Go Back

World's Security Today

Last updated: 2025-12-12 17:11 Refresh now

From Mandiant

Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue

Wed, 03 Dec 2025 14:00:00 +0000

Introduction Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, In...
Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks

Thu, 20 Nov 2025 14:00:00 +0000

Written by: Harsh Parashar, Tierra Duncan, Dan Perez Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PR...
Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem

Mon, 17 Nov 2025 14:00:00 +0000

Written by: Mohamed El-Banna, Daniel Lee, Mike Stokkel, Josh Goddard Overview Last year, Mandiant published a blog post highlighting suspected Iran-nexus espionage activity targeting the aerospace, av...
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study

Thu, 13 Nov 2025 14:00:00 +0000

Written by: Josh Stroschein, Jae Young Kim The prevalence of obfuscation and multi-stage layering in today’s malware often forces analysts into tedious and manual debugging sessions. For instance, the...
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

Mon, 10 Nov 2025 14:00:00 +0000

Written by: Stallone D'Souza, Praveeth DSouza, Bill Glynn, Kevin O'Flynn, Yash Gupta Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series bri...
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

Wed, 05 Nov 2025 14:00:00 +0000

Executive Summary Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group (GTIG) has identified a shift that occurred within the last year: adversaries are no longer...
Preparing for Threats to Come: Cybersecurity Forecast 2026

Tue, 04 Nov 2025 14:00:00 +0000

Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released toda...
Keys to the Kingdom: A Defender's Guide to Privileged Account Monitoring

Tue, 28 Oct 2025 14:00:00 +0000

Written by: Bhavesh Dhake, Will Silverstone, Matthew Hitchcock, Aaron Fletcher The Criticality of Privileged Access in Today's Threat Landscape Privileged access stands as the most critical pathway fo...
Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials

Thu, 23 Oct 2025 14:00:00 +0000

Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individua...
Pro-Russia Information Operations Leverage Russian Drone Incursions into Polish Airspace

Tue, 21 Oct 2025 14:00:00 +0000

Written by: Alden Wahlstrom, David Mainor Introduction Google Threat Intelligence Group (GTIG) observed multiple instances of pro-Russia information operations (IO) actors promoting narratives related...
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER

Mon, 20 Oct 2025 14:00:00 +0000

Written by: Wesley Shields Introduction COLDRIVER, a Russian state-sponsored threat group known for targeting high profile individuals in NGOs, policy advisors and dissidents, swiftly shifted operatio...
DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains

Thu, 16 Oct 2025 14:00:00 +0000

Written by: Blas Kojusner, Robert Wallace, Joseph Dobson Google Threat Intelligence Group (GTIG) has observed the North Korea (DPRK) threat actor UNC5342 using ‘EtherHiding’ to deliver malware and fac...
New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware

Thu, 16 Oct 2025 14:00:00 +0000

Written by: Mark Magee, Jose Hernandez, Bavi Sadayappan, Jessa Valdez Since late 2023, Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) have tracked UNC5142, a financially motivated...
Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Thu, 09 Oct 2025 14:00:00 +0000

Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Update (Oct. 11): On Oct. 11, Oracle released another patch, addressing CVE-2025-61884. Introductio...
Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations

Tue, 30 Sep 2025 14:00:00 +0000

Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al, Ravi Kumar Raja Update (Nov. 21): In response to the Salesforce advisory related to Gainsight applic...
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

Wed, 24 Sep 2025 14:00:00 +0000

Written by: Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen Introduction Google Threat Intelligence Grou...
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

Wed, 03 Sep 2025 14:00:00 +0000

Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng Update (September 3): This post was updated to include information about GoTokenTheft usage. In a recent investigation...
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift

Tue, 26 Aug 2025 14:00:00 +0000

Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Update (August 28) Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integr...
Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

Mon, 25 Aug 2025 14:00:00 +0000

Written by: Patrick Whitsell In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted ...
A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor

Wed, 20 Aug 2025 14:00:00 +0000

Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series brings you the latest on the most intriguing compromises we are ...

From Boannews

과기정통부, 보안 사고 반복 시 ‘매출 3%’ 과징금...2026 업무계획

Fri, 12 Dec 2025 17:26:00 +0900

CEO 보안 책임 법제화 및 징벌적 과징금 도입...규제 패러다임 전환 독자 AI 모델 상반기 오픈소스 공개 ‘AI G3’ 도약 승부수[보안뉴스 조재호 기자] 과학기술정보통신부는 2026년을 기점으로 기업 보안 책임을 획기적으로 강화하는 한편, 국산 AI 반도체와 GPU 확보에 총력을 기울여 ‘AI G3’ 도약에 나선다.과학기술정보통신부는 12일 세종컨벤션
파인더갭, 연말 버그바운티 대회 ‘캡처 더 버그 X-MAS 2025’ 개최

Fri, 12 Dec 2025 16:47:00 +0900

총상금 300만 원 및 경품 증정프리매치와 코어매치로 구분 운영[보안뉴스 조재호 기자] 버그바운티 플랫폼 파인더갭이 화이트 해커를 대상으로 연말 보안 취약점 발굴 행사를 진행한다. 파인더갭은 15일부터 31일까지 ‘갭처 더 버그 X-MAS 2025’(Capture the Bug X-MAS 2025)를 개최한다고 12일 밝혔다. 기업 보안 취약점을 선제적으로
해고 근로자부터 10대까지 빨려드는 ‘다크웹 구직 시장’…지원자 평균 24세

Fri, 12 Dec 2025 16:41:00 +0900

카스퍼스키, ‘다크웹 구직 시장 분석 보고서’ 발표[보안뉴스 여이레 기자] 경기 침체로 IT 기업에서 밀려난 경력자나 10대 청소년이 사이버 범죄에 발을 들이는 현상이 두드러진다. 분업화된 직무 구분도 자리잡는 등 사이버 범죄 생태계가 성숙 단계에 들어섰다는 평가다. 카스퍼스키가 12일 발표한 ‘다크웹 구직 시장 내부: 그들의 재능, 우리의 위협’(Ins
이스트시큐리티 기업 고객 대상 연말 특별 프로모션

Fri, 12 Dec 2025 15:43:00 +0900

기존 고객이라도 ‘신규 제품군’ 도입하면 프로모션 대상“올해 마지막 대규모 프로모션, 실질적 혜택 초점”[보안뉴스 조재호 기자] 이스트시큐리티는 연말을 맞아 신규 솔루션 도입 고객을 대상으로 특별 프로모션 행사를 진행한다. 이스트시큐리티는 자사 주요 보안 제품을 구매하는 고객에게 구매 금액별로 프리미엄 가전을 증정하는 ‘2025 연말 특별 프로모션’을 이
[2025 시스템 접근제어·계정관리·패스워드 관리 리포트] 변화와 통합의 바람 타고 ‘승승장구’

Fri, 12 Dec 2025 15:41:00 +0900

늘어난 IT 시스템과 계정정보 노리는 사이버 위협, 복잡해진 컴플라이언스 요구 등이 변화 요구IAM과 PAM, 권한 관리 등 기존 솔루션 통합하는 아이덴티티 보안 솔루션으로 성장 중 사용자 설문조사...현재 사용하는 시스템 접근제어·계정관리·패스워드 관리 솔루션은 ‘IAM’시스템 접근제어·계정관리·패스워드 관리 솔루션 전문기업 집중 분석: 베이스스톤[보안뉴
美 법무부, 군 조달 위해 클라우드 인증 자격 속인 前 액센츄어 직원 기소

Fri, 12 Dec 2025 15:38:00 +0900

FedRAMP 인증 허위 보고로 군 계약 따내려다 발각법무부, 사이버 보안 위반 개인 형사 기소...“민사 넘어 단호 대응”[보안뉴스 김형근 기자] 미국 IT 서비스 제공업체 액센츄어에 몸 담았던 직원이 육군 및 기타 기관에서 사용하는 클라우드 플랫폼의 보안 상태에 대해 연방 정부를 속인 혐의로 기소됐다.사이버 보안 규정 위반 사건에 대해 그간 정부는 보통
지란지교소프트, 토스미니앱에서 내 계정 유출 확인한다...‘제로가드 라이트’ 출시

Fri, 12 Dec 2025 15:22:00 +0900

별도 앱 설치 없이 이메일 주소만으로 계정 유출 징후 즉시 탐지 “개인정보 보호 수준, 쉽고 편리하게 관리하도록 지원”[보안뉴스 조재호 기자] 지란지교소프트는 모바일 금융 플랫폼 ‘토스’(Toss)의 미니앱을 통해 이메일 기반 계정 정보 유출 탐지 서비스 ‘제로가드 라이트’(Zero Guard-Lite)를 출시했다고 12일 밝혔다.‘제로가드 라이트’는 사용
李 대통령, KISA·개보위 ‘특사경 도입’ 주장에 “해야할 것 같다”

Fri, 12 Dec 2025 15:10:00 +0900

[보안뉴스 강현주 기자] 이재명 대통령은 한국인터넷진흥원(KISA)과 개인정보보호위원회에 특별사법경찰권(특사경)을 도입 방안을 검토해야 한다는 뜻을 밝혔다.12일 이 대통령은 세종컨벤션센터에서 열린 과학기술정보통신부와 개인정보보호위원회 등을 대상으로 한 업무보고에서 해당 사안이 거론되자 “(특사경 도입을) 해야 할 것 같긴 하다”고 언급했다.이들 기관은 사
[쿠팡 해킹] ‘탈팡’ 막던 미로 사라졌다...쿠팡, 멤버십·탈퇴 절차 ‘다이어트’

Fri, 12 Dec 2025 15:06:00 +0900

해지 절차에서 기존 ‘혜택 포기·설문조사’ 단계 삭제대통령실·국회까지 나선 압박에 ‘소비자 불편 해소’ 태세 전환[보안뉴스 조재호 기자] 쿠팡이 멤버십 해지 및 회원 탈퇴 절차를 대폭 간소화했다. 이른바 ‘다크패턴’ 논란을 해소하려는 행보로 보인다. 12일 쿠팡은 모바일 앱 내 와우 멤버십 해지 과정을 기존 4단계에서 2단계로 축소했다. 앞서 회원 탈퇴
금주 글로벌 보안업계 투자 동향…프루프포인트 초대형 인수 눈길

Fri, 12 Dec 2025 14:31:00 +0900

[보안뉴스 여이레 기자] 한주간 글로벌 보안기업 인수합병 및 투자 유치 소식을 알아본다. 이번 주엔 프루프포인트가 호넷시큐리티를 18억달러에 인수해 시장의 주목을 받았다. AI 보안 관련 스타트업에 대한 투자도 이어졌다. 프루프포인트, 호넷시큐리티 18억달러 인수 SMB·MSP 시장 공략엔터프라이즈 사이버보안 기업 프루프포인트는 8일(현지시간) 독일 기반

From Theori

Building Effective LLM Agents | AI Cyber Challenge

Fri, 08 Aug 2025 19:28:00 GMT

How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC)
AI Cyber Challenge and Theori's RoboDuck

Fri, 08 Aug 2025 19:27:40 GMT

An introduction to DARPA's AI Cyber Challnge and Theori's third place cyber reasoning system
Inside the brain of a hacking robot: Exploring traces | AI Cyber Challenge

Fri, 08 Aug 2025 19:25:46 GMT

Agent trajectory walkthroughs of a fully autonomous hacking system
How to Identify Phishing Scams

Mon, 28 Apr 2025 23:00:00 GMT

Learn how to spot phishing scams with expert tips recognizing suspicious emails, SMS, and fraudulent request for personal information.
Importance of Continuous Security: Lessons from the Bybit Case

Thu, 27 Mar 2025 06:38:06 GMT

In this article, we briefly look at the circumstances of the Bybit incident and discuss what countermeasures could have been implemented. Then, we discuss the limitations of current solutions and how Xint resolves them.
Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch

Sat, 15 Mar 2025 08:52:16 GMT

A new approach to the Overwriting modprobe_path technique is introduced, addressing changes in the Upstream kernel that prevent triggering via dummy files.
Four Ways to Protect Your Legacy with Theori’s Cybersecurity Solutions

Sun, 16 Feb 2025 15:00:00 GMT

Discover the top cybersecurity threats for 2025 and how Theori's innovative solutions can safeguard your business from evolving cyber risks and costly data breaches.
DeepSeek Security, Privacy, and Governance: Hidden Risks in Open-Source AI

Thu, 06 Feb 2025 15:00:00 GMT

This post examines DeepSeek's security gaps, privacy practices, and open-source AI risks, offering practical advice for users and developers.
The True Cost of Siloed Security Tools

Fri, 20 Dec 2024 09:00:00 GMT

Security silos occur when different security tools, teams, or systems operate in isolation, unable to effectively share data or communicate.
Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX

Wed, 06 Nov 2024 15:00:00 GMT

QueryX, Theori’s program analysis platform, automates variant analysis for vulnerability detection. Learn how its taint analysis module uncovered CVE-2023-39471.
Side Effects: When Continuous Development Introduces Security Threats

Mon, 04 Nov 2024 09:00:00 GMT

Dive into five significant security risks that emerged as unintended consequences of new feature development.
Top 5 Features Your ASM Solution Must Have

Thu, 24 Oct 2024 09:00:00 GMT

So you know what ASM is and why you need it — but which features are crucial? Here’s the run down.
Offensive Security with Large Language Models (2)

Mon, 30 Sep 2024 09:00:00 GMT

How LLMs are changing the game for static analysis — especially when source code is available.
Offensive Security with Large Language Models (1)

Fri, 27 Sep 2024 09:00:00 GMT

Applications of larage language models in offensive security
Winning the AIxCC Qualification Round

Mon, 23 Sep 2024 15:00:00 GMT

Theori’s Cyber Reasoning System (CRS) “Robo Duck” not only cleared the bar to get us $2M and a spot at the AIxCC finals in 2025, it also got the first place among all the submissions in the highly competitive event.
Top Penetration Testing Solutions for IT Security: 2024 Guide

Wed, 11 Sep 2024 09:00:00 GMT

The top 7penetration testing tools of 2024 for hackers and for businesses.
Deep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)

Tue, 03 Sep 2024 15:00:00 GMT

CVE-2024-27394 is a TCP-AO Use-After-Free vulnerability caused by improper RCU API usage. Read the in-depth analysis and reliable triggering technique.
Offensive Security vs. Defensive Security: Navigating the Two Pillars of Cybersecurity

Fri, 30 Aug 2024 09:00:00 GMT

Explore how offensive and defensive security strategies work together to protect against cyber threats.
A Deep Dive into the CoSoSys EndPoint Protector Exploit: Remote Code Execution

Thu, 29 Aug 2024 15:00:00 GMT

Four critical RCE vulnerabilities (CVE-2024-36072 to CVE-2024-36075) in CoSoSys Endpoint Protector were identified, allowing full server and client compromise. Read the full analysis.
Chaining N-days to Compromise All: Part 6 — Windows Kernel LPE: Get SYSTEM

Tue, 21 May 2024 15:00:00 GMT

The final part of the N-day exploit series analyzes CVE-2023-36802, a privilege escalation vulnerability in mskssrv.sys, used to gain SYSTEM access on a VMware host.
Chaining N-days to Compromise All: Part 5 — VMware Workstation Guest-to-Host Escape

Thu, 02 May 2024 15:00:00 GMT

CVE-2023-20869 was exploited to achieve arbitrary code execution on a VMware host from a guest system. Read the full technical analysis.
Chaining N-days to Compromise All: Part 4 — VMware Workstation Information leakage

Wed, 17 Apr 2024 15:00:00 GMT

CVE-2023-34044, a variant of CVE-2023-20870, was exploited to extract critical information from a VMware host process. Read the in-depth analysis.
Chaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to System

Mon, 08 Apr 2024 15:00:00 GMT

CVE-2023-29360, a logic bug in the mskssrv.sys driver, was exploited to escalate privileges to SYSTEM in a 1-day full chain attack. Read the detailed breakdown.
Chaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)

Sun, 31 Mar 2024 15:00:00 GMT

CVE-2023-21674, a Windows kernel UAF vulnerability, was used to escape the Chrome sandbox in a 1-day full chain exploit. Read the detailed analysis.
Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE

Sun, 17 Mar 2024 15:00:00 GMT

This post begins our series on the 1-day exploit chain demoed on X, focusing on a Chrome renderer exploit, CVE-2023-3079, a type confusion bug in V8.
Fermium-252 : The Cyber Threat Intelligence Database

Sun, 03 Mar 2024 15:00:00 GMT

Fermium-252 is a premier vulnerability intelligence platform providing real-time tracking of 1-day exploits, PoCs, and in-depth reports. Stay ahead of cyber threats with our expert analysis.
A Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild Exploit

Thu, 25 Jan 2024 15:00:00 GMT

We bypassed the V8 sandbox using a raw pointer in WasmIndirectFunctionTable, enabling arbitrary write and code execution. Read our deep dive into the exploit.
Exploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218)

Thu, 09 Nov 2023 15:00:00 GMT

At Hexacon 2023, we presented our Windows kernel security research, uncovering CVE-2023-28218, a heap overflow in afd.sys. Read our exploit analysis and methodology.
NEAT and NES Algorithms

Thu, 20 Apr 2023 15:00:00 GMT

We reverse-engineered NEAT and NES, two unpublished symmetric encryption algorithms from South Korea’s GPKI cryptography library. Read our analysis and implementations.
Linux Kernel Exploit (CVE-2022–32250) with mqueue

Tue, 23 Aug 2022 15:00:00 GMT

We exploited CVE-2022-32250, a use-after-free vulnerability in Linux Netfilter, to achieve root on Ubuntu 22.04. Learn how we bypassed KASLR and modified modprobe_path.
Binary-searching into CVMServer

Thu, 16 Jun 2022 15:00:00 GMT

While analyzing the patch for CVE-2021-30724, we discovered a new uninitialized memory vulnerability (CVE-2022-26721) in macOS's CVMServer. Read our exploitation insights.
Exploiting Safari’s ANGLE Component

Tue, 17 May 2022 15:00:00 GMT

We discovered CVE-2022-26717, an exploitable bug in WebKit's WebGL component affecting Safari on macOS and iOS. Read our analysis and exploitation methodology.
Patch Gapping a Safari Type Confusion

Mon, 24 May 2021 15:00:00 GMT

Safari 14.1 introduced AudioWorklets, but a newly patched type confusion bug left iOS versions vulnerable for weeks. We share our root cause analysis and exploit details.
Compromising virtualization without attacking the hypervisor

Tue, 20 Oct 2020 15:00:00 GMT

Discover CVE-2020-27675 (XSA-331), a denial-of-service and potential out-of-bounds write vulnerability in the Xen paravirtualization driver, and learn how it can impact virtualization security.
Cleanly Escaping the Chrome Sandbox

Sun, 19 Apr 2020 15:00:00 GMT

Learn how we discovered and exploited Issue 1062091, a use-after-free (UAF) vulnerability in Chrome and Chromium-based Edge, leading to a sandbox escape.
Receiving NRSC-5

Thu, 08 Jun 2017 15:00:00 GMT

We have implemented an NRSC-5-C digital radio receiver and released it as open source on GitHub. Explore IBOC-based hybrid broadcasting and security research opportunities.
Chakra JIT CFG Bypass

Tue, 13 Dec 2016 15:00:00 GMT

Learn how attackers bypassed Microsoft's Control Flow Guard (CFG) in Internet Explorer and Edge. We break down our PoC exploit, mitigation bypass, and the MS16-119 patch details.
Patch Analysis of MS16–063 (jscript9.dll)

Sun, 26 Jun 2016 15:00:00 GMT

Microsoft's MS16-063 patch fixed a critical memory corruption vulnerability in jscript9.dll (TypedArray & DataView) affecting Internet Explorer. Read our analysis, vulnerability breakdown, and PoC exploit.
Patch Analysis of CVE-2016–0189

Tue, 21 Jun 2016 15:00:00 GMT

Microsoft's MS16-051 patch addressed a critical Internet Explorer vulnerability (CVE-2016-0189) exploited in South Korea. Explore our in-depth analysis, patch breakdown, and proof-of-concept exploit.

From Dark Reading

The CISO-COO Partnership: Protecting Operational Excellence

Fri, 12 Dec 2025 21:12:13 GMT

Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISO and COO.
React2Shell Exploits Flood the Internet as Attacks Continue

Fri, 12 Dec 2025 20:11:43 GMT

As exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web application firewall (WAF) rules.
Vibe Coding: Innovation Demands Vigilance

Fri, 12 Dec 2025 20:07:23 GMT

Unmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers, Constantine warns.
Microsoft Will Bundle Security Copilot With M365 Enterprise Licenses

Fri, 12 Dec 2025 19:32:42 GMT

The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.
Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Fri, 12 Dec 2025 18:37:53 GMT

At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
Are Trade Concerns Trumping US Cybersecurity?

Fri, 12 Dec 2025 14:00:00 GMT

The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.
Hamas-Linked Hackers Probe Middle Eastern Diplomats

Fri, 12 Dec 2025 07:00:00 GMT

Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.
Money Mules Require Banks to Switch from Defense to Offense

Thu, 11 Dec 2025 23:13:38 GMT

Financial institutions need to be proactive when identifying and mentally preventing fraudulent activity. Here's what to watch for.
Encouraging Industry Voices to Write for the Commentary Section

Thu, 11 Dec 2025 22:48:10 GMT

Dark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.
Attackers Exploited Gogs Zero-Day Flaw for Months

Thu, 11 Dec 2025 20:11:43 GMT

Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.
AI in OT Sparks Cascade of Complex Challenges

Thu, 11 Dec 2025 14:50:59 GMT

Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.
Copilot's No-Code AI Agents Liable to Leak Company Data

Thu, 11 Dec 2025 10:00:00 GMT

Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
Storm-0249 Abuses EDR Processes in Stealthy Attacks

Wed, 10 Dec 2025 21:59:32 GMT

The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery

Wed, 10 Dec 2025 21:02:30 GMT

A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' computers.
Feds: Pro-Russia Hacktivists Target US Critical Infrastructure

Wed, 10 Dec 2025 12:56:02 GMT

So far the attacks, which compromise virtual network computing (VNC) connections in OT systems, have not been particularly destructive, but this could change as they evolve.
Japanese Firms Suffer Long Tail of Ransomware Damage

Wed, 10 Dec 2025 00:00:00 GMT

Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.
Microsoft Fixes Exploited Zero Day in Light Patch Tuesday

Tue, 09 Dec 2025 22:24:18 GMT

Proof-of-concept exploit code is publicly available for two other flaws in this month's Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year.
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

Tue, 09 Dec 2025 20:10:32 GMT

Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target.
Analysts Warn of Cybersecurity Risks in Humanoid Robots

Tue, 09 Dec 2025 16:41:27 GMT

Think "Blade Runner," but the robots can be hacked more easily than your home computer.
Gemini Enterprise No-Click Flaw Exposes Sensitive Data

Tue, 09 Dec 2025 12:08:41 GMT

Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information.
Apache Issues Max-Severity Tika CVE After Patch Miss

Mon, 08 Dec 2025 22:01:47 GMT

The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.
Exploitation Activity Ramps Up Against React2Shell

Mon, 08 Dec 2025 21:41:25 GMT

Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw.
US Treasury Tracks $4.5B in Ransom Payments since 2013

Mon, 08 Dec 2025 20:21:00 GMT

The US Treasury's Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time.
'Broadside' Mirai Variant Targets Maritime Logistics Sector

Mon, 08 Dec 2025 11:17:12 GMT

"Broadside" is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.
Rust Code Delivers Better Security, Also Streamlines DevOps

Fri, 05 Dec 2025 22:01:05 GMT

Software teams at Google and other Rust adopters see safer code when using the memory-safe language, as well as fewer rollbacks and less code review.
India Rolls Back App Mandate Amid Surveillance Concerns

Fri, 05 Dec 2025 20:06:26 GMT

Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn't a good idea.
Threat Landscape Grows Increasingly Dangerous for Manufacturers

Fri, 05 Dec 2025 15:34:58 GMT

Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.
React2Shell Vulnerability Under Attack From China-Nexus Groups

Fri, 05 Dec 2025 15:14:26 GMT

A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.
CISOs Should Be Asking These Quantum Questions Today

Fri, 05 Dec 2025 15:00:00 GMT

As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.
How Agentic AI Can Boost Cyber Defense

Thu, 04 Dec 2025 23:05:15 GMT

Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference.
A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

Thu, 04 Dec 2025 22:13:41 GMT

When hiring a CISO, understand the key difference between engineering and holistic security leaders.
CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks

Thu, 04 Dec 2025 21:58:14 GMT

State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.
CISA Publishes Security Guidance for Using AI in OT

Thu, 04 Dec 2025 20:46:27 GMT

Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.
ServiceNow's Acquisition of NHI Provider Veza Strengthens Governance Portfolio

Thu, 04 Dec 2025 15:29:11 GMT

The deal, believed to be valued at $1 billion, will bring nonhuman identity access control of agents and machines to ServiceNow's offerings, including its new AI Control Tower.
Student Sells Gov't, University Sites to Chinese Actors

Thu, 04 Dec 2025 14:00:00 GMT

It's the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each.
'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic

Thu, 04 Dec 2025 07:00:00 GMT

Iran's top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game.
'ShadyPanda' Hackers Weaponize Millions of Browsers

Wed, 03 Dec 2025 22:06:56 GMT

The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users.
Critical React Flaw Triggers Calls for Immediate Action

Wed, 03 Dec 2025 21:51:03 GMT

The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers.
GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event
Arizona AG Sues Temu Over 'Stealing' User Data

Wed, 03 Dec 2025 21:00:58 GMT

The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.
The Ransomware Holiday Bind: Burnout or Be Vulnerable

Wed, 03 Dec 2025 13:52:29 GMT

Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag.
AI Bolsters Python Variant of Brazilian WhatsApp Attacks

Wed, 03 Dec 2025 10:56:24 GMT

Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app.
China Researches Ways to Disrupt Satellite Internet

Wed, 03 Dec 2025 02:00:00 GMT

While satellite constellations — such as Starlink — are resilient, 2,000 drones could cut communications to a region the size of Taiwan, researchers find.
While ECH Adoption Is Low, Risks Remain for Enterprises, End Users

Tue, 02 Dec 2025 23:32:08 GMT

Is the new privacy protocol helping malicious actors more than Internet users?
Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor

Tue, 02 Dec 2025 21:39:21 GMT

New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations.
Researchers Use Poetry to Jailbreak AI Models

Tue, 02 Dec 2025 20:24:36 GMT

When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase.
New Raptor Framework Uses Agentic Workflows to Create Patches

Tue, 02 Dec 2025 15:16:26 GMT

Researchers used prompts and large language models to develop an open source AI framework capable of generating both vulnerability exploits and patches.
DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

Tue, 02 Dec 2025 13:02:14 GMT

North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.
Tomiris Unleashes 'Havoc' With New Tools, Tactics

Mon, 01 Dec 2025 22:06:19 GMT

The Russian-speaking group is targeting government and diplomatic entities in CIS member states and Central Asia in its latest cyber-espionage campaign.
CodeRED Emergency Alert Platform Shut Down Following Cyberattack

Mon, 01 Dec 2025 21:24:39 GMT

The Inc ransomware gang took responsibility for the attack earlier this month and claimed it stole sensitive subscriber data.

From Cyber Security News

Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3

Fri, 12 Dec 2025 17:30:02 +0000

Kali Linux 2025.4, released with substantial desktop environment improvements, full Wayland support across virtual machines, and three powerful new hacking tools, including the much-anticipated Wifipumpkin3. Released on December 12, 2025, this update focuses on modernizing the user experience while maintaining Kali’s position as the premier penetration testing platform. The release brings GNOME 49, KDE Plasma […] The post Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3 appeared first on Cyber Security News.
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Fri, 12 Dec 2025 15:42:17 +0000

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security vendors reported scanning activity and suspected exploitation attempts, and CISA has since added the flaw to its Known Exploited Vulnerabilities […] The post Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide appeared first on Cyber Security News.
New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials

Fri, 12 Dec 2025 15:24:05 +0000

JSCEAL has emerged as a serious threat to Windows users, specifically targeting those who work with cryptocurrency applications and valuable accounts. First reported by Check Point Research in July 2025, this information stealing malware has quietly grown stronger, introducing advanced techniques designed to avoid detection by security tools. A new wave of attacks starting in […] The post New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials appeared first on Cyber Security News.
New Research Details on What Happens to Data Stolen in a Phishing Attack

Fri, 12 Dec 2025 15:06:05 +0000

When users encounter a phishing email, the danger extends far beyond the initial click. A typical phishing attack begins when someone is deceived into entering their login credentials on a fake website. However, this is merely the starting point. Once cybercriminals obtain the stolen information, it immediately becomes valuable merchandise in the underground market. The […] The post New Research Details on What Happens to Data Stolen in a Phishing Attack appeared first on Cyber Security News.
Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels

Fri, 12 Dec 2025 14:41:06 +0000

Security researchers have successfully extracted firmware from a budget smartwatch by bringing back a 20-year-old attack method originally used to steal data from network devices. The technique, known as “Blinkenlights,” was adapted to work with modern TFT screens instead of traditional LED indicators. Quarkslab analysts purchased a cheap smartwatch for approximately €12 from a local […] The post Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels appeared first on Cyber Security News.
New AiTM Attack Campaign That Bypasses MFA Targeting Microsoft 365 and Okta Users

Fri, 12 Dec 2025 13:57:17 +0000

A sophisticated phishing campaign has emerged that successfully bypasses multi-factor authentication, protecting Microsoft 365 and Okta users, representing a serious threat to organizations relying on these platforms for identity management. The campaign, discovered in early December 2025, demonstrates advanced knowledge of authentication flows. This campaign targets companies across multiple industries through carefully crafted phishing emails […] The post New AiTM Attack Campaign That Bypasses MFA Targeting Microsoft 365 and Okta Users appeared first on Cyber Security News.
Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis

Fri, 12 Dec 2025 13:29:52 +0000

The cybersecurity landscape of 2025 has been marked by an unprecedented surge in vulnerability exploitation, with threat actors leveraging critical flaws across enterprise software, cloud infrastructure, and industrial systems. This comprehensive analysis examines the twenty most dangerous exploited vulnerabilities of the year, highlighting their technical details, exploitation methods, and the urgent need for organizations to […] The post Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis appeared first on Cyber Security News.
CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems

Fri, 12 Dec 2025 12:15:29 +0000

CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting attacks aligned with Russian government interests, initially went silent due to Telegram enforcement actions. However, the group returned in August with a sophisticated Ransomware-as-a-Service offering […] The post CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems appeared first on Cyber Security News.
New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI

Fri, 12 Dec 2025 11:55:43 +0000

A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords or multi-factor authentication. The attack leverages the Azure CLI app to gain unauthorized access to victim accounts. The ConsentFix attack operates entirely within the browser context, making it difficult for traditional security […] The post New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI appeared first on Cyber Security News.
NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems

Fri, 12 Dec 2025 11:34:47 +0000

A sophisticated new Windows backdoor named NANOREMOTE emerged in October 2025, presenting a significant threat to enterprise environments by leveraging legitimate cloud infrastructure for malicious purposes. This fully-featured malware utilizes the Google Drive API as its primary Command-and-Control (C2) channel, allowing threat actors to blend their malicious traffic seamlessly with normal network activity. By abusing […] The post NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems appeared first on Cyber Security News.