#Top Trending Stories
1. Introducing GPT-5.2-Codex (3 mentions)
▼
GPT-5.2-Codex is OpenAI’s most advanced coding model, offering long-horizon reasoning, large-scale code transformations, and enhanced cybersecurity capabilities.
Read Full Article →
2. Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks (2 mentions)
▼
Ryan Goldberg and Kevin Martin have admitted being affiliates of the BlackCat/Alphv ransomware group. The post Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks appeared first on SecurityWeek .
Read Full Article →
3. A week in security (December 15 – December 21) (2 mentions)
▼
A list of topics we covered in the week of December 15 to December 21 of 2025
Read Full Article →
4. Covenant Health says May data breach impacted nearly 478,000 patients (1 mentions)
▼
The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. [...]
Read Full Article →
5. Brit lands invite-only Aussie visa after uncovering vuln in government systems (1 mentions)
▼
Jacob Riggs is set to swap London for Sydney some time in the next year A British security researcher has secured Australia's strictest, invite-only visa after discovering a critical vulnerability in a government system.…
Read Full Article →
6. The Kimwolf Botnet is Stalking Your Local Network (1 mentions)
▼
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short vers...
Read Full Article →
7. Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack (1 mentions)
▼
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November. [...]
Read Full Article →
8. Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia (1 mentions)
▼
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts....
Read Full Article →
9. LockBit takedown architect gets New Year award from King Charles (1 mentions)
▼
Gavin Webb orchestrated Operation Cronos as it pulled off the legendary disruption sting A senior British crimefighter has been awarded one of the country's highest tributes for public service for his role in the 2024 LockBit ransomware takedown.…
Read Full Article →
10. RondoDox Botnet Exploiting React2Shell Vulnerability (1 mentions)
▼
In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek .
Read Full Article →#Article Summary
| Category | Article Count |
|---|---|
| AI & LLM | 11 |
| Cloud | 8 |
| Cybersecurity | 64 |
| Tech | 4 |
| Threat Intel & Vulnerability | 40 |
| Total Articles Scanned | 127 |
#AI & LLM
Continuously hardening ChatGPT Atlas against prompt injection
▼
OpenAI is strengthening ChatGPT Atlas against prompt injection attacks using automated red teaming trained with reinforcement learning. This proactive discover-and-patch loop helps identify novel e...
Read Full Article →
Introducing GPT-5.2-Codex
▼
GPT-5.2-Codex is OpenAI’s most advanced coding model, offering long-horizon reasoning, large-scale code transformations, and enhanced cybersecurity capabilities.
Read Full Article →
Introducing GPT-5.2-Codex
▼
GPT-5.2-Codex is OpenAI’s most advanced coding model, offering long-horizon reasoning, large-scale code transformations, and enhanced cybersecurity capabilities.
Read Full Article →
Addendum to GPT-5.2 System Card: GPT-5.2-Codex
▼
This system card outlines the comprehensive safety measures implemented for GPT‑5.2-Codex. It details both model-level mitigations, such as specialized safety training for harmful tasks and prompt ...
Read Full Article →
Measuring AI’s capability to accelerate biological research
▼
OpenAI introduces a real-world evaluation framework to measure how AI can accelerate biological research in the wet lab. Using GPT-5 to optimize a molecular cloning protocol, the work explores both...
Read Full Article →
The new ChatGPT Images is here
▼
The new ChatGPT Images is powered by our flagship image generation model, delivering more precise edits, consistent details, and image generation up to 4× faster. The upgraded model is rolling out ...
Read Full Article →
Advancing science and math with GPT-5.2
▼
GPT-5.2 is OpenAI’s strongest model yet for math and science, setting new state-of-the-art results on benchmarks like GPQA Diamond and FrontierMath. This post shows how those gains translate into r...
Read Full Article →
Update to GPT-5 System Card: GPT-5.2
▼
GPT-5.2 is the latest model family in the GPT-5 series. The comprehensive safety mitigation approach for these models is largely the same as that described in the GPT-5 System Card and GPT-5.1 Syst...
Read Full Article →
Introducing GPT-5.2
▼
GPT-5.2 is our most advanced frontier model for everyday professional work, with state-of-the-art reasoning, long-context understanding, coding, and vision. Use it in ChatGPT and the OpenAI API to ...
Read Full Article →
Increasing revenue 300% by bringing AI to SMBs
▼
Discover how Podium used OpenAI’s GPT-5 to build “Jerry,” an AI teammate driving 300% growth and transforming how Main Street businesses serve customers.
Read Full Article →
How Scout24 is building the next generation of real-estate search with AI
▼
Scout24 has created a GPT-5 powered conversational assistant that reimagines real-estate search, guiding users with clarifying questions, summaries, and tailored listing recommendations.
Read Full Article →#Cloud
Amazon Connect expands automated agent performance evaluations to 5 additional languages
▼
Amazon Connect now automates agent performance evaluations in Portuguese, French, Italian, German, and Spanish using generative AI. Managers define custom evaluation criteria in natural language an...
Read Full Article →
AWS End User Messaging SMS launches a Generative AI Registration Reviewer (Preview)
▼
Starting today, AWS End User Messaging customers can use AWS generative AI to review their phone number registrations, so you can submit to mobile carriers correctly the first time. With the regist...
Read Full Article →
Amazon Application Recovery Controller region switch now supports three new capabilities
▼
Amazon Application Recovery Controller (ARC) Region switch allows you to orchestrate the specific steps to switch your multi-Region applications to operate out of another AWS Region and achieve a b...
Read Full Article →
AWS Private CA OCSP now available in China and AWS GovCloud (US) Regions
▼
AWS Private Certificate Authority (AWS Private CA) now supports Online Certificate Status Protocol (OCSP) in China and AWS GovCloud (US) Regions. AWS Private CA is a fully managed certificate autho...
Read Full Article →
Amazon RDS enhances observability for snapshot exports to Amazon S3
▼
Amazon Relational Database Service (RDS) now offers enhanced observability for your snapshot exports to Amazon S3, providing detailed insights into export progress, failures, and performance for ea...
Read Full Article →
AWS Security Incident Response is now available in ten additional AWS Regions
▼
AWS Security Incident Response is now available to customers in ten additional opt-in AWS Regions : Africa (Cape Town), Asia Pacific (Hong Kong, Hyderabad, Jakarta, Melbourne), Europe (Zurich, Mila...
Read Full Article →
AWS Security Incident Response introduces integration with Slack
▼
AWS Security Incident Response now offers integration with the cloud-based team collaboration platform Slack, enabling you to prepare for, respond to, and recover from security events faster and mo...
Read Full Article →
AWS DataSync increases scalability and performance for on-premises file transfers
▼
AWS DataSync Enhanced mode now supports data transfers between on-premises file servers and Amazon S3 , enabling customers to transfer datasets that scale to virtually unlimited numbers of files at...
Read Full Article →#Cybersecurity
Covenant Health says May data breach impacted nearly 478,000 patients
▼
The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. [...]
Read Full Article →
The Kimwolf Botnet is Stalking Your Local Network
▼
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for...
Read Full Article →
Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack
▼
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November. [...]
Read Full Article →
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia
▼
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that gran...
Read Full Article →
Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks
▼
Ryan Goldberg and Kevin Martin have admitted being affiliates of the BlackCat/Alphv ransomware group. The post Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks appeared first on Secur...
Read Full Article →
RondoDox Botnet Exploiting React2Shell Vulnerability
▼
In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on Securit...
Read Full Article →
Covenant Health Data Breach Impacts 478,000 Individuals
▼
The Qilin ransomware group hacked the healthcare organization and stole data from its systems in May 2025. The post Covenant Health Data Breach Impacts 478,000 Individuals appeared first on Securit...
Read Full Article →
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign
▼
Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integrat...
Read Full Article →
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories
▼
The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors d...
Read Full Article →
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
▼
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known ...
Read Full Article →
This SmarterMail vulnerability allows Remote Code Execution - here's what we know
▼
A maximum-severity flaw was just patched, and users are urged to apply the fix immediately.
Read Full Article →
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
▼
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extensi...
Read Full Article →
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
▼
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million use...
Read Full Article →
RondoDox botnet exploits React2Shell flaw to breach Next.js servers
▼
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. [...]
Read Full Article →
European space agency confirms 'external servers' breached in cyberattack
▼
The ESA is investigating the extent of the breach, while hackers share stolen files on the dark web.
Read Full Article →
Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System
▼
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 ...
Read Full Article →
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
▼
The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 ...
Read Full Article →
US cybersecurity professionals plead guilty to Blackcat ransomware attacks
▼
Ryan Clifford Goldberg and Kevin Tyler Martin could end up in prison for years after extorting one, and trying to extort four more companies.
Read Full Article →
Ransomware’s new playbook is chaos
▼
Ransomware threats are accelerating in scale, sophistication, and impact. Data reveals how evolving techniques, shifting payment trends, and AI-driven capabilities are reshaping the threat landscap...
Read Full Article →
Coupang to pay almost $1.2 billion in compensation for data breach
▼
Victims will get Coupang vouchers of roughly $35 each.
Read Full Article →
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
▼
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote c...
Read Full Article →
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
▼
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0)...
Read Full Article →
Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit
▼
The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first ...
Read Full Article →
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
▼
The Chinese hacking group known as Mustang Panda (aka HoneyMyte) has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber ...
Read Full Article →
Happy 16th Birthday, KrebsOnSecurity.com!
▼
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has bee...
Read Full Article →
Yet another phishing campaign impersonates trusted Google services - here's what we know
▼
Google Cloud Application Integration is being abused to generate phishing emails leading victims to fake Microsoft login sites.
Read Full Article →
Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000
▼
It took Sax well over a year to complete its investigation after detecting hackers on its network. The post Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000 appeared first on...
Read Full Article →
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
▼
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerabil...
Read Full Article →
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
▼
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to f...
Read Full Article →
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
▼
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7),...
Read Full Article →
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
▼
A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver ...
Read Full Article →
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
▼
A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through promp...
Read Full Article →
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
▼
The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recent...
Read Full Article →
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
▼
Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (...
Read Full Article →
CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution
▼
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) cat...
Read Full Article →
AI-created ransomware and NFC attacks lead the surge in new cyberattacks - here's how you can stay safe this holidays
▼
AI is no longer being used just to craft convincing phishing emails - it's being used to build ransomware.
Read Full Article →
Attacks are Evolving: 3 Ways to Protect Your Business in 2026
▼
Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting sensitive data, and selling it on the dark web has become a reliable payda...
Read Full Article →
OpenAI says it's had to protect its Atlas AI browser against some serious security threats
▼
Prompt injection might never go away, OpenAI says, as it compares it to phishing.
Read Full Article →
University of Phoenix data breach may have hit over 3.5 million victims - here's what we know
▼
Cl0p claims another victim as University of Phoenix confirms losing data of around 3.5 million people.
Read Full Article →
Ransomware attack on Romanian water agency hits over a thousand systems
▼
An unknown threat actor wreaked some serious havoc but operations are continuing unabated.
Read Full Article →
INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty
▼
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime...
Read Full Article →
Phishing emails and fake adverts flood inboxes this Christmas - and they’re getting harder to detect than ever
▼
Be extra safe with your clicks this Christmas, experts say.
Read Full Article →
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
▼
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. T...
Read Full Article →
NHS England tech provider reveals data breach - DXS International hit by ransomware
▼
DXS International was hit by ransomware, but we don't know if any files were stolen.
Read Full Article →
⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
▼
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — tu...
Read Full Article →
Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence
▼
Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in ...
Read Full Article →
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
▼
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeove...
Read Full Article →
New research reveals AI is fueling an 'unprecedented surge in cloud security risks'
▼
Businesses are rushing to deploy AI, creating overly permissioned, misconfigured systems.
Read Full Article →
Dismantling Defenses: Trump 2.0 Cyber Year in Review
▼
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challe...
Read Full Article →
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
▼
WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerabilit...
Read Full Article →
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks
▼
Authorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major corporations, including th...
Read Full Article →
A massive new DDoS botnet has already snared 1.8 million devices - here's what we know about Kimwolf
▼
Researchers discovered a new botnet called Kimwolf, allegedly built by the same brain behind AISURU.
Read Full Article →
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
▼
A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end g...
Read Full Article →
New Microsoft e-book: 3 reasons point solutions are holding you back
▼
Explore the new Microsoft e-book on how a unified, AI-ready platform delivers speed, resilience, and measurable security gains. The post New Microsoft e-book: 3 reasons point solutions are holding ...
Read Full Article →
Access Fabric: A modern approach to identity and network access
▼
An Access Fabric is a unified access security solution that continuously decides who can access what, from where, and under what conditions—in real time. The post Access Fabric: A modern approach t...
Read Full Article →
Most Parked Domains Now Serving Malicious Content
▼
Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly exp...
Read Full Article →
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
▼
CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Ser...
Read Full Article →
Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense
▼
Today, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense. The post Microsoft named an overall leader in...
Read Full Article →
Imposter for hire: How fake people can gain very real access
▼
Fake employees are an emerging cybersecurity threat. Learn how they infiltrate organizations and what steps you can take to protect your business. The post Imposter for hire: How fake people can ga...
Read Full Article →
Microsoft Patch Tuesday, December 2025 Edition
▼
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already b...
Read Full Article →
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
▼
The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. Attackers maliciously modified hundreds of publicly available pac...
Read Full Article →
Changing the physics of cyber defense
▼
Cyber defense is evolving. Find out how graph-powered strategies and AI can help organizations detect threats faster and improve security hygiene. The post Changing the physics of cyber defense app...
Read Full Article →
Stronger together: New Beazley collaboration enhances cyber resilience
▼
To bolster security for our customers, we need to align with our ecosystem partners. Our new collaboration with Beazley as an incident response partner is a step in that direction. The post Stronge...
Read Full Article →
SMS Phishers Pivot to Points, Taxes, Fake Retailers
▼
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phi...
Read Full Article →#Tech
Brit lands invite-only Aussie visa after uncovering vuln in government systems
▼
Jacob Riggs is set to swap London for Sydney some time in the next year A British security researcher has secured Australia's strictest, invite-only visa after discovering a critical vulnerability ...
Read Full Article →
LockBit takedown architect gets New Year award from King Charles
▼
Gavin Webb orchestrated Operation Cronos as it pulled off the legendary disruption sting A senior British crimefighter has been awarded one of the country's highest tributes for public service for ...
Read Full Article →
Cybersecurity pros admit to moonlighting as ransomware scum
▼
Pair became ALPHV affiliates to prey on US-based clients A ransomware negotiator and a security incident response manager have admitted to running ransomware attacks.…
Read Full Article →
Death, torture, and amputation: How cybercrime shook the world in 2025
▼
The human harms of cyberattacks piled up this year, and violence expected to increase The knock-on, and often unintentional, impacts of a cyberattack are so rarely discussed. As an industry, the fo...
Read Full Article →#Threat Intel & Vulnerability
How AI made scams more convincing in 2025
▼
Several AI-related stories in 2025 highlighted how quickly AI systems can move beyond meaningful human control.
Read Full Article →
2025 exposed the risks we ignored while rushing AI
▼
We explore how the rapid rise of Artificial Intelligence (AI) is putting users at risk.
Read Full Article →
[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
▼
WordPress Quiz Maker 6.7.0.56 - SQL Injection
Read Full Article →
[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
▼
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
Read Full Article →
Pornhub tells users to expect sextortion emails after data exposure
▼
Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns.
Read Full Article →
A week in security (December 15 – December 21)
▼
A list of topics we covered in the week of December 15 to December 21 of 2025
Read Full Article →
Your Guide to PCI DSS 4.0.1 Web Application and API Controls with a Simplified Path to Compliance
▼
Executive Summary PCI DSS 4.0.1 compliance mandates stricter security controls for web applications and APIs. Key updates include maintaining an inventory of custom software (PCI 6.3.2) and managin...
Read Full Article →
CISA warns ASUS Live Update backdoor is still exploitable, seven years on
▼
Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog.
Read Full Article →
ShadyPanda: The Silent Browser Takeover Threat and How Qualys TruRisk Eliminate Helps You Stop It
▼
Executive Summary ShadyPanda has exploited trusted browser extensions to compromise millions of users, illustrating how legitimate software can unexpectedly become harmful. Qualys TruRisk Eliminate...
Read Full Article →
Two Chrome flaws could be triggered by simply browsing the web: Update now
▼
Google's patched two flaws in Chrome, both of which can be triggered remotely when a user loads specially crafted web content.
Read Full Article →
Inside a purchase order PDF phishing campaign
▼
A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.
Read Full Article →
From Linear to Complex: An Upgrade in RansomHouse Encryption
▼
Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered. The post From Linear to Complex: An Upgrade in...
Read Full Article →
Navigating Change: Evolving Your Exposure Management Strategy in a Post-Kenna World with Qualys
▼
Key Takeaways Cisco recently announced the end-of-sale for its Vulnerability Management solution (formerly Kenna Security). For security teams that have relied on Kenna as the vulnerability aggrega...
Read Full Article →
BlueDelta’s Persistent Campaign Against UKR.NET
▼
Discover how Russia’s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.
Read Full Article →
The $0 Transaction That Signaled a Nation-State Cyberattack
▼
A $0 card test signaled a Chinese state-linked cyberattack on Anthropic’s AI platform. Learn how card-testing fraud intelligence spots nation-state ops early.
Read Full Article →
SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there
▼
We compared three incidents that surfaced today to show why the impact of a breach depends less on who was hit and more on what was taken.
Read Full Article →
Android mobile adware surges in second half of 2025
▼
Malwarebytes threat research reveals spike in adware and malicious malware families Triada and MobiDash heading into the holiday season.
Read Full Article →
Google is discontinuing its dark web report: why it matters
▼
Google will discontinue its dark web report early next year, prompting mixed reactions. How does dark web monitoring actually help keep you safe?
Read Full Article →
[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
▼
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
Read Full Article →
[webapps] esm-dev 136 - Path Traversal
▼
esm-dev 136 - Path Traversal
Read Full Article →
PayPal closes loophole that let scammers send real emails with fake purchase notices
▼
Scammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams.
Read Full Article →
A week in security (December 8 – December 14)
▼
A list of topics we covered in the week of December 8 to December 14 of 2025
Read Full Article →
What’s Next for Enterprise Threat Intelligence in 2026
▼
Top enterprise threat intelligence trends for 2026: AI-augmented CTI, unified platforms, workflow integration, data fusion, budgets, ROI, and maturity.
Read Full Article →
Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
▼
We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182. The post Exploitation of Critical Vulnerability in React ...
Read Full Article →
Scale AI Securely with Qualys TotalAI’s Streamlined Onboarding, Deeper Risk Detection, and Compliance-Ready Reporting
▼
Executive Summary Enterprises are entering a phase where AI systems function as decision engines that shape customer interactions, operational workflows, and business outcomes. This creates a new c...
Read Full Article →
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
▼
Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities. The post Hamas-Affiliated Ashen Lepus Tar...
Read Full Article →
React2Shell: Decoding CVE-2025-55182 – The Silent Threat in React Server Components
▼
On December 3, 2025, a critical remote code execution (RCE) vulnerability, dubbed “React2Shell,” was disclosed, impacting React Server Components and frameworks like Next.js. The flaw, CVE-2025-551...
Read Full Article →
Palestine Action: Operations and Global Network
▼
Explores Palestine Action’s post-designation global network, tactics, and targets, and evaluates key physical risks and mitigations for organizations.
Read Full Article →
01flip: Multi-Platform Ransomware Written in Rust
▼
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first o...
Read Full Article →
Implications of Russia-India-China Trilateral Cooperation
▼
Examines Russia-India-China trilateral cooperation, U.S. tariffs and sanctions, why a formal bloc is unlikely, and implications for governments and business.
Read Full Article →
Microsoft and Adobe Patch Tuesday, December 2025 Security Update Review
▼
As the year winds down, Microsoft Patch Tuesday in December arrives with essential fixes and enhancements to close vulnerabilities and boost performance. Here’s a quick breakdown of what you need t...
Read Full Article →
GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries
▼
Note: The analysis cut-off date for this report was November 10, 2025 Executive Summary Insikt Group continues to monitor GrayBravo (formerly tracked as TAG-150), a technically sophisticated and ra...
Read Full Article →
November 2025 CVE Landscape: 10 Critical Vulnerabilities Show 69% Drop from October
▼
November 2025 CVE landscape: 10 exploited critical vulnerabilities, a 69% drop from October, and why Fortinet and Samsung flaws need urgent patching.
Read Full Article →
5 Real-Word Third-Party Risk Examples
▼
Explore 5 third-party risk examples, from vendor data breaches to supply chain attacks and learn how third-party risk management can prevent cyberattacks.
Read Full Article →
When the Digital World Turns Physical: The Expanding Role of Threat Intelligence in Executive Protection
▼
Discover how converged threat intelligence protects executives from deepfakes, doxxing, and cyber-enabled physical threats with Recorded Future.
Read Full Article →
Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors
▼
A critical vulnerability in React Server Components is allegedly being actively exploited by multiple Chinese threat actors, Recorded Future recommends organizations patch their systems immediately.
Read Full Article →
New Prompt Injection Attack Vectors Through MCP Sampling
▼
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through...
Read Full Article →
The Bug That Won't Die: 10 Years of the Same Mistake
▼
Explore a decade of deserialization vulnerabilities, from Java to React/Next.js CVEs, and learn how to harden apps and stay ahead with Recorded Future.
Read Full Article →
The Hidden Cascade: Why Law Firm Breaches Destroy More than Data
▼
Discover how law firm breaches expose decades of M&A intelligence, client data, and privileged strategy—and how to reduce cascading vendor risk before it hits.
Read Full Article →
Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option
▼
A critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. Wh...
Read Full Article →