103Articles
9Categories
2025-12-15Date
🚨 CISA KEV 2[−]
15 Dec KEVCISA Adds Actively Exploited Sierra Router Flaw to KEV CatalogThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalogue, warning organisations about active exploitation in the wild. Critical File Upload…GBHACKERS.COM
15 Dec KEVCISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalogsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/12/cisa-flags-actively-exploited-geoserver.htmlSH.ITJUST.WORKS
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
15 DecCritical pgAdmin Flaw Allows Attackers to Execute Shell Commands on HostA new critical vulnerability in pgAdmin 4 allows remote attackers to bypass security filters and execute arbitrary shell commands on the host server. The flaw, tracked as CVE-2025-13780, exploits a weakness in how the popular PostgreSQL management tool processes database restorat…GBHACKERS.COM
15 DecWindows Remote Access Connection Manager Flaw Allows Arbitrary Code ExecutionSecurity researchers have uncovered a critical unpatched vulnerability in the Windows Remote Access Connection Manager (RasMan) service that enables attackers to crash the service and facilitate local arbitrary code execution with Local System privileges. This discovery emerged d…GBHACKERS.COM
15 Dec KEVCISA Alerts on Actively Exploited Google Chromium Zero-Day FlawThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical zero-day vulnerability in Google Chrome that is being actively exploited in the wild. The flaw, tracked as CVE-2025-14174, poses a significant risk to millions of user…GBHACKERS.COM
15 Dec KEVCISA orders immediate patching as GeoServer flaw faces active exploitationCISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately. The flaw, tracked as CVE-2025-58360 , is an unauthenticated XML External Entity (XXE) vulnerability affecting GeoSer…CSOONLINE.COM
15 DecMore React2Shell Exploits CVE-2025-55182, (Mon, Dec 15th)Exploits for React2Shell (CVE-2025-55182) remain active. However, at this point, I would think that any servers vulnerable to the "plain" exploit attempts have already been exploited several times. Here is today&#;x26;#;39;s most popular exploit payloa…ISC.SANS.EDU
15 DecFreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCEMultiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported …THEHACKERNEWS.COM
15 DecZnDoor Malware Actively Exploits React2Shell to Breach Network InfrastructureSince December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks…GBHACKERS.COM
15 DecPCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ ServersA sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours by exploiting critical Next.js vulnerabilities. Security researchers discovered the large-scale operation while monitoring a Docker honeypot…GBHACKERS.COM
15 DecDefending against the CVE-2025-55182 (React2Shell) vulnerability in React Server ComponentsCVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vu…MICROSOFT.COM
15 DecCVE‑2025‑14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. Google is aware that an exploit for CVE-2025-14174 exists …MSRC.MICROSOFT.COM
15 DecCVE-2025-14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. Google is aware that an exploit for CVE-2025-14174 exists …MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
15 Dec KEVCybersecurity Today: Apple Security Updates, AI Search Engine Scams, Torrent Malware, and Stanford's AI Penetration TestingIn this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake su…CYBERSECURITYTODAY.LIBSYN.COM
15 DecNew VolkLocker Ransomware Variant Targets Both Linux and Windows SystemsCyberVolk, a pro-Russia hacktivist group first documented in late 2024, has resurfaced with a sophisticated ransomware-as-a-service (RaaS) offering called VolkLocker after months of dormancy caused by Telegram enforcement actions. The group returned in August 2025 with version 2.…GBHACKERS.COM
15 DecCritical Plesk Vulnerability Allows Users to Gain Root-Level AccessA critical security vulnerability has been discovered in Plesk, a widely used web hosting control panel, that enables unauthorised users to escalate privileges and gain root-level access to affected systems. This flaw poses a significant threat to web hosting providers and organi…GBHACKERS.COM
15 DecCybersecurity leaders’ top seven takeaways from 2025Over the last 12 months, security teams continued to walk a tightrope between moving fast to adopt new technologies and facing escalating threats fuelled mostly by the rise of AI. As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security l…CSOONLINE.COM
15 DecApple Patches Two Zero-Days Tied to Mysterious Exploited Chrome FlawApple has released macOS and iOS updates to patch two WebKit zero-days exploited in an “extremely sophisticated” attack. The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecPhantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance SectorCybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite …THEHACKERNEWS.COM
15 DecIlluminating Data Blind Spots, Topic, Enterprise News - Tony Kelly - ESW #437Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we’ll unpack how Data Security Posture Manag…YOUTUBE.COM
15 DecMicrosoft stellt neue Sicherheitsstrategie vorMicrosoft hat angekündigt, dass sein Bug-Bounty-Programm ausgeweitet werden soll. bluestork – shutterstock.com Cyberangriffe beschränken sich heutzutage nicht auf bestimmte Unternehmen, Produkte oder Dienstleistungen – sie finden dort statt, wo die Schwachstellen sind. Zudem werd…CSOONLINE.COM
15 Dec⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & MoreIf you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready. Below, we lis…THEHACKERNEWS.COM
15 DecGoogle links more Chinese hacking groups to React2Shell attacksOver the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. [...]BLEEPINGCOMPUTER.COM
15 DecNo more orange juice? Why one ship reveals America’s maritime cybersecurity crisisA single vessel called the Orange Star docks at Port Elizabeth in New Jersey, carrying 38,848 cubic meters of orange juice concentrate. One ship, arriving weekly, supplies orange juice used by all of the city’s major retailers. If Port Elizabeth’s systems went down tomorrow due t…CSOONLINE.COM
15 DecCISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attackssubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/cisa-warns-of-windows-cloud-files-mini-filter-vulnerability-exploited/SH.ITJUST.WORKS
15 DecNew React RSC Vulnerabilities Enable DoS and Source Code Exposuresubmitted by kid to cybersecurity 3 points | 0 comments https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.htmlSH.ITJUST.WORKS
15 DecGoogle Sees 5 Chinese Groups Exploiting React2Shell for Malware DeliveryGoogle has also mentioned seeing React2Shell attacks conducted by Iranian threat actors. The post Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
15 Dec KEVApple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wildsubmitted by kid to cybersecurity 3 points | 0 comments https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.htmlSH.ITJUST.WORKS
15 DecThe 5 power skills every CISO needs to master in the AI eraAt one global manufacturing client, an AI model flagged a potential breach pattern that turned out to be normal behavior from a test server. The system wasn’t wrong — but the humans stopped questioning it. It took a single analyst with strong data storytelling skills to realize t…CSOONLINE.COM
15 DecUnifying Data Protection ToolsRevolutionizing Data Protection: Discover how enterprises are unifying multiple data protection tools into a single cloud management platform. From AWS to Salesforce, see how data discovery and policy enforcement are transforming cybersecurity. Subscribe to our podcasts: https://…YOUTUBE.COM
15 DecFeatured Chrome Browser Extension Caught Intercepting Millions of Users' AI ChatsA Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Gro…THEHACKERNEWS.COM
15 DecxHunt APT Exploits Microsoft Exchange and IIS to Deploy Custom BackdoorsxHunt, a sophisticated cyber-espionage group with a laser focus on organizations in Kuwait, has continued to demonstrate advanced capabilities in infiltrating critical infrastructure. The group’s persistent, multi-year campaigns targeting the shipping, transportation, and g…GBHACKERS.COM
15 DecWireshark 4.6.2 Released With Crash Vulnerability Fixes and Protocol UpdatesWireshark, the world’s leading network protocol analyzer, has released version 4.6.2 with critical security updates and important bug fixes. The update addresses compatibility issues, resolves multiple vulnerability concerns, and enhances protocol support for enterprise use…GBHACKERS.COM
15 DecShannon: AI Pentesting Tool That Autonomously Identifies and Exploits Code VulnerabilitiesKeygraph has unveiled Shannon, a fully autonomous artificial intelligence pentester designed to discover and execute real exploits in web applications. Unlike conventional vulnerability scanners that generate false positives, Shannon bridges a critical security gap by delivering …GBHACKERS.COM
15 DecAskul confirms theft of 740k customer records in ransomware attackJapanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. [...]BLEEPINGCOMPUTER.COM
15 DecMultiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. D…CISECURITY.ORG
📋 SECURITY BULLETINS 5[−]
15 DecNVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS AttacksNVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Lin…GBHACKERS.COM
15 DecMicrosoft: December security updates cause Message Queuing failuresMicrosoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. [...]BLEEPINGCOMPUTER.COM
15 DecAtlassian Patches Critical Apache Tika FlawAtlassian has released software updates for Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, and Jira. The post Atlassian Patches Critical Apache Tika Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecMicrosoft: Recent Windows updates break VPN access for WSL usersMicrosoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. [...]BLEEPINGCOMPUTER.COM
15 DecMicrosoft December 2025 Security Updates Disrupt MSMQ Functionality on IISMicrosoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 19045.6691), was released on De…GBHACKERS.COM
📢 SECURITY ADVISORIES 13[−]
15 DecFrench Interior Ministry confirms cyberattack on email serversThe French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. [...]BLEEPINGCOMPUTER.COM
15 DecAgainst the Federal Moratorium on State-Level Regulation of AICast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill . Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial inte…SCHNEIER.COM
15 DecYour KnowBe4 Compliance Plus Fresh Content Updates from November 2025"Good information. Everyone who owns a computer should do this training across the country. It should be mandatory!” "Wow, I had no idea of the detail and advanced interrogation these criminals use! This was the most eye-opening session I've seen in a long time and VERY timely” "…KNOWBE4.COM
15 DecAndroid Users at Risk as Malware Poses as mParivahan and e-Challan AppsA sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal credentials and carry out large-scale financial fraud. The operation combines phishing, malwa…GBHACKERS.COM
🔥 INCIDENT REPORTING 17[−]
15 DecVolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free DecryptionThe pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. Acc…THEHACKERNEWS.COM
15 DecGentlemen Ransomware Emerges as a Threat to Corporate NetworksA sophisticated new ransomware group known as “Gentlemen” has emerged as a significant threat to global enterprise security, employing a ruthless double extortion model that combines data theft with advanced encryption protocols. First identified in August 2025, the g…GBHACKERS.COM
15 Dec700Credit Data Breach Impacts 5.8 Million IndividualsHackers stole names, addresses, dates of birth, and Social Security numbers from the credit report and identity verification services provider. The post 700Credit Data Breach Impacts 5.8 Million Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecFieldtex Data Breach Impacts 238,000submitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/fieldtex-data-breach-impacts-238000/SH.ITJUST.WORKS
15 DecSouth Korean Police Raid Coupang Over Data Breach as CEO Resigns - Infosecurity Magazinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/seoul-police-raid-coupang-ceo/SH.ITJUST.WORKS
15 DecHamas-Linked Hackers Probe Middle Eastern Diplomatssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/hamas-hackers-middle-eastern-diplomatsSH.ITJUST.WORKS
15 DecCyberVolk’s ransomware debut stumbles on cryptography weaknesssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cybervolks-ransomware-debut-stumbles-on-cryptography-weakness/SH.ITJUST.WORKS
15 DecRansomware-Bande attackiert Ideal VersicherungDie Ransomware-Bande Akira hat die Versicherungsgruppe Ideal angegriffen. Who is Danny – shutterstock.com Auf seiner Webseite informiert das Versicherungsunternehmen Ideal aktuell über einen Cyberangriff. Die Systeme seien vorsorglich vom Netz genommen worden und der Geschäftsbet…CSOONLINE.COM
15 DecNew PyStoreRAT Malware Targets OSINT Researchers Through GitHub – Hackread – Cybersecurity News, Data Breaches, AI, and Moresubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/pystorerat-rat-malware-github-osint-researchers/SH.ITJUST.WORKS
15 DecNew Gentlemen Ransomware Breaching Corporate Networks to Exfiltrate and Encrypt Sensitive Datasubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/new-gentlemen-ransomware-breaching-corporate-networks/SH.ITJUST.WORKS
15 Dec700Credit data breach impacts 5.8 million vehicle dealership customers700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. [...]BLEEPINGCOMPUTER.COM
15 DecExperts found an unsecured 16TB database containing 4.3B professional recordssubmitted by kid to cybersecurity 3 points | 0 comments https://securityaffairs.com/185661/data-breach/experts-found-an-unsecured-16tb-database-containing-4-3b-professional-records.htmlSH.ITJUST.WORKS
15 DecData breach at credit check giant 700Credit affects at least 5.6 million | TechCrunchsubmitted by kid to cybersecurity 4 points | 0 comments https://techcrunch.com/2025/12/12/data-breach-at-credit-check-giant-700credit-affects-at-least-5-6-million/SH.ITJUST.WORKS
15 DecPornHub extorted after hackers steal Premium member activity dataAdult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. [...]BLEEPINGCOMPUTER.COM
15 DecSoundCloud confirms breach after member data stolen, VPN access disruptedAudio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. [...]BLEEPINGCOMPUTER.COM
15 DecPornHub extorted after hackers steal Premium member activity dataAdult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. [...]BLEEPINGCOMPUTER.COM
15 DecLLMs & Ransomware | An Operational Accelerator, Not a RevolutionLLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.SENTINELONE.COM
🕵️ THREAT INTELLIGENCE 17[−]
15 DecISC Stormcast For Monday, December 15th, 2025 https://isc.sans.edu/podcastdetail/9738, (Mon, Dec 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 DecStorm-0249: EDR Process Sideloading to Conceal Malicious ActivityInitial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes through sideloading techniques to conceal malicious activity as routine security operations. This r…GBHACKERS.COM
15 DecThird DraftKings Hacker Pleads GuiltyNathan Austad admitted in court to launching a credential stuffing attack against a fantasy sports and betting website. The post Third DraftKings Hacker Pleads Guilty appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecLW ROUNDTABLE: Part 3, Cyber resilience faltered in 2025 — recalibration now under wayThis is the third installment in our four-part 2025 Year-End Roundtable. In Part One, we explored how accountability got personal. In Part Two, we examined how regulatory mandates clashed with operational complexity. Part three of a four-part series . Now … (more…) The post…LASTWATCHDOG.COM
15 DecSoverli Raises $2.6 Million for Secure Smartphone OSThe sovereign smartphone OS runs along Android or iOS, allowing users to switch between secure, isolated environments. The post Soverli Raises $2.6 Million for Secure Smartphone OS appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecFake ‘One Battle After Another’ torrent hides malware in subtitlessubmitted by kid to cybersecurity 1 points | 1 comments https://www.bleepingcomputer.com/news/security/fake-one-battle-after-another-torrent-hides-malware-in-subtitles/SH.ITJUST.WORKS
15 DecDeepfake Training: A Strategic Advantage Against Emerging ThreatsDeepfake attacks have become more compelling and realistic than ever before.KNOWBE4.COM
15 DecNew Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scalesubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/12/new-advanced-phishing-kits-use-ai-and.htmlSH.ITJUST.WORKS
15 DecFrance and Germany Grappling With Nation-State Hackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bankinfosecurity.in/france-germany-grappling-nation-state-hacks-a-30282SH.ITJUST.WORKS
15 DecMilitant Groups Are Experimenting With AI, and the Risks Are Expected to GrowAI can be used by extremist groups to pump out propaganda or deepfakes at scale, widening their reach and expanding their influence. The post Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecWarning: Phishing Attacks Abuse Free Cloudflare PagesMalwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid detection by security scanners.KNOWBE4.COM
15 DecAsahi to Launch Cybersecurity Overhaul After Crippling Cyber-Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/asahi-launch-cybersecurity/SH.ITJUST.WORKS
15 DecMicrosoft named an overall leader in KuppingerCole Leadership Compass for Generative AI DefenseToday, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense. The post Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense appeared first on Micro…TECHCOMMUNITY.MICROSOFT.COM
15 DecFrogblight Android Malware Spoofs Government Sites to Collect SMS and Device DetailsKaspersky security researchers have uncovered a sophisticated Android banking Trojan called Frogblight that targets Turkish users by impersonating legitimate government applications. First detected in August 2025, this advanced malware combines banking credential theft with exten…GBHACKERS.COM
15 DecClickFix Attack Abuses finger.exe to Execute Malicious CodeCybersecurity researchers have identified a resurgence in the abuse of legacy Windows protocols, specifically the finger.exe command, to facilitate social engineering attacks. Since November 2025, threat actors have integrated this decades-old utility into the “ClickFixR…GBHACKERS.COM
15 DecDSPM: Automating Data DiscoveryUnlocking the Future of Data Security: Discover how Data Security Posture Management (DSPM) is revolutionizing data discovery with AI, automating insights across cloud and on-prem environments. Embrace the future of cybersecurity! Subscribe to our podcasts: https://securityweekly…YOUTUBE.COM
15 DecWhat’s Next for Enterprise Threat Intelligence in 2026Top enterprise threat intelligence trends for 2026: AI-augmented CTI, unified platforms, workflow integration, data fusion, budgets, ROI, and maturity.RECORDEDFUTURE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
15 DecMan jailed for teaching criminals how to use malwareA 49-year-old man has received a five-and-a-half year jail sentence after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain their bank accounts. Read more in my article on the Hot for Security…BITDEFENDER.COM
15 DecNew SantaStealer malware steals data from browsers, crypto walletsA new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. [...]BLEEPINGCOMPUTER.COM
15 DecCyber Risk Management: Defenders Tell It Like It IsBased on more than 3,000 responses from cybersecurity professionals in nearly 90 countries, our Trend Micro Defenders Survey Report 2025 shines a bright light on the current state of cyber risk management. From the impact of cloud and AI on IT environments to top technical and hu…TRENDMICRO.COM
15 DecThe 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacksWe present our 6th annual review of Internet trends and patterns observed across the globe, revealing the disruptions, advances and metrics that defined 2025.CLOUDFLARE.COM
📡 INFOSEC NEWS 10[−]
15 DecGame of clones: Sophos and the MITRE ATT&CK Enterprise 2025 EvaluationsWinter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise EvaluationsSOPHOS.COM
15 DecA Browser Extension Risk Guide After the ShadyPanda CampaignIn early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extension…THEHACKERNEWS.COM
15 Dec2025’s Top Phishing Trends and What They Mean for Your Security StrategyPhishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks conti…BLEEPINGCOMPUTER.COM
15 Dec2026 Cybersecurity PredictionsWhatever you think will happen… will happen faster and with more acronyms than ever before.F5.COM
15 DecGoogle is shutting down dark web reports in January because they weren’t helpfulGoogle says the reports lacked "helpful next steps."ARSTECHNICA.COM
15 DecOngoing SoundCloud issue blocks VPN users with 403 server errorUsers accessing the SoundCloud audio streaming platform through a virtual private network (VPN) connection are denied access to the service and see a 403 'forbidden' error. [...]BLEEPINGCOMPUTER.COM
15 DecHow to discover and secure ownerless corporate IT assetsA detailed guide on detecting and responding to forgotten and outdated servers, API endpoints, user accounts, websites, and other IT assets.KASPERSKY.COM
15 DecGoogle is shutting down its dark web report feature in JanuaryGoogle is discontinuing its "dark web report" security tool, stating that it wants to focus on other tools it believes are more helpful. [...]BLEEPINGCOMPUTER.COM
15 DecEnhancing security awareness with cyber risk exposure managementLearn how to strategically tackle human risk for smarter prioritization and lasting behavioral change.TRENDMICRO.COM
15 Dec2026 Cybersecurity PredictionsWhatever you think will happen… will happen faster and with more acronyms than ever before.F5.COM