🚨 CISA KEV 1[−]
19 Dec KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-14733 WatchGuard Firebox Out-of-Bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyb…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 18[−]
19 DecHPE OneView vulnerable to remote code execution attackA maximum severity remote code execution vulnerability in Hewlett Packard Enterprise (HPE) OneView network and systems management suite is “bad” and needs to be patched immediately, says a cybersecurity expert. “Vendors typically downplay the severity of a vulnerability,” says Cu…CSOONLINE.COM
19 DecReact2Shell is the Log4j moment for front end developmentAttackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Financially-motivated attackers have found a way to use the flaw, dubbed React2Shell ( CVE-2025-55182 ), to ex…CSOONLINE.COM
19 DecCVE-2025-37951 drm/v3d: Add job to pending list if the reset was skippedInformation published.MSRC.MICROSOFT.COM
19 DecCVE-2025-38063 dm: fix unconditional IO throttle caused by REQ_PREFLUSHInformation published.MSRC.MICROSOFT.COM
19 DecCVE-2025-38071 x86/mm: Check return value from memblock_phys_alloc_range()Information published.MSRC.MICROSOFT.COM
19 DecCVE-2025-38074 vhost-scsi: protect vq->log_used with vq->mutexInformation published.MSRC.MICROSOFT.COM
19 DecCVE-2025-38067 rseq: Fix segfault on registration when rseq_cs is non-zeroInformation published.MSRC.MICROSOFT.COM
19 DecCVE-2025-38118 Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_completeInformation published.MSRC.MICROSOFT.COM
19 DecCVE-2025-38126 net: stmmac: make sure that ptp_rate is not 0 before configuring timestampingInformation published.MSRC.MICROSOFT.COM
19 DecCVE-2025-38131 coresight: prevent deactivate active config while enabling the configInformation published.MSRC.MICROSOFT.COM
19 DecNew Linux Kernel Rust Vulnerability Triggers System CrashesA critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires …GBHACKERS.COM
19 Dec KEVWatchGuard Zero-Day Actively Exploited to Seize Control of FirewallsWatchGuard has issued an urgent warning regarding a critical zero-day vulnerability in its Firebox firewall appliances that is currently being exploited in the wild. The flaw, tracked as CVE-2025-14733, allows remote attackers to seize control of affected devices without needing …GBHACKERS.COM
19 DecWatchGuard Warns of Active Exploitation of Critical Fireware OS VPN VulnerabilityWatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process th…THEHACKERNEWS.COM
19 Dec KEVWatchGuard fixes ‘critical’ zero-day allowing firewall takeoverWatchGuard has issued an urgent patch alert for its Firebox firewall appliances after discovering a critical-rated vulnerability that is under exploit by threat actors. Tracked as CVE-2025-14733 , with a CVSS score of 9.3, the flaw is an Out-of-bounds Write vulnerability affectin…CSOONLINE.COM
19 DecHackers Leverage Gladinet Triofox 0-Day Vulnerability to Run Malicious CodeA critical remote code execution vulnerability in Gladinet Triofox is now under active exploitation by threat actors, and security researchers have demonstrated that weaponizing the flaw requires far more sophistication than initial analyses suggest. CVE-2025-12480, tracked by UN…GBHACKERS.COM
19 DecApache Log4j Flaw Enables Interception of Sensitive Logging DataThe Apache Software Foundation has released a critical security update for its widely used Log4j logging library. A newly discovered vulnerability, tracked as CVE-2025-68161, allows attackers to intercept or redirect sensitive log data by exploiting a flaw in how the software est…GBHACKERS.COM
19 DecNew Kibana Vulnerabilities Allow Attackers to Embed Malicious ScriptsElastic has released critical security updates to address a dangerous cross-site scripting (XSS) vulnerability affecting multiple versions of Kibana. The vulnerability, tracked as CVE-2025-68385, allows authenticated attackers to inject malicious scripts into web pages served to …GBHACKERS.COM
19 DecVulnerability-Lookup 2.20.0submitted by cm0002 to cybersecurity 1 points | 0 comments Just in time for the end of the year, we’re happy to share our final release before the holidays: Vulnerability-Lookup 2.20.0 🎄 What’s New GCVE (Global CVE Allocation System): Relationships We’ve updated the bundled Vulno…INFOSEC.PUB
⚠️ VULNERABILITY DISCLOSURE 27[−]
19 DecHow we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attacksubmitted by BrikoX to cybersecurity 1 points | 1 comments https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28 How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attackSH.ITJUST.WORKS
19 DecOn the Zero Day of Christmas - Cisco Devices Under AttackCybersecurity Today: Cisco Zero Day Exploited & Maritime Cyber Attack Unfolds In this episode of Cybersecurity Today, host David Shipley discusses a series of critical cybersecurity incidents, including the exploitation of a zero-day flaw in Cisco email security infrastructure by…CYBERSECURITYTODAY.LIBSYN.COM
19 DecManaging agentic AI risk: Lessons from the OWASP Top 10LLM-powered chatbots have risks that we see playing out in the headlines on a nearly daily basis. But chatbots are limited to answering questions. AI agents, however, access data and tools and carry out tasks, making them infinitely more capable – and more dangerous to enterprise…CSOONLINE.COM
19 DecNews alert: INE expands partnerships to scale hands-on cyber training across Middle East, AsiaCARY, N.C., Dec. 11, 2025, CyberNewswire — INE Security , a global leader in specialized cybersecurity and IT training, today announced continued significant expansion across the Middle East and Asia, capitalizing on major regional learning initiatives. The company’s unique, hand…LASTWATCHDOG.COM
19 DecNew UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI MotherboardsCertain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interf…THEHACKERNEWS.COM
19 DecMicrosoft Patches MSMQ Flaw That Affects IIS Web ServersMicrosoft has released an out-of-band security update to address a significant vulnerability in Message Queuing (MSMQ) functionality that impacts Windows 10 systems running IIS web servers and enterprise environments. The flaw, discovered and documented in the December 9, 2025 up…GBHACKERS.COM
19 DecRoundcube Flaws Let Attackers Execute Malicious ScriptsRoundcube, the widely used open-source webmail software, has officially released critical security updates to address two significant vulnerabilities in its 1.6 and 1.5 LTS (Long-Term Support) versions. These flaws could allow attackers to execute malicious scripts or expose sens…GBHACKERS.COM
19 DecClop Ransomware Group Targets Gladinet CentreStack Servers to Exfiltrate DataThe notorious Clop ransomware group has launched a new data extortion campaign targeting internet-facing Gladinet CentreStack file servers, exploiting an unknown vulnerability to steal sensitive corporate information. Incident responders from the Curated Intelligence community fi…GBHACKERS.COM
19 DecOpenAI’s GPT-5.2 Codex Boosts Agentic Coding and Cyber Vulnerability DetectionOpenAI has officially released GPT-5.2-Codex, marking a significant leap forward in AI-driven software engineering and defensive cybersecurity. Described as the most advanced “agentic” coding model to date, this new iteration is optimized to handle complex, long-horiz…GBHACKERS.COM
19 Dec KEVNew critical WatchGuard Firebox firewall flaw exploited in attacksWatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. [...]BLEEPINGCOMPUTER.COM
19 DecCisco bestätigt Zero-Day-Exploit für Secure EmailCisco hat eine Zero-Day-Lücke in seinen Secure-Email-Produkten entdeckt. JarTee – shutterstock.com Cisco Talos hat kürzlich eine Cyberkampagne entdeckt, die auf Ciscos AsyncOS-Software für Secure Email Gateway, Secure Email und Web Manager abzielt. Die Kampagne soll mindestens se…CSOONLINE.COM
19 DecNigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 AttacksAuthorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme. The N…THEHACKERNEWS.COM
19 DecAttackers bring their own passwords to Cisco and Palo Alto VPNsSecurity researchers have flagged a coordinated credential-based campaign targeting VPN authentication endpoints from Cisco and Palo Alto Networks. Over just two days in mid-December, attackers launched large-scale automated login attempts against Cisco’s SSL VPN and Palo Alto Ne…CSOONLINE.COM
19 DecAI Advertising Company HackedAt least some of this is coming to light : Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone farm to manage at least hundreds of AI-generated social media accounts and promote products has been hacked. The hack reveals what products the AI-generated ac…SCHNEIER.COM
19 DecCISA Warns of Exploited Flaw in Asus Update Tool - SecurityWeeksubmitted by kid to cybersecurity 3 points | 0 comments https://www.securityweek.com/cisa-warns-of-exploited-flaw-in-asus-update-tool/SH.ITJUST.WORKS
19 DecHPE warns of maximum severity RCE flaw in OneView softwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hpe-warns-of-maximum-severity-rce-flaw-in-oneview-software/SH.ITJUST.WORKS
19 DecDocker Makes 1,000 Hardened Images Free and Open SourceMillions of developers can now use the secure, production-ready images made by Docker. The post Docker Makes 1,000 Hardened Images Free and Open Source appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecBe Careful of That Warrant for Your ArrestA popular phone call/voicemail scam (i.e., vishing ) involves someone calling you, claiming to be law enforcement with a warrant for your arrest, and then offers you an opportunity to avoid arrest by paying the “fine.”KNOWBE4.COM
19 DecOver 25,000 FortiCloud SSO devices exposed to remote attacksInternet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability. [...]BLEEPINGCOMPUTER.COM
19 DecCracked Software and YouTube Videos Spread CountLoader and GachiLoader MalwareCybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader. The campaign "uses CountLoader as the initial tool in a multistag…THEHACKERNEWS.COM
19 Dec81% of Small Businesses Sustained a Cyber Incident Over the Past YearEighty-one percent of small businesses suffered a security or data breach over the past year, and 38% of these businesses were forced to raise their prices as a result, a report from the Identity Theft Resource Center (ITRC) has found.KNOWBE4.COM
19 DecCISO's Top Priority: Mandatory Cybersecurity PolicyBefore becoming CIO of the Pentagon, Kirsten Davies was already clear on one thing: Security only works when it’s required. In this clip from a 2024 interview, Davies breaks down the first move of real cyber leadership—establishing mandatory, enforceable cybersecurity policy that…YOUTUBE.COM
19 DecHundreds of Cisco customers are vulnerable to new Chinese hacking campaign, researchers sayCisco warned that Chinese government hackers are exploiting a zero-day in some of its products. Researchers now say there are hundreds of vulnerable Cisco customers.TECHCRUNCH.COM
19 DecMapping the Emerging Alliance Between Qilin, DragonForce, and LockBitIn mid-September 2025, the ransomware landscape witnessed a significant development when DragonForce announced an alliance with Qilin and LockBit on a Russian underground forum. The announcement, posted on September 15, 2025, claimed the three groups were joining forces to naviga…GBHACKERS.COM
19 DecCloud Atlas Exploits Office Vulnerabilities to Execute Malicious CodeThe Cloud Atlas threat group, active since 2014, continues to pose a significant risk to organizations in Eastern Europe and Central Asia through sophisticated attacks leveraging legacy Microsoft Office vulnerabilities. Security researchers have documented the group’s expan…GBHACKERS.COM
19 DecIranian APT Prince of Persia returns with new malware and C2 infrastructureResearchers have discovered new activity from a threat actor dubbed Prince of Persia that’s believed to be tied to the Iranian government. The group appeared to have gone dormant in 2022 after multiple security companies documented its operations and crippled its command-and-cont…CSOONLINE.COM
19 DecCan chatbots craft correct code?I recently attended the AI Engineer Code Summit in New York, an invite-only gathering of AI leaders and engineers. One theme emerged repeatedly in conversations with attendees building with AI: the belief that we’re approaching a future where developers will never need to look at…TRAILOFBITS.COM
📢 SECURITY ADVISORIES 9[−]
19 DecAmazon Identified North Korean IT Worker by Tracking Keystroke ActivityAmazon has uncovered a North Korean imposter posing as a U.S.-based systems administrator. The discovery was made not through traditional background checks but by analyzing the subtle timing of the worker’s typing. According to a report from Bloomberg, Amazon security speci…GBHACKERS.COM
19 DecUS Shuts Down Crypto Exchange E-Note, Charges Russian AdministratorThe exchange has been allegedly involved in laundering money for ransomware groups and other transnational cybercriminal organizations. The post US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecFrance confirms Interior Ministry cyberattack as hackers claim 16M people exposed | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/france-interior-ministry-beauvau-data-breach/SH.ITJUST.WORKS
19 DecDismantling Defenses: Trump 2.0 Cyber Year in ReviewThe Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corrup…KREBSONSECURITY.COM
19 DecCISA and Partners Release Update to Malware Analysis Report BRICKSTORM BackdoorToday, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional …CISA.GOV
🔥 INCIDENT REPORTING 16[−]
19 DecUniversity of Sydney Suffers Cyberattack, Student and Staff Data ExposedThe University of Sydney has alerted its community to a significant cybersecurity breach involving the unauthorized access of a code library. The incident, confirmed by university officials on December 18, 2025, has exposed the personal information of thousands of current and for…GBHACKERS.COM
19 DecClop ransomware targets Gladinet CentreStack in data theft attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/SH.ITJUST.WORKS
19 DecUS seizes E-Note crypto exchange for laundering ransomware paymentssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/us-seizes-e-note-crypto-exchange-for-laundering-ransomware-payments/SH.ITJUST.WORKS
19 DecUniversity of Sydney Data Breach Affects 27,000 IndividualsDownloaded from a code library, the information pertains to current and former staff and affiliates, and to alumni and students. The post University of Sydney Data Breach Affects 27,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecUniversity of Sydney suffers data breach exposing student and staff infosubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/university-of-sydney-suffers-data-breach-exposing-student-and-staff-info/SH.ITJUST.WORKS
19 DecDenmark blames Russia for destructive cyberattack on water utilityDanish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations. [...]BLEEPINGCOMPUTER.COM
19 DecHackers breach internal servers of tech provider for Britain’s health service | The Record from Recorded Future Newssubmitted by kid to cybersecurity 4 points | 0 comments https://therecord.media/uk-nhs-tech-provider-dxs-discloses-hackSH.ITJUST.WORKS
19 Dec113,000 Impacted by Data Breach at Virginia Mental Health Authority - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/113000-impacted-by-data-breach-at-virginia-mental-health-authority/SH.ITJUST.WORKS
19 DecHacks, thefts and disruption: The worst data breaches of 2025TechCrunch looks back at the biggest data breaches, disruptive cyberattacks, and damaging hacks of 2025, from the raiding of U.S. government databases to a hack every month in South Korea.TECHCRUNCH.COM
19 DecCriminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident responseCriminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks' Cortex XSOAR. [...]BLEEPINGCOMPUTER.COM
19 DecDenmark Blames Russia for Cyberattacks Ahead of Elections and on Water UtilityDanish intelligence service said the attacks were part of Russia’s “hybrid war” against the West and an attempt to create instability. The post Denmark Blames Russia for Cyberattacks Ahead of Elections and on Water Utility appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecIn Other News: Docker AI Attack, Google Sues Chinese Cybercriminals, Coupang Hacked by EmployeeOther noteworthy stories that might have slipped under the radar: Trump could use private firms for cyber offensive, China threat to US power grid, RaccoonO365 suspect arrested in Nigeria. The post In Other News: Docker AI Attack, Google Sues Chinese Cybercriminals, Coupang Hacke…SECURITYWEEK.COM
19 DecNigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platformThe Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. [...]BLEEPINGCOMPUTER.COM
19 DecRussia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account TakeoversA suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover attacks. The activity, ongoing since September 2025, is being tracked by Proofpoi…THEHACKERNEWS.COM
19 DecIranian APT Targeting Networks and Critical Infrastructure OrganizationsIranian state-sponsored threat actors, previously thought to have gone dormant, have resurfaced with sophisticated new malware campaigns targeting critical infrastructure organizations globally. A new research report released by SafeBreach Labs reveals that the “Prince of P…GBHACKERS.COM
19 DecCriminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident responseTorrance, United States / California, December 19th, 2025, CyberNewsWire Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks’ Cortex XSOAR. The inte…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 22[−]
19 DecISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746, (Fri, Dec 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 DecWhatsApp, Signal, untraceable security risksubmitted by Spot to cybersecurity 1 points | 0 comments https://www.techradar.com/pro/security/three-billion-whatsapp-users-are-at-risk-an-expert-has-developed-a-tool-that-could-spy-on-everyone-and-you-would-never-know-about-it Three billion WhatsApp users are at risk - an exper…SH.ITJUST.WORKS
19 DecTargeted Phishing Attack Strikes HubSpot UsersEvalian’s Security Operations Centre has uncovered an active, sophisticated phishing campaign targeting HubSpot customers, combining business email compromise (BEC) tactics with website compromise to distribute a credential-stealing malware to unsuspecting users. The multi-…GBHACKERS.COM
19 DecNorth Korean Hackers Set Record with $2 Billion Crypto Heist in 2025North Korean cybercriminals shattered previous records in 2025, stealing at least $2.02 billion in cryptocurrency through a sophisticated campaign that represents the most successful year ever for state-sponsored digital theft despite fewer confirmed attacks. This unprecedented h…GBHACKERS.COM
19 DecNorth Korea’s Digital Surge: $2B Stolen in Crypto as Amazon Blocks 1,800 Fake IT WorkersData from Chainalysis and Amazon offers a glimpse into North Korea’s cyber activities surrounding cryptocurrency theft and fake IT workers. The post North Korea’s Digital Surge: $2B Stolen in Crypto as Amazon Blocks 1,800 Fake IT Workers appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecDLLs & TLS Callbacks, (Fri, Dec 19th)Xavier&#;x26;#;39;s diary entry " Abusing DLLs EntryPoint for the Fun " inspired me to do some tests with TLS Callbacks and DLLs.
ISC.SANS.EDU
19 DecNew BeaverTail Malware Variant Linked to Lazarus Group - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/beavertail-variant-linked-lazarus/SH.ITJUST.WORKS
19 Dec‘Kimwolf’ Android Botnet Ensnares 1.8 Million DevicesLinked to the Aisuru IoT botnet, Kimwolf was seen launching over 1.7 billion DDoS attack commands and increasing its C&C domain’s popularity. The post ‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecDormant Iran APT is Still Alive, Spying on Dissidentssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/iran-apt-spying-dissidentsSH.ITJUST.WORKS
19 DecNew password spraying attacks target Cisco, PAN VPN gatewayssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-password-spraying-attacks-target-cisco-pan-vpn-gateways/SH.ITJUST.WORKS
19 DecOAuth Device Code Phishing Campaigns Surge Targets Microsoft 365 - Infosecurity Magazinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/oauth-phishing-campaigns/SH.ITJUST.WORKS
19 DecChinese APT ‘LongNosedGoblin’ Targeting Asian GovernmentsThe hacking group has been using Group Policy to deploy cyberespionage tools on governmental networks. The post Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecHandheld Linux Hacking DeviceEngineers turned a casual idea into reality with a handheld Linux device powered by STMicro's STM32MP157 chip. This versatile gadget, born from innovation and creativity, opens new doors in tech and cybersecurity. Subscribe to our podcasts: https://securityweekly.com/subscribe #L…YOUTUBE.COM
19 DecAI Security Firm Ciphero Emerges From Stealth With $2.5 Million in FundingThe startup’s solution captures, verifies, and governs all AI interactions within an enterprise’s environment. The post AI Security Firm Ciphero Emerges From Stealth With $2.5 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecPalo Alto Networks, Google Cloud Strike Multibillion-Dollar AI and Cloud Security DealThe agreement strengthens technical and commercial ties as Palo Alto migrates workloads and adopts Google’s Vertex AI and Gemini models. The post Palo Alto Networks, Google Cloud Strike Multibillion-Dollar AI and Cloud Security Deal appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecMicrosoft 365 accounts targeted in wave of OAuth phishing attacksMultiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. [...]BLEEPINGCOMPUTER.COM
19 DecThailand Conference Launches International Initiative to Fight Online ScamsSimilar pledges to fight scam networks were made by members of the Association of Southeast Asian Nations in the months leading up to the Bangkok conference. The post Thailand Conference Launches International Initiative to Fight Online Scams appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecBlueDelta Hackers Target Users of Popular Ukrainian Webmail and News ServiceRussian state-sponsored threat group BlueDelta has conducted a sustained credential-harvesting campaign targeting users of UKR.NET, one of Ukraine’s most popular webmail and news services, between June 2024 and April 2025. According to research by Recorded Future’s In…GBHACKERS.COM
19 DecScripted Sparrow Utilizes Automation to Generate and Dispatch Attack MessagesScripted Sparrow, a prolific Business Email Compromise (BEC) collective with members spanning three continents, has raised significant concerns among cybersecurity researchers due to the sophisticated automation infrastructure underlying their large-scale fraudulent operations. R…GBHACKERS.COM
19 DecAuld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet - SWN #539Auld Lang Syne, Ghostpairing, Centerstack, OneView, WAFS, React2Shell Redux, Crypto, Josh Marpet, and More, on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-539YOUTUBE.COM
19 DecFriday Squid Blogging: Petting a SquidVideo from Reddit shows what could go wrong when you try to pet a—looks like a Humboldt—squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
19 DecAI Risks: OWASP's Top 10Discover the OWASP AI Top 10 list, highlighting the latest risks from AI, including agent goal hijacking and identity abuse. Stay informed to manage risks effectively in your supply chain and beyond. Subscribe to our podcasts: https://securityweekly.com/subscribe #OWASP #RiskMana…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
19 DecFTC: Instacart to refund $60M over deceptive subscription tacticsGrocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. [...]BLEEPINGCOMPUTER.COM
19 DecNew cybersecurity laws and trends in 2026 | Kaspersky official blogWhat you need to know about age restrictions, data leaks, safe AI, and other cybersecurity trends that will shape the year 2026.KASPERSKY.COM
📡 INFOSEC NEWS 2[−]
19 DecNew UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRockThe UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. [...]BLEEPINGCOMPUTER.COM
19 DecMicrosoft confirms Teams is down and messages are delayedMicrosoft Teams is experiencing issues, with thousands reporting problems sending messages, including delays. [...]BLEEPINGCOMPUTER.COM