98Articles
9Categories
2025-12-02Date
🚨 CISA KEV 1[−]
2 Dec KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-48572 Android Framework Privilege Escalation Vulnerability   CVE-2025-48633 Android Framework Information Disclosure Vulnerab…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
2 Dec KEVGoogle Fixes Android Zero-Day Flaws Actively Exploited in the WildGoogle has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulletin, affect multiple Android v…GBHACKERS.COM
2 DecApache Struts Flaw Allows Attackers to Launch Disk Exhaustion AttacksA new security flaw has been found in Apache Struts, a popular open‑source web application framework used by many companies worldwide. The issue, tracked as CVE‑2025‑64775, could allow attackers to fill a server’s disk space, causing it to stop working correctly. Field Details CV…GBHACKERS.COM
2 DecOpenAI Codex CLI Flaw Allows Attackers to Run Arbitrary CommandsOpenAI’s Codex CLI, a command-line tool designed to bring AI-powered reasoning into developer workflows, contains a critical vulnerability that allows attackers to execute arbitrary commands on developer machines without any user interaction or approval. Security researcher…GBHACKERS.COM
2 DecVulnerability in OpenAI Coding Agent Could Facilitate Attacks on DevelopersThe Codex CLI vulnerability tracked as CVE-2025-61260 can be exploited for command execution. The post Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecnopCommerce Flaw Lets Attackers Access Accounts Using Captured CookiesSecurity researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after …GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
2 DecKey questions CISOs must ask before adopting AI-enabled cyber solutionsAdversaries are hijacking AI technology for their own purposes, generating deepfakes , creating clever phishing lures , and launching novel types of advanced attacks. They are also targeting AI systems with prompt injection attacks aimed at tricking models into revealing sensitiv…CSOONLINE.COM
2 DecCoupang Data Breach Exposes Personal Information of 33.7 Million CustomersSouth Korean e-commerce giant Coupang has admitted to a significant data breach that exposed the personal information of about 33.7 million customers. This figure is close to the company’s entire user base, making it one of the most significant known data breaches in the country.…GBHACKERS.COM
2 Dec KEVGoogle Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the WildGoogle on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, a…THEHACKERNEWS.COM
2 DecVaillant-CISO: “Starten statt Warten”srcset="https://b2b-contenthub.com/wp-content/uploads/2025/12/R61_6423__MKP.jpg?quality=50&strip=all 3543w, https://b2b-contenthub.com/wp-content/uploads/2025/12/R61_6423__MKP.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/upload…CSOONLINE.COM
2 DecAndroid’s December 2025 Updates Patch Two Zero-DaysGoogle warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecMaking TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("... - ASW #359For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems a…YOUTUBE.COM
2 DecAzure API Management Vulnerability Lets Attackers Create Accounts Across TenantsA critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpatched as Microsoft considers …GBHACKERS.COM
2 DecOpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security ChecksSecurity researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read…GBHACKERS.COM
2 DecHackers Exploit Telegram, WinSCP, Chrome, and Teams to Deliver ValleyRat MalwareResearchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion techniques, including kernel-lev…GBHACKERS.COM
2 DecArkanix Stealer Emerges as New Threat: Steals VPN Logins, Wi-Fi Credentials, and ScreenshotsA newly discovered information-stealing malware called Arkanix is rapidly evolving to target sensitive user data, including VPN credentials, system information, and wireless network passwords. Security researchers have identified this emerging threat as a short-lived, profit-driv…GBHACKERS.COM
2 DecSecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track VulnerabilitiesVulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a bur…THEHACKERNEWS.COM
2 DecAI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity RiskThe 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited. Eighty-three percent of organizations already use AI in daily operations, but only 13 percent say they have strong vi…CSOONLINE.COM
2 DecLike Social Media, AI Requires Difficult ChoicesIn his 2020 book, “ Future Politics , ” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our collective life should be determined by the state, and what should be left to the market and civil society?” …SCHNEIER.COM
2 DecA NICE Retrospective on Shaping Cybersecurity’s FutureRodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development. He will be retiring from federal government service …NIST.GOV
2 DecCyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms RaceWhile most cybersecurity companies pour resources into AI models, massive compute, hoovering up all the data, and enhanced analytics to detect and prevent threats, Frenetik , a Maryland cyber startup, is betting on something simpler: making sure attackers don’t know what defender…CSOONLINE.COM
2 DecCSO 30 Awards 2025: Celebrating Excellence, Innovation and Leadership in CybersecurityWith submissions showcasing advances in automation, inclusion, workforce development, and real-world resilience, this year’s programme highlights the multifaceted role of today’s CSO. As threats evolve and organizational complexity grows, the CSO is now a strategist, communicator…CSOONLINE.COM
2 Dec KEVGoogle fixes two Android zero days exploited in attacks, 107 flawsGoogle has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...]BLEEPINGCOMPUTER.COM
2 DecCyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms RaceBethesda, USA / Maryland, December 2nd, 2025, CyberNewsWire While most cybersecurity companies pour resources into AI models, massive compute, hoovering up all the data, and enhanced analytics to detect and prevent threats, Frenetik, a Maryland cyber startup, is betting on someth…GBHACKERS.COM
2 DecAI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity RiskBaltimore, MD, December 2nd, 2025, CyberNewsWire The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited. Eighty-three percent of organizations already use AI in daily operat…GBHACKERS.COM
2 DecDash Cam Hack: How Criminals Can Seize Control in SecondsDashcams have become an essential accessory in vehicles across many countries, serving as impartial witnesses in the event of accidents and roadside disputes. Yet, new research presented at Security Analyst Summit 2025 by a team of Singaporean cybersecurity researchers has uncove…GBHACKERS.COM
2 DecEarly Indicators of Insider Threats Through Authentication and Access ControlsSecurity researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources, leaving meaningful warning signs buried beneath operational noise until incidents escalat…GBHACKERS.COM
2 DecEvilginx Attack Techniques Allow Hackers to Defeat MFA Through SSO PhishingA sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18…GBHACKERS.COM
2 DecSmartTube Android TV App Compromised After Signing Keys LeakSmartTube, a popular open-source YouTube client for Android TV devices with over 25,900 GitHub stars, has been compromised after its digital signing keys were exposed, prompting an urgent security response from developer Yurii Liskov (yuliskov). The incident, disclosed on Novembe…GBHACKERS.COM
2 DecEnd-of-Year Threat Intelligence Sightings Forecastsubmitted by cm0002 to cybersecurity 1 points | 0 comments 🎁 Here’s a little end-of-year gift backed with Sightings from Vulnerability-Lookup ! A small step into 2026. The year is almost over, so we’ve wrapped up a fresh Sightings Forecast — looking at how sightings evolve across…INFOSEC.PUB
2 DecNewly discovered malicious extensions could be lurking in enterprise browsersA sprawling surveillance campaign targeting Google Chrome and Microsoft Edge users is just the latest evolution of a seven-year-long project to distribute malicious browser extensions. By targeting trusted browser extensions and weaponizing them only after they had passed initial…CSOONLINE.COM
2 DecK7 Antivirus: Named pipe abuse, registry manipulation and privilege escalationExploitation of the K7 antivirus, from the vulnerability discovery to the retro-analysis of its key components.QUARKSLAB.COM
2 DecMalicious npm Package Uses Hidden Prompt and Script to Evade AI Security ToolsCybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It…THEHACKERNEWS.COM
2 DecCISA Releases Five Industrial Control Systems AdvisoriesCISA released five Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-336-01 Industrial Video & Control Longwatch ICSA-25-336-02 Iskra iHUB and iH…CISA.GOV
2 DecIntroducing constant-time support for LLVM to protect cryptographic codeTrail of Bits has developed constant-time coding support for LLVM , providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. These changes are being reviewed and will be added in an upcomi…TRAILOFBITS.COM
📢 SECURITY ADVISORIES 8[−]
2 DecBelgium bans China's DeepSeek from government devicessubmitted by Sepia to cybersecurity 1 points | 0 comments https://www.euractiv.com/news/belgium-bans-chinas-deepseek-from-government-devices/ cross-posted from: mander.xyz/post/42887732 Web archive link Belgium has joined a growing list of countries banning Chinese generative AI …INFOSEC.PUB
2 DecBelgium bans China's DeepSeek from government devicessubmitted by Sepia to cybersecurity 1 points | 0 comments https://www.euractiv.com/news/belgium-bans-chinas-deepseek-from-government-devices/ cross-posted from: mander.xyz/post/42887732 Web archive link Belgium has joined a growing list of countries banning Chinese generative AI …SH.ITJUST.WORKS
2 DecIreland: 'Aggressive response' needed as cyber threats aligned to states like China and Russia pose “significant threat” to national security, cyber agency sayssubmitted by Sepia to cybersecurity 2 points | 0 comments https://www.irishexaminer.com/news/arid-41752908.html cross-posted from: mander.xyz/post/42887934 Web archive link The accelerating cyber threats facing Ireland demands “an aggressive response” by the State, according to t…INFOSEC.PUB
2 DecIreland: 'Aggressive response' needed as cyber threats aligned to states like China and Russia pose “significant threat” to national security, cyber agency sayssubmitted by Sepia to cybersecurity 2 points | 0 comments https://www.irishexaminer.com/news/arid-41752908.html cross-posted from: mander.xyz/post/42887934 Web archive link The accelerating cyber threats facing Ireland demands “an aggressive response” by the State, according to t…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 15[−]
2 Dec4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware CampaignKoi researchers have uncovered a seven-year browser extension operation that has silently compromised at least 4.3 million Chrome and Edge users worldwide. The threat actor, dubbed ShadyPanda, systematically abused browser marketplaces to turn seemingly legitimate extensions into…GBHACKERS.COM
2 DecPersonal Information of 33.7 Million Stolen From CoupangNames, addresses, email addresses, and phone numbers were compromised in a five-month-long data breach. The post Personal Information of 33.7 Million Stolen From Coupang appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecSmartTube YouTube app for Android TV breached to push malicious updatesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/SH.ITJUST.WORKS
2 DecMalware Manipulates AI Detection in Latest npm Package Breach - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/malware-ai-detection-npm-package/SH.ITJUST.WORKS
2 DecUniversity of Pennsylvania confirms new data breach after Oracle hack​The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. [...]BLEEPINGCOMPUTER.COM
2 DecUnit 42 Incident Response Retainer for AWS Security Incident ResponseUnit 42 and AWS launch a no-cost Incident Response Retainer for AWS Security, including 250 free hours and a 2-hour response time agreement. The post Unit 42 Incident Response Retainer for AWS Security Incident Response appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
2 DecSorbonne Université staff data on dark web: hackers claim major breachsubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/sorbonne-universite-data-security-incident/SH.ITJUST.WORKS
2 DecSmartTube's signature has been compromised, possible injected malicious library found by some userssubmitted by AmbiguousProps to cybersecurity 1 points | 0 comments https://github.com/yuliskov/SmartTube/releases/tag/notification cross-posted from: lemmy.today/post/42851505 Slightly more detail in this GitHub issue , however much is still unknown, even after three or so days. …SH.ITJUST.WORKS
2 DecMicrosoft Defender portal outage disrupts threat hunting alertsMicrosoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities for the past 10 hours. [...]BLEEPINGCOMPUTER.COM
2 DecA data breach at analytics giant Mixpanel leaves a lot of open questionsWe sent over a dozen questions to Mixpanel's CEO about the company's data breach. Here's what we want to know.TECHCRUNCH.COM
2 DecUniversity of Pennsylvania confirms new data breach after Oracle hacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/university-of-pennsylvania-confirms-data-theft-after-oracle-ebs-hack/SH.ITJUST.WORKS
2 DecShai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secretsThe second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. [...]BLEEPINGCOMPUTER.COM
2 DecAsahi cyber attack spirals into massive data breach impacting almost 2 million peopleAsahi Group Holdings, the makers of the popular Japanese beer Asahi Super Dry, has confirmed that the ransomware attack that disrupted its operations in late September also saw a significant data breach that affects more than 1.5 million customers and approximately 275,000 curren…BITDEFENDER.COM
2 DecFTC settlement requires Illuminate to delete unnecessary student dataThe Federal Trade Commission (FTC) is proposing that education technology provider Illuminate Education to delete unnecessary student data and improve its security to settle allegations related to an incident in 2021 that exposed info of 10 million students. [...]BLEEPINGCOMPUTER.COM
2 DecKorea arrests suspects selling intimate videos from hacked IP camerasThe Korean National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and then selling stolen footage to a foreign adult site. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 28[−]
2 DecStealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spywaresubmitted by PhilipTheBucket to cybersecurity 3 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/INFOSEC.PUB
2 DecISC Stormcast For Tuesday, December 2nd, 2025 https://isc.sans.edu/podcastdetail/9720, (Tue, Dec 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 DecMandatory ‘Undeletable’ Security App to Be Installed on Every Smartphone in IndiaIn a significant decision that will affect millions of mobile phone users, the Indian government has ordered all smartphone companies to install a specific security app on every new device sold in the country. The Department of Telecommunications (DoT) issued this order on Novemb…GBHACKERS.COM
2 DecGlassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious PackagesSecurity threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms.…GBHACKERS.COM
2 DecWireshark Vulnerabilities Let Attackers Crash by Injecting a Malformed Packetsubmitted by hellfire103 to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/wireshark-vulnerabilities-4-6-1/SH.ITJUST.WORKS
2 DecShadyPanda browser extensions amass 4.3M installs in malicious campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/SH.ITJUST.WORKS
2 DecDevilsTongue Spyware Targets Windows Users Across Multiple CountriesResearchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing an ongoing campaign deploying the sophisticated DevilsTongue malware against Windows users across several nations. The d…GBHACKERS.COM
2 DecSonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox CollaborationTravel and hospitality industry leader Sonesta International Hotels partners with AccuKnox to deploy Zero Trust Integrated Application and Cloud Security [ASPM and CNAPP (Cloud Native Application Protection Platform)] for Microsoft Azure. AccuKnox, Inc., announced that Sonesta In…GBHACKERS.COM
2 DecGlassworm malware returns in third wave of malicious VS Code packagessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages/SH.ITJUST.WORKS
2 DecSaporo Raises $8 Million for Identity Security PlatformThe Swiss cybersecurity firm will scale its R&D, sales and marketing teams as it pursues expansion across Europe. The post Saporo Raises $8 Million for Identity Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecClaude: The Best Command Line AgentUnleash the power of Claude, the ultimate command line agent transforming development! From building base applications to seamless code editor integration, Claude is a game-changer in the cybersecurity realm. Explore how it's saving time and boosting productivity. Subscribe to ou…YOUTUBE.COM
2 DecPolice takes down Cryptomixer cryptocurrency mixing servicesubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/police-takes-down-cryptomixer-cryptocurrency-mixing-service/SH.ITJUST.WORKS
2 DecCanada flags urgent threat from nation-state and criminal groups to critical infrastructure - Industrial Cybersubmitted by kid to cybersecurity 1 points | 0 comments https://industrialcyber.co/control-device-security/canada-flags-urgent-threat-from-nation-state-and-criminal-groups-to-critical-infrastructure/SH.ITJUST.WORKS
2 DecChrome, Edge Extensions Caught Tracking Users, Creating BackdoorsThe extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. The post Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecIran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted AttacksIsraeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor …THEHACKERNEWS.COM
2 DecThe Great Disconnect: Unmasking the ‘Two Separate Conversations’ in SecurityWhen familiar security concepts carry unfamiliar meanings for different audiences, teams talk past each other without even realizing it. This silent disconnect weakens communication, clarity, and outcomes. The post The Great Disconnect: Unmasking the ‘Two Separate Conversat…SECURITYWEEK.COM
2 DecNorth Korea lures engineers to rent identities in fake IT worker schemeIn an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. [...]BLEEPINGCOMPUTER.COM
2 DecUkrainian Hackers Target Russian Aerospace and Defense SectorsMultiple Ukrainian hacktivist groups have launched an extensive spearphishing campaign targeting Russia’s critical aerospace and defence industries, according to a new threat intelligence report by Intrinsec. The coordinated attacks between June and September 2025 represent…GBHACKERS.COM
2 DecResearchers Capture Lazarus APT's Remote-Worker Scheme Live on CameraA joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a …THEHACKERNEWS.COM
2 DecZafran Security Raises $60 Million in Series C FundingThe cybersecurity startup will use the investment to accelerate product innovation and global expansion. The post Zafran Security Raises $60 Million in Series C Funding appeared first on SecurityWeek .SECURITYWEEK.COM
2 DecBuilding Secure Features with Developer InsightsIn today's fast-paced digital world, integrating cybersecurity into the development process is more crucial than ever. Join Kalyani Pawar as she delves into the security impact of features like session management and authentication. Discover how identifying and filling security g…YOUTUBE.COM
2 DecHow to build forward-thinking cybersecurity teams for tomorrowTo secure the future, we must future-proof our cybersecurity talent and develop teams that are agile, innovative, and perpetually learning. The post How to build forward-thinking cybersecurity teams for tomorrow appeared first on Microsoft Security Blog .MICROSOFT.COM
2 DecIndia Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and MisuseIndia's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number. To that end, messaging apps like WhatsApp, Telegram, Snapch…THEHACKERNEWS.COM
2 DecMuddyWater: Snakes by the riverbanksubmitted by kid to cybersecurity 1 points | 0 comments https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/ MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbookSH.ITJUST.WORKS
2 DecUnraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsAppThrough AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil.TRENDMICRO.COM
2 DecAI semantics, Calendly, Teams, Schmaltz, India, Antigravity, Scada, Aaran Leyland - SWN #534AI semantics, Calendly, GreyNoise, Teams, Schmaltz, India, Antigravity, Scada, Aaran Leyland, and More... Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-534YOUTUBE.COM
2 DecLegacy Equipment: A Hidden ThreatUncover the cybersecurity challenges of legacy equipment as Doug White explains why replacing outdated systems isn't always feasible. Learn how state-sponsored groups target vulnerabilities in aging infrastructure like SonicWall, Cisco, and Fortinet. Subscribe to our podcasts: ht…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
2 DecCybercrime Goes SaaS: Renting Tools, Access, and InfrastructureCybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service" economy lowers the barrier to entry and gives low-skill attackers on-demand acce…BLEEPINGCOMPUTER.COM
2 DecGlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer ToolsThe supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first…THEHACKERNEWS.COM
2 DecMuddyWater: Snakes by the riverbankMuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbookWELIVESECURITY.COM
🎙️ PODCASTS 1[−]
2 DecThe AI Fix #79: Gemini 3, poetry jailbreaks, and do we even need safe robots?In episode 79 of The AI Fix, Gemini 3 roasts the competition, scares Nvidia, and can’t remember what year it is. Meanwhile, Graham investigates a fight between a fridge and robot, and Mark discovers that poetry could be a universal jailbreak for LLMs. Also in this episode, our ho…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 8[−]
2 DecWindows 11 KB5070311 update fixes File Explorer freezes, search issues​​Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. [...]BLEEPINGCOMPUTER.COM
2 DecIndia plans to verify and record every smartphone in circulationThe Indian government has ordered smartphone makers to preinstall its Sanchar Saathi app on all devices, a move that is raising fresh privacy concerns.TECHCRUNCH.COM
2 DecMicrosoft: KB5070311 triggers File Explorer white flash in dark modeMicrosoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. [...]BLEEPINGCOMPUTER.COM
2 DecFake Calendly invites spoof top brands to hijack ad manager accountsAn ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. [...]BLEEPINGCOMPUTER.COM
2 DecHow cheaters use rigged DeckMate 2 shuffling machines in poker games | Kaspersky official blogWe explain how vulnerabilities in DeckMate 2 shuffling machines allowed criminals to gain insights into opponents' hands and win massive sums at poker.KASPERSKY.COM
2 DecChatGPT is down worldwide, conversations dissapeared for usersOpenAI's AI-powered ChatGPT is down worldwide, and the reason is unclear. [...]BLEEPINGCOMPUTER.COM
2 DecChatGPT is down worldwide, conversations disappeared for usersOpenAI's AI-powered ChatGPT is down worldwide with users receiving errors when attempting to access chats, with no reasons currently given. [...]BLEEPINGCOMPUTER.COM
2 DecInside the CopyCop Playbook: How to Fight Back in the Age of Synthetic MediaUncover how Russia’s CopyCop network uses AI-generated news and fake media sites to influence global audiences—and learn the key defenses against synthetic media threats.RECORDEDFUTURE.COM