The voting from the Foundation BAC has been extended through December 21. If you want to participate in the future of the OpenSSL Foundation, please join the communities site and vote for your representative. The currently running elections are: Academics…
IT Security News Hourly Summary 2025-12-16 18h : 5 posts
5 posts were published in the last hour 17:2 : Can a Transparent Piece of Plastic Win the Invisible War on Your Identity? 17:2 : Urban VPN Proxy Accused of Harvesting AI Chat Conversations 16:32 : Rogue NuGet Package Poses…
Can a Transparent Piece of Plastic Win the Invisible War on Your Identity?
Identity systems hold modern life together, yet we barely notice them until they fail. Every time someone starts a new job, crosses a border, or walks into a secure building, an official must answer one deceptively simple question: Is this…
Urban VPN Proxy Accused of Harvesting AI Chat Conversations
The browser extension Urban VPN Proxy has been reportedly collecting users’ AI chat conversations This article has been indexed from www.infosecurity-magazine.com Read the original article: Urban VPN Proxy Accused of Harvesting AI Chat Conversations
Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data
Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer. The malicious package, named “Tracer.Fody.NLog,” remained on the repository for nearly six…
Russia-linked hackers breach critical infrastructure organizations via edge devices
New research offers the latest evidence that vulnerable network edge equipment is a pressing concern. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Russia-linked hackers breach critical infrastructure organizations via edge devices
React2Shell attacks expand widely across multiple sectors
Researchers warn that state-linked and opportunistic actors are actively working to exploit flaws in React’s application tools. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: React2Shell attacks expand widely across multiple sectors
4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever
An unsecured database exposed 4.3 billion LinkedIn-derived records, enabling large-scale phishing and identity-based attacks. The post 4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever appeared first on TechRepublic. This article has been indexed from Security Archives…
Hacking group says it’s extorting Pornhub after stealing users’ viewing data
The Scattered Lapsus$ Hunters hacking collective stole Pornhub premium users’ data, including email addresses and viewing history. This article has been indexed from Security News | TechCrunch Read the original article: Hacking group says it’s extorting Pornhub after stealing users’…
Hackers are exploiting critical Fortinet flaws days after patch release
Threat actors are exploiting two critical Fortinet flaws, tracked as CVE-2025-59718 and CVE-2025-59719, days after patch release, impacting multiple Fortinet products. Threat actors started exploiting two critical flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1), in Fortinet products…
Blue Team vs Red Team: Should Defenders Learn Offensive Skills?
Discover why blue team defenders benefit from red team skills. Learn how offensive knowledge improves detection, incident response, and career growth. The post Blue Team vs Red Team: Should Defenders Learn Offensive Skills? appeared first on OffSec. This article has…
6 Benefits of a Fully Certified Cybersecurity Team
Discover 6 key benefits of a fully certified cybersecurity team, from faster onboarding to confident hiring. Learn how unified training drives performance. The post 6 Benefits of a Fully Certified Cybersecurity Team appeared first on OffSec. This article has been…
JumpCloud Windows Agent Flaw Enables Local Privilege Escalation
A flaw in JumpCloud Remote Assist for Windows has exposed managed endpoints to local privilege escalation and denial-of-service attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: JumpCloud Windows Agent Flaw Enables Local Privilege Escalation
Google Finds Server Takeovers Linked to React2Shell Exploitation
Google warns that attackers are actively exploiting React2Shell to hijack unpatched servers. The post Google Finds Server Takeovers Linked to React2Shell Exploitation appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Google…
Extracting the How: Scaling Adversary Procedures Intelligence with AI
Labeling adversary activity with ATT&CK techniques is a tried-and-true method for classifying behavior. But it rarely tells defenders how those behaviors are executed in real environments. The post Extracting the How: Scaling Adversary Procedures Intelligence with AI appeared first on…
Communicating AI Risk to the Board With Confidence | Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post Communicating AI Risk to the Board With Confidence | Kovrr appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
Data Breach at Fieldtex Affects 274000 as Ransomware Gang Takes Credit
The Fieldtex Products Corporation, a company that makes contract sewing products and fulfills medical supply orders from U.S. manufacturers, has notified hundreds of thousands of individuals after confirming an attack which compromised sensitive health-related information as a result of ransomware. …
Pierce County Library System Data Breach Exposes Information of Over 340,000 People
A cyber attack on the Pierce County Library System in the state of Washington has led to the compromise of personal data of over 340,000 people, which is indicative of the rising threat of cybersecurity breaches being posed to…
Chrome ‘Featured’ Urban VPN Extension Caught Harvesting Millions of AI Chats
A popular browser extension called Urban VPN Proxy, available for users of Google’s Chrome browser, has been discovered secretly sniffing out and harvesting confidential AI conversation data of millions of users across sites such as ChatGPT, Claude, Copilot, Gemini,…
NoName057(16) Hackers Using DDoSia DDoS Tool to Attack Organizations in NATO
NoName057(16), also known as 05716nnm or NoName05716, has emerged as a significant threat targeting NATO member states and European organizations. The group, which originated as a covert project within Russia’s Centre for the Study and Network Monitoring of the Youth…
Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges
A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier. Tracked as CVE-2025-64669, the flaw stems from insecure directory permissions on the folder C:\ProgramData\WindowsAdminCenter, which is…
Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover
Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to create rogue administrator accounts and gain full control of exposed devices. Researchers at watchTowr Labs first detailed the…
CISO Communities – Cybersecurity’s Secret Weapon
Closed CISO communities act as an information exchange, advice center, pressure valve, and safe haven from critical oversight. The post CISO Communities – Cybersecurity’s Secret Weapon appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
StackHawk adds Business Logic Testing (BLT) to its AppSec platform menu
StackHawk is adding Business Logic Testing (BLT) to its AppSec offerings. StackHawk’s BLT automates the detection of critical authorization flaws that account for 34% of security breaches. Business logic flaws, such as broken object level authorization (BOLA) and broken function…