113Articles
7Categories
2025-12-04Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 19[−]
4 Dec KEVDevelopers urged to immediately upgrade React, Next.jsDevelopers using the React 19 library for building application interfaces are urged to immediately upgrade to the latest version because of a critical vulnerability that can be easily exploited by an attacker to remotely run their own code. Researchers at Wiz said Wednesday that …CSOONLINE.COM
4 DecCVE-2023-53261 coresight: Fix memory leak in acpi_buffer->pointerInformation published.MSRC.MICROSOFT.COM
4 DecReact2Shell: In-the-Wild Exploitation Expected for Critical React VulnerabilityA researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecNew Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications, addressing a critical gap in the detection of CVE-2025-55182. New Detection Approach Challenges Existing Security Assumptions A…GBHACKERS.COM
4 DecVim for Windows Flaw Lets Attackers Execute Arbitrary CodeA high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implic…GBHACKERS.COM
4 DecAkamai Fixes HTTP Request Smuggling Flaw in Edge ServersAkamai has fixed a vulnerability in its edge servers that could have allowed HTTP Request Smuggling attacks. The issue was entirely resolved on November 17, 2025, and the company says no action is needed from customers. The flaw is now tracked as CVE-2025-66373. Field Detail CVE …GBHACKERS.COM
4 DecK7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level PrivilegesA critical security vulnerability has been discovered in K7 Ultimate Security antivirus software that allows attackers to gain the highest level of system access on Windows computers. The flaw, tracked as CVE-2024-36424, enables low-privileged users to escalate their permiss…GBHACKERS.COM
4 DecWindows shortcuts’ use as a vector for malware may be cut shortA longstanding problem with the way Windows handles LNK shortcut files, which attackers have been abusing for years to hide malicious commands in plain sight, may finally have been fixed, with more than one patch now available to users. The problem was that threat actors could ma…CSOONLINE.COM
4 DecCVE-2025-55182 vulnerability in React and Next.js | Kaspersky official blogWays to protect against the dangerous React4Shell vulnerability (CVE-2025-55182) in React server components (RSC).KASPERSKY.COM
4 DecCVE-2025-12977 CVE-2025-12977Information published.MSRC.MICROSOFT.COM
4 DecCVE-2025-66030 node-forge ASN.1 OID Integer TruncationInformation published.MSRC.MICROSOFT.COM
4 DecCVE-2025-12969 CVE-2025-12969Information published.MSRC.MICROSOFT.COM
4 DecCVE-2025-12816 CVE-2025-12816Information published.MSRC.MICROSOFT.COM
4 DecCVE-2025-66031 node-forge ASN.1 Unbounded RecursionInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
4 DecHackers Actively Exploit New Windows LNK 0-Day VulnerabilityA newly discovered security flaw in Windows shortcut files is being actively used by hackers to target diplomatic organisations. The vulnerability allows attackers to conceal malicious commands within shortcut files (.lnk), making them invisible to users. The Discovery and Initia…GBHACKERS.COM
4 DecMaximum-severity vulnerability threatens 6% of all websitessubmitted by floofloof to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability/ cross-posted from: lemmy.zip/post/54305624 Open source React executes malicious code with mal…INFOSEC.PUB
4 DecCoach or mentor: What you need depends on where you are as a cyber leaderRenee Guttmann , a Fortune 50 CISO who has served at Time Warner, Coca-Cola, Royal Caribbean Cruises, and other global organizations, gives back by helping others advance along their CISO career paths. Early in her own career, there were no seasoned CISOs to guide her. That motiv…CSOONLINE.COM
4 DecAdmins and defenders gird themselves against maximum-severity server vulnsubmitted by Rekall_Incorporated to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability/ Open source React executes malicious code with malformed HTML—no authentication nee…SH.ITJUST.WORKS
4 Dec5 Threats That Reshaped Web Security This Year [2025]As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites for…THEHACKERNEWS.COM
4 DecDeep dive into DragonForce ransomware and its Scattered Spider connectionsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/deep-dive-into-dragonforce-ransomware-and-its-scattered-spider-connection/SH.ITJUST.WORKS
4 DecYearn Finance yETH Pool Hit by $9M Exploit - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/yearn-finance-yeth-pool-exploit/SH.ITJUST.WORKS
4 DecPickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch ModelsJFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to completely bypass PickleScan&…GBHACKERS.COM
4 DecHackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware DeploymentThreat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents span…GBHACKERS.COM
4 DecWordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code ExecutionA severe remote code execution vulnerability in the Sneeit Framework WordPress plugin is under active exploitation, with attackers launching thousands of attacks within hours of public disclosure. WordPress site administrators must immediately update to version 8.4 or later to pr…GBHACKERS.COM
4 DecCISA Issues Five New ICS Advisories on Emerging Vulnerabilities and ExploitsThe Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors. The advisories span video surveillance platforms, intelligent …GBHACKERS.COM
4 DecThird-Party App Risks in SalesforceUncover the vulnerabilities in third-party apps that led to massive data breaches at top companies. This clip dives into the importance of activity monitoring and alert generation to safeguard your data. Stay informed and protect your assets with cutting-edge cybersecurity strate…YOUTUBE.COM
4 DecThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More StoriesThink your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the latest cyber stories that show how fast the gam…THEHACKERNEWS.COM
4 DecCritical flaw in WordPress add-on for Elementor exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/critical-flaw-in-wordpress-add-on-for-elementor-exploited-in-attacks/SH.ITJUST.WORKS
4 DecCritical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Executionsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.htmlSH.ITJUST.WORKS
4 DecCritical React, Next.js flaw lets hackers execute code on serversA maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. [...]BLEEPINGCOMPUTER.COM
4 DecPRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology SystemsThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of ongoing intrusions by People’s Republic of China (PRC) state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSph…CISA.GOV
4 DecCloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnetssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://blog.cloudflare.com/ddos-threat-report-2025-q3/ Record-Breaking DDoS Attacks Mark 2025 Q3 as Aisuru Botnet Emerges The Aisuru botnet dominated the DDoS threat landscape in Q3 2025, commanding an army of 1-4 millio…INFOSEC.PUB
4 DecFrom feeds to flows: Using a unified linkage model to operationalize threat intelligenceThe problem: Static intelligence in a dynamic world Every CISO knows the fatigue that comes with modern threat intelligence. Dozens of vendor feeds pour in daily — STIX packages, IP blocklists, domain indicators, malware hashes — all claiming to help your organization stay one st…CSOONLINE.COM
4 DecGoogle fixes two Android zero days exploited in attacks, 107 flawssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/SH.ITJUST.WORKS
4 DecCISA Releases Nine Industrial Control Systems AdvisoriesCISA released nine Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-338-01 Mitsubishi Electric GX Works2 ICSA-25-338-02 MAXHUB Pivot ICSA-25-338-03 …CISA.GOV
4 DecMicrosoft "mitigates" Windows LNK flaw exploited as zero-daysubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/SH.ITJUST.WORKS
4 DecAI creates new security risks for OT networks, warns NSAThe security of operational technology (OT) in critical infrastructure has been a recurring theme for years, but this week the US National Security Agency (NSA) and its global partners added a new concern to the mix: how the increasing use of AI in OT risks making things worse. T…CSOONLINE.COM
4 DecHackers are exploiting ArrayOS AG VPN flaw to plant webshellsThreat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. [...]BLEEPINGCOMPUTER.COM
4 DecSMS Phishers Pivot to Points, Taxes, Fake RetailersChina-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert c…KREBSONSECURITY.COM
4 DecThreat Actors Exploit Foxit PDF Reader to Seize System Access and Steal DataA sophisticated malware campaign is leveraging a weaponized Foxit PDF Reader to target job seekers through email-based attacks, deploying ValleyRAT. This remote access trojan grants threat actors complete system control and data exfiltration capabilities. Security researchers hav…GBHACKERS.COM
4 DecNew Phishing Campaign Impersonates India’s Income Tax Department to Distribute AsyncRATIn November 2025, security researchers at Raven AI identified a sophisticated zero-day phishing campaign impersonating the Income Tax Department of India, targeting enterprises across the country with a multi-stage malware chain. The attack combined authentic-looking government c…GBHACKERS.COM
4 DecChained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler ExploitWhile preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology BeeStation (BST150-4T) exploit chain, achieving unauthenticated root Remote Code Execution (RCE) by abusing the syst…GBHACKERS.COM
4 DecNew iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary SpywareDespite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its “Predator” surveillance tool, has adapted to evade international sanction…GBHACKERS.COM
4 DecEvilginx Attack Campaigns: Session Cookie Theft and MFA Bypass TacticsSecurity researchers are issuing urgent warnings about a rising wave of cyberattacks leveraging Evilginx, an attacker-in-the-middle phishing toolkit that intercepts login flows to steal session cookies and circumvent multi-factor authentication (MFA) protections. The threat is pa…GBHACKERS.COM
📢 SECURITY ADVISORIES 10[−]
4 DecSubmarine cable cybersecurity: protecting critical infrastructureBetween 95 and 99% of the world’s data traffic travels through submarine cables. An extensive network of more than 1.3 million kilometers, which travels across the seas and oceans, from shore to shore. According to TeleGeography , there are 650 of these infrastructures in operati…CSOONLINE.COM
4 DecCISA warns of Chinese "BrickStorm" malware attacks on VMware serversThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. [...]BLEEPINGCOMPUTER.COM
4 DecIndia Rolls Back Order to Preinstall Cybersecurity App on SmartphonesThe Ministry of Communications on had asked smartphone makers to install the government’s “Sanchar Saathi” app within 90 days and to prevent users from disabling it. The post India Rolls Back Order to Preinstall Cybersecurity App on Smartphones appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecCISA warns of Chinese "BrickStorm" malware attacks on VMware serverssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/SH.ITJUST.WORKS
4 DecNCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devicesThe UK's National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 16[−]
4 DecSmashing Security podcast #446: A hacker doxxes himself, and social engineering-as-a-serviceA teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year co…GRAHAMCLULEY.COM
4 DecNation-State Attack or Compromised Government? [Guest Diary], (Thu, Dec 4th)[This is a Guest Diary by Jackie Nguyen, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
4 DecMarquis Data Breach Impacts Over 780,000 PeopleThe compromised personal and financial information includes names, addresses, Social Security numbers, and card numbers. The post Marquis Data Breach Impacts Over 780,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecPersonal Information Compromised in Freedom Mobile Data BreachFreedom Mobile says hackers stole customers’ personal information from its account management platform. The post Personal Information Compromised in Freedom Mobile Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecSryxen Malware Uses Headless Browser Trick to Bypass Chrome ProtectionsA new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive anti-analysis protections. Sold as malware-as-a-service (MaaS) and written in C++ for 64-bit Windows,…GBHACKERS.COM
4 DecMarquis Data Breach Exposes Dozens of U.S. Banks and Credit UnionsA significant cybersecurity incident affecting multiple U.S. financial institutions came to light on November 26, 2025, when Marquis Software Solutions notified affected customers of a ransomware attack. The breach, discovered on August 14, 2025, compromised the personal informat…GBHACKERS.COM
4 DecUK Ransomware Payment Ban to Come with Exemptions - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/uk-ransomware-payment-ban/SH.ITJUST.WORKS
4 DecAI Bolsters Python Variant of Brazilian WhatsApp Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/ai-python-variant-brazilian-whatsapp-attacksSH.ITJUST.WORKS
4 DecMarquis data breach impacts over 74 US banks, credit unionssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/marquis-data-breach-impacts-over-74-us-banks-credit-unions/SH.ITJUST.WORKS
4 DecFreedom Mobile discloses data breach exposing customer datasubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/freedom-mobile-discloses-data-breach-exposing-customer-data/SH.ITJUST.WORKS
4 DecFrench DIY retail giant Leroy Merlin discloses a data breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/french-diy-retail-giant-leroy-merlin-discloses-a-data-breach/SH.ITJUST.WORKS
4 DecInotiv Says Personal Information Stolen in Ransomware AttackHackers stole the names, addresses, Social Security numbers, and financial and medical information of 9,542 people. The post Inotiv Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecHow strong password policies secure OT systems against cyber threatsOT environments rely on aging systems, shared accounts, and remote access, making weak or reused passwords a major attack vector. Specops Software explains how stronger password policies and continuous checks for compromised credentials help secure critical OT infrastructure. [..…BLEEPINGCOMPUTER.COM
4 DecPenn and Phoenix Universities Disclose Data Breach After Oracle Hack - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/penn-and-phoenix-universities-disclose-data-breach-after-oracle-hack/SH.ITJUST.WORKS
4 DecFake ChatGPT Atlas Browser Used in ClickFix Attack to Steal Passwords – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and Moresubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/fake-chatgpt-atlas-clickfix-steal-passwords/SH.ITJUST.WORKS
4 DecPredator spyware uses new infection vector for zero-click attacksThe Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 28[−]
4 DecISC Stormcast For Thursday, December 4th, 2025 https://isc.sans.edu/podcastdetail/9724, (Thu, Dec 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 DecNews alert: New AI blind spot emerges in the cloud; Salt Security blocks rogue agents on AWSLAS VEGAS, Dec. 3, 2025, PRNewswire — Salt Security , the leader in API security, today announced it is extending its patented, award-winning API behavioral threat protection to detect and block malicious intent targeting Model Context Protocol (MCP) servers deployed … (mor…LASTWATCHDOG.COM
4 DecWie Unternehmen sich gegen neue KI-Gefahren wappnenKI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden. inray27 – Shutterstock.com In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: „Wir hacken, bevor Cyberkriminelle die Gelegenheit…CSOONLINE.COM
4 DecMalicious VSCode Extension Deploys Anivia Loader and OctoRATIn late November 2025, a sophisticated supply-chain attack leveraging the Visual Studio Code extension ecosystem came to light, demonstrating how threat actors are increasingly targeting developer tools to gain persistent access to high-value systems. On November 21, a malicious …GBHACKERS.COM
4 DecSHARED INTEL Q&A: API gaps expose AI fault lines — an urgent call for hygiene, active monitoringThe race to deploy GenAI far and wide has intensified enterprises’ reliance on APIs — most of which remain poorly understood and underprotected. Related: Mistaking AI pattern matching for wisdom This reality is highlighted in a just-released Salt Security survey … (more…) T…LASTWATCHDOG.COM
4 DecThe Ghost in the Machine: How a Multi-Stage Phishing Campaign Evades Security to Steal Microsoft 365 CredentialsLead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke Since November 3, 2025, KnowBe4 Threat Labs has been monitoring a highly sophisticated, multi-stage phishing operation that is actively targeting organizations to steal employees’ Microsoft 365 credenti…KNOWBE4.COM
4 DecGlobal Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OTThe 25-page document outlines four principles for securely integrating AI with operational technology. The post Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecCISOs are questioning what a crisis framework should look like - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/12/03/binalyze-crisis-management-framework-report/SH.ITJUST.WORKS
4 DecReporters Without Borders Targeted by Russian HackersThe state-sponsored hackers relied on phishing emails to deliver a malicious payload to Reporters Without Borders (RSF). The post Reporters Without Borders Targeted by Russian Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecSecuring the AI FrontierThe GSA OneGov agreement is a game-changer for federal cybersecurity. Palo Alto Networks provides AI-powered solutions to secure AI adoption. The post Securing the AI Frontier appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
4 DecMomberger: Betrug-E-Mails an Kunden im Umlaufsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/12/shutterstock_2617671109.jpg?quality=50&strip=all 5150w, https://b2b-contenthub.com/wp-content/uploads/2025/12/shutterstock_2617671109.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
4 DecInsuretech firm leaks millions of personal records, future travel data | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/companjon-kafka-leak-travel-data/SH.ITJUST.WORKS
4 DecAgentic Security Firm 7AI Raises $130 MillionEstablished in 2024 by Cybereason co-founders Lior Div and Yonatan Striem-Amit, the company has raised a total of $166 million in funding. The post Agentic Security Firm 7AI Raises $130 Million appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecNews alert: SpyCloud study — Phishing attacks surge 400% as corporate identities become top targetAUSTIN, Texas, Dec. 4, 2025, CyberNewswire — SpyCloud , the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully &#…LASTWATCHDOG.COM
4 DecCritical React and Next.js Flaw Lets Remote Attackers Run Malicious Codesubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/critical-react-and-next-js-flaw/SH.ITJUST.WORKS
4 DecIndia Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misusesubmitted by kid to cybersecurity 3 points | 0 comments https://thehackernews.com/2025/12/india-orders-messaging-apps-to-work.htmlSH.ITJUST.WORKS
4 Dec29.7 Tbps DDoS Attack Via Aisuru botnet Breaks Internet With New World Recordsubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/29-7-tbps-ddos-attack/SH.ITJUST.WORKS
4 DecSilver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in ChinaThe threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting us…THEHACKERNEWS.COM
4 DecCybersecurity M&A Roundup: 30 Deals Announced in November 2025Significant cybersecurity M&A deals announced by Arctic Wolf, Bugcrowd, Huntress, Palo Alto Networks, and Zscaler. The post Cybersecurity M&A Roundup: 30 Deals Announced in November 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
4 DecCybersecurity strategies to prioritize now​​In this article, Damon Becknel, Vice President and Deputy CISO for Regulated Industries at Microsoft, outlines four things to prioritize doing now. The post Cybersecurity strategies to prioritize now​​ appeared first on Microsoft Security Blog .MICROSOFT.COM
4 DecSanctioned spyware maker Intellexa had direct access to government espionage victims, researchers sayBased on a leaked video, security researchers alleged that Intellexa staffers have remote live access to their customers' surveillance systems, allowing them to see hacking targets’ personal data.TECHCRUNCH.COM
4 DecValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading | Trend Micro (US)submitted by kid to cybersecurity 1 points | 0 comments https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.htmlSH.ITJUST.WORKS
4 DecMalicious Rust packages targeted Web3 developers - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/12/04/malicious-rust-packages-targeted-web3-developers/SH.ITJUST.WORKS
4 DecJoint malware analysis report on Brickstorm backdoorThis joint report warns that People’s Republic of China (PRC) state-sponsored threat actors are using Brickstorm malware for long-term persistence on victims’ systems.CYBER.GC.CA
4 DecReport: Sophisticated Fraud Attacks Are on the RiseSophisticated online fraud techniques are growing more accessible to unskilled attackers, driven by AI tools and fraud-as-a-service platforms, according to Sumsub’s latest Identity Fraud Report.KNOWBE4.COM
4 DecHoliday Hack Challenge, AI, Internet of Trash - Ed Skoudis - PSW #903This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news: - Oh Asus - Dashcam botnets - Weird CVEs being issued - CodeRED, but not the worm - Free IP checking - Internet space junk and IoT - Decade old Linux ker…YOUTUBE.COM
4 DecSpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by MalwareAustin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks tha…GBHACKERS.COM
4 DecKohler’s Smart Toilet Camera Not Truly End-to-End EncryptedKohler’s Dekota toilet camera, launched in October as a $600 health-monitoring device, is facing significant scrutiny over its privacy claims. The device promises to track gut health, hydration, and other wellness metrics by analyzing bowel contents. However, the investigat…GBHACKERS.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
4 DecRecord 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected HostsCloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AI…THEHACKERNEWS.COM
4 DecGoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ InfectionsCybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involv…THEHACKERNEWS.COM
📡 INFOSEC NEWS 8[−]
4 DecProtecting LLM chats from the eavesdropping Whisper Leak attack | Kaspersky official blogHow an attacker can find out the topic of your chats with an AI assistant without hacking your computer, and what you can do to guard against this threatKASPERSKY.COM
4 DecMicrosoft 365 license check bug blocks desktop app downloads​Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. [...]BLEEPINGCOMPUTER.COM
4 DecContractors with hacking records accused of wiping 96 govt databasesU.S. prosecutors have charged two Virginia brothers arrested on Wednesday with allegedly conspiring to steal sensitive information and destroy government databases after being fired from their jobs as federal contractors. [...]BLEEPINGCOMPUTER.COM
4 DecRussia blocks FaceTime and Snapchat over use in terrorist attacksRussian telecommunications watchdog Roskomnadzor has blocked access to Apple's FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they're being used to coordinate terrorist attacks. [...]BLEEPINGCOMPUTER.COM
4 DecWhy the record-breaking 30 Tbps DDoS attack should concern every businessA new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. Read more in my article on the Fortra blog.FORTRA.COM
4 DecPhishing, privileges and passwords: Why identity is critical to improving cybersecurity postureIdentity is effectively the new network boundary. It must be protected at all costs.WELIVESECURITY.COM
4 DecProject View: A New Era of Prioritized and Actionable Cloud SecurityIn today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to …TRENDMICRO.COM