IT Security News Daily Summary 2025-12-12

135 posts were published in the last hour

• 22:34 : Microsoft RasMan DoS 0-day gets unofficial patch – and a working exploit
• 22:34 : Fake Leonardo DiCaprio Torrent Spreads Agent Tesla Malware
• 22:34 : NDSS 2025 – KernelSnitch: Side Channel-Attacks On Kernel Data Structures
• 22:4 : Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
• 22:4 : Windows Defender Firewall Bug Leaks Sensitive Memory
• 22:4 : Implementing HTTP Strict Transport Security (HSTS) across AWS services
• 21:4 : News brief: Future of security holds bigger budgets, new threats
• 21:4 : Google and Apple roll out emergency security updates after zero-day attacks
• 20:34 : Zero Trust in CI/CD Pipelines: A Practical DevSecOps Implementation Guide
• 20:34 : Malicious VS Code Extensions Hide Malware in PNG Files
• 20:5 : IT Security News Hourly Summary 2025-12-12 21h : 8 posts
• 20:4 : Microsoft Expands its Bug Bounty Program to Include Third-Party Code
• 20:4 : What Tech Leaders Need to Know About MCP Authentication in 2025
• 19:34 : Secrets in Code: Understanding Secret Detection and Its Blind Spots
• 19:34 : Three New React Vulnerabilities Surface on the Heels of React2Shell
• 19:34 : As Capabilities Advance Quickly OpenAI Warns of High Cybersecurity Risk of Future AI Models
• 19:34 : Funding of Israeli Cybersecurity Soars to Record Levels
• 19:34 : Microsoft Expands Its Bug Bounty Program to Include Third-Party Code
• 19:34 : Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
• 19:4 : How Akamai Is Powering Trust in Tomorrow’s AI-Driven Ecosystem
• 19:4 : Stop Overpaying for East-West Traffic Control: Firewalls vs. Security Groups
• 19:4 : Guide to cloud container security risks and best practices
• 19:4 : The US digital doxxing of H-1B applicants is a massive privacy misstep
• 19:4 : Prompt Injection Can’t Be Fully Mitigated, NCSC Says Reduce Impact Instead
• 18:34 : Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3
• 18:34 : New React vulns leak secrets, invite DoS attacks
• 18:34 : In Other News: PromptPwnd Attack, macOS Bounty Complaints, Chinese Hackers Trained in Cisco Academy
• 18:33 : Cyber Risk is Business Risk: Embedding Resilience into Corporate Strategy
• 18:4 : New PyStoreRAT Malware Targets OSINT Researchers Through GitHub
• 18:4 : Data breach at credit check giant 700Credit affects at least 5.6 million
• 17:34 : Keeper Security Launches ServiceNow Integration to Improve Visibility and Response to Cyber Attacks
• 17:34 : Meet digital sovereignty needs with AWS Dedicated Local Zones expanded services
• 17:5 : IT Security News Hourly Summary 2025-12-12 18h : 10 posts
• 17:4 : Home Depot exposed access to internal systems for a year, says researcher
• 17:4 : React issues new patches after security researchers flag additional flaws
• 16:34 : Blockchain Use Cases in Test Automation You’ll See Everywhere in 2026
• 16:34 : OT Security Lessons from 2025: Why Essential Eight Needs an OT Lens
• 16:34 : 5 Cybersecurity Predictions for 2026: An Industry Insider’s Analysis
• 16:34 : New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials
• 16:34 : Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
• 16:34 : React Fixes Two New RSC Flaws as Security Teams Deal with React2Shell
• 16:34 : Indian Government Proposes Compulsory Location Tracking in Smartphones, Faces Backlash
• 16:33 : React urges new patch upgrades after security researchers flag additional flaws
• 16:4 : Flaw in photo booth maker’s website exposes customers’ pictures
• 16:4 : In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy
• 16:4 : Spiderman and Cybersecurity.
• 16:4 : CISA updates cybersecurity benchmarks for critical infrastructure organizations
• 15:34 : Rust-Based 01flip Ransomware Hits Windows and Linux
• 15:34 : Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels
• 15:34 : New Research Details on What Happens to Data Stolen in a Phishing Attack
• 15:34 : Brave Experiments With Automated AI Browsing Under Tight Security Checks
• 15:4 : What Happens Inside PDFAid in Seconds: From Upload to Download
• 15:4 : Fake ChatGPT Support Installs AMOS Infostealer on macOS
• 15:4 : Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer
• 15:4 : Asus Supplier Breach Sparks Security Concerns After Everest Ransomware Claims Data Theft
• 14:34 : Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis
• 14:34 : New AiTM Attack Campaign That Bypasses MFA Targeting Microsoft 365 and Okta Users
• 14:34 : New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
• 14:6 : Check Point CloudGuard Network Security Advances Auto-Scaling Support for Oracle Cloud Workloads
• 14:6 : Microsoft promises more bug payouts, with or without a bounty program
• 14:6 : Gladinet CentreStack Flaw Exploited to Hack Organizations
• 14:6 : ImmuniWeb enhances AI vulnerability testing and compliance reporting
• 14:5 : IT Security News Hourly Summary 2025-12-12 15h : 12 posts
• 13:36 : Cisco-Trained Hackers Lead Sophisticated Attacks on Cisco Devices
• 13:36 : Critical GitLab Vulnerabilities Expose DevOps Pipelines
• 13:36 : Jenkins DoS Vulnerability Lets Attackers Freeze CI/CD Pipelines
• 13:36 : Uncle Sam sues ex-Accenture manager over Army cloud security claims
• 13:36 : Fieldtex Data Breach Impacts 238,000
• 13:36 : Emerging Predator Spyware Technique Enables Zero-Click Compromise
• 13:6 : NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems
• 13:6 : New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI
• 13:6 : CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems
• 13:6 : UK watchdog urged to probe GDPR failures in Home Office eVisa rollout
• 13:6 : 3 Compliance Processes to Automate in 2026
• 13:6 : Aisuru Botnet Unleashes Record 29.7 Tbps DDoS Attack
• 12:36 : Recent GeoServer Vulnerability Exploited in Attacks
• 12:6 : Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
• 12:6 : Building Trustworthy AI Agents
• 12:6 : MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
• 11:38 : Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)
• 11:38 : Illegal Streaming and Piracy Are on the Rise
• 11:38 : Apple Wins Concessions In Epic Games Appeal
• 11:38 : Nick Clegg Joins VC Firm To Invest In European Start-Ups
• 11:38 : Epic Games’ Fortnite Returns To Google Play In US
• 11:38 : Silicon UK AI for Your Business Podcast: Trust at Speed: Governing Enterprise AI Without Losing Momentum
• 11:38 : Do Kwon Sentenced To 15 Years In Prison Over Crypto Collapse
• 11:38 : Severe Flaws in React Server Components Enable DoS Attacks and Code Exposure
• 11:38 : Ashen Lepus Hacker Group Targets Eastern Diplomatic Entities with AshTag Malware Attack
• 11:38 : Notepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy Malware
• 11:38 : Gogs 0-Day Actively Exploited to Compromise Over 700 Servers
• 11:38 : Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
• 11:38 : Black Hat Europe 2025: Reputation matters – even in the ransomware economy
• 11:38 : Half of exposed React servers remain unpatched amid active exploitation
• 11:37 : U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog
• 11:37 : Turn me on, turn me off: Zigbee assessment in industrial environments
• 11:37 : Following the digital trail: what happens to data stolen in a phishing attack
• 11:37 : From Breach Fatigue to Brand Loyalty: Winning Customer Confidence in an Era of Constant Threats
• 11:37 : Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
• 11:37 : Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware
• 11:37 : MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025
• 11:37 : Beware of Fake Leonardo DiCaprio Movie Torrent File Drops Agent Tesla Malware
• 11:37 : New BlackForce Phishing Kit Lets Attackers Steal Credentials Using MitB Attacks and Bypass MFA
• 11:37 : How private is your VPN?
• 11:37 : $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits
• 11:37 : Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking
• 11:37 : Microsoft Bug Bounty Program Expanded to Third-Party Code
• 11:37 : Hong Kong’s New Critical Infrastructure Ordinance will be effective by 1 January 2026 – What CIOs Need to Know
• 11:37 : How Root Cause Analysis Improves Incident Response and Reduces Downtime?
• 11:37 : AI Threat Detection: How Machines Spot What Humans Miss
• 11:36 : FBI Alerts Public about Scammers Using Altered Online Photos to Stage Fake Kidnappings
• 11:36 : Ransomware keeps widening its reach
• 11:36 : LLM privacy policies keep getting longer, denser, and nearly impossible to decode
• 11:36 : What 35 years of privacy law say about the state of data protection
• 11:36 : Firewalla Orange brings zero trust anywhere
• 11:36 : Swissbit adds HID Seos to iShield Key 2
• 11:36 : CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
• 11:36 : React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
• 11:36 : New React RSC Vulnerabilities Enable DoS and Source Code Exposure
• 11:36 : Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
• 11:36 : South Korean Police Raid Coupang Over Data Breach as CEO Resigns
• 11:36 : ICO Fines LastPass £1.2m After 2022 Breach
• 11:36 : NCSC Plugs Gap in Cyber-Deception Guidance
• 11:36 : ‘DroidLock’ demands ransom, Google fixes secret Chrome 0-day, UK fines LastPass over 2022 breach
• 3:33 : New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks
• 3:4 : Trump Signs Executive Order to Block State AI Regulations
• 2:5 : IT Security News Hourly Summary 2025-12-12 03h : 3 posts
• 2:4 : ISC Stormcast For Friday, December 12th, 2025 https://isc.sans.edu/podcastdetail/9736, (Fri, Dec 12th)
• 2:4 : Crypto-crasher Do Kwon jailed for 15 years over $40bn UST bust
• 2:4 : Behavioral Analysis of AI Models Under Post-Quantum Threat Scenarios.
• 0:8 : News alert: INE sees surge in Q4 budget shifts as enterprises embrace hands-on training for AI roles
• 23:48 : SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
• 23:5 : IT Security News Hourly Summary 2025-12-12 00h : 19 posts
• 23:4 : Over 600K Sites Exposed to Critical React Server Components Flaw
• 23:4 : Spiderman Phishing Kit Lets Attackers Clone European Banks in Seconds
• 22:55 : IT Security News Daily Summary 2025-12-11