A critical vulnerability affecting Digiever DS-2105 Pro network video recorders was added to the Known Exploited Vulnerabilities (KEV) catalog on December 22, 2025, following evidence of active exploitation in the wild. CVE-2023-52163 is a missing authorization vulnerability in Digiever DS-2105…
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a…
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation This article has been indexed from WeLiveSecurity Read the original article: Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
3.5 Million Affected by University of Phoenix Data Breach
The University of Phoenix is one of the many victims of the recent Oracle EBS hacking campaign attributed to the Cl0p ransomware group. The post 3.5 Million Affected by University of Phoenix Data Breach appeared first on SecurityWeek. This article…
Weak enforcement keeps PCI DSS compliance low
Payment card breaches continue to surface across industries, even after years of investment in security standards. A new study links this pattern to enforcement, showing that PCI DSS compliance trails behind HIPAA, GDPR, and the EU’s NIS2 Directive. A compliance…
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems…
Formal proofs expose long standing cracks in DNSSEC
DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume that if DNSSEC validation passes, the answer can be trusted. New academic…
Malicious NPM Package with 56K Downloads Steals WhatsApp Messages
A dangerous npm package named “lotusbail” has been stealing WhatsApp messages and user data from thousands of developers worldwide. The package, which has been downloaded over 56,000 times, disguises itself as a legitimate WhatsApp Web API library while secretly running…
Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush
A cyberattack knocked France’s national postal service offline, blocking and delaying package deliveries and online payments. The post Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Cloud security is stuck in slow motion
Cloud environments are moving faster than the systems meant to protect them. A new Palo Alto Networks study shows security teams struggling to keep up with development cycles, growing cloud sprawl, and attacker tactics that now compress breaches into minutes…
AI code looks fine until the review starts
Software teams have spent the past year sorting through a rising volume of pull requests generated with help from AI coding tools. New research puts numbers behind what many reviewers have been seeing during work. The research comes from CodeRabbit…
Cybersecurity jobs available right now: December 23, 2025
Application Security Architect ARRISE | UAE | Hybrid – View job details As an Application Security Architect, you will define and mature the application security architecture strategy, standards, and guardrails across products and platforms. You will lead threat modeling and…
What Does it Take to Manage Cloud Risk?
Learn why hybrid and multi-cloud environments are vital for IT and business success from our 2025 Trend Micro Defenders Survey. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: What Does it Take…
Model Context Protocol (MCP) Vulnerability Assessment in a Post-Quantum Setting
Explore MCP vulnerabilities in a post-quantum world. Learn about PQC solutions, zero-trust architecture, and continuous monitoring for AI infrastructure security. The post Model Context Protocol (MCP) Vulnerability Assessment in a Post-Quantum Setting appeared first on Security Boulevard. This article has…
Department of Know: President signs defense bill, time flies at NIST, Italian ferry malware
Link to episode page This week’s Department of Know is hosted by Rich Stroffolino with guests Jason Taule, CISO, Luminis Health, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust…
NDSS 2025 – ReDAN: An Empirical Study On Remote DoS Attacks Against NAT Networks
Session 7A: Network Security 2 Authors, Creators & Presenters: Xuewei Feng (Tsinghua University), Yuxiang Yang (Tsinghua University), Qi Li (Tsinghua University), Xingxiang Zhan (Zhongguancun Lab), Kun Sun (George Mason University), Ziqiang Wang (Southeast University), Ao Wang (Southeast University), Ganqiu Du…
The ‘Epstein’s Suicide’ Video in the Latest DOJ Release Isn’t What It Seems
Here’s how a fake clip from 2019 wound up in the latest Justice Department Epstein files dump. This article has been indexed from Security Latest Read the original article: The ‘Epstein’s Suicide’ Video in the Latest DOJ Release Isn’t What…
DIG AI: A Dark Web AI Powering Cybercrime and Extremism
DIG AI is an uncensored Dark Web AI that allows cybercriminals to scale malware, fraud, and illicit content creation. The post DIG AI: A Dark Web AI Powering Cybercrime and Extremism appeared first on eSecurity Planet. This article has been…
IT Security News Hourly Summary 2025-12-23 00h : 3 posts
3 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-12-22 22:31 : OpenAI says AI browsers may always be vulnerable to prompt injection attacks 22:31 : Poisoned WhatsApp API package steals messages and accounts
IT Security News Daily Summary 2025-12-22
129 posts were published in the last hour 22:31 : OpenAI says AI browsers may always be vulnerable to prompt injection attacks 22:31 : Poisoned WhatsApp API package steals messages and accounts 21:31 : Palo Alto’s new Google Cloud deal…
OpenAI says AI browsers may always be vulnerable to prompt injection attacks
OpenAI says prompt injections will always be a risk for AI browsers with agentic capabilities, like Atlas. But the firm is beefing up its cybersecurity with an ‘LLM-based automated attacker.’ This article has been indexed from Security News | TechCrunch…
Poisoned WhatsApp API package steals messages and accounts
And it’s especially dangerous because the code works A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals messages, harvests credentials and contacts, and hijacks users’ WhatsApp accounts.… This…
Palo Alto’s new Google Cloud deal boosts AI integration, could save on cloud costs
SEC filings show the outfit cut projected 2027 cloud purchase commitments by $114M Security vendor Palo Alto Networks is expanding its Google Cloud partnership, saying it will move “key internal workloads” onto the Chocolate Factory’s infrastructure. The outfit also claims…
Fake Websites: Types and How to Avoid Them in 2026
Discover how these fake sites work, the most common types to watch for and what you can do to stay safe. The post Fake Websites: Types and How to Avoid Them in 2026 appeared first on Panda Security Mediacenter. This…