IT Security News Daily Summary 2025-12-15

147 posts were published in the last hour

• 21:32 : AWS Report Links Multi-Year Effort to Compromise Cloud Services to Russia
• 21:32 : What AWS Security learned from responding to recent npm supply chain threat campaigns
• 21:2 : Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
• 20:5 : IT Security News Hourly Summary 2025-12-15 21h : 12 posts
• 20:2 : 5 network security predictions for 2026
• 20:2 : U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog
• 20:2 : ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices
• 20:2 : Vulnerability Summary for the Week of December 8, 2025
• 19:32 : Wireshark 4.6.2 Released With Crash Vulnerability Fixes and Protocol Updates
• 19:32 : xHunt APT Exploits Microsoft Exchange and IIS to Deploy Custom Backdoors
• 19:32 : PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers
• 19:32 : ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure
• 19:32 : Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS
• 19:31 : CISA Adds Two Known Exploited Vulnerabilities to Catalog
• 19:31 : Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense
• 19:31 : Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure
• 19:2 : 4.3 Billion Records Exposed in Massive Lead-Generation Data Leak
• 18:32 : New PCPcat Exploiting React2Shell Vulnerability to compromise 59,000+ Servers
• 18:31 : Hackers Steal Personal Data in 700Credit Breach Affecting 5.6 Million
• 18:31 : Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
• 18:2 : China, Iran are having a field day with React2Shell, Google warns
• 17:32 : Threat Actors Advertising ‘MioLab MacOS’ Infostealer on an Underground Forum
• 17:32 : JumpCloud Remote Assist for Windows Agent Flaw Let Attackers Escalate Privilege
• 17:31 : Jaguar Land Rover Confirms Employee Data Stolen in August Cyberattack
• 17:31 : xHunt APT Hackers Attacking Microsoft Exchange and IIS Web Servers to Deploy Custom Backdoors
• 17:31 : Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow
• 17:31 : Neo AI Browser: How Norton’s AI-Driven Browser Aims to Change Everyday Web Use
• 17:5 : IT Security News Hourly Summary 2025-12-15 18h : 12 posts
• 17:2 : GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware
• 17:2 : Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case
• 17:2 : Cybersecurity concerns are paramount among executives in almost all roles, regions and industries
• 16:32 : Microsoft Recent Update Breaks VPS Access for Windows Subsystem for Linux Users
• 16:32 : Critical pgAdmin Vulnerability Let Attackers Execute Shell Commands on the Host
• 16:32 : Apache StreamPark Vulnerability Let Attackers Access Sensitive Data
• 16:32 : NVIDIA Merlin Vulnerabilities Let Attackers Execute Malicious Code and Trigger DoS Condition
• 16:32 : New Android Malware Frogblight Mimics as Official Government Websites to Collect SMS and Device Details
• 16:32 : Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)
• 16:32 : Cloud Monitor Wins Cybersecurity Product of the Year 2025
• 16:32 : ServiceNow in Advanced Talks to Acquire Armis for $7 Billion: Reports
• 16:32 : CISOs view hybrid environments as best way to manage risk, compliance
• 16:2 : Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika
• 16:2 : Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files
• 15:32 : Phantom Stealer Uses ISO Files to Breach Windows Systems
• 15:32 : Wireshark 4.6.2 Released With Fix for Vulnerabilities, and Updated Protocol Support
• 15:32 : AI-Powered Shopping Is Transforming How Consumers Buy Holiday Gifts
• 15:32 : Online Retail Store Coupang Suffers South Korea’s Worst Data Breach, Leak Linked to Former Employee
• 15:31 : What Cloudflare’s 2025 internet review says about attacks, outages, and traffic shifts
• 15:2 : Astra introduces offensive-grade cloud vulnerability scanner to cut noise and prove risk
• 15:2 : FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
• 14:32 : PayPal closes loophole that let scammers send real emails with fake purchase notices
• 14:31 : Circle and Aleo Roll Out USDCx With Banking-Level Privacy Features
• 14:5 : IT Security News Hourly Summary 2025-12-15 15h : 12 posts
• 14:4 : LLMs & Ransomware | An Operational Accelerator, Not a Revolution
• 14:4 : 16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records
• 14:4 : From Fake Deals to Phishing: The Most Effective Christmas Scams of 2025
• 14:4 : Data Is the New Intelligence: How Three Decades of Threat Data Made Check Point Early to AI for Cyber Security
• 14:4 : Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks
• 14:4 : Next Gen Awareness Training: KnowBe4 Unveils Custom Deepfake Training
• 14:4 : Critical Plesk Vulnerability Allows Plesk Users to Gain Root-Level Access
• 14:4 : New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials
• 14:3 : New ARTEMIS AI Agent Outperformed 9 out of 10 Human Penetration Testers in Detecting Vulnerabilities
• 14:3 : Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery
• 13:33 : More React2Shell Exploits CVE-2025-55182, (Mon, Dec 15th)
• 13:33 : PayPal Subscription Feature Exploited to Send Real Emails With Fake High-Value Purchase Alerts
• 13:2 : Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices
• 13:2 : New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code
• 13:2 : Delay to European Central Bank messaging project cost the Bank of England £23M
• 13:2 : LW ROUNDTABLE: Part 3, Cyber resilience faltered in 2025 — recalibration now under way
• 13:2 : Trump Approves Nvidia AI Chip Sales to China Amid Shift in U.S. Export Policy
• 13:2 : A Browser Extension Risk Guide After the ShadyPanda Campaign
• 13:2 : ⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
• 12:32 : Against the Federal Moratorium on State-Level Regulation of AI
• 12:32 : JLR: Payroll data stolen in cybercrime that shook UK economy
• 12:32 : Managed Security Services 2.0: How MSPs & MSSPs Can Dominate the Cybersecurity Market in 2025
• 12:32 : Compliance-Ready Cybersecurity for Finance and Healthcare: The Seceon Advantage
• 12:2 : Apple Releases macOS Sequoia 15.7.3 Security Update
• 12:2 : U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people
• 12:2 : Soverli Raises $2.6 Million for Secure Smartphone OS
• 11:33 : Coupang CEO Steps Down After Data Breach Hits 33.7 Million Users
• 11:33 : Storm-0249 Abusing EDR Process Via Sideloading to Hide Malicious Activity
• 11:32 : Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits
• 11:32 : Apple, Google forced to issue emergency 0-day patches
• 11:32 : Asahi to Launch Cybersecurity Overhaul After Crippling Cyber-Attack
• 11:5 : IT Security News Hourly Summary 2025-12-15 12h : 17 posts
• 11:3 : Are Your AI Assistants Under Attack?
• 11:3 : CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use
• 11:3 : Denmark takes a Viking swing at VPN-enabled piracy
• 11:2 : Third DraftKings Hacker Pleads Guilty
• 11:2 : Atlassian Patches Critical Apache Tika Flaw
• 11:2 : Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)
• 11:2 : Top 25 Most Dangerous Software Weaknesses of 2025 Revealed
• 10:32 : Unexpected Job Interviews? Protect Yourself
• 10:32 : ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach
• 10:32 : New Gentlemen Ransomware Breaching Corporate Networks to Exfiltrate and Encrypt Sensitive Data
• 10:32 : Microsoft December 2025 Security Updates Breaking Message Queuing (MSMQ) Functionality Affects IIS Sites
• 10:32 : Identity Risk Is Now the Front Door to Enterprise Breaches (and How Digital Risk Protection Stops It Early)
• 10:32 : Why Modern SaaS Platforms Are Switching to Passwordless Authentication
• 10:32 : Can Your AI Initiative Count on Your Data Strategy and Governance?
• 10:32 : NCSC Playbook Embeds Cyber Essentials in Supply Chains
• 10:32 : The new frontline: How AI and automation are securing the supply chain
• 10:32 : Fighting AI with AI: How midmarket teams can turn the tables on smarter threats
• 10:2 : Legal protection for ethical hacking under Computer Misuse Act is only the first step
• 10:2 : Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
• 9:32 : 700Credit Data Breach Impacts 5.8 Million Individuals
• 9:3 : Beyond Automation: The Human-Led AI Enterprise of 2026
• 9:2 : Analysts Warn Over AI Chip Depreciation
• 9:2 : Beyond Automation: Ann Maya, EMEA CTO, Boomi
• 9:2 : ServiceNow Mulls $7B Armis Cybersecurity Acquisition
• 9:2 : A week in security (December 8 – December 14)
• 9:2 : Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw
• 9:2 : Kali Linux 2025.4: New tools and “quality-of-life” improvements
• 8:32 : Advent of Configuration Extraction – Part 3: Mapping GOT/PLT and Disassembling the SNOWLIGHT Loader
• 8:32 : Gloucester Councillor Circulates AI Video Of Mayor Amid Bankruptcy Crisis
• 8:32 : CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation
• 8:32 : Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution
• 8:32 : MongoDB records exposed, Apple WebKit patches, Coupang culprit identified
• 8:5 : IT Security News Hourly Summary 2025-12-15 09h : 7 posts
• 8:2 : Huawei Takes Foldable Mate X7 To Global Market
• 7:32 : Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host
• 7:32 : Critical Plesk Vulnerability Allows Users to Gain Root-Level Access
• 7:32 : NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks
• 7:32 : New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems
• 7:32 : Storm-0249: EDR Process Sideloading to Conceal Malicious Activity
• 7:32 : Bugcrowd Puts Defenders on the Offensive With AI Triage Assistant
• 7:2 : Frogblight threatens you with a court case: a new Android banker targets Turkish users
• 7:2 : How researchers are teaching AI agents to ask for permission the right way
• 7:2 : VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
• 6:32 : Prometheus: Open-source metrics and monitoring systems and services
• 6:2 : What types of compliance should your password manager support?
• 6:2 : Europe’s DMA raises new security worries for mobile ecosystems
• 6:2 : Cybersecurity Today: Apple Security Updates, AI Search Engine Scams, Torrent Malware, and Stanford’s AI Penetration Testing
• 5:31 : CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices
• 5:5 : IT Security News Hourly Summary 2025-12-15 06h : 1 posts
• 5:2 : Manufacturing is becoming a test bed for ransomware shifts
• 4:3 : CIAM vs IAM: Comparing Customer Identity and Identity Access Management
• 2:32 : Starlink claims Chinese launch came within 200 meters of broadband satellite
• 2:5 : IT Security News Hourly Summary 2025-12-15 03h : 1 posts
• 2:2 : ISC Stormcast For Monday, December 15th, 2025 https://isc.sans.edu/podcastdetail/9738, (Mon, Dec 15th)
• 0:34 : Infosecurity.US Wishes All A Happy Hanukkah!
• 23:34 : Honeypots can help defenders, or damn them if implemented badly
• 23:5 : IT Security News Hourly Summary 2025-12-15 00h : 6 posts
• 23:5 : How can Agentic AI enhance our cybersecurity measures
• 23:4 : What are the best practices for managing NHIs
• 23:4 : How do I implement Agentic AI in financial services
• 23:4 : What makes Non-Human Identities crucial for data security
• 22:58 : IT Security News Weekly Summary 50
• 22:55 : IT Security News Daily Summary 2025-12-14