44Articles
5Categories
2026-01-02Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
2 JanApache NuttX Flaw Allows Attackers to Crash Embedded SystemsThe Apache Software Foundation has released a security advisory addressing a memory corruption vulnerability in the Apache NuttX Real-Time Operating System (RTOS). Tracked as CVE-2025-48769, this flaw affects widely used embedded systems and could allow attackers to destabilize d…GBHACKERS.COM
2 JanGNU Wget2 Vulnerability Enables Remote File Overwrite AttacksA high-severity security flaw has been discovered in GNU Wget2, a popular command-line tool used for downloading files from the web. The vulnerability, tracked as CVE-2025-69194, allows remote attackers to overwrite files on a user’s computer without their permission. This …GBHACKERS.COM
2 JanCISA Issues Warning on WHILL Model C2 Wheelchair Takeover VulnerabilitiesThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a severe security flaw in WHILL Model C2 electric wheelchairs and Model F power chairs that could allow attackers to hijack the devices via Bluetooth. The vulnerability, tracked as CVE-…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 12[−]
2 JanWie KI die Cybersicherheit neu gestaltetsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/12/shutterstock_2546315779_16.jpg?quality=50&strip=all 3840w, https://b2b-contenthub.com/wp-content/uploads/2025/12/shutterstock_2546315779_16.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-conten…CSOONLINE.COM
2 JanCybersecurity skills matter more than headcount in the AI eraCybersecurity teams are navigating a shift as skills shortages overtake headcount as the primary concern, according to ISC2’s 2025 Cybersecurity Workforce Study . The research, based on responses from some 16,029 cybersecurity professionals globally, reveals that while budget cut…CSOONLINE.COM
2 JanCybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing CampaignCybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails. The activity, Check Point said, takes advantage o…THEHACKERNEWS.COM
2 JanRondoDox Botnet Exploiting React2Shell VulnerabilityIn December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
2 Jan KEVTwo cybersecurity experts plead guilty to running ransomware operationTwo cybersecurity professionals charged with running a ransomware operation have pleaded guilty to conspiring to obstruct, delay, or affect commerce through extortion. They will be sentenced on March 12, 2026, the US Department of Justice announced this week. Ryan Goldberg and Ke…CSOONLINE.COM
2 JanGoogle Tasks Feature Exploited in New Sophisticated Phishing CampaignOver 3,000 organisations, predominantly in manufacturing, fell victim to a sophisticated phishing campaign in December 2025 that leveraged Google’s own application infrastructure to bypass enterprise email security controls. Attackers sent deceptive messages from noreply-ap…GBHACKERS.COM
2 JanRondoDoX Botnet Abuses React2Shell Vulnerability for Malware DeploymentCloudSEK has uncovered a sustained nine-month campaign by the RondoDoX botnet operation, revealing rapid exploitation of emerging vulnerabilities including the critical React2Shell vulnerability. Analysis of exposed command-and-control logs spanning March through December 2025 de…GBHACKERS.COM
2 JanRondoDox botnet exploits React2Shell flaw to breach Next.js serverssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/SH.ITJUST.WORKS
2 JanThe Kimwolf Botnet is Stalking Your Local NetworkThe story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you though…KREBSONSECURITY.COM
2 JanCritical vulnerability in IBM API Connect could allow authentication bypass | CSO Onlinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.csoonline.com/article/4112265/critical-vulnerability-in-ibm-api-connect-could-allow-authentication-bypass-2.htmlSH.ITJUST.WORKS
2 Jan KEVOver 10K Fortinet firewalls exposed to actively exploited 2FA bypassOver 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. [...]BLEEPINGCOMPUTER.COM
2 JanDefending the Boundaryless Cloud: Understanding Threats That Matter - SWN #543Cloud breaches don’t always start in the cloud, but they do end there. To defeat an attacker you need to understand their mission target along with the access points available to them, regardless of whether they reside within or beyond the cloud. SentinelOne is purpose-built to s…YOUTUBE.COM
🔥 INCIDENT REPORTING 9[−]
2 JanCovenant Health Data Breach Impacts 478,000 IndividualsThe Qilin ransomware group hacked the healthcare organization and stole data from its systems in May 2025. The post Covenant Health Data Breach Impacts 478,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
2 Jan KEVTwo US Cybersecurity Pros Plead Guilty Over Ransomware AttacksRyan Goldberg and Kevin Martin have admitted being affiliates of the BlackCat/Alphv ransomware group. The post Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
2 JanThe ROI Problem in Attack Surface ManagementAttack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.  Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership a…THEHACKERNEWS.COM
2 JanTransparent Tribe Launches New RAT Attacks Against Indian Government and AcademiaThe threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. "The campaign employs deceptive …THEHACKERNEWS.COM
2 JanHandala Hackers Breach Telegram Accounts Linked to Israeli OfficialsIn December 2025, the Iran-linked hacking group known as Handala escalated its influence operations against Israel’s political establishment by publishing material it claimed was pulled from the fully “compromised” mobile devices of two high-profile officials. A technical review …GBHACKERS.COM
2 JanHacker Group Claims Responsibility for Alleged Tokyo FM Broadcasting BreachA threat actor operating under the alias “victim” has claimed responsibility for a significant data breach targeting Tokyo FM Broadcasting Co., Ltd., a central radio broadcasting station in Japan. The alleged intrusion, which was observed on January 1, 2025, reportedl…GBHACKERS.COM
2 JanCognizant Faces Multiple US Class-Action Lawsuits After TriZetto Data BreachCognizant Technology Solutions is facing a wave of legal challenges in the United States following a significant data breach at its subsidiary, TriZetto Provider Solutions (TPS). The IT services giant has been hit with at least three class-action lawsuits alleging that it failed …GBHACKERS.COM
2 JanCryptocurrency theft attacks traced to 2022 LastPass breachBlockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. [...]BLEEPINGCOMPUTER.COM
2 JanCovenant Health says May data breach impacted nearly 478,000 patientsThe Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 13[−]
2 JanCareto Hacker Group Resurfaces After a Decade, Unleashing New Attack TechniquesThe legendary Careto threat actor, also known as “The Mask,” has resurfaced after a decade-long disappearance, employing sophisticated new attack methods that demonstrate the group’s continued evolution and technical prowess. Kaspersky researchers unveiled these…GBHACKERS.COM
2 JanThe Attacks That Defined 2025submitted by noumenon to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2025/12/supply-chains-ai-and-the-cloud-the-biggest-failures-and-one-success-of-2025/INFOSEC.PUB
2 JanAdobe ColdFusion Servers Targeted in Coordinated CampaignGreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
2 JanFlock Exposes Its AI-Enabled Surveillance Cameras404 Media has the story : Unlike many of Flock’s cameras, which are designed to capture license plates as people drive by, Flock’s Condor cameras are pan-tilt-zoom (PTZ) cameras designed to record and track people, not vehicles. Condor cameras can be set to automatica…SCHNEIER.COM
2 JanCardano Users Warned of Possible Phishing Attempt Posing as ‘Eternl Desktop’ UpdateA sophisticated phishing campaign is currently circulating within the Cardano community, utilizing high-trust social engineering to distribute malware under the guise of a new wallet application. The campaign centers on a professionally crafted email announcement titled “Eternl D…GBHACKERS.COM
2 JanThreat Actors Test a Highly Obfuscated, Modified Variant of the Shai Hulud MalwareSecurity researchers have identified what appears to be the first instance of a newly modified Shai Hulud malware strain uploaded to the npm registry approximately 30 minutes ago, disguised within the package @vietmoney/react-big-calendar. The discovery suggests threat actors are…GBHACKERS.COM
2 JanJust a moment...submitted by kid to cybersecurity 1 points | 0 comments https://www.techrepublic.com/article/news-apache-streampipes-flaw-lets-anyone-become-admin/SH.ITJUST.WORKS
2 JanTrust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.htmlSH.ITJUST.WORKS
2 JanPopular extensions caught poaching user chats with AI | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/legit-browser-extensions-poaching-ai-chats/SH.ITJUST.WORKS
2 JanCybersecurity Skills Gap: Myth?A study questions the reported cybersecurity skills gap. The actual number of available jobs may be much lower. Is the skills gap in cybersecurity a myth? Subscribe to our podcasts: https://securityweekly.com/subscribe #SkillsGap #JobMarket #SecurityWeekly #Cybersecurity #Informa…YOUTUBE.COM
2 JanHackers drain $3.9M from Unleash Protocol after multisig hijacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/SH.ITJUST.WORKS
2 JanFriday Squid Blogging: Squid Found in Light FixtureProbably a college prank . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
2 JanAI's Data Security ChallengeData security is a critical challenge in AI and cybersecurity. Ignoring this risk could double existing data problems. What strategies can enhance data protection in AI systems? Subscribe to our podcasts: https://securityweekly.com/subscribe AISecurity #DataChallenge #SecurityWee…YOUTUBE.COM
📡 INFOSEC NEWS 3[−]
2 JanTrust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attackTrust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November. [...]BLEEPINGCOMPUTER.COM
2 JanGoogle is testing a new image AI and it's going to be its fastest modelGoogle is testing a new image AI model called "Nano Banana 2 Flash," and it's going to be as good as the Gemini 3 Pro Nano Banana, but it'll be cheaper. [...]BLEEPINGCOMPUTER.COM
2 JanDebugging DNS response times with tshark, (Fri, Jan 2nd)One of my holiday projects was to redo and optimize part of my home network. One of my homelab servers failed in November. I had only thrown&#;x26;#;xc2;&#;x26;#;xa0;the replacement in the rack to get going, but some cleanup…ISC.SANS.EDU