LockBit 5.0 key infrastructure exposed, revealing the IP address 205.185.116.233, and the domain karma0.xyz is hosting the ransomware group’s latest leak site. According to researcher Rakesh Krishnan, hosted under AS53667 (PONYNET, operated by FranTech Solutions), a network frequently abused for…
Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Creative cybersecurity strategies for resource-constrained institutions In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach…
Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs
In an escalating campaign targeting remote access infrastructure, threat actors have initiated active exploitation attempts against Palo Alto Networks’ GlobalProtect VPN portals. GrayNoise tracking activity report scans and exploitation efforts originating from more than 7,000 unique IP addresses worldwide, raising…
IT Security News Hourly Summary 2025-12-07 06h : 2 posts
2 posts were published in the last hour 5:2 : How Security Teams Can Turn AI Into a Practical Advantage 5:2 : Critical Vulnerabilities Found in React Server Components and Next.js
How Security Teams Can Turn AI Into a Practical Advantage
Artificial intelligence is now built into many cybersecurity tools, yet its presence is often hidden. Systems that sort alerts, scan emails, highlight unusual activity, or prioritise vulnerabilities rely on machine learning beneath the surface. These features make work faster,…
Critical Vulnerabilities Found in React Server Components and Next.js
Open in the wild flaw The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical security flaw affecting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog after exploitation in the wild. The flaw CVE-2025-55182 (CVSS score:…
Living off the Hypervisor – LOLPROX
Living off the land in Proxmox for red teams. Covers guest agent abuse, vsock tunnelling, disk access, and hypervisor persistence. LOLPROX This article has been indexed from ZephrSec – Adventures In Information Security Read the original article: Living off the…
LOLPROX – Through a Defender’s Eyes
Defending against LOLPROX, detect hypervisor compromise in Proxmox environments. This article has been indexed from ZephrSec – Adventures In Information Security Read the original article: LOLPROX – Through a Defender’s Eyes
Living off the Hypervisor – Proxmox
Living off the land in Proxmox for red teams. Covers guest agent abuse, vsock tunnelling, disk access, and hypervisor persistence. LOLPROX This article has been indexed from ZephrSec – Adventures In Information Security Read the original article: Living off the…
IT Security News Hourly Summary 2025-12-07 00h : 1 posts
1 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-12-06
IT Security News Daily Summary 2025-12-06
36 posts were published in the last hour 20:32 : Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware 20:31 : Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data 18:2 : New…
Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware
Barts Health NHS Trust has disclosed a significant data breach affecting patient and staff information after the Cl0p ransomware gang exploited a critical vulnerability in Oracle E-Business Suite software. The criminal syndicate stole files from an invoice database. It published…
Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that impersonate popular Google tools. These fake packages, designed to trick…
New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads
A dangerous new Android banking malware named FvncBot was first observed on November 25, 2025. This malicious tool is designed to steal sensitive financial information by logging keystrokes, recording screens, and injecting fake login pages into banking apps. The malware initially spreads…
IT Security News Hourly Summary 2025-12-06 18h : 5 posts
5 posts were published in the last hour 17:2 : Barts Health NHS Confirms Cl0p Ransomware Behind Data Breach 17:2 : Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs 16:32 : London Councils Hit by Cyberattacks Disrupting Public…
Barts Health NHS Confirms Cl0p Ransomware Behind Data Breach
Barts Health NHS confirms Cl0p ransomware breach via Oracle flaw. Invoice data exposed. Patient records and clinical systems remain unaffected. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the original…
Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs
A hacking campaign is targeting GlobalProtect logins and scannig SonicWall APIs since December 2, 2025. A campaign began on December 2 targeting Palo Alto GlobalProtect portals with login attempts and scanning SonicWall SonicOS API endpoints. The activity came from over…
London Councils Hit by Cyberattacks Disrupting Public Services and Raising Security Concerns
Multiple local authorities across London have been hit by cyber incidents affecting operations and public services, according to reports emerging overnight. The attacks have disrupted essential council functions, including communication systems and digital access, prompting heightened concern among officials…
Global Executives Rank Misinformation, Cyber Insecurity and AI Risks as Top Threats: WEF Survey 2025
Business leaders across major global economies are increasingly concerned about the rapid rise of misinformation, cyber threats and the potential negative impacts of artificial intelligence, according to new findings from the World Economic Forum (WEF). The WEF Executive Opinion…
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster…
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine. This article has been indexed from…
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). This article has been indexed from…
IT Security News Hourly Summary 2025-12-06 15h : 4 posts
4 posts were published in the last hour 14:3 : The New Content Provenance Report Will Address GenAI Misinformation 13:32 : One Armed Hacker – Accessibility Hacking 13:32 : Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems 13:32…
The New Content Provenance Report Will Address GenAI Misinformation
The GenAI problem Today’s information environment includes a wide range of communication. Social media platforms have enabled reposting, and comments. The platform is useful for both content consumers and creators, but it has its own challenges. The rapid adoption of…