92Articles
8Categories
2025-12-12Date
🚨 CISA KEV 1[−]
12 Dec KEVCISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is …THEHACKERNEWS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 14[−]
12 DecNew React RSC Vulnerabilities Enable DoS and Source Code ExposureThe React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team said the issues were found by the security community while attempting to exploi…THEHACKERNEWS.COM
12 DecReact2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency MitigationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affec…THEHACKERNEWS.COM
12 DecGladinet servers file-sharing servers allow remote code executionEnterprises relying on Gladinet’s file-sharing services are faced with another round of zero-day patching, this time to block attackers from abusing cryptographic keys directly baked into its CentreStack and Triofox platforms. Cybersecurity firm Huntress warned that attackers are…CSOONLINE.COM
12 Dec KEVCritical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services WorldwideTorrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security…GBHACKERS.COM
12 DecMITRE Unveils 2025’s Top 25 Most Dangerous Software WeaknessesMITRE has released its annual Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list for 2025, identifying the most critical vulnerabilities affecting software development worldwide. The comprehensive analysis draws from over 39,080 CVE records, providin…GBHACKERS.COM
12 DecCISA Alerts on Active Exploitation of Windows Cloud Files Mini Filter 0-DayA critical privilege escalation vulnerability in Microsoft Windows Cloud Files Mini Filter Driver is now under active exploitation, according to a new Cybersecurity and Infrastructure Security Agency (CISA) advisory. The vulnerability, tracked as CVE-2025-62221, poses a significa…GBHACKERS.COM
12 DecMultiple Threat Actors Exploit React2Shell (CVE-2025-55182)Written by: Aragorn Tseng, Robert Weiner, Casey Charrier, Zander Work, Genevieve Stark, Austin Larsen Introduction On Dec. 3, 2025, a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components, tracked as CVE-2025-55182 (aka "React2Shell"), was …CLOUD.GOOGLE.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
12 DecMeet ConsentFix, a new twist on the ClickFix phishing attackA new variation of the ClickFix scam tries to get around phishing defenses by capturing an employee’s OAuth authentication token for Microsoft logins. Researchers at Push Security this week outlined the tactic , which they call ConsentFix, in a blog, calling it “a dangerous evolu…CSOONLINE.COM
12 DecOpenAI expands ‘defense in depth’ security to stop hackers using its AI models to launch cyberattacksOpenAI is preparing for the possibility that threat groups will try to abuse its increasingly powerful AI frontier models to carry out sophisticated cyberattacks. In a blog, the company describes how the evolving capabilities of its models could be used to “develop working zero-d…CSOONLINE.COM
12 DecPorn Is Being Injected Into Government Websites Via Malicious PDFssubmitted by tonytins to cybersecurity 1 points | 0 comments https://www.404media.co/porn-is-being-injected-into-government-websites-via-malicious-pdfs/ Dozens of government and university websites belonging to cities, towns, and public agencies across the country are hosting PDF…INFOSEC.PUB
12 Dec KEVGogs 0-Day Actively Exploited to Compromise Over 700 ServersSecurity researchers have identified an active zero-day vulnerability in Gogs, a widely used self-hosted Git service. The flaw has already resulted in the compromise of more than 700 servers publicly exposed on the internet. As of early December 2025, no official patch is availab…GBHACKERS.COM
12 DecNotepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy MalwareThe development team behind the popular text editor Notepad++ has released version 8.8.9 to address a critical security flaw that could allow traffic hijacking. This vulnerability affects the software’s update mechanism, potentially allowing attackers to intercept network traffic…GBHACKERS.COM
12 DecSevere Flaws in React Server Components Enable DoS Attacks and Code ExposureSecurity researchers have disclosed two new vulnerabilities in React Server Components that expose servers to Denial-of-Service (DoS) attacks and to source code leaks. These flaws were discovered while experts were analyzing the patches for last week’s critical “React…GBHACKERS.COM
12 DecHow to simplify enterprise cybersecurity through effective identity managementIdentifying and securing ownership of assets can be a challenging task. In addition to multifactor authentication , conditional and privileged access can help organizations to batten down the hatches. But introducing AI technologies often adds a nightmare of complexity. “It [usin…CSOONLINE.COM
12 Dec$320,000 Paid Out at Zeroday.Cloud for Open Source Software ExploitsParticipants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecMITRE shares 2025's top 25 most dangerous software weaknessesMITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]BLEEPINGCOMPUTER.COM
12 Dec KEVCISA orders feds to patch actively exploited Geoserver flawCISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. [...]BLEEPINGCOMPUTER.COM
12 DecNotepad++ Patches Updater Flaw After Reports of Traffic HijackingNotepad++ found a vulnerability in the way the software updater authenticates update files. The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecMicrosoft Bug Bounty Program Expanded to Third-Party CodeAll critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services. The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecNew Windows RasMan zero-day flaw gets free, unofficial patchesFree unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. [...]BLEEPINGCOMPUTER.COM
12 DecMITRE Releases 2025 List of Top 25 Most Dangerous Software VulnerabilitiesXSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecBuilding Trustworthy AI AgentsThe promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about…SCHNEIER.COM
12 DecRecent GeoServer Vulnerability Exploited in AttacksBecause user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecGladinet CentreStack Flaw Exploited to Hack OrganizationsThreat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw. The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecGoogle Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/google-chrome-security-update/SH.ITJUST.WORKS
12 DecNew Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at ScaleCybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-t…THEHACKERNEWS.COM
12 DecHackers exploit Gladinet CentreStack cryptographic flaw in RCE attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-gladinet-centrestack-cryptographic-flaw-in-rce-attacks/SH.ITJUST.WORKS
12 DecSpiderman and Cybersecurity.Cybersecurity Today: Spider-Man Phishing Kit, Gogs Zero-Day Exploits, and Recent Patches In this episode, host Jim Love discusses recent cybersecurity issues including the Spider-Man phishing kit targeting European banks and cryptocurrency users, a zero-day vulnerability in the s…CYBERSECURITYTODAY.LIBSYN.COM
12 DecGogs Git service zero-day exploited since Dec. 1 | SC Mediasubmitted by kid to cybersecurity 1 points | 0 comments https://www.scworld.com/news/gogs-git-service-exploited-since-dec-1SH.ITJUST.WORKS
12 DecHome Depot exposed access to internal systems for a year, says researcherA security researcher tried to alert Home Depot to the security lapse exposing its backend GitHub source code repos and other internal cloud systems, but was ignored.TECHCRUNCH.COM
12 DecResearchers Revive 2000s ‘Blinkenlights’ to Extract Smartwatch Firmware via Screen PixelsSecurity researchers have successfully extracted firmware from a cheap JieLi-based smartwatch by reviving an obscure 2000s attack technique that transmits sensitive data through display pixels. The novel approach, which builds upon decades-old “blinkenlights” methodol…GBHACKERS.COM
12 Dec10,000+ Docker Hub Images Exposed with Live Production Credentials from 100+ FirmsA comprehensive security analysis has uncovered a critical vulnerability in container image distribution: more than 10,000 Docker Hub images containing leaked production credentials from over 100 organizations, including a Fortune 500 company and a central national bank. The rese…GBHACKERS.COM
12 DecGoogle and Apple roll out emergency security updates after zero-day attacksApple released patches for all of its flagship devices to fix security flaws under attack. Google also updated Chrome to remediate one vulnerabilty exploited in the attacks.TECHCRUNCH.COM
12 DecProcessing 630 Million More Pwned Passwords, Courtesy of the FBIPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing The sheer scope of cybercrime can be hard to fathom, even when you live and breathe it every day. It's not just the volume of data, but also the extent to …TROYHUNT.COM
12 DecApple fixes two zero-day flaws exploited in 'sophisticated' attacksApple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. [...]BLEEPINGCOMPUTER.COM
12 DecMultiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. De…CISECURITY.ORG
12 DecCatching malicious package releases using a transparency logWe’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering and unauthorized uses of their identities in the Rekor transparency log. This work, funded by the OpenSSF , includes support for the new Rekor v2 log , certificate…TRAILOFBITS.COM
📢 SECURITY ADVISORIES 4[−]
12 DecTrump Signs Executive Order to Block State AI RegulationsMembers of Congress from both parties have pushed for more regulations on AI, saying there is not enough oversight for the powerful technology. The post Trump Signs Executive Order to Block State AI Regulations appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecCISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise DevicesThe Cybersecurity and Infrastructure Security Agency has released critical guidance on managing UEFI Secure Boot configurations across enterprise systems. The comprehensive advisory addresses growing concerns about boot-level security vulnerabilities that have exposed organizatio…GBHACKERS.COM
🔥 INCIDENT REPORTING 10[−]
12 DecWhere does the data stolen in a phishing attack go? | Kaspersky official blogWe break down what happens to stolen data after a phishing attack: how it ends up on the shadow market and gets used in new phishing schemes, and what risks this poses. We also offer tips on how to protect your accounts, and minimize any impact.KASPERSKY.COM
12 DecFieldtex Data Breach Impacts 238,000The Akira ransomware group took credit for the Fieldtex Products hack in November, claiming to have stolen 14 Gb of data. The post Fieldtex Data Breach Impacts 238,000 appeared first on SecurityWeek .SECURITYWEEK.COM
12 DecUK fines LastPass over 2022 data breach impacting 1.6 million userssubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/uk-fines-lastpass-over-2022-data-breach-impacting-16-million-users/SH.ITJUST.WORKS
12 DecGOLD SALEM tradecraft for deploying Warlock ransomware – Sophos Newssubmitted by kid to cybersecurity 1 points | 0 comments https://news.sophos.com/en-us/2025/12/11/gold-salem-tradecraft-for-deploying-warlock-ransomware/SH.ITJUST.WORKS
12 DecCyber attack on govt networks surged seven times post Operation Sindoor: NICSI MD - The Economic Timessubmitted by kid to cybersecurity 0 points | 0 comments https://economictimes.indiatimes.com/tech/technology/cyber-attack-on-govt-networks-surged-seven-times-post-operation-sindoor-nicsi-md/articleshow/125917883.cmsSH.ITJUST.WORKS
12 Dec“Cyber Tax” Warning as Two-Fifths of SMBs Raise Prices After Breach - Infosecurity Magazinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/twofifths-smbs-raise-prices-after/SH.ITJUST.WORKS
12 DecIn Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco AcademyOther noteworthy stories that might have slipped under the radar: Pentagon orders accelerated move to PQC, US shuts down scheme to smuggle GPUs to China, DroidLock Android ransomware. The post In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisc…SECURITYWEEK.COM
12 DecData breach at credit check giant 700Credit affects at least 5.6 million700Credit, a company that runs credit checks and identity verification services for auto dealerships across the U.S., had a data breach that allowed a hacker to steal names, addresses, dates of birth, and Social Security numbers.TECHCRUNCH.COM
12 DecCoupang data breach traced to ex-employee who retained system accessA data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. [...]BLEEPINGCOMPUTER.COM
12 DecRisky Biz Soap Box: Graph the planet!In this sponsored Soap Box edition of the Risky Business podcast, Patrick Gray chats with Jared Atkinson, CTO of SpecterOps, about BloodHound OpenGraph. OpenGraph enumerates attack paths across platforms and services, not just your primary directories. A compromised GitHub accoun…RISKY.BIZ
🕵️ THREAT INTELLIGENCE 24[−]
12 DecISC Stormcast For Friday, December 12th, 2025 https://isc.sans.edu/podcastdetail/9736, (Fri, Dec 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 DecAshen Lepus Hacker Group Targets Eastern Diplomatic Entities with AshTag Malware AttackAn advanced persistent threat (APT) group with ties to Hamas has intensified its espionage operations against government and diplomatic entities across the Middle East, deploying a sophisticated new malware suite dubbed AshTag. The threat actor, tracked as Ashen Lepus (also known…GBHACKERS.COM
12 DecCyberangriff auf Rathaus: Hacker veröffentlichen Daten im DarknetCyberkriminelle haben Daten bei der Gemeindeverwaltung Untereisesheim gestohlen und im Darknet veröffentlicht. BeeBright – shutterstock.com Mitte Oktober funktionierte im Rathaus Untereisesheim fast nichts mehr. Die Gemeindeverwaltung war Ziel eines Cyberangriffs, bei dem IT-Syst…CSOONLINE.COM
12 DecGlobal agencies sound alarm as pro-Russia hacktivist groups intensify OT intrusions - Industrial Cybersubmitted by kid to cybersecurity 2 points | 0 comments https://industrialcyber.co/news/global-agencies-sound-alarm-as-pro-russia-hacktivist-groups-intensify-ot-intrusions/SH.ITJUST.WORKS
12 DecHamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suitesubmitted by kid to cybersecurity 1 points | 0 comments https://unit42.paloaltonetworks.com/hamas-affiliate-ashen-lepus-uses-new-malware-suite-ashtag/SH.ITJUST.WORKS
12 DecFresh Content Updates from November 2025"Good information. Everyone who owns a computer should do this training across the country. It should be mandatory!” "Wow, I had no idea of the detail and advanced interrogation these criminals use! This was the most eye-opening session I've seen in a long time and VERY timely” "…KNOWBE4.COM
12 DecNew ConsentFix attack hijacks Microsoft accounts via Azure CLIsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-consentfix-attack-hijacks-microsoft-accounts-via-azure-cli/SH.ITJUST.WORKS
12 DecZero-Trust-Umsetzung: Die richtige Kommunikation zähltMöchten CISOs neue Strategien wie Zero Trust einführen, ist die richtige Kommunikation entscheidend. HZ Creations – shutterstock.com Die Umsetzung großer Transformationsinitiativen, wie die Einführung von Zero Trust , erfordert mehr als nur technisches Verständnis – und genau hie…CSOONLINE.COM
12 DecNotepad++ fixes flaw that let attackers push malicious update filessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/notepad-plus-plus-fixes-flaw-that-let-attackers-push-malicious-update-files/SH.ITJUST.WORKS
12 DecAI Agent Creates Bash ScriptEver wondered if AI can code? Paul shares how Claude, an AI agent, tackled a 600-line bash script, revealing the challenges and triumphs of AI in cybersecurity. Discover the nuances of AI-driven coding and its impact on security protocols. Subscribe to our podcasts: https://secur…YOUTUBE.COM
12 DecMalicious VSCode Marketplace extensions hid trojan in fake PNG filesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/malicious-vscode-marketplace-extensions-hid-trojan-in-fake-png-file/SH.ITJUST.WORKS
12 DecJust a moment...submitted by kid to cybersecurity 1 points | 0 comments https://www.techrepublic.com/article/news-nvidia-denies-deepseek-smuggling-claims/SH.ITJUST.WORKS
12 DecIntel, AMD Processors Affected by PCIe Vulnerabilities - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/intel-amd-processors-affected-by-pcie-vulnerabilities/SH.ITJUST.WORKS
12 DecNew DroidLock malware locks Android devices and demands a ransomsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/INFOSEC.PUB
12 DecNew JSCEAL Infostealer Malware Targets Windows Systems to Steal Login CredentialsA sophisticated information-stealing tool known as JSCEAL has evolved significantly in recent months, deploying advanced anti-analysis techniques and hardened command-and-control infrastructure to target users of cryptocurrency applications on Windows systems. Security researcher…GBHACKERS.COM
12 DecResearch Findings on the Fate of Data Stolen in Phishing AttacksNew research from Kaspersky has mapped the complete lifecycle of data stolen during phishing attacks, revealing a sophisticated “shadow market conveyor belt” where victim information is instantly commoditized. The analysis traces the digital trail from the initial cli…GBHACKERS.COM
12 DecNew AiTM Attack Campaign Bypasses MFA to Target Microsoft 365 and Okta UsersCybersecurity researchers at Datadog have uncovered a sophisticated adversary-in-the-middle phishing campaign targeting organizations that use Microsoft 365 and Okta for single sign-on authentication. The campaign leverages advanced techniques to hijack legitimate SSO authenticat…GBHACKERS.COM
12 DecConsentFix Attack Lets Hackers Hijack Microsoft Accounts via Azure CLI AbuseSecurity researchers at Push have identified a sophisticated new phishing attack termed “ConsentFix,” which combines OAuth consent manipulation with ClickFix-style social engineering to compromise Microsoft accounts without requiring passwords or bypassing multi-facto…GBHACKERS.COM
12 DecLW ROUNDTABLE Part 2: Mandates surge, guardrails lag — intel from the messy middleRegulators made their move in 2025. Disclosure deadlines arrived. AI rules took shape. Liability rose up the chain of command. But for security teams on the ground, the distance between policy and practice only grew wider. Part two of a … (more…) The post LW ROUNDTABLE Part…LASTWATCHDOG.COM
12 DecOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
12 DecNorth Korean Job InvitationA friend of mine, John D., received this outreach on Threads (see below). At first, he thought it was the standard fake employer scam, but it is more than that. It is very likely part of a North Korean fake employee scam.  KNOWBE4.COM
12 DecFriday Squid Blogging: Giant Squid Eating a Diamondback SquidI have no context for this video —it’s from Reddit—but one of the commenters adds some context: Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting. With so many people carrying around cameras, we’re getting more videos …SCHNEIER.COM
12 DecDisney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet - SWN #537Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet, and More Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-537YOUTUBE.COM
12 DecDisney's $1B Sora Deal: What Could Go Wrong?Disney's bold $1 billion move into AI with OpenAI is shaking up Hollywood! 🎬✨ Imagine creating short-form videos with your favorite Disney characters on Sora. But what about the animators and voice actors? Dive into the debate on digital rights and the future of entertainment. Su…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
12 DecFake ‘One Battle After Another’ torrent hides malware in subtitlesA fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 8[−]
12 DecAbusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)In the Microsoft Windows ecosystem, DLLs (Dynamic Load Libraries) are PE files like regular programs. One of the main differences is that they export functions that can be called by programs that load them. By example, to call RegOpenKeyExA(), the program must first load the ADVA…ISC.SANS.EDU
12 DecMKVCinemas streaming piracy service with 142M visits shuts downAn anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. [...]BLEEPINGCOMPUTER.COM
12 DecSecuring GenAI in the Browser: Policy, Isolation, and Data Controls That Actually WorkThe browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and anal…THEHACKERNEWS.COM
12 DecGartner tells businesses to block AI browsers nowAnalyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future." Read more in my article on the Fortra blog.FORTRA.COM
12 DecKali Linux 2025.4 released with 3 new tools, desktop updatesKali Linux has released version 2025.4, its final update of the year, introducing three new tools, desktop environment improvements, and enhanced Wayland support. [...]BLEEPINGCOMPUTER.COM
12 DecShadow spreadsheets: The security gap your tools can’t seeWhen official systems can't support everyday workflows, employees turn to spreadsheets — creating "shadow spreadsheets" that circulate unchecked. Grist shows how these spreadsheets expose sensitive data, create version sprawl, and remove the audit trails security teams depend on.…BLEEPINGCOMPUTER.COM
12 DecFlaw in photo booth maker’s website exposes customers’ picturesHama Film makes photo booths that upload pictures and videos online. But their backend systems have a simple flaw that allows anyone to download customer pictures.TECHCRUNCH.COM
12 DecBlack Hat Europe 2025: Was that device designed to be on the internet at all?Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be foundWELIVESECURITY.COM