IT Security News Daily Summary 2025-12-08

153 posts were published in the last hour

• 21:31 : Exploitation of Critical Vulnerability in React Server Components (Updated December 8)
• 21:2 : ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings
• 20:31 : Initial access brokers involved in more attacks, including on critical infrastructure
• 20:5 : IT Security News Hourly Summary 2025-12-08 21h : 4 posts
• 19:31 : AI Pulse: The First Agentic Cyber Week
• 19:31 : Guide to using digital twins for cybersecurity testing
• 19:31 : CISA Adds Two Known Exploited Vulnerabilities to Catalog
• 19:31 : Petco’s security lapse affected customers’ SSNs, driver’s licenses, and more
• 19:2 : FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms
• 19:2 : Architecting Security for Agentic Capabilities in Chrome
• 19:2 : 193 cybercrims arrested, accused of plotting ‘violence-as-a-service’
• 19:2 : How AI-Enabled Adversaries Are Breaking the Threat Intel Playbook
• 19:2 : Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
• 19:2 : AWS launches AI-enhanced security innovations at re:Invent 2025
• 18:32 : New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites
• 18:32 : Vulnerability Summary for the Week of December 1, 2025
• 18:31 : Stronger together: New Beazley collaboration enhances cyber resilience
• 18:2 : Hackers Exploit AWS IAM Eventual Consistency to Establish Persistence
• 18:2 : Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware
• 18:2 : Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks
• 18:2 : End to End-to-end Encryption? Google Update Allows Firms to Read Employee Texts
• 18:2 : Meta Begins Removing Under-16 Users Ahead of Australia’s New Social Media Ban
• 17:5 : IT Security News Hourly Summary 2025-12-08 18h : 5 posts
• 17:3 : Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings
• 17:3 : Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more
• 17:3 : New GhostFrame Super Stealthy Phishing Kit Attacks Millions of Users Worldwide
• 17:3 : ClayRat Android Spyware Expands Capabilities
• 17:3 : Ransomware peaked in 2023 prior to law enforcement actions
• 16:2 : Oracle EBS zero-day used by Clop to breach Barts Health NHS
• 16:2 : NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety
• 16:2 : QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
• 16:2 : How phishers hide banking scams behind free Cloudflare Pages
• 16:2 : Marquis Software Breach Affects Over 780,000 Nationwide
• 16:2 : Major drug research company confirms cyberattack compromised employee and partner data
• 15:32 : INE Earns G2 Winter 2026 Badges Across Global Markets
• 15:31 : Cyberattacks Target Seven Major Indian Airports Through GPS Spoofing
• 15:31 : AI IDE Security Flaws Exposed: Over 30 Vulnerabilities Highlight Risks in Autonomous Coding Tools
• 15:3 : Don’t get scammed: Your holiday guide to spotting fake e-shops
• 15:2 : Lumma Stealer: Danger lurking in fake game updates from itch.io and Patreon
• 15:2 : US Accounts for 44% of Cyber Attacks; Financial Gain Targets Public Administration
• 15:2 : Critical Cal.com Vulnerability Let Attackers Bypass Authentication Via Fake TOTP Codes
• 15:2 : CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation
• 15:2 : Hackers Leverage Multiple Ad Networks to Attack Adroid Users With Triada Malware
• 15:2 : Hackers Can Leverage Delivery Receipts on WhatsApp and Signal to Extract User Private Information
• 15:2 : Resemble AI Raises $13 Million for AI Threat Detection
• 15:2 : CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary
• 15:2 : NinjaOne rolls out secure, compliant remote access for IT teams
• 14:32 : Oh Crap, Kohler’s Toilet Cameras Aren’t Really End-to-End Encrypted
• 14:32 : Debunking Common Cloud Security Misconceptions
• 14:32 : Download: Evaluating Password Monitoring Vendors
• 14:32 : Veza brings unified visibility and control to AI agents across the enterprise
• 14:32 : Portugal Revises Cybercrime Law For Researchers
• 14:32 : EU Fines X 140 Million Over Blue Check
• 14:32 : Android Malware Adds Stronger Data Theft
• 14:32 : MuddyWater Uses UDPGangster In Campaign
• 14:32 : Sneeit RCE And ICTBroadcast Bug Power Attacks
• 14:7 : US Contributes to 44% of Cyber Attacks; Public Administration Targeted for Financial Gains
• 14:7 : Hackers Exploit Multiple Ad Networks to Distribute Triada Malware to Android Users
• 14:7 : Apple, Google, and Samsung May Soon Activate Always-On GPS in India
• 14:7 : NVIDIA and Lakera AI Propose Unified Framework for Agent Safety
• 14:7 : Exposing the Core Functionalities of QuasarRAT: Encrypted Configuration and Obfuscation Techniques
• 14:7 : UK moves to strengthen undersea cable defenses as Russian snooping ramps up
• 14:7 : AWS: China-linked threat actors weaponized React2Shell hours after disclosure
• 14:7 : Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI
• 14:5 : IT Security News Hourly Summary 2025-12-08 15h : 6 posts
• 13:32 : Space Bears Ransomware Claims Comcast Data Theft Through QuasarBreach
• 13:32 : Hackers Compromising Developers with Malicious VS Code, Cursor AI Extensions
• 13:32 : LOLPROX Exposes Hidden Exploitation Paths that Can Enable Stealthy Hypervisor Attacks
• 13:32 : The ‘Kitten’ Project – Hacktivist Groups Carrying Out Attacks Targeting Israel
• 13:32 : How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
• 13:32 : ⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
• 13:4 : Tri-Century Eye Care Data Breach Impacts 200,000 Individuals
• 12:32 : Substitution Cipher Based on The Voynich Manuscript
• 12:32 : Home Office kept police facial recognition flaws to itself, UK data watchdog fumes
• 12:32 : Ransomware Payments Surpassed $4.5 Billion: US Treasury
• 12:5 : Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
• 12:5 : Next.js Releases Scanner to Detect and Fix Apps Affected by React2Shell Vulnerability
• 12:5 : Porsche Cars Disabled After Major Failure in Installed Satellite Security System
• 12:5 : CISA Adds Critical React2Shell Vulnerability to KEV Catalog After Active Exploitation
• 12:5 : LOLPROX Unveils Undetected Exploitation Routes for Stealthy Hypervisor Attacks
• 12:5 : OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks
• 12:5 : Critical WatchGuard Firebox Vulnerabilities Let Attackers Bypass Integrity Checks and Inject Malicious Codes
• 12:5 : Portugal Updates Cybercrime Law To Protect Good-Faith Security Researchers
• 12:4 : Palo Alto GlobalProtect Portals Face Spike in Suspicious Login Attempts
• 12:4 : Fake RTO e-Challan WhatsApp Scam Resurfaces: Fraudsters Push Spyware Through Malicious APK Files
• 12:4 : Portugal Revises Cybercrime Law to Protect Security Researchers
• 12:4 : React2Shell Under Active Exploitation by China-Nexus Hackers
• 11:32 : TenSec 2019
• 11:32 : Exploiting Wi-Fi Stack on Tesla Model S
• 11:32 : Tencent Keen Security Lab joins GENIVI Alliance
• 11:32 : Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
• 11:32 : Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
• 11:32 : AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
• 11:32 : Over 70 Domains Used in Months-Long Phishing Spree Against US Universities
• 11:32 : Barts Health seeks High Court block after Clop pillages NHS trust data
• 11:31 : Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
• 11:7 : Cyber Threats to the U.S.: What Policymakers Need to Know for 2026
• 11:7 : Apple and Google Alert Users Worldwide After New Spyware Activity Surfaces
• 11:6 : Critical Apache Tika Vulnerability Leads to XXE Injection
• 11:6 : Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell
• 11:5 : IT Security News Hourly Summary 2025-12-08 12h : 2 posts
• 10:32 : Indonesia’s Gambling Ecosystem Exposed With Indicators of National-Level Cyber Operations
• 10:32 : UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims
• 10:4 : U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog
• 10:4 : Exploitation of React2Shell Surges
• 10:4 : Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
• 9:32 : Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2
• 9:32 : Barts Health Seeks High Court Ban After Oracle EBS Breach
• 9:7 : Advent of Configuration Extraction – Part 2: Unwrapping QuasarRAT’s Configuration
• 9:7 : Silicon In Focus Podcast: Building Data Infrastructure for Enterprise Agility
• 9:7 : AI Reasoning Models ‘Use 100 Times More Power’
• 9:7 : Hundreds of Porsche Cars Immobilized Following Malfunction in Installed Satellite Security System
• 9:7 : Pharma Firm Inotiv Confirms Data Breach Following Ransomware Attack
• 9:7 : Shanya EDR Killer Leveraged by Ransomware Groups to Clear the Way for Ransomware Infection
• 9:6 : Crypto User Loses $9,000 in Seconds After Clicking Instagram Ad Promising Easy Profits
• 8:32 : TikTok To Build $38bn Data Centre In Brazil
• 8:32 : Strengthening Fraud Prevention with Real-Time Mobile Identity Signals
• 8:32 : From Idea to Proof of Concept to MVP: The Minimum Viable Product – MVP (3/3)
• 8:32 : A week in security (December 1 – December 7)
• 8:32 : Palo Alto VPN attacks, NATO cyberdefense exercise, Chinese exploit React2Shell
• 8:5 : IT Security News Hourly Summary 2025-12-08 09h : 6 posts
• 8:4 : Meta Shuts Down Australian Teenagers’ Accounts
• 8:4 : Critical Vulnerabilities in GitHub Copilot, Gemini CLI, Claude, and Other Tools Impact Millions of Users
• 8:4 : Next.js Released a Scanner to Detect and Update Apps Impacted by React2Shell Vulnerability
• 7:32 : CISA Releases New AI-in-OT Security Guidance: Key Principles & Risks
• 7:32 : December 2025 Patch Tuesday forecast: And it’s a wrap
• 7:32 : MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
• 7:4 : Malicious Go Packages Mimic as Google’s UUID Library to Exfiltrate Sensitive Data
• 7:4 : Critical React2Shell RCE Vulnerability Exploited in the Wild to Execute Malicious Code
• 7:4 : Predator Spyware Compamy Used 15 Zero-Days Since 2021 to Target iOS Users
• 7:4 : The Bastion: Open-source access control for complex infrastructure
• 7:4 : NVIDIA research shows how agentic AI fails under attack
• 6:32 : Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude, and Other AI Tools Affect Millions
• 6:32 : Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code
• 6:32 : Shanya EDR Killer: The New Favorite Tool for Ransomware Operators
• 6:32 : Critical Cal.com Flaw Allows Attackers to Bypass Authentication Using Fake TOTP Codes
• 6:31 : Indonesia’s Gambling Industry Reveals Clues of Nationwide Cyber Involvement
• 6:31 : How to tell if your password manager meets HIPAA expectations
• 6:2 : DevelopmentTools May Allow Remote Compromise
• 5:31 : Ex-Employee Sues Washington Post Over Oracle EBS-Related Data Breach
• 5:31 : CISOs are spending big and still losing ground
• 5:31 : Invisible IT is becoming the next workplace priority
• 5:6 : Block all AI browsers for the foreseeable future: Gartner
• 5:5 : IT Security News Hourly Summary 2025-12-08 06h : 1 posts
• 4:31 : React2Shell Exploited Within Hours as Firms Rush to Patch
• 3:32 : NETREAPER Offensive Security Toolkit That Wraps 70+ Penetration Testing Tools
• 2:31 : ISC Stormcast For Monday, December 8th, 2025 https://isc.sans.edu/podcastdetail/9728, (Mon, Dec 8th)
• 2:5 : IT Security News Hourly Summary 2025-12-08 03h : 1 posts
• 2:2 : China’s first reusable rocket explodes, but its onboard Ethernet network flew
• 0:31 : Apache warns of 10.0-rated flaw in Tika metadata ingestion tool
• 23:5 : IT Security News Hourly Summary 2025-12-08 00h : 2 posts
• 22:58 : IT Security News Weekly Summary 49
• 22:55 : IT Security News Daily Summary 2025-12-07