Introduction Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government.…
Category: EN
ISC Stormcast For Thursday, December 4th, 2025 https://isc.sans.edu/podcastdetail/9724, (Thu, Dec 4th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, December 4th, 2025…
Nation-State Attack or Compromised Government? [Guest Diary], (Thu, Dec 4th)
[This is a Guest Diary by Jackie Nguyen, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Nation-State Attack or Compromised Government? [Guest…
Rust core library partly polished for industrial safety spec
Ferrous Systems achieves IEC 61508 (SIL 2) certification for systems that demand reliability Memory-safe Rust code can now be more broadly applied in devices that require electronic system safety, at least as measured by International Electrotechnical Commission (IEC) standards.… This…
King Addons flaw lets anyone become WordPress admin
Hackers are exploiting a King Addons flaw (CVE-2025-8489) that lets anyone register and instantly gain admin privileges on WordPress sites. Hackers are exploiting a critical vulnerability, tracked as CVE-2025-8489 (CVSS score of 9.8), in the WordPress plugin King Addons for…
Best 5 Dark Web Intelligence Platforms
Cybersecurity today is about a lot more than just firewalls and antivirus software. As organisations adopt cloud computing,… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the original article: Best…
‘Exploitation is imminent’ as 39 percent of cloud environs have max-severity React hole
Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass…
Lessons from Smart Switching: Rethinking Security and Performance
Microsegmentation built directly into the network infrastructure means that stronger network security no longer equals slower systems. This article has been indexed from Blog Read the original article: Lessons from Smart Switching: Rethinking Security and Performance
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
Job seekers looking out for opportunities might instead find their personal devices compromised, as a ValleyRAT campaign propagated through email leverages Foxit PDF Reader for concealment and DLL side-loading for initial entry. This article has been indexed from Trend Micro…
CISA eliminates pay incentives as it changes how it retains top cyber talent
Program that auditors described as poorly managed is scrapped as the agency expands another recruitment tool. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISA eliminates pay incentives as it changes how…
Shai Hulud 2.0, now with a wiper flavor
Kaspersky researchers uncover a new version of the Shai Hulud npm worm, which is attacking targets in Russia, India, Brazil, China, and other countries, and has wiper features. This article has been indexed from Securelist Read the original article: Shai…
Attempts to Bypass CDNs, (Wed, Dec 3rd)
Currently, in order to provide basic DDoS protection and filter aggressive bots, some form of Content Delivery Network (CDN) is usually the simplest and most cost-effective way to protect a web application. In a typical setup, DNS is used to…
‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted
Kohler, the makers of a smart toilet camera, can access customers’ data stored on its servers, and can use customers’ bowl pictures to train AI. This article has been indexed from Security News | TechCrunch Read the original article: ‘End-to-end…
University of Pennsylvania and University of Phoenix disclose data breaches
The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign. The University of Pennsylvania (Penn) and the University of Phoenix confirmed they were hit in the recent cyberattack targeting Oracle…
India’s New SIM-Binding Rule for WhatsApp, Signal, Telegram and Other Messaging Platforms
India has implemented a mandatory SIM-binding requirement for messaging applications, including WhatsApp, Telegram, Signal, Snapchat, and others. The Department of Telecommunications issued a directive on November 28 requiring all app-based communication services to ensure that users maintain an active SIM…
After intense backlash, India pulls mandate to preinstall government app on smartphones
On Wednesday, the Indian telecom ministry said Sanchar Saathi, an anti-theft and cybersecurity protection app, would remain voluntary, and that smartphone makers would no longer be required to preload it on devices they sell. This article has been indexed from…
Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack
Marquis said ransomware hackers stole reams of banking customer data, containing personal information and financial records, as well as Social Security numbers, belonging to hundreds of thousands of people. The number of affected people is expected to rise. This article…
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. It allows “unauthenticated remote code execution by…
Hackers Can Weaponize Claude Skills to Execute MedusaLocker Ransomware Attack
A new feature in Anthropic’s Claude AI, known as Claude Skills, has been identified as a potential vector for ransomware attacks. This feature, designed to extend the AI’s capabilities through custom code modules, can be manipulated to deploy malware like…
Longwatch RCE Vulnerability Let Attackers Execute Remote Code With Elevated Privileges
A critical security vulnerability has been discovered in Industrial Video & Control’s Longwatch video surveillance system, allowing attackers to execute malicious code with elevated privileges remotely. The flaw, tracked as CVE-2025-13658, affects Longwatch versions 6.309 through 6.334 and has received a…