IT Security News Daily Summary 2025-12-19

149 posts were published in the last hour

• 22:33 : I Built a RAG Bot to Decode Airline Bureaucracy (So You Don’t Have To)
• 22:33 : News brief: Browser security flaws pose growing risk
• 21:32 : Palo Alto Networks, Google Cloud Expand Partnership in Multibillion-Dollar Deal
• 21:31 : 4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management
• 21:31 : NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm
• 21:2 : Apache Log4j Flaw Enables Interception of Sensitive Logging Data
• 21:2 : Hackers Leverage Gladinet Triofox 0-Day Vulnerability to Run Malicious Code
• 21:2 : Cloud Atlas Exploits Office Vulnerabilities to Execute Malicious Code
• 21:2 : Mapping the Emerging Alliance Between Qilin, DragonForce, and LockBit
• 21:2 : BlueDelta Hackers Target Users of Popular Ukrainian Webmail and News Service
• 20:32 : Hundreds of Cisco customers are vulnerable to new Chinese hacking campaign, researchers say
• 20:32 : ATM jackpotting gang accused of unleashing Ploutus malware across US
• 20:32 : Preventing This Week’s AWS Cryptomining Attacks: Why Detection Fails and Permissions Matter
• 20:32 : NIS2 Compliance: Maintaining Credential Security
• 20:5 : IT Security News Hourly Summary 2025-12-19 21h : 3 posts
• 19:32 : HubSpot Phishing Campaign Bypasses Trusted Email Defenses
• 19:32 : Thailand Conference Launches International Initiative to Fight Online Scams
• 19:32 : Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
• 18:32 : Fortifying Cloud Security Operations with AI-Driven Threat Detection
• 18:32 : 25,000+ FortiCloud SSO-Enabled Devices Exposed to Remote Attacks
• 18:32 : WatchGuard sounds alarm as critical Firebox flaw comes under active attack
• 18:31 : Randall Munroe’s XKCD ‘Fifteen Years’
• 18:31 : Vulnerability Management’s New Mandate: Remediate What’s Real
• 18:2 : Wordfence Intelligence Weekly WordPress Vulnerability Report (December 8, 2025 to December 14, 2025)
• 18:2 : Hacks, thefts, and disruption: The worst data breaches of 2025
• 18:2 : CultureAI Selected for Microsoft’s Agentic Launchpad Initiative to Advance Secure AI Usage
• 18:2 : Keeper Security Bolsters Federal Leadership to Advance Government Cybersecurity Initiatives
• 18:2 : Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread
• 17:31 : Zero Trust Model for Nonprofits: Protecting Mission in the Digital Age
• 17:31 : OpenAI Launches GPT-5.2-Codex for Secure Coding
• 17:31 : Sydney Uni data goes walkabout after criminals raid code repo
• 17:5 : IT Security News Hourly Summary 2025-12-19 18h : 11 posts
• 17:2 : Why AppSec Can’t Keep Up With AI-Generated Code
• 17:2 : Google Shutting Down Dark Web Report Met with Mixed Reactions
• 17:2 : State-linked and criminal hackers use device code phishing against M365 users
• 16:32 : Keyboard Lag Leads Amazon to North Korean Impostor in Remote Role
• 16:32 : OWASP Drops First AI Agent Risk List
• 16:32 : Amazon Detects North Korean IT Infiltrator via Latency Clues
• 16:32 : In Other News: Docker AI Attack, Google Sues Chinese Cybercriminals, Coupang Hacked by Employee
• 16:32 : For $18 an Hour Stanford’s AI Agent Bested Most Human Pen Testers in Study
• 16:32 : Wi-Fi Jammers Pose a Growing Threat to Home Security Systems: What Homeowners Can Do
• 16:32 : Adobe Brings Photo, Design, and PDF Editing Tools Directly Into ChatGPT
• 16:31 : Rockrose Development suffers security breach affecting 47,000 people
• 16:2 : CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor
• 16:2 : Iranian Nation-State APT Targeting Networks and Critical Infrastructure Organizations
• 16:2 : Cloud Atlas Hacker Group Exploiting Office Vulnerabilities to Execute Malicious Code
• 16:2 : AI Security Firm Ciphero Emerges From Stealth With $2.5 Million in Funding
• 16:2 : Palo Alto Networks, Google Cloud Strike Multibillion-Dollar AI and Cloud Security Deal
• 16:2 : Amazon and Microsoft AI Investments Put India at a Crossroads
• 16:2 : Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
• 16:2 : Top lawmaker asks White House to address open-source software risks
• 15:32 : AI Actor Tilly Norwood and the Impact of Cloud Infrastructure
• 15:32 : UK Foreign Office Cyber Breach Exposed Diplomatic Secrets
• 15:32 : Dismantling Defenses: Trump 2.0 Cyber Year in Review
• 15:32 : AI Avatars Trialled to Ease UK Teacher Crisis
• 15:32 : Hacker Exposes AI Influencer Startup
• 15:32 : Cyber Briefing: 2025.12.19
• 15:31 : Virginia Mental Health Data Breach
• 15:31 : US Seizes E Note Crypto Exchange
• 15:31 : Zeroday Cloud Awards Big Bug Bounty
• 15:2 : What Cyber Defenders Really Think About AI Risk
• 15:2 : Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments
• 15:2 : Denmark Blames Russia for Cyberattacks Ahead of Elections and on Water Utility
• 15:2 : CSA Study: Mature AI Governance Translates Into Responsible AI Adoption
• 14:32 : Hacks, thefts and disruption: The worst data breaches of 2025
• 14:32 : Scripted Sparrow Uses Automation to Generate and Send their Attack Messages
• 14:31 : CISA warns ASUS Live Update backdoor is still exploitable, seven years on
• 14:31 : The WAF must die – some interesting thoughts – FireTail Blog
• 14:5 : IT Security News Hourly Summary 2025-12-19 15h : 7 posts
• 14:2 : Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response
• 14:2 : Cyber Criminals Are Recruiting Insiders in Banks, Telecoms, and Tech
• 14:2 : Docker Makes 1,000 Hardened Images Free and Open Source
• 13:32 : Ransomware Attack 2025 Recap – From Critical Data Extortion to Operational Disruption
• 13:31 : Hackers Targeting HubSpot Users in Targeted Phishing Attack
• 13:31 : HPE tells customers to patch fast as OneView RCE bug scores a perfect 10
• 13:31 : US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator
• 13:2 : Docker Fixes ‘Ask Gordon’ AI Flaw That Enabled Metadata-Based Attacks
• 13:2 : CLOP targets Gladinet CentreStack servers in large-scale extortion campaign
• 12:32 : Making CloudFlare Workers Work for Red Teams
• 12:32 : AI Advertising Company Hacked
• 12:32 : Roundcube Vulnerabilities Allow Attackers to Execute Malicious Scripts
• 12:32 : Microsoft Released Out-of-band Update to Fix MSMQ Bug that Impacts IIS Sites
• 12:32 : New Tool Released to Detect Cisco Secure Email Gateway 0-Day Vulnerability Exploited in the Wild
• 12:32 : Hackers Using PuTTY for Both Lateral Movement and Data Exfiltration
• 12:32 : What is Spoofing and a Spoofing Attack? Types & Prevention
• 12:32 : How should Your Business Deal with Email Impersonation Attacks in 2025?
• 12:31 : Aadhaar Verification Rules Amended as India Strengthens Data Compliance
• 12:31 : Denmark Blames Russia for “Destructive” Cyber-Attacks
• 12:2 : The Asset Layer of the Web: Tokenization Is Becoming Finance’s New Backend Infrastructure
• 12:2 : Closing Out 2025 with Gratitude (and Momentum)
• 12:2 : ‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
• 12:2 : University of Sydney Data Breach Affects 27,000 Individuals
• 12:2 : Best Vulnerability Scanning Tool for 2026- Top 10 List
• 12:2 : WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
• 12:2 : US Charges 54 in Massive ATM Jackpotting Conspiracy
• 11:31 : Ministers confirm breach at UK Foreign Office but details remain murky
• 11:5 : IT Security News Hourly Summary 2025-12-19 12h : 7 posts
• 11:5 : DLLs & TLS Callbacks, (Fri, Dec 19th)
• 11:4 : ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks
• 11:4 : North Korean Hackers Make History with $2 Billion Crypto Heist in 2025
• 11:4 : Faith in the internet is fading among young Brits
• 11:4 : Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks
• 11:4 : Ask Me Anything Cyber: Telethon Edition with Shadè Alcine
• 10:32 : North Korea’s Digital Surge: $2B Stolen in Crypto as Amazon Blocks 1,800 Fake IT Workers
• 10:32 : Why NetSuite Customer Portals Fall Short and How to Build Better User Experiences
• 10:2 : China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager
• 10:2 : Cloud Atlas activity in the first half of 2025: what changed
• 9:32 : LG To Allow Users To Remove Copilot From TVs After Complaints
• 9:32 : TikTok Signs Deal To Hand Over US Assets
• 9:31 : Italian Ferry Malware Attack Sparks International Probe
• 9:31 : AI and cybersecurity: Two sides of the same coin
• 9:2 : Roundcube Flaws Let Attackers Execute Malicious Scripts
• 9:2 : Microsoft Patches MSMQ Flaw That Affects IIS Web Servers
• 9:2 : Targeted Phishing Attack Strikes HubSpot Users
• 9:2 : Amazon Identified North Korean IT Worker by Tracking Keystroke Activity
• 9:2 : New Linux Kernel Rust Vulnerability Triggers System Crashes
• 9:2 : University of Sydney Hacked – Students and Staff Data Exposed
• 9:2 : Clop Ransomware Group Exploiting Gladinet CentreStack Servers to Steal Data
• 9:2 : WatchGuard 0-day Vulnerability Exploited in the Wild to Hijack Firewalls
• 9:2 : New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
• 9:2 : FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime
• 8:32 : Council Calls For Phone Ban In All Primary Schools
• 8:31 : One In Three UK Adults Use AI For Emotional Support
• 8:31 : Windows RemoteApp problems, ferry malware arrest, Senator’s open-source warning
• 8:5 : IT Security News Hourly Summary 2025-12-19 09h : 2 posts
• 8:2 : Yet another DCOM object for lateral movement
• 8:2 : China-Aligned APT Hackers Exploit Windows Group Policy to Deploy Malware
• 7:3 : AI Agents are Man-in-the-Middle Attacks
• 7:3 : LLMs work better together in smart contract audits
• 7:3 : AI isn’t one system, and your threat model shouldn’t be either
• 6:31 : LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
• 6:31 : Amazon Catches North Korean IT Worker by Tracking Tiny 110ms Keystroke Delays
• 6:31 : Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management
• 5:32 : Identity risk is changing faster than most security teams expect
• 5:32 : On the Zero Day of Christmas – Cisco Devices Under Attack
• 5:5 : IT Security News Hourly Summary 2025-12-19 06h : 3 posts
• 5:2 : OpenAI GPT-5.2-Codex Supercharges Agentic Coding and Vulnerability Detection
• 5:2 : INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskillin
• 5:2 : New infosec products of the week: December 19, 2025
• 3:32 : OpenAI GPT-5.2-Codex Supercharges Agentic Coding and Cyber Vulnerability Detection
• 3:32 : China turns on a vast experimental network it says is an heir to ARPANET
• 2:31 : Risk Management in Banking: Leveraging AI and Advanced Analytics
• 2:31 : Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems
• 2:5 : IT Security News Hourly Summary 2025-12-19 03h : 1 posts
• 2:2 : ISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746, (Fri, Dec 19th)
• 0:2 : Amazon blocked 1,800 suspected North Korean scammers seeking jobs
• 23:31 : Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season
• 23:5 : IT Security News Hourly Summary 2025-12-19 00h : 2 posts
• 22:55 : IT Security News Daily Summary 2025-12-18