IT Security News Daily Summary 2025-12-16

141 posts were published in the last hour

• 22:34 : Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw
• 22:34 : Cryptomining campaign targeting Amazon EC2 and Amazon ECS
• 22:2 : Azure CLI Trust Abused in ConsentFix Account Takeovers
• 22:2 : Analytics provider: We didn’t expose smut site data to crims
• 21:32 : APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators
• 21:31 : Browser ‘privacy’ extensions have eye on your AI, log all your chats
• 21:2 : Code Execution in Jupyter Notebook Exports
• 21:2 : NDSS 2025 – Selective Data Protection against Memory Leakage Attacks for Serverless Platforms
• 20:5 : IT Security News Hourly Summary 2025-12-16 21h : 5 posts
• 19:32 : Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components
• 19:32 : Hackers Can Manipulate Internet-Based Solar Panel Systems to Execute Attacks in Minutes
• 19:32 : LLMs are Accelerating the Ransomware Operations with Functional Tools and RaaS
• 19:32 : Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure
• 19:32 : Veza Extends Reach to Secure and Govern AI Agents
• 19:2 : SantaStealer stuffs credentials, crypto wallets into a brand new bag
• 18:34 : From Open Source to OpenAI: The Evolution of Third-Party Risk
• 18:34 : How test data generators support compliance and data privacy
• 18:3 : Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities
• 18:3 : Android vs. iPhone: Which one is more secure?
• 18:3 : SantaStealer Joins the Naughty List of New Infostealers
• 18:3 : Güralp Systems Fortimus Series, Minimus Series, and Certimus Series
• 18:3 : Johnson Controls PowerG, IQPanel and IQHub
• 18:3 : Hitachi Energy AFS, AFR and AFF Series
• 18:3 : Mitsubishi Electric GT Designer3
• 18:2 : CISA Releases Seven Industrial Control Systems Advisories
• 18:2 : Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
• 17:32 : Imperva Partners with TollBit to Power AI Traffic Monetization for Content Owners
• 17:32 : SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there
• 17:32 : 700Credit Data Breach Exposes Sensitive Information of 5.6 Million Individuals
• 17:32 : Vote now for the Foundation Business Advisory Committee
• 17:5 : IT Security News Hourly Summary 2025-12-16 18h : 5 posts
• 17:2 : Can a Transparent Piece of Plastic Win the Invisible War on Your Identity?
• 17:2 : Urban VPN Proxy Accused of Harvesting AI Chat Conversations
• 16:32 : Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data
• 16:32 : Russia-linked hackers breach critical infrastructure organizations via edge devices
• 16:32 : React2Shell attacks expand widely across multiple sectors
• 16:3 : 4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever
• 16:3 : Hacking group says it’s extorting Pornhub after stealing users’ viewing data
• 16:3 : Hackers are exploiting critical Fortinet flaws days after patch release
• 16:3 : Blue Team vs Red Team: Should Defenders Learn Offensive Skills?
• 16:3 : 6 Benefits of a Fully Certified Cybersecurity Team
• 16:3 : JumpCloud Windows Agent Flaw Enables Local Privilege Escalation
• 15:32 : Google Finds Server Takeovers Linked to React2Shell Exploitation
• 15:32 : Extracting the How: Scaling Adversary Procedures Intelligence with AI
• 15:32 : Communicating AI Risk to the Board With Confidence | Kovrr
• 15:32 : Data Breach at Fieldtex Affects 274000 as Ransomware Gang Takes Credit
• 15:32 : Pierce County Library System Data Breach Exposes Information of Over 340,000 People
• 15:32 : Chrome ‘Featured’ Urban VPN Extension Caught Harvesting Millions of AI Chats
• 15:2 : NoName057(16) Hackers Using DDoSia DDoS Tool to Attack Organizations in NATO
• 15:2 : Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges
• 15:2 : Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover
• 15:2 : CISO Communities – Cybersecurity’s Secret Weapon
• 15:2 : StackHawk adds Business Logic Testing (BLT) to its AppSec platform menu
• 14:32 : Ink Dragon Expands With New Tools and a Growing Victim Network
• 14:32 : Most Parked Domains Now Serving Malicious Content
• 14:32 : Android threats in 2025: When your phone becomes the main attack surface
• 14:32 : 700,000 Records Compromised in Askul Ransomware Attack
• 14:5 : IT Security News Hourly Summary 2025-12-16 15h : 11 posts
• 14:2 : JumpCloud Remote Assist Flaw Lets Users Gain Full Control of Company Devices
• 14:2 : Verisoul Raises $8.8 Million for Fraud Prevention
• 14:2 : Echo Raises $35 Million in Series A Funding
• 13:32 : Cyber Risk Management: Defenders Tell It Like It Is
• 13:32 : Master IT Fundamentals with This CompTIA Certification Prep Bundle
• 13:32 : Malicious NuGet Package Uses .NET Logging Tool to Steal Cryptocurrency Wallet Data
• 13:32 : FreePBX Vulnerabilities Enables Authentication Bypass that Leads Remote Code Execution
• 13:32 : Dark Web Omertà Market Shut Downed Following the Leak of Real Server IPs
• 13:32 : Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks
• 13:32 : European police busts Ukraine scam call centers
• 13:32 : Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure
• 13:3 : Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026
• 13:2 : Kali Linux 2025.4 Released: Major Desktop Upgrades, Wayland Support, and Added New Tools
• 13:2 : Untangling Hybrid Cloud Security
• 13:2 : Where Cloud Security Stands Today and Where AI Breaks It
• 13:2 : From pr0n to playlists and paperclips, trio of breaches spills data of millions
• 12:32 : SantaStealer Attacks Users to Exfiltrates Sensitive Documents, Credentials, and Wallet Data
• 12:32 : Critical ScreenConnect Vulnerability Let Attackers Expose Sensitive Configuration Data
• 12:32 : Photo booth flaw exposes people’s private pictures online
• 12:31 : Amazon Warns Russian GRU Hackers Target Western Firms via Edge Devices
• 12:3 : MI6 chief: we’ll be as fluent in Python as we are in Russian
• 12:2 : JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover
• 12:2 : Post-Quantum Cryptography (PQC): Application Security Migration Guide
• 12:2 : SoundCloud breached, hit by DoS attacks
• 12:2 : Why Data Security and Privacy Need to Start in Code
• 11:32 : 700Credit Data Breach Impacts Millions of Car Owners
• 11:32 : Kali Linux 2025.4 Released: Major Desktop Upgrades, Wayland Support, and Essential New Tools for Ethical Hacking
• 11:32 : Harden your AI systems: Applying industry standards in the real world
• 11:32 : Popular Chrome Extension with Over 6 Million Installs Captures User Inputs to AI Chatbots
• 11:32 : Google is discontinuing its dark web report: why it matters
• 11:32 : Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass
• 11:5 : IT Security News Hourly Summary 2025-12-16 12h : 8 posts
• 11:2 : German Parliament Hit By Cyber-Attack During Zelensky Visit
• 11:2 : Google to Kill Popular Dark Web Report Tool
• 11:2 : User Data Compromised in SoundCloud Hack
• 10:32 : Huawei’s Kirin 9030 Shows Chip Tech Progress
• 10:32 : Roomba Maker iRobot Files For Bankruptcy
• 10:32 : 700Credit Data Breach Exposed Details of 5.6 Million Consumers
• 10:32 : MFA Advantages & Weaknesses
• 10:32 : Millions of Car Owners Hit By Credit700 Data Breach
• 10:2 : What Is Security Service Edge (SSE): All You Need to Know
• 10:2 : Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity
• 10:2 : God Mode On: how we attacked a vehicle’s head unit modem
• 10:2 : SoundCloud Confirms Data Breach – Hackers Exfiltrated User Account Data
• 9:32 : Ofcom Probes BT, Three Over 999 Call Outages
• 9:32 : New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number
• 9:32 : In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
• 9:32 : Phishing Messages and Social Scams Flood Users Ahead of Christmas
• 9:2 : Reddit Sues Australia Over Social Media Law
• 9:2 : Coupang CEO Quits After Breach Hits 33.7M South Koreans
• 9:2 : React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
• 8:33 : Amazon Deletes AI-Generated TV Summary Over Flubs
• 8:33 : Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware
• 8:33 : US taps private firms in cyber offensive, Microsoft updates cause queuing failures, phishing campaign delivers Phantom Stealer
• 8:5 : IT Security News Hourly Summary 2025-12-16 09h : 7 posts
• 8:2 : Amazon Accidentally Shows Film With ‘Strong Sex’ To Child
• 8:2 : Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild
• 7:32 : Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs
• 7:32 : Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft
• 7:32 : JumpCloud Remote Assist Windows Agent Vulnerability Allows Privilege Escalation
• 7:32 : SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
• 7:31 : Why We’ll Never Patch Everything, and That’s Okay
• 7:2 : French Interior Minister says hackers breached its email servers
• 7:2 : PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen
• 7:2 : The messy data trails of telehealth are becoming a security nightmare
• 7:2 : Google to Shut Down Dark Web Monitoring Tool in February 2026
• 6:32 : How to Sign a Windows App with Electron Builder?
• 6:32 : AI might be the answer for better phishing resilience
• 6:2 : PwC on using AI to turn cybersecurity risk into competitive advantage
• 6:2 : Passwordless is finally happening, and users barely notice
• 6:2 : Product showcase: GlassWire mobile firewall for Android
• 5:32 : No, SoundCloud hasn’t started tuning out VPNs. It’s mopping up after a cyberattack
• 5:5 : IT Security News Hourly Summary 2025-12-16 06h : 1 posts
• 5:2 : Cybersecurity jobs available right now: December 16, 2025
• 4:2 : AI-powered threat detection for MCP data manipulation attempts
• 2:5 : IT Security News Hourly Summary 2025-12-16 03h : 1 posts
• 2:2 : ISC Stormcast For Tuesday, December 16th, 2025 https://isc.sans.edu/podcastdetail/9740, (Tue, Dec 16th)
• 0:32 : Official AppOmni Company Information
• 0:2 : Amazon security boss blames Russia’s GRU for years-long energy-sector hacks
• 0:2 : Department of Know: MITRE’s weaknesses list, DoD goes postquantum, Coupang fallout
• 23:32 : The WhatsApp takeover scam that doesn’t need your password
• 23:5 : IT Security News Hourly Summary 2025-12-16 00h : 1 posts
• 22:55 : IT Security News Daily Summary 2025-12-15