IT Security News Daily Summary 2025-12-10

157 posts were published in the last hour

• 22:2 : 700+ self-hosted Gits battered in 0-day attacks with no fix imminent
• 21:32 : Releasing Open Source Tools to the Community
• 21:31 : CEO of South Korean retail giant Coupang resigns after massive data breach
• 21:31 : SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks In Split Learning
• 21:2 : HTTPS certificate industry phasing out less secure domain validation methods
• 21:2 : React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
• 20:31 : Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla
• 20:5 : IT Security News Hourly Summary 2025-12-10 21h : 5 posts
• 20:2 : How Migrating to Hardened Container Images Strengthens the Secure Software Development Lifecycle
• 20:2 : .NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
• 19:32 : NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents
• 19:32 : Response to CISA Advisory (AA25-343A): Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
• 19:32 : From awareness to action: Building a security-first culture for the agentic AI era
• 18:32 : AISLE Uncovers Traefik Bug That Disabled TLS Verification for Months
• 18:2 : New Spiderman Phishing Kit Lets Attackers Create Malicious Bank Login Pages in Few Clicks
• 18:2 : Over 644,000 Domains Exposed to Critical React Server Components Vulnerability
• 18:2 : Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSS
• 18:2 : Microsoft won’t fix .NET RCE bug affecting slew of enterprise apps, researchers say
• 18:2 : US extradites Ukrainian woman accused of hacking meat processing plant for Russia
• 18:2 : When Vendors Become the Vulnerability: What the Marquis Software Breach Signals for Financial Institutions
• 17:31 : Flare Finds 10,000 Docker Hub Images Exposing Sensitive Secrets
• 17:31 : 2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’
• 17:31 : Clarity in complexity: New insights for transparent email security
• 17:5 : IT Security News Hourly Summary 2025-12-10 18h : 12 posts
• 17:2 : Wordfence Bug Bounty Program Monthly Report – November 2025
• 17:2 : Malicious Apprentice | How Two Hackers Went From Cisco Academy to Cisco CVEs
• 17:2 : North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits
• 17:2 : Building Trusted, Performant, and Scalable Databases: A Practitioner’s Checklist
• 17:2 : Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds
• 17:2 : Q&A: How Diversity and Mentorship Are Reshaping the Future of Cybersecurity
• 17:2 : ClickFix Social Engineering Sparks Rise of CastleLoader Attacks
• 17:2 : React Server Components crisis escalates as security teams respond to compromises
• 16:32 : Patch Wednesday: Root Cause Analysis with LLMs
• 16:32 : Wireless security: Differences between WEP, WPA, WPA2, WPA3
• 16:32 : Windows PowerShell Flaw Allows Attackers to Execute Malicious Code
• 16:32 : December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices
• 16:2 : Protecting value at risk – the role of a risk operations center
• 16:2 : New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea
• 16:2 : Israeli Cybersecurity Funding Hits $4.4 Billion Record High
• 16:2 : Gartner’s AI Browser Ban: Rearranging Deck Chairs on the Titanic
• 16:2 : Pro-Russia Hackers Target US Critical Infrastructure in New Wave
• 16:2 : Pro-Russia hacktivists launching attacks that could damage OT
• 15:32 : Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection), (Wed, Dec 10th)
• 15:32 : Check Point Warns of 40,000 Finance-Themed Phishing Attacks
• 15:32 : A Complete Guide to the Jeffrey Epstein Document Dumps
• 15:32 : Black Duck launches Signal™, bringing agentic AI to application security
• 15:32 : What’s Next for SOC in 2026: Get the Early-Adopter Advantage
• 15:32 : Virtual Event Today: Cyber AI & Automation Summit
• 15:2 : Threat Actors Exploit ChatGPT and Grok Conversations to Deliver AMOS Stealer
• 15:2 : Parrot 7.0 Beta Introduces Debian 13 and a Fully Redesigned Desktop
• 15:2 : When Dell’s 49 Million Records Walked Out the Door: Why Zero Trust Is No Longer Optional
• 15:2 : VITAS Healthcare Breach Exposes 319K Patient Records
• 15:2 : Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
• 14:32 : Eleventh Hour: Cyberwarfare Emerges as an Imminent Threat
• 14:32 : OpenAI Vendor Breach Exposes API User Data
• 14:32 : CastleLoader Widens Its Reach as GrayBravo’s MaaS Infrastructure Fuels Multiple Threat Clusters
• 14:32 : Cyberattack Hits Leavenworth Services
• 14:32 : Inotiv Reports Ransomware Data Breach
• 14:32 : Justice Dept Targets Russian Hackers
• 14:32 : Spain Arrests Teen Over Data Theft
• 14:32 : Polish Police Arrest Hackers With Tools
• 14:5 : IT Security News Hourly Summary 2025-12-10 15h : 16 posts
• 14:2 : Global Cyber Attacks Increase in November 2025 Driven by Ransomware Surge and GenAI Risks
• 14:2 : APT28’s Toolkit: AI, Wi-Fi Intrusions, Cloud C2
• 14:2 : Petco takes down Vetco website after exposing customers’ personal information
• 14:2 : Browser Hijacking: Three Technique Studies
• 14:2 : US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups
• 14:2 : Europol’s OTF GRIMM Arrests Nearly 200 in Crackdown on “Violence-as-a-Service” Crime Networks
• 14:2 : Researchers Find Massive Increase in Hypervisor Ransomware Incidents
• 14:2 : WinRAR Flaw Under Active Attack Now
• 14:2 : Microsoft Fixes Dozens Of Security Flaws
• 13:32 : AI-Powered Analysis Exposes Massive 5,000-Domain Chinese Malware Operation
• 13:32 : The big catch: How whaling attacks target top executives
• 13:32 : Google Chrome’s New AI Security Aims to Stop Hackers Cold
• 13:32 : Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely
• 13:32 : Threat Actors Weaponize ChatGPT and Grok Conversations to Deploy AMOS Stealer
• 13:32 : GhostFrame phishing kit fuels widespread attacks against millions
• 13:32 : Securing MCP: How to Build Trustworthy Agent Integrations
• 13:3 : Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data
• 13:2 : Microsoft Releases New Guidance to Combat the Shai-Hulud 2.0 Supply Chain Threat
• 13:2 : Gemini Zero-Click Flaw Let Attackers Access Gmail, Calendar, and Google Docs
• 13:2 : Cybercriminals Use Fake Game Updates on Itch.io and Patreon to Push Lumma Stealer
• 13:2 : High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking
• 13:2 : Essential Eight: What Organisations Should Expect in 2026
• 13:2 : Crisis in Icebergen: How NATO crafts stories to sharpen cyber skills
• 13:2 : Fortinet Patches Critical Authentication Bypass Vulnerabilities
• 13:2 : Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
• 13:2 : OWASP Project Publishes List of Top Ten AI Agent Threats
• 12:32 : FBI Warns of Fake Video Scams
• 12:32 : Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data
• 12:2 : Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
• 12:2 : Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
• 12:2 : Ivanti EPM Update Patches Critical Remote Code Execution Flaw
• 12:2 : Crimes Extorting Ransoms by Manipulating Online Photos
• 11:32 : 01flip: Multi-Platform Ransomware Written in Rust
• 11:32 : Australia Begins Enforcing Child Social Media Ban
• 11:32 : FortiSandbox OS command injection Vulnerability Let Attackers execute Malicious code
• 11:32 : North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT
• 11:31 : SAP Patches Critical Vulnerabilities With December 2025 Security Updates
• 11:5 : IT Security News Hourly Summary 2025-12-10 12h : 6 posts
• 11:2 : Backslash secures MCP servers from data leakage, prompt injection, and privilege abuse
• 11:2 : Log4Shell Downloaded 40 Million Times in 2025
• 10:32 : Introducing Saved Searches in Google Threat Intelligence (GTI) and VirusTotal (VT): Enhance Collaboration and Efficiency
• 10:32 : Pebble Founder Launches $75 Smart Ring For Taking Notes
• 10:32 : China Said To Seek Ways Of Limiting Nvidia’s H200
• 10:32 : Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group
• 10:2 : Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day
• 10:2 : U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog
• 10:2 : Gemini Zero-Click Vulnerability Let Attackers Access Gmail, Calendar, and Docs
• 10:2 : CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks
• 10:2 : Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code
• 10:2 : ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider
• 10:2 : Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
• 10:2 : Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025
• 9:32 : Met Police Seize E-Bikes In Phone Theft Crackdown
• 9:32 : Song From 1962 Becomes Top TikTok Hit
• 9:32 : Initial Access Brokers Now Central to Cyberattacks: Report
• 9:32 : BigID Activity Explorer enhances visibility for insider risk investigation
• 9:2 : Skyhigh Security debuts dashboard for unified data visibility and compliance
• 9:2 : Protecto Vault adds API-first protection for safer AI agent workflows
• 9:2 : Apptega Policy Manager streamlines policy creation and compliance oversight
• 8:31 : EU Investigates Google Over AI Summaries
• 8:31 : Google To Launch AI Smart Glasses Next Year
• 8:31 : Intel, AMD Processors Affected by PCIe Vulnerabilities
• 8:31 : Spain arrest over data records, goodbye dark Telegram, scammers poison AI search results
• 8:5 : IT Security News Hourly Summary 2025-12-10 09h : 2 posts
• 8:2 : New Portuguese Law Shields Ethical Hackers from Prosecution
• 7:31 : Henkel CISO on the messy truth of monitoring factories built across decades
• 7:2 : Are there privacy risks of having home cameras?
• 6:31 : CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation
• 6:31 : Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security
• 6:31 : The hidden dynamics shaping who produces influential cybersecurity research
• 6:2 : LLMs are everywhere in your stack and every layer brings new risk
• 6:2 : UTMStack: Open-source unified threat management platform
• 6:2 : Google Chrome’s AI Safety Plan? More AI
• 5:5 : IT Security News Hourly Summary 2025-12-10 06h : 6 posts
• 5:2 : Building SOX compliance through smarter training and stronger password practices
• 5:2 : Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
• 5:2 : How to customize your response to layer 7 DDoS attacks using AWS WAF Anti-DDoS AMR
• 4:31 : Windows Cloud Files Mini Filter Driver 0-Day Vulnerability Exploited in the Wild to Escalate Privileges
• 4:31 : Microsoft 365 Services Disruption in Australia: Users Face Access Issues in Accessing Services
• 4:31 : New SVG-Based Clickjacking Technique Exposes Cross-Origin Data Through CSS Filters
• 3:2 : UK Sanctions Russian and Chinese Firms Suspected of Being ‘Malign Actors’ in Information Warfare
• 1:2 : ISC Stormcast For Wednesday, December 10th, 2025 https://isc.sans.edu/podcastdetail/9732, (Wed, Dec 10th)
• 1:2 : GOLD BLADE: Custom QWCrypt Locker for Data Exfiltration and Ransomware Deployment
• 1:2 : Threat Actors Poison SEO to Spread Fake Microsoft Teams Installer
• 1:2 : Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws
• 1:2 : Makop Ransomware Targets RDP Systems Using AV Killer and Additional Exploits
• 1:2 : Microsoft December 2025 Patch Tuesday Fixes 56 Vulnerabilities Fixed and 3 Zero-days
• 0:2 : Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday
• 23:31 : Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities
• 23:31 : Microsoft Patch Tuesday, December 2025 Edition
• 23:5 : IT Security News Hourly Summary 2025-12-10 00h : 7 posts
• 23:2 : CVE-2025-53841: Guardicore Local Privilege Escalation Vulnerability
• 23:2 : Ivanti warns customers of new EPM flaw enabling remote code execution
• 23:2 : Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
• 22:55 : IT Security News Daily Summary 2025-12-09