Researchers at Horizon3.ai have uncovered several security vulnerabilities within FreePBX, an open-source private branch exchange platform. Among them, one severity flaw could be exploited to bypass authentication if very specific configurations are enabled. The issues were disclosed privately to…
Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)
Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about the…
ISACA Named Global Credentialing Authority for DoD’s CMMC Program
ISACA has been appointed by the US DoD as the global credentialing authority for its CMMC program This article has been indexed from www.infosecurity-magazine.com Read the original article: ISACA Named Global Credentialing Authority for DoD’s CMMC Program
IT Security News Hourly Summary 2025-12-17 15h : 5 posts
5 posts were published in the last hour 14:3 : Inside a purchase order PDF phishing campaign 14:3 : Microsoft security updates breaks MSMQ on older Win systems 14:2 : NMFTA Warns of Surge and Sophistication of Cyber-Enabled Cargo Theft…
Inside a purchase order PDF phishing campaign
A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next. This article has been indexed from Malwarebytes Read the original article: Inside a purchase order PDF…
Microsoft security updates breaks MSMQ on older Win systems
Folder permission changes cause queue failures and misleading error messages, no real fix yet Microsoft has good news for administrators: while some organizations now pay for security updates on older Windows versions, the inconsistent quality remains free.… This article has…
NMFTA Warns of Surge and Sophistication of Cyber-Enabled Cargo Theft
The trucking industry group has released its 2026 Transportation Industry Cybersecurity Trends Report. The post NMFTA Warns of Surge and Sophistication of Cyber-Enabled Cargo Theft appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
New Feature | Spamhaus Reputation Checker: Troubleshoot your listing
It’s not always immediately clear why your IP has been listed or how to fix it. To help, we’ve added a new “troubleshooting” step to the IP & Domain Reputation Checker, specifically for those whose IPs have been listed on…
The 12 Months of Innovation: How Salt Security Helped Rewrite API & AI Security in 2025
As holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific – the year APIs, AI agents, and MCP…
Askul data breach exposed over 700,000 records after ransomware attack
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables…
Partnering with Precision in 2026
Partnering with precision, Palo Alto Networks focuses on deeper integration, built-in AI and a growth-focused ecosystem to secure the future. The post Partnering with Precision in 2026 appeared first on Palo Alto Networks Blog. This article has been indexed from…
CISA Warns of Gladinet CentreStack and Triofox Vulnerability Exploited in Attacks
CISA issued a critical warning regarding a hardcoded cryptographic key vulnerability affecting Gladinet CentreStack and Triofox file management solutions. The vulnerability, tracked as CVE-2025-14611, poses significant risks to organizations using these widely deployed enterprise file-sharing platforms. The flaw lies in…
New Research Reveals 90% of Parked Domains Now Deliver Malware, Scams, and Phishing Attacks
The cybersecurity threat landscape has shifted dramatically, and parked domains have become a primary weapon for delivering malware, scams, and phishing attacks to unsuspecting internet users. What was once considered a harmless domain monetization practice has transformed into a dangerous…
New Moonwalk++ PoC Shows How Malware Can Spoof Windows Call Stacks and Evade Elastic-Inspired Rules
A sophisticated proof-of-concept demonstrating how malware can bypass advanced call stack detection mechanisms increasingly adopted by enterprise security vendors like Elastic. The new Moonwalk++ technique extends prior stack-spoofing research and reveals critical gaps in current endpoint detection strategies. The Evasion Challenge As…
CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation
CISA has officially added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) catalog on December 16, 2025. Designating a critical deadline of December 23, 2025, for organizations to apply necessary remediation measures. This action reflects the vulnerability’s active exploitation in the…
Singularity Linux Kernel Rootkit with New Feature Prevents Detection
Singularity, a sophisticated Linux kernel rootkit designed for Linux kernel versions 6.x, has gained significant attention from the cybersecurity community for its advanced stealth mechanisms and powerful capabilities. This kernel module represents a concerning evolution in rootkit technology, offering multiple…
New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps
The malware provides full device control and real-time surveillance capabilities like those of advanced spyware. The post New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Hacker Conversations: Alex Hall, One-time Fraudster
A first-person journey from undetected fraud to defending trust—how life events, neurodiversity, and hard-won insight shaped a former fraudster into a fraud fighter. The post Hacker Conversations: Alex Hall, One-time Fraudster appeared first on SecurityWeek. This article has been indexed…
Hackers Claim Stealing 94GB of Pornhub Premium User Watch Histories
Cybercriminal group ShinyHunters targets former Pornhub Premium users in a massive 94GB data extortion campaign. Learn about the stolen data details, the involvement of a smishing attack, and the conflicting reports on the breach. This article has been indexed from…
Deliberate Internet Shutdowns
For two days in September, Afghanistan had no internet. No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized shutdown two weeks prior, reportedly instituted “to prevent immoral…
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network…
Five Cybersecurity Predictions for 2026: Identity, AI, and the Collapse of Perimeter Thinking
Cybersecurity has always evolved in response to attacker innovation, but the pace of change over the last few years has been unprecedented—particularly with the emergence of weaponized AI to scale phishing, deepfakes, and voice cloning. As we head toward 2026,…
IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses
Originally published at IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses by EasyDMARC. When your emails suddenly stop reaching inboxes, one … The post IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses appeared first…
Fake Microsoft Support Call Center Scam Targeting US Citizens Brought Down
An investigation by the Bengaluru police has revealed that a sophisticated cyber fraud operation was operating in the city masquerading as Microsoft Technical Support, targeting U.S. citizens in an attempt to defraud them, bringing an end to a transnational…