CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2022-37055 D-Link Routers Buffer Overflow Vulnerability CVE-2025-66644 Array Networks ArrayOS AG OS Command Injection Vulnerability These types of vulnerabilities are frequent attack…
Petco’s security lapse affected customers’ SSNs, driver’s licenses, and more
Petco said the exposure was due to an error in an application and that it is notifying victims whose data was affected. This article has been indexed from Security News | TechCrunch Read the original article: Petco’s security lapse affected…
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms
The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. The FBI warns that criminals are altering publicly available photos to create fake “proof-of-life” images…
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team Chrome has been advancing the web’s security for well over 15 years, and we’re committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome to keep them safe by…
193 cybercrims arrested, accused of plotting ‘violence-as-a-service’
Minors groomed to kill and intimidate victims Nearly 200 people, including minors accused of involvement in murder plots, have been arrested over the last six months as part of Europol’s Operational Taskforce (OTF) GRIMM. The operation targets what cops call…
How AI-Enabled Adversaries Are Breaking the Threat Intel Playbook
The cybersecurity landscape is undergoing another seismic shift — one driven not just by AI-enabled attackers but by a structural imbalance in how defenders and adversaries innovate. John Watters traces the evolution of modern cyber intelligence from its earliest days…
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT. The attack chain, analyzed by Securonix, involves three main moving…
AWS launches AI-enhanced security innovations at re:Invent 2025
At re:Invent 2025, AWS unveiled its latest AI- and automation-enabled innovations to strengthen cloud security for customers to grow their business. Organizations are likely to increase security spending from $213 billion in 2025 to $377 billion by 2028 as they…
New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites
Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access. This article has been…
Vulnerability Summary for the Week of December 1, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10web–10Web Booster Website speed optimization, Cache & Page Speed optimizer The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable…
Stronger together: New Beazley collaboration enhances cyber resilience
To bolster security for our customers, we need to align with our ecosystem partners. Our new collaboration with Beazley as an incident response partner is a step in that direction. The post Stronger together: New Beazley collaboration enhances cyber resilience…
Hackers Exploit AWS IAM Eventual Consistency to Establish Persistence
A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale…
Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware
A deceptive Android application lurking in the Google Play Store, disguised as a document reader and file manager, but delivering the Anatsa banking trojan to users. Cybersecurity firm Zscaler ThreatLabz found an app named “Document Reader – File Manager” by…
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks
Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations. The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
End to End-to-end Encryption? Google Update Allows Firms to Read Employee Texts
Your organization can now read your texts Microsoft stirred controversy when it revealed a Teams update that could tell your organization when you’re not at work. Google did the same. Say goodbye to end-to-end encryption. With this new RCS and…
Meta Begins Removing Under-16 Users Ahead of Australia’s New Social Media Ban
Meta has started taking down accounts belonging to Australians under 16 on Instagram, Facebook and Threads, beginning a week before Australia’s new age-restriction law comes into force. The company recently alerted users it believes are between 13 and 15…
IT Security News Hourly Summary 2025-12-08 18h : 5 posts
5 posts were published in the last hour 17:3 : Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings 17:3 : Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more 17:3 : New GhostFrame Super Stealthy…
Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings
Google warns Chrome users of rising “account takeovers” and urges stronger authentication to keep accounts and synced data safe. The post Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings appeared first on TechRepublic. This article has…
Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more
Petco said the exposure was due to an error in an application, and that it is notifying victims’ whose data was affected. This article has been indexed from Security News | TechCrunch Read the original article: Petco’s security lapse affected…
New GhostFrame Super Stealthy Phishing Kit Attacks Millions of Users Worldwide
A sophisticated new phishing kit called GhostFrame has already been used to launch over 1 million attacks. First discovered in September 2025 by Security researchers at Barracuda, this stealthy tool represents a dangerous evolution in phishing-as-a-service technology. What makes GhostFrame…
ClayRat Android Spyware Expands Capabilities
A new version of ClayRat Android spyware features enhanced surveillance and device-control features This article has been indexed from www.infosecurity-magazine.com Read the original article: ClayRat Android Spyware Expands Capabilities
Ransomware peaked in 2023 prior to law enforcement actions
U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Ransomware peaked in 2023 prior to law enforcement actions
Oracle EBS zero-day used by Clop to breach Barts Health NHS
Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added…
NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety
As artificial intelligence systems become more autonomous, their ability to interact with digital tools and data introduces complex new risks. Recognizing this challenge, researchers from NVIDIA and Lakera AI have collaborated on a new paper proposing a unified framework for…