IT Security News Daily Summary 2025-12-09

150 posts were published in the last hour

• 22:33 : Exploitation of Critical Vulnerability in React Server Components (Updated December 9)
• 22:32 : How to Tell if Someone Blocked Your Number (+ What to Do Next)
• 22:32 : Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft
• 22:2 : The Dark Web Economy Behind Ad Fraud: What Marketers Don’t See
• 22:2 : How to answer the door when the AI agents come knocking
• 21:32 : CISA, FBI, and U.S. and Global Partners Urge Immediate Action to Defend Critical Infrastructure from Pro-Russia Hacktivist Threats
• 21:32 : Top data loss prevention tools for 2026
• 21:31 : Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
• 21:2 : FortiOS, FortiWeb, and FortiProxy Vulnerability Lets Attackers Bypass FortiCloud SSO Authentication
• 21:2 : Adobe Patches Nearly 140 Vulnerabilities
• 20:32 : Microsoft Patch Tuesday December 2025, (Tue, Dec 9th)
• 20:31 : Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
• 20:31 : Microsoft Patches 57 Vulnerabilities, Three Zero-Days
• 20:5 : IT Security News Hourly Summary 2025-12-09 21h : 2 posts
• 19:31 : Indirect Malicious Prompt Technique Targets Google Gemini Enterprise
• 19:31 : North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
• 19:2 : Broadside Mirai Botnet Hijacks Ship Cameras for DDoS
• 18:32 : Reproducibility as a Competitive Edge: Why Minimal Config Beats Complex Install Scripts
• 18:32 : Partners Are Fueling Innovation with Cortex XSIAM and Prisma SASE
• 18:32 : Further Hardening Android GPUs
• 18:32 : Ivanti Security Update: Patch for Code Execution Vulnerabilities in Endpoint Manager
• 18:32 : Threat Actors Poisoning SEO Results to Attack Organizations With Fake Microsoft Teams Installer
• 18:32 : Makop Ransomware Exploits RDP Systems with AV Killer and Other Exploits
• 18:32 : Microsoft December 2025 Patch Tuesday – 56 Vulnerabilities Fixed Including 3 Zero-days
• 18:2 : Police Dismantle EUR 700 Million Crypto Scam That Used Deepfakes
• 18:2 : Universal Boot Loader (U-Boot)
• 18:2 : CISA Releases Three Industrial Control Systems Advisories
• 18:2 : Multiple India-based CCTV Cameras
• 18:2 : Festo LX Appliance
• 18:2 : Saviynt Raises $700M at Approximately $3B Valuation
• 18:2 : Changing the physics of cyber defense
• 17:32 : Porsche panic in Russia as pricey status symbols forget how to car
• 17:32 : Prime Security Raises $20 Million to Build Agentic Security Architect
• 17:32 : React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics
• 17:5 : IT Security News Hourly Summary 2025-12-09 18h : 13 posts
• 17:3 : Winning the AI Race Starts with the Right Security Platform
• 17:3 : GOLD BLADE Using Custom QWCrypt Locker that Allows Data Exfiltration and Ransomware Deployment
• 17:3 : AI-Powered Security Operations: Governance Considerations for Microsoft Sentinel Enterprise Deployments
• 17:3 : Exploitation Efforts Against Critical React2Shell Flaw Accelerate
• 17:3 : Rebrand Cybersecurity from “Dr. No” to “Let’s Go”
• 17:3 : How Retailers Should Harden Accounts Before the Holiday Rush
• 17:3 : Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
• 17:3 : Malicious VS Code Extensions Deploy Advanced Infostealer
• 16:32 : Microsoft Teams New feature Allows Users to Flag Malicious Calls
• 16:32 : See Cyber Threats to Your Company’s Industry & Region in 2 Seconds
• 16:31 : Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities
• 16:31 : Webinar Today: Inside the First 72 hours of a Cyber Event
• 16:31 : Majority of global firms plan to boost cyber spending in 2026
• 16:2 : SAP Issues Critical Patches for Major Code Execution Flaws
• 16:2 : Broadside botnet hits TBK DVRs, raising alarms for maritime logistics
• 16:2 : DeadLock Ransomware Uses BYOVD to Evade Security Measures
• 15:35 : Google Confirms Rising ‘Account Takeovers’— Users Told to Check Chrome Settings
• 15:35 : Microsoft Issues New ‘Critical‘ Windows 11 Update Amid Broader Upgrade Push
• 15:35 : As humanoid robots enter the mainstream, security pros flag the risk of botnets on legs
• 15:35 : React2Shell Attacks Linked to North Korean Hackers
• 15:35 : Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul
• 15:35 : FinCEN: Ransomware Gangs Extorted Over $2.1B from 2022 to 2024
• 15:35 : Critical CVE-2025-66516 Exposes Apache Tika to XXE Attacks Across Core and Parser Modules
• 15:3 : New GeminiJack 0-Click Flaw in Gemini AI Exposed Users to Data Leaks
• 15:3 : Proofpoint Acquires Hornetsecurity in $1.8 Billion Deal to Strengthen SMB Cybersecurity
• 15:3 : New Prompt Injection Attack via Malicious MCP Servers Let Attackers Drain Resources
• 15:3 : Ruby SAML Library Vulnerability Let Attackers Bypass Authentication
• 15:2 : New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware
• 15:2 : Critical Emby Server Vulnerability Let Attackers Gain Admin Access
• 15:2 : Identity Security Firm Saviynt Raises $700 Million at $3 Billion Valuation
• 15:2 : Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
• 14:33 : How to Gain Experience in Cybersecurity
• 14:33 : How Will AI Affect Cybersecurity?
• 14:33 : Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
• 14:33 : New Android Malware SeedSnatcher and FvncBot Found By Experts
• 14:5 : IT Security News Hourly Summary 2025-12-09 15h : 11 posts
• 14:3 : 40,000 Phishing Emails Disguised as SharePoint and and e-Signing Services: A New Wave of Finance-Themed Scams
• 14:2 : Prompt injection is a problem that may never be fixed, warns NCSC
• 14:2 : TransUnion Extends Ability to Detect Fraudulent Usage of Devices
• 14:2 : ShadowV2 Botnet Activity Quietly Intensified During AWS Outage
• 13:32 : SimpleX Chat X Account Hacked, Fake Site Promotes Crypto Wallet Scam
• 13:32 : Top 5 Tips to Shrink and Secure Docker Images
• 13:32 : Zoom Rooms for Windows and macOS Flaws Enable Privilege Escalation and Sensitive Data Leaks
• 13:32 : Google Announces 10 New AI Features for Google Chrome Powered by Gemini
• 13:32 : Nudge Security Extends Ability to Secure Data in the AI Era
• 13:32 : Researchers Warn of New Js#Smuggler Campaign Delivering Netsupport Rat through Compromised Websites
• 13:32 : Holly Ventures launches $33 million fund focused on early-stage cyber innovation
• 13:3 : AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
• 13:3 : SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver & More
• 13:3 : Malicious VS Code on Microsoft Registry Steals WiFi Passwords and Captures Screens
• 13:3 : New Vishing Attack Exploits Microsoft Teams and QuickAssist to Deploy .NET Malware
• 13:3 : Akira Group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities
• 13:3 : Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push
• 13:2 : Microsoft Copilot Disruption in the UK: Users Face Access Issues and Degraded Features
• 13:2 : New Mirai Botnet Variant ‘Broadside’ Actively Attacking Users in the Wild
• 13:2 : Hackers Exploiting Vulnerabilities in Ivanti Connect Secure to Deploy MetaRAT Malware
• 13:2 : GhostPenguin Backdoor With Zero-Detection Attacking Linux Servers Uncovered Using AI-Automated Tools
• 13:2 : EU fines X $140m, tied to verification rules that make impostor scams easier
• 13:2 : UK to Europe: The time to counter Russia’s information war machine is now
• 13:2 : US Posts $10 Million Bounty for Iranian Hackers
• 12:32 : AI vs. Human Drivers
• 12:32 : Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity
• 12:32 : New Black Kite module offers product-level insight into software supply chain vulnerabilities
• 12:32 : Nudge Security expands platform with new AI governance capabilities
• 12:32 : Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
• 12:32 : How to Streamline Zero Trust Using the Shared Signals Framework
• 12:2 : Deepfakes, AI resumes, and the growing threat of fake applicants
• 12:2 : New ‘Broadside’ Botnet Poses Risk to Shipping Companies
• 12:2 : watchTowr Active Defense delivers automated protection from exposure to defense
• 12:2 : New Black Kite module delivers product-level insight into software supply chain vulnerabilities
• 11:31 : Goodbye, dark Telegram: Blocks are pushing the underground out
• 11:31 : UK NCSC Raises Alarms Over Prompt Injection Attacks
• 11:5 : IT Security News Hourly Summary 2025-12-09 12h : 11 posts
• 11:2 : New BYOVD loader behind DeadLock ransomware attack
• 11:2 : Gartner: Carmakers’ AI Investments Set For Sharp Decline
• 11:2 : Polish Police arrest 3 Ukrainians for possessing advanced hacking tools
• 11:2 : Equixly Raises $11 Million for AI-Powered API Penetration Testing
• 10:32 : EU Moves Toward Resolution Of Meta Data-Collection Probe
• 10:32 : CISA Warns of D-Link Routers Buffer Overflow Vulnerability Exploited in Attacks
• 10:32 : New Multi-stage JS#SMUGGLER Malware Attack Delivers ‘NetSupport RAT’ to Gain Full System Control
• 10:32 : Operation FrostBeacon Attacking Finance and Legal Departments with Cobalt Strike Malware
• 10:32 : Authorities Arrested Hackers With Specialized FLIPPER Hacking Equipment Used to Attack IT Systems
• 10:32 : AI-Powered Free Security-Audit Checklist for 2026 – ISO 27001, SOC 2, NIST, NIS 2 and GDPR Compliance
• 10:32 : UK finally vows to look at 35-year-old Computer Misuse Act
• 10:2 : US To Permit Nvidia To Ship H200 To China
• 10:2 : Whitehall rejects £1.8B digital ID price tag – but won’t say what it will cost
• 10:2 : Over 300,000 Individuals Impacted by Vitas Hospice Data Breach
• 10:2 : STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
• 9:31 : ByteDance Limits Mobile AI Agent After Pushback
• 9:31 : Gartner Calls For Pause on AI Browser Use
• 9:2 : Chinese Open-Source AI Shows Huge Rise This Year
• 9:2 : Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
• 8:31 : Trains Halted Over Hoax Image On Social Media
• 8:31 : Ransomware costs billions, cybercrime leads to real violence, three arrested for hacking tools
• 8:5 : IT Security News Hourly Summary 2025-12-09 09h : 6 posts
• 8:2 : EU Fines X €120m Over ‘Deceptive’ Blue Checkmarks
• 8:2 : From Idea to Proof of Concept to MVP – 3 article series
• 8:2 : Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities
• 8:2 : 500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online
• 8:2 : SAP Security Patch Day: Fix for Critical Vulnerabilities in SAP Solution Manager, NetWeaver, and Other Products
• 7:31 : AI-driven threats are heading straight for the factory floor
• 7:2 : Researchers spot 700 percent increase in hypervisor ransomware attacks
• 6:32 : New image signature can survive cropping, stop deepfakes from hijacking trust
• 6:32 : AI agents break rules in unexpected ways
• 6:2 : The simple shift that turns threat intel from noise into real insight
• 5:33 : Cybersecurity jobs available right now: December 9, 2025
• 3:31 : Apple, Google and Samsung May Enable Always-On GPS in India
• 2:5 : IT Security News Hourly Summary 2025-12-09 03h : 2 posts
• 2:2 : ISC Stormcast For Tuesday, December 9th, 2025 https://isc.sans.edu/podcastdetail/9730, (Tue, Dec 9th)
• 2:2 : Department of Know: CISO hiring warning, critical threat actor law, Microsoft Defender outage
• 1:2 : FinCEN data shows $4.5B in ransomware payments, record spike in 2023
• 23:31 : IAM Policy Autopilot: An open-source tool that brings IAM policy expertise to builders and AI coding assistants
• 23:5 : IT Security News Hourly Summary 2025-12-09 00h : 2 posts
• 23:2 : FTC upholds ban on stalkerware founder Scott Zuckerman
• 22:55 : IT Security News Daily Summary 2025-12-08