🐛 COMMON VULNERABILITIES AND EXPOSURES 42[−]
16 DecJumpCloud Remote Assist Windows Agent Vulnerability Allows Privilege EscalationA critical local privilege escalation vulnerability in the JumpCloud Remote Assist for Windows agent allows any low-privileged user on a Windows system to gain NT AUTHORITY\SYSTEM privileges or crash the machine. Tracked as CVE-2025-34352, the flaw affects JumpCloud Remote Assist…GBHACKERS.COM
16 DecCVE-2022-50406 iomap: iomap: fix memory corruption when recording errors during writebackInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2023-53410 USB: ULPI: fix memory leak with using debugfs_lookup()Information published.MSRC.MICROSOFT.COM
16 DecCVE-2023-53387 scsi: ufs: core: Fix device management cmd timeout flowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2023-53367 accel/habanalabs: fix mem leak in capture user mappingsInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-44905 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.Information published.MSRC.MICROSOFT.COM
16 DecCVE-2025-44904 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.Information published.MSRC.MICROSOFT.COM
16 DecCVE-2025-7067 HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-6269 HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-6858 HDF5 H5Centry.c H5C__flush_single_entry null pointer dereferenceInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-6816 HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-6856 HDF5 H5FL.c H5FL__reg_gc_list use after freeInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-6750 HDF5 H5Omtime.c H5O__mtime_new_encode heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-6857 HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-6818 HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-2913 HDF5 H5FL.c H5FL__blk_gc_list use after freeInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-2926 HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereferenceInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-2923 HDF5 H5Fint.c H5F_addr_encode_len heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-2924 HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-2914 HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-2153 HDF5 h5 File H5SM.c H5SM_delete heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-2310 HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflowInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-40345 usb: storage: sddr55: Reject out-of-bound new_pbaInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-managerInformation published.MSRC.MICROSOFT.COM
16 DecFortinet FortiGate Under Active Attack Through SAML SSO Authentication BypassThreat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate applia…THEHACKERNEWS.COM
16 Dec KEVCISA Alerts on Apple WebKit Zero-Day Actively Used in CyberattacksThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-…GBHACKERS.COM
16 DecOpenShift GitOps Vulnerability Allows Attackers to Escalate Privileges to RootRed Hat has disclosed a significant security flaw in OpenShift GitOps that could allow authenticated users to take complete control of a cluster. Assigned the identifier CVE-2025-13888, this vulnerability allows namespace administrators to elevate their privileges beyond their in…GBHACKERS.COM
16 Dec KEVCritical FortiGate SSO Vulnerability Actively Exploited in Real-World AttacksFortinet’s FortiGate appliances face immediate threat from two critical authentication bypass vulnerabilities being actively exploited in production environments. Fortinet released advisories for CVE-2025-59718 and CVE-2025-59719 on December 9, 2025, identifying critical fl…GBHACKERS.COM
16 DecMicrosoft Outlines Mitigation for React2Shell RCE Vulnerability in React Server ComponentsMicrosoft has released comprehensive guidance on CVE-2025-55182, a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and the Next.js framework. Assigned a maximum CVSS score of 10.0, this vulnerability enables attackers to exe…GBHACKERS.COM
16 DecCVE-2025-40328 smb: client: fix potential UAF in smb2_close_cached_fid()Information published.MSRC.MICROSOFT.COM
16 DecCVE-2025-40342 nvme-fc: use lock accessing port_state and rport stateInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-40329 drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cbInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-40341 futex: Don't leak robust_list pointer on exec raceInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-40343 nvmet-fc: avoid scheduling association deletion twiceInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-40331 sctp: Prevent TOCTOU out-of-bounds writeInformation published.MSRC.MICROSOFT.COM
16 DecCVE-2025-40333 f2fs: fix infinite loop in __insert_extent_tree()Information published.MSRC.MICROSOFT.COM
16 DecCVE-2025-40337 net: stmmac: Correctly handle Rx checksum offload errorsInformation published.MSRC.MICROSOFT.COM
16 DecRussian APT group pivots to network edge device misconfigurationsA Russian state-sponsored cyberespionage group has been targeting energy companies and critical infrastructure providers by exploiting misconfigurations in network-edge devices. The group has been operating since at least 2021 and has exploited device misconfigurations before but…CSOONLINE.COM
16 DecThinking Outside The Box [dusted off draft from 2017]Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558), but I never got around to writing the second h…PROJECTZERO.GOOGLE
⚠️ VULNERABILITY DISCLOSURE 31[−]
16 DecChrome Extension with 6M+ Users Found Collecting AI Chatbot InputsA popular browser extension promoted as a free and secure VPN has been discovered secretly capturing user conversations across multiple AI chatbot platforms including ChatGPT, Claude, Gemini, and Microsoft Copilot raising fresh concerns over privacy and data exploitation in the a…GBHACKERS.COM
16 DecHow to create a ransomware playbook that worksRansomware attacks continue to plague organizations, and they’re getting ever more sophisticated via tactics such as double- and multi-extortion and the use of artificial intelligence to create more refined attacks, and the growth of the ransomware-as-a-service model. CISOs and C…CSOONLINE.COM
16 DecSecurity content of iOS 26.2 and iPadOS 26.2submitted by cm0002 to cybersecurity 1 points | 0 comments https://social.circl.lu/@vulnerability_lookup/115727906352544457INFOSEC.PUB
16 Dec KEVReact2Shell Vulnerability Actively Exploited to Deploy Linux BackdoorsThe security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed…THEHACKERNEWS.COM
16 DecIn-the-Wild Exploitation of Fresh Fortinet Flaws BeginsThreat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek .SECURITYWEEK.COM
16 DecDeveloping Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361Open source projects benefit from support that takes many shapes. Kat Cosgrove shares her experience across the Kubernetes project and the different ways people can make meaningful contributions to it. One of the underlying themes is that code is written for other people. That me…YOUTUBE.COM
16 DecEuropean authorities dismantle call center fraud ring in UkraineEuropean law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more than 10 million euros. [...]BLEEPINGCOMPUTER.COM
16 DecJumpCloud Remote Assist Vulnerability Can Expose Systems to TakeoverThe issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges. The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
16 Dec‘Featured’ Urban VPN caught stealing private AI chatsSecurity researchers have found that Urban VPN Proxy, a widely used free browser VPN extension with millions of installs, has been collecting and exporting full AI chat conversations from users’ browsers. For organizations where employees routinely paste internal context, code sn…CSOONLINE.COM
16 DecAmazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud InfrastructureAmazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastruc…THEHACKERNEWS.COM
16 DecZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devicessubmitted by kid to cybersecurity 3 points | 0 comments https://cybersecuritynews.com/zndoor-malware-exploiting-react2shell-vulnerability/SH.ITJUST.WORKS
16 DecAmazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure AttacksAfter years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
16 DecThe mistold story of a software failure that grounded 6,000 jets“You should fly. It’s safer.” It’s a fact. The odds are in your favor when compared to auto travel. It’s not even close, we often remind the flight-fearing traveler. Yet two of the smartest people I have known refuse to fly despite agreeing with this statistic. I think of them ev…CSOONLINE.COM
16 DecFreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCEsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/12/freepbx-authentication-bypass-exposed.htmlSH.ITJUST.WORKS
16 DecNation-State and Cybercrime Exploits Tied to React2Shellsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bankinfosecurity.in/nation-state-cybercrime-exploits-tied-to-react2shell-a-30285SH.ITJUST.WORKS
16 Dec700,000 Records Compromised in Askul Ransomware AttackThe e-commerce and logistics company was targeted by the RansomHouse ransomware group in October. The post 700,000 Records Compromised in Askul Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
16 DecUrban VPN beim Diebstahl privater KI-Chats erwischtsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/12/shutterstock_2594234567.jpg?quality=50&strip=all 16667w, https://b2b-contenthub.com/wp-content/uploads/2025/12/shutterstock_2594234567.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.…CSOONLINE.COM
16 DecThe Hidden Risk in Virtualization: Why Hypervisors are a Ransomware MagnetRansomware groups are targeting hypervisors to maximize impact, allowing a single breach to encrypt dozens of virtual machines at once. Drawing on real-world incident data, Huntress explains how attackers exploit visibility gaps at the hypervisor layer and outlines steps orgs can…BLEEPINGCOMPUTER.COM
16 DecLLMs Can't Sign CLAsExplore the complexities of Kubernetes policies and the limitations of LLMs in contributing to open-source projects. Discover why LLMs can't sign CLAs and the implications for cybersecurity. Subscribe to our podcasts: https://securityweekly.com/subscribe #Kubernetes #OpenSource #…YOUTUBE.COM
16 DecHackers exploit newly patched Fortinet auth bypass flawsHackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. [...]BLEEPINGCOMPUTER.COM
16 DecDemystifying risk in AIGiven the facts about the importance of Artificial Intelligence, for several months, I have been delving into this topic, but with caution, seeking to understand the key point of how we can protect applications based on Gen AI. We are living in times when AI has been the central …CSOONLINE.COM
16 DecPhishing in Telegram Mini Apps: how to avoid taking the bait | Kaspersky official blognew phishing scam is exploiting Telegram’s built-in Mini Apps: fraudsters are running fake giveaways to steal accounts. Here’s how to protect yourself.KASPERSKY.COM
16 DecFrom Open Source to OpenAI: The Evolution of Third-Party RiskFrom open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting. The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek .SECURITYWEEK.COM
16 DecRussian Hackers Launch Attacks on Network Edge Devices in Western Critical InfrastructureRussian state-sponsored hackers are intensifying attacks on misconfigured network edge devices across Western critical infrastructure, marking a significant tactical shift as 2025 comes to a close. According to new insights from Amazon Threat Intelligence, this campaign linked wi…GBHACKERS.COM
16 DecSoundCloud Confirms Data Breach After Hackers Steal User Account InformationSoundCloud has publicly disclosed a significant data breach affecting approximately 20% of its user base. The music streaming platform confirmed that unauthorized actors gained access to limited user account information through a compromised ancillary service dashboard, prompting…GBHACKERS.COM
16 DecInternet-Based Solar Panel Systems Vulnerable to Rapid CyberattacksThe rapid global expansion of solar energy infrastructure has created an unprecedented cyber vulnerability. As millions of homes, businesses, and hospitals adopt renewable power sources supported by government initiatives like the U.S. Inflation Reduction Act and Europe’s R…GBHACKERS.COM
16 DecGhostPairing Attack Exposes WhatsApp Accounts to Full Takeover via Phone NumbersA novel WhatsApp account-takeover campaign dubbed “GhostPairing Attack” has emerged, enabling threat actors to gain complete access to victim accounts without stealing passwords or conducting SIM swaps. Security researchers at Gen have uncovered the sophisticated soci…GBHACKERS.COM
16 DecPhishing Campaign Targets Executives With Phony AwardsA phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their credentials, then use the ClickFix social engineering technique to trick them into installing m…KNOWBE4.COM
16 DecSanta's Stealer: Malware as a ServiceMeet "Santa's Stealer" – the latest malware-as-a-service tool that's set to shake up the holiday season! 🚨 This ambitious malware, a fork of Blue Line Stealer, is already causing a stir on platforms like Telegram and Lulls. With 14 modules exploiting vulnerabilities such as the W…YOUTUBE.COM
16 DecWelcome to the new Project Zero BlogWhile on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And while we wish w…PROJECTZERO.GOOGLE
16 DecUse GWP-ASan to detect exploits in production environmentsMemory safety bugs like use-after-free and buffer overflows remain among the most exploited vulnerability classes in production software. While AddressSanitizer (ASan) excels at catching these bugs during development, its performance overhead (2 to 4 times) and security concerns …TRAILOFBITS.COM
📢 SECURITY ADVISORIES 2[−]
16 DecMicrosoft will finally kill obsolete cipher that has wreaked decades of havocsubmitted by Rekall_Incorporated to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2025/12/microsoft-will-finally-kill-obsolete-cipher-that-has-wreaked-decades-of-havoc/ The weak RC4 for administrative authentication has been a hacker holy grail for decades.SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 12[−]
16 DecGoogle to Shut Down Dark Web Monitoring Tool in February 2026Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for new dark web breaches will be stopped on …THEHACKERNEWS.COM
16 DecSantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet DataCybersecurity researchers at Rapid7 Labs have uncovered a sophisticated new threat: SantaStealer, a malware-as-a-service information stealer actively promoted on Telegram channels and underground hacker forums. The malware, which recently rebranded from “BluelineStealer,…GBHACKERS.COM
16 DecJaguar Land Rover Confirms August Cyberattack Led to Employee Data TheftJaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal data belonging to current and former employees. This disclosure marks the luxury automaker’s first public admission regarding the full scope of the inci…GBHACKERS.COM
16 DecUser Data Compromised in SoundCloud HackSoundCloud said the information of 20% of users was accessed by hackers who breached its systems. The post User Data Compromised in SoundCloud Hack appeared first on SecurityWeek .SECURITYWEEK.COM
16 DecFlaw in Hacktivist Ransomware Lets Victims Decrypt Own Filessubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/flaw-hacktivist-ransomware-victims-decrypt-filesSH.ITJUST.WORKS
16 DecSoundCloud confirms breach after member data stolen, VPN access disruptedsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/SH.ITJUST.WORKS
16 DecInternet-Ausfall im Bundestag wohl kein CyberangriffAm Montagnachmittag konnten die Nutzer im Bundestag nicht mehr auf Internet, Intranet, E-Mail-Postfächer und Dateien zugreifen. Matthias Wehnert – shutterstock.com Der zeitweise flächendeckende Ausfall des Computernetzwerks des Bundestags war nicht die Folge eines Hackerangriffs.…CSOONLINE.COM
16 DecCyberattack disrupts Venezuelan oil giant PDVSA's operationsPetróleos de Venezuela (PDVSA), Venezuela's state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations. [...]BLEEPINGCOMPUTER.COM
16 DecCompromised IAM Credentials Power a Large AWS Crypto Mining CampaignAn ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its auto…THEHACKERNEWS.COM
16 DecLLM-Driven Automation: A New Catalyst for Ransomware and RaaS EcosystemsSentinelLABS has released a comprehensive assessment regarding the integration of Large Language Models (LLMs) into the ransomware ecosystem, concluding that while AI is not yet driving a fundamental transformation in tactics, it is significantly accelerating the operational life…GBHACKERS.COM
16 DecGerman parliament suffers suspected cyberattack during Zelenskiy’s visit, FT reportssubmitted by kid to cybersecurity 3 points | 0 comments https://www.reuters.com/world/german-parliament-suffers-suspected-cyberattack-during-zelenskiys-visit-ft-2025-12-15/SH.ITJUST.WORKS
16 DecWeekly Update 482Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. Perhaps it's just the time of year where we all start to wind down a bit, or maybe I'm just tired after another massive 12 months, but this week's vid …TROYHUNT.COM
🕵️ THREAT INTELLIGENCE 19[−]
16 DecISC Stormcast For Tuesday, December 16th, 2025 https://isc.sans.edu/podcastdetail/9740, (Tue, Dec 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 DecLW ROUNDTABLE: Part 4, Trust frameworks on trial and the push toward verifiable systemsTrust broke down in 2025 in ways both familiar and new. Old signals stopped working. Identity got fuzzier. Credentials were bypassed, MFA was skirted, and even browser sessions turned into attack surfaces. Meanwhile, AI-driven impersonation blurred the lines between human, ……LASTWATCHDOG.COM
16 DecPornHub extorted after hackers steal Premium member activity datasubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/pornhub-extorted-after-hackers-steal-premium-member-activity-data/SH.ITJUST.WORKS
16 DecChinese Surveillance and AINew report: “ The Party’s AI: How China’s New AI Systems are Reshaping Human Rights .” From a summary article : China is already the world’s largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed…SCHNEIER.COM
16 DecxHunt APT Hackers Attacking Microsoft Exchange and IIS Web Servers to Deploy Custom Backdoorssubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/xhunt-apt-hackers-attacking-microsoft-exchange/SH.ITJUST.WORKS
16 DecNew SantaStealer malware steals data from browsers, crypto walletssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-santastealer-malware-steals-data-from-browsers-crypto-wallets/SH.ITJUST.WORKS
16 DecAtlassian Patches Critical Apache Tika Flaw - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/atlassian-patches-critical-apache-tika-flaw/SH.ITJUST.WORKS
16 DecVerisoul Raises $8.8 Million for Fraud PreventionThe company plans to accelerate product development, scale go-to-market efforts, and hire new talent. The post Verisoul Raises $8.8 Million for Fraud Prevention appeared first on SecurityWeek .SECURITYWEEK.COM
16 DecEcho Raises $35 Million in Series A FundingThe fresh investment comes less than six months after the startup’s seed funding announcement. The post Echo Raises $35 Million in Series A Funding appeared first on SecurityWeek .SECURITYWEEK.COM
16 DecCyberheistNews Vol 15 #50 [NEW FEATURE] KnowBe4 Releases Deepfake Training to Combat AI Threats!KNOWBE4.COM
16 DecCISO Communities – Cybersecurity’s Secret WeaponClosed CISO communities act as an information exchange, advice center, pressure valve, and safe haven from critical oversight. The post CISO Communities – Cybersecurity’s Secret Weapon appeared first on SecurityWeek .SECURITYWEEK.COM
16 DecPornHub extorted after hackers steal Premium member activity datasubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/pornhub-extorted-after-hackers-steal-premium-member-activity-data/INFOSEC.PUB
16 DecWhere Cloud Security Stands Today and Where AI Breaks ItCloud security trends reveal where teams gain ground and fragmentation breaks defense. Explore insights from 2,800 leaders and how cloud, identity and AI risks converge. The post Where Cloud Security Stands Today and Where AI Breaks It appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
16 DecUntangling Hybrid Cloud SecurityNutanix and Palo Alto Networks enable security to match dynamic hybrid cloud environments, jointly offering VM-Series Firewalls for AWS and Microsoft Azure. The post Untangling Hybrid Cloud Security appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
16 DecLink11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026Frankfurt am Main, Germany, December 16th, 2025, CyberNewsWire Link11, a European provider of web infrastructure security solutions, has released new insights outlining five key cybersecurity developments expected to influence how organizations across Europe prepare for and respo…GBHACKERS.COM
16 DecNews Alert: Link11’s Top 5 cybersecurity trends set to shape European defense strategies in 2026Frankfurt, Dec. 16, 2025, CyberNewswire — Link11 , a European provider of web infrastructure security solutions, has released new insights outlining five key cybersecurity developments expected to influence how organizations across Europe prepare for and respond to threats in 202…LASTWATCHDOG.COM
16 DecAmazon disrupts Russian GRU hackers attacking edge network devicesThe Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers' cloud infrastructure. [...]BLEEPINGCOMPUTER.COM
16 DecKubernetes SIGs: Horizontal & VerticalKat Cosgrove explores the intricate web of SIGs—both horizontal and vertical—that power the Kubernetes project. Learn how SIG security and SIG auth are essential in safeguarding your cloud infrastructure. Subscribe to our podcasts: https://securityweekly.com/subscribe #Kubernetes…YOUTUBE.COM
16 DecPornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's pix, Aaran Leyland - SWN #538Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's Pix, Aaran Leyland, and More, on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-538YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
16 DecMost Parked Domains Now Serving Malicious ContentDirect navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now…KREBSONSECURITY.COM
16 DecGhostPoster attacks hide malicious JavaScript in Firefox addon logosA new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. [...]BLEEPINGCOMPUTER.COM
16 DecCellik Android malware builds malicious versions from Google Play appsA new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. [...]BLEEPINGCOMPUTER.COM
16 DecESET Threat Report H2 2025A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research expertsWELIVESECURITY.COM
🎙️ PODCASTS 1[−]
16 DecThe AI Fix #81: ChatGPT is the last AI you’ll understand, and your teacher is a deepfakeIn episode 81 of The AI Fix, Graham discovers that deepfakes are already marking your kids' homework, while Mark glimpses the future when he discovers AI agents that can communicate by reading each other's minds. Also in this episode, a Chinese robot called Miro U proves six arms…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 7[−]
16 DecWhy Data Security and Privacy Need to Start in CodeAI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under signific…THEHACKERNEWS.COM
16 DecMicrosoft to block Exchange Online access for outdated mobile devicesMicrosoft announced on Monday that it will soon block mobile devices running outdated email software from accessing Exchange Online services until they're updated. [...]BLEEPINGCOMPUTER.COM
16 DecHacking group says it’s extorting Pornhub after stealing users’ viewing dataThe Scattered Lapsus$ Hunters hacking collective stole Pornhub premium users’ data, including email addresses and viewing history.TECHCRUNCH.COM
16 DecRogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet DataCybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer. The malicious package, named "Tracer.Fody.NLog," remained on the repository for ne…THEHACKERNEWS.COM
16 DecTexas sues TV makers for taking screenshots of what people watchThe Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology. [...]BLEEPINGCOMPUTER.COM
16 Dec[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL InjectionSummar Employee Portal 3.98.0 - Authenticated SQL InjectionEXPLOIT-DB.COM