APT28’s new “LameHug” malware uses LLMs to generate basic commands, a strikingly clumsy move from an otherwise advanced threat group. The post APT28’s Toolkit: AI, Wi-Fi Intrusions, Cloud C2 appeared first on eSecurity Planet. This article has been indexed from…
Petco takes down Vetco website after exposing customers’ personal information
TechCrunch found Petco’s veterinary clinics were spilling customers’ personal information and medical histories of their pets to the open web. This article has been indexed from Security News | TechCrunch Read the original article: Petco takes down Vetco website after…
Browser Hijacking: Three Technique Studies
If you are searching for technical information on how browser hijacking works, some generic removal instructions is all you’ll probably find. Let’s change that. This article has been indexed from Security Blog G Data Software AG Read the original article:…
US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups
Victoria Dubranova faces over 25 years in prison for links to Russia-backed CARR and NoName hacktivist groups. The post US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups appeared first on SecurityWeek. This article has been indexed from…
Europol’s OTF GRIMM Arrests Nearly 200 in Crackdown on “Violence-as-a-Service” Crime Networks
Nearly 200 people — including several minors linked to murder attempts — have been taken into custody over the past six months under Europol’s Operational Taskforce (OTF) GRIMM. The initiative focuses on dismantling what authorities describe as “violence-as-a-service” networks,…
Researchers Find Massive Increase in Hypervisor Ransomware Incidents
Rise in hypervisor ransomware incidents Cybersecurity experts from Huntress have noticed a sharp rise in ransomware incidents on hypervisors and have asked users to be safe and have proper back-up. The Huntress case data has disclosed a surprising increase in…
WinRAR Flaw Under Active Attack Now
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has formally included a security flaw impacting the WinRAR file archiver and compression The post WinRAR Flaw Under Active Attack Now first appeared on CyberMaterial. This article has been indexed from CyberMaterial…
Microsoft Fixes Dozens Of Security Flaws
Microsoft wrapped up 2025 by releasing patches for 56 security vulnerabilities across various products within the Windows platform. This final update The post Microsoft Fixes Dozens Of Security Flaws first appeared on CyberMaterial. This article has been indexed from CyberMaterial…
AI-Powered Analysis Exposes Massive 5,000-Domain Chinese Malware Operation
DomainTools Investigations has released critical findings detailing the expansion of a massive malware-delivery network targeting Chinese-speaking users worldwide. The long-running cluster, active since June 2023, has swelled to approximately 5,000 domains, with researchers identifying over 1,900 new domains between May…
The big catch: How whaling attacks target top executives
Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe. This article has been indexed from WeLiveSecurity Read the original article: The big catch: How whaling attacks target top executives
Google Chrome’s New AI Security Aims to Stop Hackers Cold
Google is also backing these measures with a $20,000 bounty for researchers who can demonstrate successful breaches of the new security boundaries. The post Google Chrome’s New AI Security Aims to Stop Hackers Cold appeared first on TechRepublic. This article…
Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely
Microsoft has patched a critical remote code execution (RCE)vulnerability in Outlook that could allow attackers to execute malicious code on vulnerable systems. The flaw, tracked as CVE-2025-62562, was released on December 9, 2025, and requires immediate attention from IT administrators…
Threat Actors Weaponize ChatGPT and Grok Conversations to Deploy AMOS Stealer
Threat actors are now leveraging the trust users place in AI platforms like ChatGPT and Grok to distribute the Atomic macOS Stealer (AMOS). A new campaign discovered by Huntress on December 5, 2025, reveals that attackers have moved beyond mimicking…
GhostFrame phishing kit fuels widespread attacks against millions
GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools. This article has been indexed from Malwarebytes Read the original article: GhostFrame phishing kit fuels widespread attacks against millions
Securing MCP: How to Build Trustworthy Agent Integrations
Model Context Protocol (MCP) is quickly becoming the backbone of how AI agents interact with the outside world. It gives agents a standardized way to discover tools, trigger actions, and pull data. MCP dramatically simplifies integration work. In short, MCP…
Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data
Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised systems. The flaw, identified as CVE-2025-62468, was disclosed as part of the company’s December 2025…
Microsoft Releases New Guidance to Combat the Shai-Hulud 2.0 Supply Chain Threat
Microsoft has published comprehensive guidance addressing the Shai-Hulud 2.0 supply chain attack, one of the most significant cloud-native ecosystem compromises observed in recent months. The campaign represents a sophisticated threat that exploits the trust inherent in modern software development workflows…
Gemini Zero-Click Flaw Let Attackers Access Gmail, Calendar, and Google Docs
A critical vulnerability in Google Gemini Enterprise and Vertex AI Search, dubbed GeminiJack, that allows attackers to exfiltrate sensitive corporate data without any user interaction or security alerts. The flaw exploits an architectural weakness in how enterprise AI systems process and…
Cybercriminals Use Fake Game Updates on Itch.io and Patreon to Push Lumma Stealer
The indie gaming community faces a new and sophisticated threat. Malicious actors are exploiting itch.io and Patreon to distribute the Lumma Stealer malware disguised as legitimate game updates, targeting unsuspecting gamers through a systematic spam campaign across the platform. Newly…
High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking
A critical stored cross-site scripting (XSS) vulnerability in Ivanti Endpoint Manager (EPM) enables unauthenticated attackers to hijack administrator sessions by injecting malicious JavaScript into the management dashboard. The vulnerability, identified as CVE-2025-10573 with a CVSS score of 9.6, affects all…
Essential Eight: What Organisations Should Expect in 2026
Explore how the Essential Eight may shift in 2026, why ACSC expectations could rise, and what Australian organisations should do for greater resilience. The post Essential Eight: What Organisations Should Expect in 2026 appeared first on TechRepublic. This article has…
Crisis in Icebergen: How NATO crafts stories to sharpen cyber skills
1,500 military digital defenders spent past week cleaning up a series of cyberattacks on fictional island Andravia and Harbadus – two nations so often at odds with one another – were once again embroiled in conflict over the past seven…
Fortinet Patches Critical Authentication Bypass Vulnerabilities
The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled. The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fortinet…
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
GeminiJack is a zero-click Gemini attack that could have been exploited using specially crafted emails, calendar invites, or documents. The post Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek…