117Articles
9Categories
2025-12-03Date
🚨 CISA KEV 1[−]
3 Dec KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2021-26828 OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability  This type of vulnerability is a frequent attack…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 28[−]
3 DecCISA Alerts on Iskra iHUB Authentication Flaw Allowing Remote Device ReconfigurationThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe authentication vulnerability affecting Iskra iHUB and iHUB Lite intelligent metering gateways worldwide. Assigned CVE-2025-13510 with a CVSS score of 9.3, this vulnerability…GBHACKERS.COM
3 DecCritical Elementor Plugin Flaw Allows Attackers to Seize WordPress Admin ControlA severe privilege escalation vulnerability in the King Addons for Elementor WordPress plugin has exposed thousands of websites to complete administrative compromise. The flaw, tracked as CVE-2025-8489 with a critical CVSS score of 9.8, allows unauthenticated attackers to registe…GBHACKERS.COM
3 DecAngular Platform Vulnerability Lets Attackers Execute Code Through Malicious SVG AnimationsThe Angular team has released high security updates to address a high-severity vulnerability in the Angular Template Compiler. Tracked as CVE-2025-66412, this flaw allows attackers to bypass built-in security protections and execute malicious code inside a user’s browser. T…GBHACKERS.COM
3 DecWordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin AccountsA critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves…THEHACKERNEWS.COM
3 Dec KEVCISA Issues Alert on Actively Exploited Android Zero-Day VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild and prompting immediate action from organizations and device users …GBHACKERS.COM
3 DecMicrosoft Silently Patches Windows LNK Flaw After Years of Active ExploitationMicrosoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), whi…THEHACKERNEWS.COM
3 DecCritical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code ExecutionA maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. It allows "unauthenticated remote code executio…THEHACKERNEWS.COM
3 DecCritical flaw in WordPress add-on for Elementor exploited in attacksAttackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. [...]BLEEPINGCOMPUTER.COM
3 DecCVE-2025-38659 gfs2: No more self recoveryInformation published.MSRC.MICROSOFT.COM
3 DecCVE-2022-24736 A Malformed Lua script can crash RedisInformation published.MSRC.MICROSOFT.COM
3 DecCVE-2025-11932 Timing Side-Channel in PSK Binder VerificationInformation published.MSRC.MICROSOFT.COM
3 DecCVE-2025-12889 TLS 1.2 Client Can Downgrade Digest UsedInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 26[−]
3 DecNews alert: Report warns AI is acting as an ungoverned identity with scant data oversightBALTIMORE, Dec. 2, 2025, CyberNewswire — The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited. Eighty-three percent of organizations already use AI in daily operations, &#…LASTWATCHDOG.COM
3 DecCyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms RaceBETHESDA, Md., Dec. 2, 2025, CyberNewswire — While most cybersecurity companies pour resources into AI models, massive compute, hoovering up all the data, and enhanced analytics to detect and prevent threats, Frenetik , a Maryland cyber startup, is betting on … (more…) The …LASTWATCHDOG.COM
3 DecHow CISOs can prepare for the new era of short-lived TLS certificatesFor years, organizations used SSL/TLS certificates with long lifespans, reviewing and renewing them only occasionally. That is about to change. On 15 March 2026, the maximum lifespan of a TLS certificate will be cut from 398 days to 200 days. Then, a year later, the limit will dr…CSOONLINE.COM
3 DecWater Saci Hackers Exploit AI Tools to Target WhatsApp Web UsersThe Water Saci campaign targeting Brazilian users has escalated significantly, with threat actors demonstrating remarkable technical sophistication by employing artificial intelligence to enhance their malware propagation capabilities. Security researchers have identified a criti…GBHACKERS.COM
3 DecMultiple Django Vulnerability Expose Applications to SQL Injection and DoS AttacksThe Django development team has released critical security patches for three major versions of the popular Python web framework, addressing two significant vulnerabilities that could expose applications to SQL injection attacks and denial-of-service conditions. The updates, issue…GBHACKERS.COM
3 DecPicklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute CodeThree critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections. Picklescan, developed and maintained by Mat…THEHACKERNEWS.COM
3 DecMalicious Rust Crate Delivers OS-Specific Malware to Web3 Developer SystemsCybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool…THEHACKERNEWS.COM
3 DecAuthorities Seize Domains Linked to Tai Chang Cryptocurrency Investment ScamThe United States Justice Department has seized a website domain used to steal money from Americans through fake cryptocurrency investments. The domain, tickmilleas.com, was operated by the Tai Chang scam compound located in Kyaukhat, Burma. This action comes less than three week…GBHACKERS.COM
3 DecNew “Executive Award” Scam Exploits ClickFix to Deliver Stealerium MalwareA sophisticated new phishing campaign is targeting company executives with a double-pronged attack that steals credentials and deploys information-stealing malware in a single coordinated strike. The “Executive Award” scam, identified by cybersecurity researchers at T…GBHACKERS.COM
3 DecShadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - BSW #424While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do? Mike Puglia, General Manager of Kaseya Labs, joins Business Securit…YOUTUBE.COM
3 DecAI, automation, and integration: The foundation for cyber protection in 2026Cyber protection grew more complex in 2025 as more threat actors turned to artificial intelligence (AI) to increase their speed, scale, and precision. These autonomous ransomware, phishing, and data exfiltration attacks outpaced legacy tools and exploited gaps between security an…CSOONLINE.COM
3 DecMicrosoft Silently Mitigated Exploited LNK VulnerabilityWindows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecLet’s Encrypt Cutting Certificate Lifespan from 90 Days to 45 DaysLet’s Encrypt, the nonprofit certificate authority serving millions of websites, announced a significant shift in how it issues digital certificates. Starting in 2026, the organization will reduce the validity period of its SSL/TLS certificates from 90 days to 45 days, with…GBHACKERS.COM
3 DecLongwatch RCE Flaw Allows Attackers to Run Remote Code with Elevated PrivilegesThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical remote code execution vulnerability affecting Industrial Video & Control’s Longwatch video surveillance and monitoring system. The flaw enables unauthenticated at…GBHACKERS.COM
3 DecMassive Phishing Attack Uses Parking Ticket and Medical Test Themes, Attributed to Storm-0900In a brazen attempt to exploit the chaotic pre-holiday rush, Microsoft Security has detected and dismantled a large-scale phishing campaign launched on Thanksgiving Eve. The attack, orchestrated by a threat actor tracked as Storm-0900, flooded inboxes across the United States wit…GBHACKERS.COM
3 DecCritical King Addons Vulnerability Exploited to Hack WordPress SitesA critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecNeue bösartige Browser-Erweiterungen entdecktCyberangreifer nutzen Chrome- und Edge-Add-ons zur Datenerfassung, Suchmanipulation und als Backdoor. Ascannio – shutterstock.com Forscher des Security-Anbieters Koi haben eine Cyberbande namens „ShadyPanda“ dabei ertappt, wie sie vertrauenswürdige Browser-Erweiterungen für ihre …CSOONLINE.COM
3 DecTwo Android 0-day bugs patched, plus 105 more fixes • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/12/02/android_0_days/SH.ITJUST.WORKS
3 DecDeep dive into DragonForce ransomware and its Scattered Spider connectionDragonForce expanded its ransomware operation in 2025 by working with English-speaking hackers known for advanced social engineering and initial access. Acronis explains how the "Scattered Spider" collaboration enables coordinated, multistage intrusions across major environments.…BLEEPINGCOMPUTER.COM
3 DecGet poetic in prompts and AI will break its guardrailsPoetry can be a perplexing art form for humans to decipher at times, and apparently AI is being tripped up by it too. Researchers from Icaro Lab (part of the ethical AI company DexAI), Sapienza University of Rome, and Sant’Anna School of Advanced Studies have found that, when del…CSOONLINE.COM
3 DecCISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational TechnologyCISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance:  Principles for the Secure Integration of Artificial Intelligence in Operational Technolog…CISA.GOV
3 DecMicrosoft "mitigates" Windows LNK flaw exploited as zero-dayMicrosoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. [...]BLEEPINGCOMPUTER.COM
3 DecAndroid expands pilot for in-call scam protection for financial appsPosted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle. Over the last few years, we’ve launched industry-leading fe…SECURITY.GOOGLEBLOG.COM
3 DecFreedom Mobile discloses data breach exposing customer dataFreedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. [...]BLEEPINGCOMPUTER.COM
3 DecRCE flaw in OpenAI’s Codex CLI highlights new risks to dev environmentsIn a new example of how AI tools expand the attack surface of development machines, researchers found a serious remote code execution flaw in OpenAI’s Codex CLI, one of the most popular LLM-powered coding agents. “This vulnerability enables silent, repeatable remote code executio…CSOONLINE.COM
3 DecBRICKSTORM BackdoorMalware Analysis at a Glance Executive Summary The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Canadian Centre for Cyber Security (Cyber Centre) assess People’s Republic of China (PRC) state-sponsored cyber actors are using&nb…CISA.GOV
📋 SECURITY BULLETINS 1[−]
3 DecRisky Business #817 -- Less carnage than your usual ThanksgivingIn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. It’s a quiet week with Thanksgiving in the US, but there’s always some cyber to talk about: Airbus rolls out software updates after a cosmic ray bitflips an A320 into a dive Krebs tracks down…RISKY.BIZ
📢 SECURITY ADVISORIES 4[−]
3 DecAfter intense backlash, India pulls mandate to pre-install government app on smartphonesOn Wednesday, the Indian telecom ministry said Sanchar Saathi, an anti-theft and cybersecurity protection app, would remain voluntary, and that smartphone makers would no longer be required to preload it on devices they sell.TECHCRUNCH.COM
🔥 INCIDENT REPORTING 17[−]
3 DecLiving off the Land Attacks and Emerging Cyber ThreatsThis episode of Cybersecurity Today, hosted by Jim Love, delves into various cybersecurity threats and latest news. Topics include 'living off the land' attacks using Microsoft's native utilities, spoofing Calendly invites for phishing Google and Meta credentials, a significant b…CYBERSECURITYTODAY.LIBSYN.COM
3 DecResearchers Catch Lazarus Group’s Recruitment Workflow on Camera via HoneypotA groundbreaking collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has lifted the curtain on North Korean threat actors from the Lazarus Group, revealing their recruitment tactics and operational methods in unprecedented detail. The research team doc…GBHACKERS.COM
3 DecThreat Actors Using Matanbuchus Downloader to Deliver Ransomware and Maintain PersistenceThreat actors are increasingly abusing the Matanbuchus malicious downloader as a key enabler for hands-on-keyboard ransomware operations, using its backdoor-like capabilities to deliver secondary payloads, move laterally, and maintain long-term persistence on compromised systems.…GBHACKERS.COM
3 DecMuddyWater Targets Critical Infrastructure With Custom Malware and Evolving TacticsESET researchers have uncovered a sophisticated campaign by MuddyWater, an Iran-aligned cyber-espionage group, targeting critical infrastructure across the Middle East with a newly refined toolkit that demonstrates significant operational evolution. The campaign, which ran from S…GBHACKERS.COM
3 DecPenn and Phoenix Universities Disclose Data Breach After Oracle HackThe University of Pennsylvania and the University of Phoenix confirm that they are victims of the recent Oracle EBS hacking campaign. The post Penn and Phoenix Universities Disclose Data Breach After Oracle Hack appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecShai-Hulud 2.0 Cyberattack Compromises 30,000 Repos and Exposes 500 GitHub AccountsThe Shai-Hulud 2.0 supply chain attack has proven to be one of the most persistent and destructive malware campaigns targeting the developer ecosystem. Since the incident first emerged on November 24, 2025, Wiz Research and Wiz CIRT have been tracking the active spread, which con…GBHACKERS.COM
3 DecUniversity of Phoenix discloses data breach after Oracle hackThe University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. [...]BLEEPINGCOMPUTER.COM
3 DecEverest Ransomware Claims ASUS Breach and 1TB Data Theft – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and Moresubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/everest-ransomware-asus-breach-1tb-data/SH.ITJUST.WORKS
3 DecThe State of Ransomware in Manufacturing and Production 2025332 IT and cybersecurity leaders reveal the ransomware realities for manufacturing and production organizations today.SOPHOS.COM
3 DecHybrid 2FA phishing kits are making attacks harder to detectSome 2FA-phishing attacks are becoming significantly harder to spot as threat actors blend two previously distinct phishing-as-a-service (PhaaS) kits: Salty2FA and Tycoon2FA, into a single hybrid strain. Researchers at Any.Run warn that the hybrid is already bypassing detection r…CSOONLINE.COM
3 DecExamining the Risk of AI-Assisted MedusaLocker Ransomware AttacksResearchers at Cato CTRL have demonstrated that the feature, designed to streamline AI workflows, can be easily weaponized to deploy MedusaLocker ransomware without the user’s knowledge. A new cybersecurity investigation has revealed a critical oversight in Anthropic’s rapidly gr…GBHACKERS.COM
3 DecFintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attackMarquis said ransomware hackers stole reams of banking customer data, containing personal information and financial records, as well as Social Security numbers, belonging to hundreds of thousands of people. The number of affected people is expected to rise.TECHCRUNCH.COM
3 DecFrench DIY retail giant Leroy Merlin discloses a data breachLeroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised. [...]BLEEPINGCOMPUTER.COM
3 DecValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loadingJob seekers looking out for opportunities might instead find their personal devices compromised, as a ValleyRAT campaign propagated through email leverages Foxit PDF Reader for concealment and DLL side-loading for initial entry.TRENDMICRO.COM
3 DecFintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attacksubmitted by tonytins to cybersecurity 4 points | 0 comments https://techcrunch.com/2025/12/03/fintech-firm-marquis-alerts-dozens-of-us-banks-and-credit-unions-of-a-data-breach-after-ransomware-attack/INFOSEC.PUB
3 DecMarquis data breach impacts over 74 US banks, credit unionsFinancial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. [...]BLEEPINGCOMPUTER.COM
3 DecWhy Does Have I Been Pwned Contain "Fake" Email Addresses?Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Normally, when someone sends feedback like this, I ignore it, but it happens often enough that it deserves an explainer, because the an…TROYHUNT.COM
🕵️ THREAT INTELLIGENCE 27[−]
3 DecISC Stormcast For Wednesday, December 3rd, 2025 https://isc.sans.edu/podcastdetail/9722, (Wed, Dec 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 DecBPFDoor and Symbiote: Advanced eBPF-Based Rootkits Target Linux SystemsExtended Berkeley Packet Filter (eBPF) represents one of Linux’s most powerful kernel technologies, enabling users to load sandboxed programs directly into the kernel for network packet inspection and system call monitoring. Introduced in 2015 to modernize the 1992 BPF arch…GBHACKERS.COM
3 DecChrome 143 Update Patches 13 Security Vulnerabilities Allowing Arbitrary Code ExecutionGoogle has released Chrome 143 to the stable channel, addressing 13 security vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update is now rolling out to Windows, Mac, and Linux users worldwide. The latest version, Chrome 143.0.7499.4…GBHACKERS.COM
3 DecCybersicherheit für viele NebensacheLaut einer Umfrage informieren sich lediglich 54 Prozent der Deutschen regelmäßig über das Thema Cybersicherheit. Summit Art Creations – shutterstock.com Fake-Shops, Datendiebstahl, gefälschte Angebote auf Social-Media-Plattformen – vier von zehn Befragten halten es für sehr wahr…CSOONLINE.COM
3 DecGlassworm's resurgence - Secure Annexsubmitted by Kissaki to cybersecurity 1 points | 0 comments https://secureannex.com/blog/glassworm-continued/ Over the past week, we’ve identified and tracked an unprecedented 23 extensions which copy other popular extensions, update after publishing with malware, manipulate down…INFOSEC.PUB
3 DecChrome 143 Patches High-Severity VulnerabilitiesChrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine. The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecNew Stealth K.G.B RAT Marketed by Threat Actors on Underground ForumsThreat actors on an underground cybercrime forum are allegedly promoting a new remote access Trojan (RAT) bundle dubbed “K.G.B RAT + Crypter + HVNC,” claiming it is “fully undetectable” by security solutions. The post, attributed to a member of a dark web community, markets the t…GBHACKERS.COM
3 Decre:Invent 2025: AWS and Security Vendors Unveil New Products and CapabilitiesAWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event. The post re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion DealVeza Security was recently valued at more than $800 million after raising $108 million in Series D funding. The post ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecAI: A Research Assistant, Not a ReplacementExplore the cutting-edge world of cybersecurity with Joshua Marpet as he reveals how AI is revolutionizing threat detection and data management. Learn why AI is an indispensable tool in the cyber landscape, yet human wisdom is crucial for making informed decisions. Subscribe to o…YOUTUBE.COM
3 DecArizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft ClaimsArizona is the latest state to sue Temu and its parent company PDD Holdings over allegations that the Chinese online retailer is stealing customers’ data. The post Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecNew Calendly-Inspired Phishing Attack Aims to Steal Google Workspace CredentialsA long-running phishing campaign is abusing Calendly-branded job invitations to compromise Google Workspace and Facebook Business accounts, with a particular focus on hijacking ad management platforms used by agencies and large brands. The operation, uncovered by Push Security, c…GBHACKERS.COM
3 DecMalicious Rust “evm-units” Impersonator Deploys OS-Specific PayloadsA malicious Rust crate masquerading as an Ethereum Virtual Machine (EVM) utility has been caught delivering silent, OS-specific payloads to developers’ machines. The package, named evm-units and authored by “ablerust,” was hosted on Crates.io for roughly eight months and accumula…GBHACKERS.COM
3 DecNiobium Raises $23 Million for FHE Hardware AccelerationThe startup will invest the funds in accelerating development of its second-generation fully homomorphic encryption (FHE) platforms. The post Niobium Raises $23 Million for FHE Hardware Acceleration appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecResearchers Capture Lazarus APT's Remote-Worker Scheme Live on Camerasubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2025/12/researchers-capture-lazarus-apts-remote.htmlSH.ITJUST.WORKS
3 DecCritical PickleScan Vulnerabilities Expose AI Model Supply Chains - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/SH.ITJUST.WORKS
3 DecFake Calendly invites spoof top brands to hijack ad manager accountssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/fake-calendly-invites-spoof-top-brands-to-hijack-ad-manager-accounts/SH.ITJUST.WORKS
3 DecOBR WordPress plugin blunder caused UK budget leak| Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/cybercrime/wordpress-plugin-blunder-budget-leak-obr/SH.ITJUST.WORKS
3 DecKnowBe4 Is a Leader In the Gartner® Magic Quadrant™ for Email Security For the Second Consecutive YearFollowing its launch in 2024, Gartner® has now published the second Magic Quadrant™ for Email Security —and KnowBe4 is delighted to once again be named a Leader!KNOWBE4.COM
3 DecWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
3 DecBrazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay FraudThe threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in attacks targeting users in Brazil.…THEHACKERNEWS.COM
3 DecMicrosoft Confirms Windows 11 25H2 UI Features Broken also Along With 24H2 Following UpdateMicrosoft has acknowledged a significant issue affecting Windows 11 versions 24H2 and 25H2. Where critical user interface components break following the installation of monthly cumulative updates released on or after July 2025. The problem impacts XAML-dependent modern applicatio…GBHACKERS.COM
3 DecBeware of the New 'Executive Award' Campaign That Uses ClickFix to Deliver Stealerium Malwaresubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/beware-of-the-new-executive-award-campaign/SH.ITJUST.WORKS
3 DecAI Browsers: New Attack SurfaceAI browsers are transforming the cybersecurity landscape, introducing new vulnerabilities. Aaran highlights the critical shift from user experience to security risks and provides practical strategies for managing AI browser settings. Discover why turning off AI browser assistance…YOUTUBE.COM
3 DecNew Criminal Toolkit Abuses Browser Push NotificationsA new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog.KNOWBE4.COM
3 DecIncentivizing Change in OT CommunitiesThe fast-evolving world of cybersecurity demands an understanding of human behavior. Tomas 'Data' Owen dives into the psychology of threat response, highlighting the importance of proactive measures in the OT community. Discover why 'franken accounting' might be holding back your…YOUTUBE.COM
3 DecThe Maturity Gap: The Next Frontier in Threat IntelligenceLearn what advanced threat intelligence maturity really means and how to close the gap between current capabilities and predictive, autonomous operations.RECORDEDFUTURE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
3 DecAisuru botnet behind new record-breaking 29.7 Tbps DDoS attackIn just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second. [...]BLEEPINGCOMPUTER.COM
3 DecIntellexa’s Global Corporate WebUncover Intellexa’s global corporate web powering Predator spyware, front companies, and expanding targeting from civil society to executives worldwide.RECORDEDFUTURE.COM
📡 INFOSEC NEWS 11[−]
3 DecChopping AI Down to Size: Turning Disruptive Technology into a Strategic AdvantageMost people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mist…THEHACKERNEWS.COM
3 DecDiscover the AI Tools Fueling the Next Cybercrime Wave — Watch the WebinarRemember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country? Those days are over. Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. The…THEHACKERNEWS.COM
3 DecFBI warns of surge in account takeover (ATO) fraud schemes – what you need to knowThe FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million. Read more in my article on the Fortra blog.FORTRA.COM
3 DecGoogle expands Android scam protection feature to Chase, Cash App in U.S.Google is expanding support for its Android's in-call scam protection to multiple banks and financial applications in the United States. [...]BLEEPINGCOMPUTER.COM
3 DecRussia blocks Roblox over distribution of LGBT "propaganda"Roskomnadzor, Russia's telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials. [...]BLEEPINGCOMPUTER.COM
3 DecJoint guidance on principles for the secure integration of artificial intelligence in operational technologyThis joint guidance outlines 4 key principles CI owners and operators can follow to leverage the benefits of AI in OT systems while minimizing risk.CYBER.GC.CA
3 DecAttempts to Bypass CDNs, (Wed, Dec 3rd)Currently, in order to provide basic DDoS protection and filter aggressive bots, some form of Content Delivery Network (CDN) is usually the simplest and most cost-effective way to protect a web application. In a typical setup, DNS is used to point clients to the CDN, and the CDN …ISC.SANS.EDU
3 Dec‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encryptedKohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.TECHCRUNCH.COM
3 Dec[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)EXPLOIT-DB.COM