Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.… This article has been indexed from The Register –…
‘Signalgate’ Inspector General Report Wants Just One Change to Avoid a Repeat Debacle
The United States Inspector General report reviewing Secretary of Defense Pete Hegseth’s text messaging mess recommends a single change to keep classified material secure. This article has been indexed from Security Latest Read the original article: ‘Signalgate’ Inspector General Report…
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components…
SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites…
React2Shell RCE Flaws Put React and Next.js Apps at Severe Risk
React2Shell exposes critical flaws that let attackers run code on millions of apps. The post React2Shell RCE Flaws Put React and Next.js Apps at Severe Risk appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
IT Security News Hourly Summary 2025-12-05 00h : 6 posts
6 posts were published in the last hour 23:4 : AI Agents Create Critical Supply Chain Risk in GitHub Actions 23:4 : U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog 22:55 : IT Security…
AI Agents Create Critical Supply Chain Risk in GitHub Actions
PromptPwnd shows how simple prompt injections can let attackers compromise GitHub Actions and leak sensitive data. The post AI Agents Create Critical Supply Chain Risk in GitHub Actions appeared first on eSecurity Planet. This article has been indexed from eSecurity…
U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26828 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities…
IT Security News Daily Summary 2025-12-04
160 posts were published in the last hour 22:31 : Qilin Ransomware Claims Data Theft from Church of Scientology 22:31 : Cloudflare Has Blocked 416 Billion AI Bot Requests Since July 1 22:31 : PRC spies Brickstromed their way into…
Qilin Ransomware Claims Data Theft from Church of Scientology
Qilin ransomware claims it stole internal data from the Church of Scientology, sharing 22 screenshots as proof. The breach remains unconfirmed by the organization. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and…
Cloudflare Has Blocked 416 Billion AI Bot Requests Since July 1
Cloudflare CEO Matthew Prince claims the internet infrastructure company’s efforts to block AI crawlers are already seeing big results. This article has been indexed from Security Latest Read the original article: Cloudflare Has Blocked 416 Billion AI Bot Requests Since…
PRC spies Brickstromed their way into critical US networks and remained hidden for years
‘Dozens’ of US orgs infected Chinese cyberspies maintained long-term access to critical networks – sometimes for years – and used this access to infect computers with malware and steal data, according to Thursday warnings from government agencies and private security…
Hegseth needs to go to secure messaging school, report says
He’s not alone: DoD inspector general says the whole Defense Department has a messaging security problem US Defense Secretary Pete Hegseth definitely broke the rules when he sent sensitive information to a Signal chat group, say Pentagon auditors, but he’s…
Critical Vulnerabilities in React Server Components and Next.js
We discuss the CVSS 10.0-rated RCE vulnerabilities in the Flight protocol used by React Server Components. These are tracked as CVE-2025-55182 and CVE-2025-55182-66478. The post Critical Vulnerabilities in React Server Components and Next.js appeared first on Unit 42. This article…
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been patched…
LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist
LummaC2 infostealer infects North Korean hacker’s device, exposing ties to $1.4B Bybit heist and revealing tools, infrastructure and OPSEC failures. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the original…
FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6
The 30-year-old Virginia resident evaded capture for years after authorities discovered pipe bombs planted near buildings in Washington, DC, the day before the January 6, 2021, Capitol attack. This article has been indexed from Security Latest Read the original article:…
Marquis data breach impacted more than 780,000 individuals
Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financial data, including names, addresses, SSNs, and card numbers, impacting over 780,000 people. Marquis…
Twins who hacked State Dept hired to work for gov again, now charged with deleting databases
And then they asked an AI to help cover their tracks Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they’re fired. Prosecutors say a federal contractor learned this the hard…
IT Security News Hourly Summary 2025-12-04 21h : 5 posts
5 posts were published in the last hour 19:31 : CISA Launches New Platform to Strengthen Industry Engagement and Collaboration 19:31 : India Rolls Back Order to Preinstall Cybersecurity App on Smartphones 19:6 : Your year-end infosec wrapped 19:6 :…
CISA Launches New Platform to Strengthen Industry Engagement and Collaboration
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from CISA News Read the original article: CISA Launches New Platform to Strengthen Industry Engagement and Collaboration
India Rolls Back Order to Preinstall Cybersecurity App on Smartphones
The Ministry of Communications on had asked smartphone makers to install the government’s “Sanchar Saathi” app within 90 days and to prevent users from disabling it. The post India Rolls Back Order to Preinstall Cybersecurity App on Smartphones appeared first…
Your year-end infosec wrapped
Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. This article has been indexed from Cisco Talos Blog Read the original article:…
Prompt Injection Flaw in GitHub Actions Hits Fortune 500 Firms
A new class of prompt injection vulnerabilities, dubbed “PromptPwnd,” has been uncovered by cybersecurity firm Aikido Security. The flaws affect GitHub Actions and GitLab CI/CD pipelines that are integrated with AI agents, including Google’s Gemini CLI, Claude Code, and OpenAI…