IT Security News Daily Summary 2025-12-02

146 posts were published in the last hour

• 22:6 : U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog
• 22:6 : Hackers can Hijack Your Dash Cams in Seconds and Weaponize it for Future Attacks
• 21:31 : India Mandates Undeletable Security App on All Smartphones
• 21:7 : Empower CISOs with Visibility, Agility, Compliance, and Strategic ROI
• 21:7 : Hackers Leverage Evilginx to Undermine MFA Security Mimicking Legitimate SSO Sites
• 21:7 : Ukraine Hackers Attacking Russian Aerospace Companies and Other Defence-Related Sectors
• 21:7 : Nisos Details Earlier Signs of Insider Detection via Authentication and Access Controls
• 20:31 : Rapidly Evolving Arkanix Stealer Hits Credentials and Wallets
• 20:5 : IT Security News Hourly Summary 2025-12-02 21h : 7 posts
• 20:2 : 100,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Advanced Custom Fields: Extended WordPress Plugin
• 19:32 : 2025-11-10: Ten days of scans and probes and web traffic hitting my web server
• 19:32 : 2025-11-23: Ten days of scans and probes and web traffic hitting my web server
• 19:32 : Your Data Might Determine How Much You Pay for Eggs
• 19:31 : Researchers Expose Lazarus Recruitment Pipeline Live on Camera Through Honeypot Operation
• 19:31 : Water Saci Hackers Leveraging AI Tools to Attack WhatsApp Web Users
• 19:31 : Salty2FA and Tycoon2FA Phishing Kits Attacking Enterprise Users to Steal Login Credentials
• 19:2 : Two Android 0-day bugs disclosed and fixed, plus 105 more to patch
• 19:2 : Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk
• 19:2 : India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
• 18:31 : Everest Ransomware Claims ASUS Breach and 1TB Data Theft
• 18:31 : How to build forward-thinking cybersecurity teams for tomorrow
• 18:7 : “Sleeper” browser extensions woke up as spyware on 4 million devices
• 18:7 : Stealth RCE in Codex Exposes Developer Workflows
• 18:7 : University of Pennsylvania joins list of victims from Clop’s Oracle EBS raid
• 18:6 : How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers
• 18:6 : Closing the Document Security Gap: Why Document Workflows Must Be Part of Cybersecurity
• 18:6 : ServiceNow to Acquire Identity Security Firm Veza
• 18:6 : Security’s Next Control Plane: The Rise of Pipeline-First Architecture
• 18:6 : OAuth Isn’t Enough For Agents
• 17:34 : Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin
• 17:34 : Iskra iHUB and iHUB Lite
• 17:34 : Industrial Video & Control Longwatch
• 17:34 : CISA Releases Five Industrial Control Systems Advisories
• 17:34 : Mirion Medical EC2 Software NMIS BioDose
• 17:34 : PostHog Details “Most Impactful” Security Breach as Shai-Hulud 2.0 npm Worm Spreads Through JavaScript SDKs
• 17:34 : Hackers Use Look-Alike Domain Trick to Imitate Microsoft and Capture User Credentials
• 17:5 : IT Security News Hourly Summary 2025-12-02 18h : 9 posts
• 17:2 : NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
• 17:2 : 4.3M Users Exposed in ShadyPanda’s Long-Running Browser Hack
• 17:2 : Zafran Security Raises $60 Million in Series C Funding
• 17:2 : Fortinet FortiWeb flaws found in unsupported versions of web application firewall
• 16:32 : Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)
• 16:32 : A data breach at analytics giant Mixpanel leaves a lot of open questions
• 16:32 : Fortinet at AWS re:Invent 2025: Expanding What’s Possible in Cloud Security
• 16:32 : Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin
• 16:32 : North Korean APT Collaboration Signals Escalating Cyber Espionage and Financial Cybercrime
• 16:2 : MuddyWater strikes Israel with advanced MuddyViper malware
• 16:2 : Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
• 16:2 : GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
• 16:2 : Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
• 16:2 : Critical PickleScan Vulnerabilities Expose AI Model Supply Chains
• 15:32 : SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys
• 15:32 : Kensington and Chelsea confirms IT outage was a data breach after all
• 15:32 : ShadyPanda’s Seven-Year Campaign Infects 4.3M Chrome and Edge Users
• 15:5 : The Great Disconnect: Unmasking the ‘Two Separate Conversations’ in Security
• 15:5 : X’s New Location Feature Exposes Foreign Manipulation of US Political Accounts
• 15:5 : More Breaches, More Risks: Experts say Protect Your Data Now
• 15:5 : Forward Edge-AI delivers quantum-safe data diode and earns communications patent
• 15:5 : Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572)
• 15:5 : 120,000 Cameras Hacked In South Korea
• 15:5 : French Soccer Federation Suffers Cyberattack
• 15:5 : Police Shut Down Cryptomixer Service
• 15:5 : North Korea Lazarus Group Hits Crypto
• 15:5 : India Orders Phones To Preinstall App
• 14:33 : Whispering poetry at AI can make it break its own rules
• 14:33 : New eBPF Filters for Symbiote and BPFdoor Malware
• 14:33 : FTC schools edtech outfit after intruder walked off with 10M student records
• 14:32 : Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
• 14:32 : Glassworm Malware Strikes Again In VS Code
• 14:32 : Smarttube Breach Pushes Malicious Update
• 14:32 : Shadypanda Extensions Hit Millions Users
• 14:7 : Phishing 3.0: AI and Deepfake-Driven Social Engineering Attacks
• 14:7 : Hackers Leverages Telegram, WinSCP, Google Chrome, and Microsoft Teams to Deploy ValleyRat
• 14:6 : Glassworm Malware Hits OpenVSX and Microsoft Visual Studio Platforms with 24 New Packages
• 14:6 : Raspberry Pi 5 Now Available With 1GB RAM With Dual-Band Wi-Fi and PCI Express Port Support
• 14:6 : Microsoft Investigates Defender Portal Access Issues Following Traffic Spike
• 14:6 : Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors
• 13:2 : Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race
• 13:2 : India plans to verify and record every smartphone in circulation
• 13:2 : ‘Korea’s Amazon’ Coupang discloses a data breach impacting 34M customers
• 13:2 : Unit 42 Incident Response Retainer for AWS Security Incident Response
• 12:32 : Like Social Media, AI Requires Difficult Choices
• 12:32 : CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution
• 12:32 : Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers
• 12:32 : Saporo Raises $8 Million for Identity Security Platform
• 12:32 : Span Cyber Security Arena 2026 to offer new perspectives on the development of cybersecurity
• 12:7 : Proxyearth Tool Lets Anyone Trace Users in India with Just a Mobile Number
• 12:7 : AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk
• 12:7 : Apache Struts Vulnerability Let Attackers Trigger Disk Exhaustion Attacks
• 12:7 : Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi
• 12:7 : Google patches 107 Android flaws, including two being actively exploited
• 12:7 : Radiant Logic expands RadiantOne with composable remediation and unified identity observability
• 12:6 : SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
• 11:32 : Hackers Exploit Telegram, WinSCP, Chrome, and Teams to Deliver ValleyRat Malware
• 11:32 : OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks
• 11:32 : Azure API Management Vulnerability Lets Attackers Create Accounts Across Tenants
• 11:32 : DevilsTongue Spyware Targets Windows Users Across Multiple Countries
• 11:32 : Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild
• 11:6 : Google’s latest Android security update fixes two actively exploited flaws
• 11:6 : Personal Information of 33.7 Million Stolen From Coupang
• 11:6 : Indian Teen Enables Apple-Exclusive AirPods Features on Android
• 11:6 : How a noisy ransomware intrusion exposed a long-term espionage foothold
• 11:5 : IT Security News Hourly Summary 2025-12-02 12h : 5 posts
• 10:32 : Texas Probes Shein Over Consumer Safety
• 10:32 : Kaspersky Security Bulletin 2025. Statistics
• 10:32 : MuddyWater cyber campaign adds new backdoors in latest wave of attacks
• 10:32 : Most Companies Fear State-Sponsored Cyber-Attacks and Want More Government Help
• 10:32 : ICO Set to Check If Mobile Games Comply with Children’s Code
• 10:2 : China Reaffirms Anti-Crypto Stance
• 10:2 : From Idea to Proof of Concept to MVP: The Idea stage (1/3)
• 10:2 : Android’s December 2025 Updates Patch Two Zero-Days
• 9:32 : Council Says Data Taken In Cyber-Attack
• 9:4 : Meta Allows Fake Shops, Ads To ‘Run Rampant’
• 8:32 : Robots To Deliver Uber Eats In Leeds
• 8:32 : Google Patches Android 0-Day Vulnerabilities Exploited in the Wild
• 8:32 : Upwind adds real-time AI security and posture management to its CNAPP
• 8:32 : Skyflow delivers Runtime AI Data Security for protecting sensitive data in agentic workflows
• 8:32 : Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
• 8:31 : India orders web safety app, arrests over IP camera snooping, Albiriox shows up on dark web
• 8:5 : IT Security News Hourly Summary 2025-12-02 09h : 8 posts
• 8:4 : Local Council Quits X Over Misinformation
• 8:4 : OpenAI Codex CLI Flaw Allows Attackers to Run Arbitrary Commands
• 8:4 : Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages
• 8:4 : Apache Struts Flaw Allows Attackers to Launch Disk Exhaustion Attacks
• 8:4 : Google Fixes Android Zero-Day Flaws Actively Exploited in the Wild
• 8:4 : Oversharing is not caring: What’s at stake if your employees post too much online
• 8:4 : From Idea to Proof of Concept to MVP: The Idea stage
• 7:31 : Creative cybersecurity strategies for resource-constrained institutions
• 7:2 : India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud
• 6:32 : Sonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox Collaboration
• 6:32 : Product showcase: UserLock IAM for Active Directory
• 6:2 : Attackers keep finding new ways to fool AI
• 5:32 : Mandatory ‘Undeletable’ Security App to Be Installed on Every Smartphone in India
• 5:32 : Cybersecurity jobs available right now: December 2, 2025
• 5:32 : The collapse of trust at the identity layer
• 5:6 : Banking Malware Can Hack.Communications via Encrypted Apps
• 4:4 : India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones
• 3:31 : India demands smartphone makers install a government app on every handset
• 2:6 : ISC Stormcast For Tuesday, December 2nd, 2025 https://isc.sans.edu/podcastdetail/9720, (Tue, Dec 2nd)
• 2:6 : What’s your CNAPP maturity?
• 1:2 : Law enforcement shuts down Cryptomixer in major crypto crime takedown
• 1:2 : Department of Know: Prompt injection problems, California browser law, Hacklore’s security myths
• 23:31 : [Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)
• 23:31 : Malicious VS Code Extension as Icon Theme Attacking Windows and macOS Users
• 23:5 : IT Security News Hourly Summary 2025-12-02 00h : 4 posts
• 22:55 : IT Security News Daily Summary 2025-12-01