IT Security News Weekly Summary 49

210 posts were published in the last hour

• 22:55 : IT Security News Daily Summary 2025-12-07
• 20:5 : IT Security News Hourly Summary 2025-12-07 21h : 1 posts
• 20:4 : SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74
• 19:4 : Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION
• 17:32 : Cloudflare Blocks Largest DDoS Attack in History as Global Cyber Threats Surge
• 17:5 : IT Security News Hourly Summary 2025-12-07 18h : 2 posts
• 16:5 : Google’s New Update Allows Employers To Archive Texts On Work-Managed Android Phones
• 16:5 : NATO Concludes Cyber Coalition Exercise in Estonia, Preparing for Future Digital Threats
• 15:33 : AI-Assisted Cyberattacks Signal a Shift in Modern Threat Strategies and Defense Models
• 15:3 : Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
• 15:3 : Cybersecurity News Weekly Newsletter – 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities, and Cloudflare Outage
• 15:3 : Beer Firm Asahi Not Entertaining Threat Actors After Cyberattack
• 14:5 : IT Security News Hourly Summary 2025-12-07 15h : 1 posts
• 13:32 : Android Users Face New WhatsApp Malware Threat
• 11:5 : IT Security News Hourly Summary 2025-12-07 12h : 1 posts
• 11:2 : Growing Concerns Over Wi-Fi Router Surveillance and How to Respond
• 9:2 : LockBit 5.0 Infrastructure Exposed in New Server, IP, and Domain Leak
• 9:2 : Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold
• 6:31 : Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs
• 5:5 : IT Security News Hourly Summary 2025-12-07 06h : 2 posts
• 5:2 : How Security Teams Can Turn AI Into a Practical Advantage
• 5:2 : Critical Vulnerabilities Found in React Server Components and Next.js
• 0:32 : Living off the Hypervisor – LOLPROX
• 0:3 : LOLPROX – Through a Defender’s Eyes
• 0:2 : Living off the Hypervisor – Proxmox
• 23:5 : IT Security News Hourly Summary 2025-12-07 00h : 1 posts
• 22:55 : IT Security News Daily Summary 2025-12-06
• 20:32 : Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware
• 20:31 : Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
• 18:2 : New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads
• 17:5 : IT Security News Hourly Summary 2025-12-06 18h : 5 posts
• 17:2 : Barts Health NHS Confirms Cl0p Ransomware Behind Data Breach
• 17:2 : Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs
• 16:32 : London Councils Hit by Cyberattacks Disrupting Public Services and Raising Security Concerns
• 16:31 : Global Executives Rank Misinformation, Cyber Insecurity and AI Risks as Top Threats: WEF Survey 2025
• 16:31 : Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
• 15:4 : Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
• 14:31 : Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
• 14:5 : IT Security News Hourly Summary 2025-12-06 15h : 4 posts
• 14:3 : The New Content Provenance Report Will Address GenAI Misinformation
• 13:32 : One Armed Hacker – Accessibility Hacking
• 13:32 : Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems
• 13:32 : Balancing Rapid Innovation and Risk in the New Era of SaaS Security
• 13:2 : FBI Warns of Cybercriminals Impersonating IC3 to Steal Personal Data
• 12:7 : Security News This Week: Oh Crap, Kohler’s Toilet Cameras Aren’t Really End-to-End Encrypted
• 12:7 : Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
• 11:32 : Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions
• 9:32 : KinoKong – 817,808 breached accounts
• 9:32 : Death to one-time text codes: Passkeys are the new hotness in MFA
• 8:32 : FvncBot Android Malware Steals Keystrokes and Injects Harmful Payloads
• 8:32 : 2.15M Next.js Web Services Exposed Online, Active Attacks Reported – Update Immediately
• 8:31 : 2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now
• 6:6 : Cybersecurity Today Month In Review – December 5th, 2025
• 5:5 : IT Security News Hourly Summary 2025-12-06 06h : 1 posts
• 4:11 : Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
• 1:2 : Maximum-severity XXE vulnerability discovered in Apache Tika
• 23:31 : New Prompt Injection Attack Vectors Through MCP Sampling
• 23:31 : Command Execution Risk Found in Cacti’s SNMP Handling
• 23:31 : Crims using social media images, videos in ‘virtual kidnapping’ scams
• 23:5 : China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
• 23:5 : State-linked groups target critical vulnerability in React Server Components
• 23:5 : IT Security News Hourly Summary 2025-12-06 00h : 6 posts
• 22:55 : IT Security News Daily Summary 2025-12-05
• 22:32 : Reliability Isn’t a Feature. It’s a Commitment.
• 22:32 : MSL5 General Availability and MSL4 Product Retirement
• 22:31 : What is “React2Shell” (CVE-2025-55182) – in Plain English – and Why Check Point CloudGuard WAF Customers Carried on with Their Day
• 22:31 : New Splunk Windows Flaw Enables Privilege Escalation Attacks
• 22:31 : Friday Squid Blogging: Vampire Squid Genome
• 22:2 : Cloudflare blames Friday outage on borked fix for React2shell vuln
• 22:2 : Novel clickjacking attack relies on CSS and SVG
• 21:6 : Security highlights from AWS re:Invent 2025
• 21:6 : News brief: RCE flaws persist as top cybersecurity threat
• 21:6 : Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security
• 18:32 : Salt Security Unveils New AI-Powered Capabilities, Expanding API Visibility and Protecting Emerging MCP Infrastructure
• 18:32 : Microsoft Quietly Changes Windows Shortcut Handling After Dangerous Zero-day Abuse
• 18:32 : Telecom Company Freedom Mobile Suffers Data Breach Resulting in Data Leak
• 18:32 : Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
• 18:9 : Arizona Sues Temu Over Covert Data Harvesting Claims
• 18:9 : Crossing the Autonomy Threshold
• 18:9 : CVE-2025-55182 – React Server Components RCE via Flight Payload Deserialization
• 18:9 : Keeper Security Appoints New Chief Revenue Officer
• 17:32 : Is Indonesia’s Gambling Empire a Front for State Cyber Activity?
• 17:32 : Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
• 17:5 : IT Security News Hourly Summary 2025-12-05 18h : 11 posts
• 17:2 : One-Person Production: Wondershare Filmora V15 Empowers Solo Creators With AI
• 17:2 : The Largest Telecommunications Attack in U.S. History: What Really Happened—And How We Fight Back
• 17:2 : China-nexus actor targets multiple US entities with Brickstorm malware
• 16:32 : Project View: A New Era of Prioritized and Actionable Cloud Security
• 16:32 : From vision to reality: A 5-step playbook for unified automation and AI
• 16:32 : AI ambitions meet automation reality: The case for a unified automation platform
• 16:32 : CIS publishes hardening guidance for Red Hat OpenShift Virtualization
• 16:32 : Red Hat OpenShift sandboxed containers 1.11 and Red Hat build of Trustee 1.0 accelerate confidential computing across the hybrid cloud
• 16:32 : Solving tool overload, one automation step at a time
• 16:32 : Cultural Lag Leaves Security as the Weakest Link
• 16:32 : Intellexa Spyware Activity Appears to Slow in 2025, but New Research Suggests Broader Global Footprint
• 16:2 : CrowdStrike Identifies New China-Nexus Espionage Actor
• 16:2 : AWS Execution Roles Enable Subtle Privilege Escalation in SageMaker and EC2
• 16:2 : In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor
• 16:2 : React.js Hit by Maximum-Severity ‘React2Shell’ Vulnerability
• 15:33 : New Variant of ClayRat Android Spyware Seize Full Device Control
• 15:33 : Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing
• 15:33 : Apache Tika Core Flaw Allows Attackers to Exploit Systems with Malicious PDF Uploads
• 15:33 : MuddyWater Hackers Use UDPGangster Backdoor to Bypass Network Defenses on Windows
• 15:33 : Threat Actors Distribute CoinMiner Malware through USB Drives to Infect Workstations
• 15:33 : Avast Antivirus Sandbox Vulnerabilities Allow Privilege Escalation
• 15:33 : CISA Adds One Known Exploited Vulnerability to Catalog
• 15:33 : Cloudflare Outage Caused by React2Shell Mitigations
• 15:33 : Hackers Weaponize Trusted IT Tools for Full System Control
• 15:33 : Sha1-Hulud Malware Returns With Advanced npm Supply-Chain Attack Targeting Developers
• 15:32 : Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
• 15:7 : Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM
• 15:7 : Google Rolls Out Chrome 143 Update for Billions Worldwide
• 15:7 : Petco confirms security lapse exposed customers’ personal data
• 15:7 : Asus supplier hit by ransomware attack as gang flaunts alleged 1 TB haul
• 15:7 : Marquis Breach Hits Over 780,000 People
• 15:7 : ASUS Confirms Vendor Breach By Everest
• 15:6 : Hackers Accused Of Wiping 96 Databases
• 15:6 : PRC Hackers Use BrickStorm In US
• 15:6 : NCSC Warns Orgs Of Exposed Device Flaws
• 15:6 : From Idea to Proof of Concept to MVP: The Idea stage (1/3)
• 14:32 : Beijing-linked hackers are hammering max-severity React bug, AWS warns
• 14:32 : US Organizations Warned of Chinese Malware Used for Long-Term Persistence
• 14:32 : Imper.ai Emerges From Stealth Mode With $28 Million in Funding
• 14:31 : China-Linked Warp Panda Targets North American Firms in Espionage Campaign
• 14:5 : IT Security News Hourly Summary 2025-12-05 15h : 8 posts
• 14:3 : JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability
• 14:3 : Leaks show Intellexa burning zero-days to keep Predator spyware running
• 13:32 : PromptPwnd Vulnerability Exposes AI driven build systems to Data Theft
• 13:32 : Russian Calisto Hackers Target NATO Research Sectors with ClickFix Malicious Code
• 13:32 : Amazon Sounds Alarm Over Attack Threatening 300 Million Accounts
• 13:5 : NCSC Launches Proactive Notification Service to Alert System Owners of Vulnerabilities
• 13:5 : Hackers Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells
• 13:5 : Russian Calisto Hackers Target NATO Research with ClickFix Malware
• 13:4 : Russian Hackers Imitate European Events in Coordinated Phishing Campaigns
• 13:4 : Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
• 12:32 : “Getting to Yes”: An Anti-Sales Guide for MSPs
• 12:31 : Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
• 12:31 : Louvre to Bolster Its Security, Issues €57m Public Tender
• 12:5 : BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
• 11:32 : Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database
• 11:32 : Hackers Actively Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells
• 11:31 : NVIDIA Triton Vulnerability Let Attackers Trigger DoS Attack Using Malicious Payload
• 11:31 : China-Nexus Hackers Exploiting VMware vCenter Environments to Deploy Web Shells and Malware Implants
• 11:31 : UK pushes ahead with facial recognition expansion despite civil liberties backlash
• 11:31 : Lumia Security Raises $18 Million for AI Security and Governance
• 11:31 : ShadyPanda Takes its Time to Weaponize Legitimate Extensions
• 11:6 : Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture
• 11:6 : Aisuru Botnet Powers Record DDoS Attack Peaking at 29 Tbps
• 11:6 : Ghost-Tap Scam Makes Payments Scarier
• 10:4 : Bots, bias, and bunk: How can you tell what’s real on the net?
• 10:4 : Helmet Security Emerges From Stealth Mode With $9 Million in Funding
• 10:4 : CrowdStrike Extends Scope of AWS Cybersecurity Alliance
• 9:31 : Meta Top Lawyer Appointed As Apple General Counsel
• 9:31 : ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos
• 9:31 : Cloudflare Outage Hits Internet with 500 Internal Server Error
• 9:31 : Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified
• 9:2 : EU Probes Meta Over WhatsApp AI Rules
• 9:2 : CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
• 8:33 : Waymo Cars Filmed Illegally Passing School Buses 19 Times
• 8:33 : New Anonymous Phone Service
• 8:33 : SEEDSNATCHER Android Malware Attacking Users to Exfiltrate Sensitive Data and Execute Malicious Commands
• 8:33 : Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions
• 8:32 : Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely
• 8:32 : Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer
• 8:32 : Check Point introduces Quantum Firewall R82.10 with new AI and zero trust security capabilities
• 8:32 : Predator spyware, Russia blocks FaceTime, US cyber strategy coming
• 8:5 : IT Security News Hourly Summary 2025-12-05 09h : 6 posts
• 8:4 : Ofcom Fines Adult Provider £1m Over Age Checks
• 8:4 : From Idea to Proof of Concept to MVP: The POC stage (2/3)
• 8:4 : Imperva Customers Protected Against React Server Components (RSC) Vulnerability
• 8:4 : Chinese Hackers Exploiting React2Shell Vulnerability
• 7:32 : AutoIT3 Compiled Scripts Dropping Shellcodes, (Fri, Dec 5th)
• 7:6 : To what extent can users hide their location at X?
• 6:32 : Building the missing layers for an internet of agents
• 6:32 : What security leaders should watch for when companies buy or sell a business
• 6:32 : JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
• 6:4 : New SVG Technique Enables Highly Interactive Clickjacking Attacks
• 6:4 : New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer
• 6:4 : CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
• 6:4 : Shady Panda Hides For Years In Legitimate Browser Extensions: Cybersecurity Today
• 5:32 : New Stealthy Linux Malware Combines Mirai-Derived DDoS Botnet and Fileless Cryptominer
• 5:31 : New infosec products of the week: December 5, 2025
• 5:31 : Data brokers are exposing medical professionals, and turning their personal lives into open files
• 5:5 : IT Security News Hourly Summary 2025-12-05 06h : 3 posts
• 5:2 : Scammers Used Fake WhatsApp Profiles of District Collectors in Kerala
• 4:31 : PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182)
• 4:31 : China-Nexus Hackers Actively Exploiting React2Shell Vulnerability in The Wild
• 4:2 : CISA and NSA Warn of BRICKSTORM Malware Attacking VMware ESXi and Windows Environments
• 2:31 : ISC Stormcast For Friday, December 5th, 2025 https://isc.sans.edu/podcastdetail/9726, (Fri, Dec 5th)
• 1:4 : An AI for an AI: Anthropic says AI agents require AI defense
• 0:31 : ‘Signalgate’ Inspector General Report Wants Just One Change to Avoid a Repeat Debacle
• 0:31 : China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
• 23:32 : SMS Phishers Pivot to Points, Taxes, Fake Retailers
• 23:32 : React2Shell RCE Flaws Put React and Next.js Apps at Severe Risk
• 23:5 : IT Security News Hourly Summary 2025-12-05 00h : 6 posts
• 23:4 : AI Agents Create Critical Supply Chain Risk in GitHub Actions
• 23:4 : U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
• 22:55 : IT Security News Daily Summary 2025-12-04
• 22:31 : Qilin Ransomware Claims Data Theft from Church of Scientology
• 22:31 : Cloudflare Has Blocked 416 Billion AI Bot Requests Since July 1
• 22:31 : PRC spies Brickstromed their way into critical US networks and remained hidden for years
• 21:31 : Hegseth needs to go to secure messaging school, report says
• 21:6 : Critical Vulnerabilities in React Server Components and Next.js
• 20:31 : Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities
• 20:5 : LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist
• 20:5 : FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6
• 20:5 : Marquis data breach impacted more than 780,000 individuals
• 20:5 : Twins who hacked State Dept hired to work for gov again, now charged with deleting databases
• 20:5 : IT Security News Hourly Summary 2025-12-04 21h : 5 posts
• 19:31 : CISA Launches New Platform to Strengthen Industry Engagement and Collaboration