Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major…
FBI Seizes Crypto Laundering Hub E-Note Linked to Russian Admin
The FBI and international police have shut down E-Note, a cryptocurrency exchange that laundered over $70 million for cybercriminals. Read about the indictment of a Russian and how the global task force ended his decade-long operation. This article has been…
Chinese-based Ink Dragon Compromises Asia and South America into European Government Networks
Ink Dragon, a Chinese espionage group, has significantly expanded its operations from Southeast Asia and South America into European government networks. This advancement marks a notable shift in the threat actor’s strategic focus, utilizing a blend of well-engineered tools combined…
Hackers Hijacking VNC Connections to Gain Access to OT Control Devices in Critical Infrastructure
A coalition of U.S. and international cybersecurity agencies issued a stark warning this week about pro-Russia hacktivists exploiting exposed Virtual Network Computing (VNC) connections to infiltrate operational technology (OT) systems in critical infrastructure. The joint advisory, released December 9, 2025,…
React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines
Security boffins warn flaw is now being used for ransomware attacks against live networks Microsoft says attackers have already compromised “several hundred machines across a diverse set of organizations” via the React2Shell flaw, using the access to execute code, deploy…
New BeaverTail Malware Variant Linked to Lazarus Group
A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders and developers This article has been indexed from www.infosecurity-magazine.com Read the original article: New BeaverTail Malware Variant Linked to Lazarus Group
Microsoft December Update Breaks Critical IIS Servers
The security updates delivered through KB5071546 have fundamentally broken Message Queuing (MSMQ) functionality across multiple Windows versions. The post Microsoft December Update Breaks Critical IIS Servers appeared first on TechRepublic. This article has been indexed from Security Archives – TechRepublic…
113,000 Impacted by Data Breach at Virginia Mental Health Authority
Threat actors stole names, Social Security numbers, and financial and health information, and deployed ransomware on RBHA’s systems. The post 113,000 Impacted by Data Breach at Virginia Mental Health Authority appeared first on SecurityWeek. This article has been indexed from…
The Biggest Cyber Stories of the Year: What 2025 Taught Us
The Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was…
2025 Federal Retrospective: The Year of Resilient Innovation
Resiliency has been top of mind in 2025, and recent high-profile CVEs serve as holiday reminders that adversaries aren’t slowing down. But what changed this year was how the federal community responded. Increasingly, exploitability drove the clock: when vulnerabilities surfaced…
IT Security News Hourly Summary 2025-12-18 12h : 12 posts
12 posts were published in the last hour 11:2 : FTC Probes Instacart Over AI Pricing Tool 11:2 : U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog 11:2 : IoT Security Firm Exein Raises…
FTC Probes Instacart Over AI Pricing Tool
US trade regulator reportedly investigates Instacart’s AI pricing tool, after study shows shoppers shown wildly different prices This article has been indexed from Silicon UK Read the original article: FTC Probes Instacart Over AI Pricing Tool
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV)…
IoT Security Firm Exein Raises €100 Million
The Italian company has raised nearly $200 million in 2025 for its widely used embedded cybersecurity platform. The post IoT Security Firm Exein Raises €100 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
More than half of public vulnerabilities bypass leading WAFs
Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven threats.…
Apple Allows Alternative App Stores In Japan
Apple opens up iOS to third-party app stores to comply with new Japanese competition law, but retains control, commissions This article has been indexed from Silicon UK Read the original article: Apple Allows Alternative App Stores In Japan
Threats Actors Registering Fake Shopping Domains to Attack Users in this Holiday Season
The 2025 holiday shopping season faces a significant cybersecurity threat as threat actors launch a massive campaign of fake online retail stores. These fraudulent domains are designed to impersonate well-known global brands, tricking unsuspecting consumers into revealing sensitive financial information…
BugTrace – AI-based Penetration Testing Tool to Detect Potential Vulnerabilities
BugTrace-AI, an open-source suite that harnesses generative AI to supercharge vulnerability detection. Launched as a one-stop web security analysis platform, BugTrace-AI blends static (SAST) and dynamic (DAST) testing with AI-driven reconnaissance, payload crafting, and more, all in a sleek React-based…
Critical Vulnerability in Popular Node.js Library Exposes Windows Systems to RCE Attacks
A serious security flaw has been discovered in systeminformation, a popular Node.js library used by thousands of developers. The vulnerability, labelled CVE-2025-68154, allows attackers to run malicious code on Windows computers. All versions up to 5.27.13 are affected, and developers…
Critical Apache Commons Text Vulnerability Enables Remote Code Execution Attacks
A newly disclosed security flaw in Apache Commons Text, tracked as CVE-2025-46295, has been identified as a remote code execution (RCE) vulnerability. That could allow attackers to compromise systems using vulnerable versions of the library. The issue impacts Apache Commons Text versions before 1.10.0,…
Phantom Stealer Attacking Users to Steal Sensitive Data like Passwords, Browser Cookies, Credit Card Data
Phantom Stealer version 3.5 has emerged as a serious threat to users worldwide, capable of extracting sensitive information including passwords, browser cookies, credit card details, and cryptocurrency wallet data. This sophisticated malware operates through deceptive packaging, often disguised as legitimate…
France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry
France’s counterespionage agency is investigating a suspected cyberattack plot targeting an international passenger ferry The post France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government institutions in Southeast Asia and Japan with…
Families Sue Meta Over Instagram ‘Sextortion’ Deaths
Two families sue Meta over teens’ deaths, claiming company prioritised profits over protecting young people from sexual blackmail This article has been indexed from Silicon UK Read the original article: Families Sue Meta Over Instagram ‘Sextortion’ Deaths