A critical security advisory addressing multiple severe vulnerabilities in Cisco Unified Contact Center Express (Unified CCX). That could allow unauthenticated remote attackers to execute arbitrary commands and compromise affected systems. The vulnerabilities were disclosed on November 5, 2025, with the…
HPE OneView Software Vulnerability Let Attackers Execute Remote Code
A critical security alert warns customers about a severe vulnerability in HPE OneView Software that could allow remote attackers to execute arbitrary code without authentication. The flaw, tracked as CVE-2025-37164, carries a CVSS severity score of 10.0, indicating maximum critical…
CISA Adds ASUS Embedded Malicious Code Vulnerability to KEV List Following Active Exploitation
CISA has added a new ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling urgent risk for affected users and organizations. The flaw, tracked as CVE-2025-59374, affects ASUS Live Update, a utility commonly used to deliver firmware and software updates to…
HPE Patches Critical Flaw in IT Infrastructure Management Software
Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks
ASRock, Asus, Gigabyte, and MSI motherboards are vulnerable to early-boot DMA attacks. The post UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: UEFI Vulnerability in…
Crypto theft in 2025: North Korean hackers continue to dominate
When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers stole $2.02 billion in…
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is…
AI Agent Attacks in Q4 2025 Signal New Risks for 2026
Q4 2025 attacks show early AI agents are already expanding the attack surface, pushing enterprises to rethink AI security for 2026. The post AI Agent Attacks in Q4 2025 Signal New Risks for 2026 appeared first on eSecurity Planet. This…
Another bad week for SonicWall as SMA 1000 zero-day under active exploit
Flaw in remote-access appliance lets attackers chain bugs for root-level takeover SonicWall has warned customers of a zero-day flaw in its SMA 1000 remote-access appliance that’s being actively exploited, potentially allowing attackers to escalate privileges and take over boxes.… This…
Check Point Infinity Global Services Launches First AI Security Training Courses
Artificial Intelligence is transforming every industry, unlocking new opportunities while introducing new risks. That is why Infinity Global Services (IGS) is proud to announce the launch of our first dedicated AI security training courses. This is the first release in…
The Power of Large Language Models for Cybersecurity
Our dependence on digital infrastructure has grown exponentially amid unprecedented technological advancements. With this reliance comes an increasingly threatening landscape and expanding attack surfaces. As cyberthreats become more sophisticated, so must our defensive strategies. Enter large language models (LLMs) and…
Malicious Software Compromises 26000 Devices Across New Zealand
Thousands of devices have been infected with malware through New Zealand’s National Cyber Security Center, showing the persistent risk posed by credential-stealing cybercrime, which has been causing New Zealand’s National Cyber Security Center to notify individuals after an exposure. About…
India Witnesses Sharp Surge in Cybercrime, Fraud Dominates NCRB 2023 Report
The cybercrime landscape in India has witnessed a drastic increase with NCRB data indicating cases jacking up from above 52,000 in 2021 to over 86,000 by 2023 led by fraud and online financial crime. Concurrently, threat intelligence shows that India is…
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring
Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms to…
Apiiro unveils AI SAST built on deep code analysis to eliminate false positives
Apiiro introduced Apiiro AI SAST, a new approach to static application security testing (SAST) that automates code risk detection, validation and fixes with the precision and cognitive process of an expert application security engineer. Grounded in Apiiro’s patented Deep Code…
IT Security News Hourly Summary 2025-12-18 15h : 12 posts
12 posts were published in the last hour 14:2 : From the Hill: The AI-Cybersecurity Imperative in Financial Services 14:2 : Researchers Uncovered New Lazarus and Kimsuky Infrastructure with Active Tools and Tunnelling Nodes 14:2 : The ghosts of WhatsApp:…
From the Hill: The AI-Cybersecurity Imperative in Financial Services
Financial institutions face a dual mandate: embrace AI for cyber defense and secure AI with Secure AI by Design. Discover the path forward. The post From the Hill: The AI-Cybersecurity Imperative in Financial Services appeared first on Palo Alto Networks…
Researchers Uncovered New Lazarus and Kimsuky Infrastructure with Active Tools and Tunnelling Nodes
A joint investigation by Hunt.io and the Acronis Threat Research Unit has exposed an extensive network of North Korean state-sponsored infrastructure, revealing fresh connections between Lazarus and Kimsuky operations across global campaigns. The research uncovered active tool-staging servers, credential-theft environments,…
The ghosts of WhatsApp: How GhostPairing hijacks accounts
Criminals are tricking WhatsApp users into linking an attacker’s browser to their account using fake login pages and routine-looking prompts. This article has been indexed from Malwarebytes Read the original article: The ghosts of WhatsApp: How GhostPairing hijacks accounts
FBI dismantles alleged $70M crypto laundering operation
Justice Department claims unlicensed exchange funneled ransomware profits US feds have dismantled a crypto laundering service that they say helped cybercrooks wash tens of millions of dollars in dirty digital cash, seizing its servers and unsealing charges against an alleged…
What the Latest OpenAI Security Breach Reveals About the State of AI Protection
A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk—even without direct system compromise. The post What the Latest OpenAI Security Breach Reveals About the State of AI Protection appeared first on…
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when…
AppGate extends zero trust to secure AI workloads with Agentic AI Core Protection
AppGate announced the launch of Agentic AI Core Protection, a new capability within AppGate ZTNA designed to secure AI workloads deployed in enterprise core environments across on-prem and cloud venues. This innovation enables organizations to embrace AI-driven transformation while maintaining…
Chrome extension slurps up AI chats after users installed it for privacy
The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to. This article has been indexed from Malwarebytes Read the original article: Chrome extension slurps up AI chats after users installed it…