IT Security News Daily Summary 2025-12-11

150 posts were published in the last hour

• 22:34 : Perspectives on Cybersecurity
• 22:34 : Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data
• 22:34 : Warnings Mount in Congress Over Expanded US Wiretap Powers
• 22:34 : CISA Adds One Known Exploited Vulnerability to Catalog
• 22:34 : Varex Imaging Panoramic Dental Imaging Software
• 22:34 : Johnson Controls iSTAR
• 22:34 : Siemens Energy Services
• 22:34 : Siemens IAM Client
• 22:34 : GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration
• 22:34 : Critical Gogs zero-day under attack, 700 servers hacked
• 22:34 : Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar
• 22:34 : The Privacy Gap in API Security: Why Protecting APIs Shouldn’t Put Your Data at Risk
• 22:34 : Chain Reaction: Attack Campaign Activity in the Aftermath of React Server Components Vulnerability
• 22:34 : Russian hackers debut simple ransomware service, but store keys in plain text
• 22:33 : From Chatbot to Code Threat: OWASP’s Agentic AI Top 10 and the Specialized Risks of Coding Agents
• 22:33 : Exploring the new AWS European Sovereign Cloud: Sovereign Reference Framework
• 19:4 : One newsletter to rule them all
• 19:4 : Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data
• 19:4 : Google fixed a new actively exploited Chrome zero-day
• 19:4 : GitHub Down! Developers Frustrated by ‘No Server Available’ Message
• 19:4 : Identity Management in the Fragmented Digital Ecosystem: Challenges and Frameworks
• 19:4 : Hacks Up, Budgets Down: OT Oversight Must Be An IT Priority
• 19:4 : Rethinking Security as Access Control Moves to the Edge
• 19:4 : Imposter for hire: How fake people can gain very real access
• 17:35 : Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files
• 17:35 : AIs Exploiting Smart Contracts
• 17:35 : How to Avoid Holiday Shopping Scams (From a Former Cyber Detective)
• 17:35 : Resilience of Critical Utilities: Securing Water and Wastewater Systems in 2025
• 17:35 : DroidLock malware locks you out of your Android device and demands ransom
• 17:35 : Google fixes super-secret 8th Chrome 0-day
• 17:34 : Attackers Worldwide are Zeroing In on React2Shell Vulnerability
• 17:34 : Grid-scale battery energy storage systems face heightened risk of cyberattack
• 17:34 : Cyberattacks force small firms to raise prices: ITRC
• 17:5 : IT Security News Hourly Summary 2025-12-11 18h : 9 posts
• 17:4 : Wordfence Intelligence Weekly WordPress Vulnerability Report (December 1, 2025 to December 7, 2025)
• 17:4 : The Best Red Teaming Tools of 2026: What You Need to Know
• 17:4 : Outpost24 Acquires Infinipoint
• 17:4 : LastPass hammered with £1.2M fine for 2022 breach fiasco
• 17:4 : An Inside Look at the Israeli Cyber Scene
• 17:4 : OpenAI Enhances Defensive Models to Mitigate Cyber-Threats
• 16:34 : Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates
• 16:34 : 700+ Self-hosted Gits Impacted in a Wild Zero-day Exploit
• 16:34 : Petco Takes Vetco Clinics Site Offline After Major Data Exposure Leaves Customer Records Accessible Online
• 16:4 : Advanced Docker Security: From Supply Chain Transparency to Network Defense
• 16:4 : Virtual Event Today: Cyber AI & Automation Summit Day 2
• 16:4 : Report Surfaces Multiple Novel Social Engineering Tactics and Techniques
• 16:4 : Malware Discovered in 19 Visual Studio Code Extensions
• 15:34 : The Year in Review 2025: AI, APIs, and a Whole Lot of Audacity
• 15:34 : Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances
• 15:4 : New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera
• 15:4 : Beyond the SBOM: What CISOs should know about CBOMs and HBOMs
• 15:4 : Ivanti Flags Critical Endpoint Manager Flaw Allowing Remote Code Execution
• 15:4 : December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes
• 14:34 : Infinity Global Services’ Cyber Park World Championship Crowns Its First Global Winners
• 14:34 : Former Accenture Employee Charged Over Cybersecurity Fraud
• 14:5 : IT Security News Hourly Summary 2025-12-11 15h : 43 posts
• 14:4 : 1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
• 14:4 : Security flaws in Freedom Chat app exposed users’ phone numbers and PINs
• 14:4 : Malwarebytes for Mac now has smarter, deeper scans
• 14:4 : MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations
• 14:4 : Beyond Cargo Audit: Securing Your Rust Crates in Container Images
• 14:4 : NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
• 14:4 : ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
• 13:36 : Critical Vulnerability in Multiple India-Based CCTV Cameras Let Attackers Video and Account Credentials
• 13:36 : New “SOAPwn” .NET Vulnerabilities Expose Barracuda, Ivanti and Microsoft Appliances to RCE Attack
• 13:36 : Hackers Leveraging LLM Shared Chats to Steal Your Passwords and Crypto
• 13:36 : Charming Kitten Leak Exposes Key Personnel, Front Companies, and Thousands of Compromised Systems
• 13:36 : Researcher claims Salt Typhoon spies attended Cisco training scheme
• 13:36 : UK Cyber Agency says AI Prompt-injection Attacks May Persist for Years
• 13:35 : Rising Prompt Injection Threats and How Users Can Stay Secure
• 13:6 : Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
• 13:6 : Amazon To Pay €511m To Settle Italian Tax Probe
• 13:6 : Oracle Shares Sink On Debt Concerns
• 13:6 : Google ‘Faces EU Fine’ Unless It Makes App Store Changes
• 13:6 : US State AGs Warn AI Firms Over ‘Delusional Outputs’
• 13:6 : CastleLoader Malware Now Uses Python Loader to Bypass Security
• 13:6 : Top 10 Data Anonymization Solutions for 2026
• 13:6 : Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks
• 13:6 : How To Detect React2Shell Using Burp Suite (RCE CVSS 10.0)
• 13:6 : Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece
• 13:6 : Hunting for Mythic in network traffic
• 13:6 : Coupang CEO Resigns Following Major Data Breach Exposing 34 Million Customers
• 13:6 : New Multi-Platform 01flip Ransomware Supports Multi-platform Architecture, Including Windows and Linux
• 13:6 : 2 Chinese Hackers Trained in Cisco Program Now Leading Sophisticated Attacks on Cisco Devices
• 13:5 : ValleyRAT Malware Uses Stealthy Driver Install to Bypass Windows 11 Protections
• 13:5 : High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI
• 13:5 : GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS Attack
• 13:5 : Another Chrome zero-day under attack: update now
• 13:5 : Users report chaos as Legal Aid Agency stumbles back online after cyberattack
• 13:5 : 10K Docker images spray live cloud creds across the internet
• 13:5 : Researcher claims Salt Typhoon cyber spies attended Cisco training scheme
• 13:5 : IBM Patches Over 100 Vulnerabilities
• 13:5 : Unpatched Gogs Zero-Day Exploited for Months
• 13:5 : Wide Range of Malware Delivered in React2Shell Attacks
• 13:5 : Pierce County Library Data Breach Impacts 340,000
• 13:5 : Thailand’s Personal Data Protection Act
• 13:5 : Microsoft Copilot Studio Security Risk: How Simple Prompt Injection Leaked Credit Cards and Booked a $0 Trip
• 13:5 : LW ROUNDTABLE: Lessons from 2025 — Cyber risk got personal; accountability enters a new phase
• 13:5 : How to Fix Reverse DNS does not match the SMTP banner Error
• 13:5 : INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps
• 13:4 : Thales expands AI ecosystem protection with application and RAG security tools
• 13:4 : Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
• 13:4 : Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
• 13:4 : WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
• 13:4 : The Impact of Robotic Process Automation (RPA) on Identity and Access Management
• 13:4 : “Cyber Tax” Warning as Two-Fifths of SMBs Raise Prices After Breach
• 13:4 : Google Releases Critical Chrome Security Update to Address Three Zero-Days
• 13:4 : Scam-Busting FCA Firm Checker Tool Given Cautious Welcome
• 9:2 : How to Install WhatsApp on Your PC
• 9:2 : Google’s Defunct Russia Arm Targets Company’s French Assets
• 9:2 : Pro-Russia Hacktivist Support: Ukrainian Faces US Charges
• 9:2 : Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer
• 9:2 : F5 strengthens ADSP with enhanced API discovery and threat detection
• 8:32 : Apple’s Cook Meets With US Lawmakers To Oppose Safety Bill
• 8:32 : Hackers Infiltrate VS Code Marketplace with 19 Malicious Extensions Posing as PNG File
• 8:32 : CloudCasa adds SMB support and compression controls for Kubernetes backup
• 8:32 : Black Duck Signal applies LLM intelligence to code and supply chain risk
• 8:32 : Coupang CEO resigns, hactivists target US infrastructure, Israeli cybersecurity hits record funding
• 8:5 : IT Security News Hourly Summary 2025-12-11 09h : 7 posts
• 8:2 : Mandating Security by Design: Sekoia’s Blueprint for the EU Cyber Resilience Act
• 8:2 : Amazon, Microsoft To Spend $50bn In India
• 8:2 : EU Cyber Resilience Act (CRA) – Overview
• 8:2 : It didn’t take long: CVE-2025-55182 is now under active exploitation
• 8:2 : Google Patches Mysterious Chrome Zero-Day Exploited in the Wild
• 7:32 : 40 open-source tools redefining how security teams secure the stack
• 7:31 : Bugcrowd unveils AI tools to accelerate triage and strengthen preemptive security
• 7:2 : Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution
• 6:31 : LLM vulnerability patching skills remain limited
• 6:2 : 644K+ Websites at Risk Due to Critical React Server Components Flaw
• 6:2 : New “Spiderman” Phishing Kit Lets Hackers Build Fake Bank Login Pages Instantly
• 6:2 : Security Alert: 19 Fake PNG Extensions Found in VS Code Marketplace
• 6:2 : Password habits are changing, and the data shows how far we’ve come
• 5:31 : Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data
• 5:31 : Product showcase: Tuta – secure, encrypted, private email
• 5:5 : IT Security News Hourly Summary 2025-12-11 06h : 3 posts
• 5:2 : Teamwork is failing in slow motion and security feels it
• 4:31 : Google Warns of Chrome 0-Day Vulnerability Actively Exploited in the wild
• 4:31 : Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security
• 3:31 : Using AI Gemma 3 Locally with a Single CPU , (Wed, Dec 10th)
• 2:5 : IT Security News Hourly Summary 2025-12-11 03h : 3 posts
• 2:2 : ISC Stormcast For Thursday, December 11th, 2025 https://isc.sans.edu/podcastdetail/9734, (Thu, Dec 11th)
• 2:2 : Slash VM provisioning time on Red Hat Openshift Virtualization using Red Hat Ansible Automation Platform
• 1:32 : Beyond the SBOM: What CISOs should about CBOMs and HBOMs
• 1:2 : Embracing our broad responsibility for securing digital infrastructure in the European Union
• 0:31 : Exploitation of Critical Vulnerability in React Server Components (Updated December 10)
• 0:2 : What makes smart secrets management essential?
• 0:2 : How does Agentic AI empower cybersecurity teams?
• 23:5 : IT Security News Hourly Summary 2025-12-11 00h : 2 posts
• 23:2 : Fortinet fixed two critical authentication-bypass vulnerabilities
• 22:55 : IT Security News Daily Summary 2025-12-10