A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale…
Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware
A deceptive Android application lurking in the Google Play Store, disguised as a document reader and file manager, but delivering the Anatsa banking trojan to users. Cybersecurity firm Zscaler ThreatLabz found an app named “Document Reader – File Manager” by…
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks
Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations. The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
End to End-to-end Encryption? Google Update Allows Firms to Read Employee Texts
Your organization can now read your texts Microsoft stirred controversy when it revealed a Teams update that could tell your organization when you’re not at work. Google did the same. Say goodbye to end-to-end encryption. With this new RCS and…
Meta Begins Removing Under-16 Users Ahead of Australia’s New Social Media Ban
Meta has started taking down accounts belonging to Australians under 16 on Instagram, Facebook and Threads, beginning a week before Australia’s new age-restriction law comes into force. The company recently alerted users it believes are between 13 and 15…
IT Security News Hourly Summary 2025-12-08 18h : 5 posts
5 posts were published in the last hour 17:3 : Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings 17:3 : Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more 17:3 : New GhostFrame Super Stealthy…
Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings
Google warns Chrome users of rising “account takeovers” and urges stronger authentication to keep accounts and synced data safe. The post Google Confirms Rising ‘Account Takeovers ’— Users Told to Check Chrome Settings appeared first on TechRepublic. This article has…
Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more
Petco said the exposure was due to an error in an application, and that it is notifying victims’ whose data was affected. This article has been indexed from Security News | TechCrunch Read the original article: Petco’s security lapse affected…
New GhostFrame Super Stealthy Phishing Kit Attacks Millions of Users Worldwide
A sophisticated new phishing kit called GhostFrame has already been used to launch over 1 million attacks. First discovered in September 2025 by Security researchers at Barracuda, this stealthy tool represents a dangerous evolution in phishing-as-a-service technology. What makes GhostFrame…
ClayRat Android Spyware Expands Capabilities
A new version of ClayRat Android spyware features enhanced surveillance and device-control features This article has been indexed from www.infosecurity-magazine.com Read the original article: ClayRat Android Spyware Expands Capabilities
Ransomware peaked in 2023 prior to law enforcement actions
U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Ransomware peaked in 2023 prior to law enforcement actions
Oracle EBS zero-day used by Clop to breach Barts Health NHS
Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added…
NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety
As artificial intelligence systems become more autonomous, their ability to interact with digital tools and data introduces complex new risks. Recognizing this challenge, researchers from NVIDIA and Lakera AI have collaborated on a new paper proposing a unified framework for…
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
QuasarRAT, initially surfacing in 2014 under the alias xRAT, began its lifecycle as a legitimate remote administration tool for Windows environments. Over the last decade, however, its open-source nature and accessibility have facilitated its transformation into a potent instrument for…
How phishers hide banking scams behind free Cloudflare Pages
We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram. This article has been indexed from Malwarebytes Read the original article: How phishers hide banking scams behind free Cloudflare Pages
Marquis Software Breach Affects Over 780,000 Nationwide
A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US This article has been indexed from www.infosecurity-magazine.com Read the original article: Marquis Software Breach Affects Over 780,000 Nationwide
Major drug research company confirms cyberattack compromised employee and partner data
Indiana-based Inotiv said it was still evaluating the hack’s impact on its business. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Major drug research company confirms cyberattack compromised employee and partner data
INE Earns G2 Winter 2026 Badges Across Global Markets
Cary, North Carolina, USA, 8th December 2025, CyberNewsWire INE Earns G2 Winter 2026 Badges Across Global Markets on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been indexed from Latest Hacking News…
Cyberattacks Target Seven Major Indian Airports Through GPS Spoofing
The Indian Ministry of Home Affairs has revealed that seven key airports in the country were hit by GPS spoofing cyber attacks in November 2025, Union Civil Aviation Minister Ram MohanNaidu said. The airports affected are the Indira Gandhi…
AI IDE Security Flaws Exposed: Over 30 Vulnerabilities Highlight Risks in Autonomous Coding Tools
More than 30 security weaknesses in various AI-powered IDEs have recently been uncovered, raising concerns as to how emerging automated development tools might unintentionally expose sensitive data or enable remote code execution. A collective set of vulnerabilities, referred to…
Don’t get scammed: Your holiday guide to spotting fake e-shops
Holiday shopping is in full swing, and so is the hunt for great deals. As online shopping becomes the default for many, a shadowy industry of fake e-shops is growing right alongside it. This article has been indexed from blog.avast.com…
Lumma Stealer: Danger lurking in fake game updates from itch.io and Patreon
After patches on mainstream gaming platforms like Steam, indie game platforms as well as Patreon have become the latest platforms for distributing malware. This article has been indexed from Security Blog G Data Software AG Read the original article: Lumma…
US Accounts for 44% of Cyber Attacks; Financial Gain Targets Public Administration
The United States continues to face an unprecedented surge in cyber threats, accounting for nearly half of all documented cyber attacks globally between 2024 and 2025. Recent data from the Cyber Events Database reveals that the US experienced 646 reported…
Critical Cal.com Vulnerability Let Attackers Bypass Authentication Via Fake TOTP Codes
A severe authentication bypass vulnerability has been discovered in cal.com, the popular open-source scheduling platform. Allowing attackers to gain unauthorized access to user accounts by submitting fake TOTP codes. According to GitHub, flaw tracked as CVE-2025-66489, this critical flaw affects versions…