kevin Lancaster as a Non-Executive Director. Kevin joins usecure with a wealth of experience in the North American channel and a strong background in human risk management … (more…) The…LASTWATCHDOG.COM
1 DecHigh Schooler's DEFCON Badge JourneyA high school junior takes on DEFCON, the world's largest hacker convention, with his own custom badge creation! Discover the thrill of 'Badge Life' and the ingenuity behind crafting unique electronic badges amidst cybersecurity giants. Explore the creative spirit that fuels the …YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
1 DecNew Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen ControlA new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded lis…THEHACKERNEWS.COM
1 DecWebinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security TeamsThe AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window through which a human user viewe…THEHACKERNEWS.COM
1 DecShadyPanda browser extensions amass 4.3M installs in malicious campaignA long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. [...]BLEEPINGCOMPUTER.COM
1 DecWhen Hackers Wear Suits: Protecting Your Team from Insider Cyber ThreatsHackers impersonate IT pros with deepfakes, fake resumes, and stolen identities, turning hiring pipelines into insider threats. Huntres sLabs explains how stronger vetting and access controls help stop these threats. [...]BLEEPINGCOMPUTER.COM
1 DecGlassworm malware returns in third wave of malicious VS Code packagesThe Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 7[−]
1 DecGoogle deletes X post after getting caught using a ‘stolen’ AI recipe infographicGoogle is facing backlash on X after a viral post for its NotebookLM appeared to use a food blogger's work without credit. [...]BLEEPINGCOMPUTER.COM
1 DecKaspersky Embedded Systems Security: what's new?How Kaspersky Embedded Systems Security protects embedded devices from relevant threats.KASPERSKY.COM
1 DecMicrosoft says new Outlook can't open some Excel attachments​Microsoft is working to resolve a known issue that prevents some users from opening Excel email attachments in the new Outlook client. [...]BLEEPINGCOMPUTER.COM
1 Dec[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)[This is a Guest Diary by James Woodworth, an ISC intern as part of the SANS.edu Bachelor&&#x23&#x3b;39&#x3b;s Degree in Applied Cybersecurity (BACS) program [1]. ISC.SANS.EDU
1 DecWhat’s your CNAPP maturity?More and more enterprises are opting for cloud-native application protection platforms (CNAPPs) instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey.TRENDMICRO.COM
1 DecOversharing is not caring: What’s at stake if your employees post too much onlineFrom LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble.WELIVESECURITY.COM
1 DecElevate Your Cloud Security StrategyLearn to elevate your cloud security strategy & overcome complexity with Vision One™.TRENDMICRO.COM