Russian state-sponsored threat group BlueDelta has conducted a sustained credential-harvesting campaign targeting users of UKR.NET, one of Ukraine’s most popular webmail and news services, between June 2024 and April 2025. According to research by Recorded Future’s Insikt Group, the operation…
Hundreds of Cisco customers are vulnerable to new Chinese hacking campaign, researchers say
Cisco warned that Chinese government hackers are exploiting a zero-day in some of its products. Researchers now say there are hundreds of vulnerable Cisco customers. This article has been indexed from Security News | TechCrunch Read the original article: Hundreds…
ATM jackpotting gang accused of unleashing Ploutus malware across US
Latest charges join the mountain of indictments facing alleged Tren de Aragua members A Venezuelan gang described by US officials as “a ruthless terrorist organization” faces charges over alleged deployment of malware on ATMs across the country, illegally siphoning millions…
Preventing This Week’s AWS Cryptomining Attacks: Why Detection Fails and Permissions Matter
The recent discovery of a cryptomining campaign targeting Amazon compute resources highlights a critical gap in traditional cloud defense. Attackers are bypassing perimeter defenses by leveraging compromised credentials to execute legitimate but privileged API calls like ec2:CreateLaunchTemplate, ecs:RegisterTaskDefinition, ec2:ModifyInstanceAttribute, and…
NIS2 Compliance: Maintaining Credential Security
Strengthen NIS2 compliance by preventing weak and compromised passwords with Enzoic’s continuous credential protection. The post NIS2 Compliance: Maintaining Credential Security appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: NIS2 Compliance:…
IT Security News Hourly Summary 2025-12-19 21h : 3 posts
3 posts were published in the last hour 19:32 : HubSpot Phishing Campaign Bypasses Trusted Email Defenses 19:32 : Thailand Conference Launches International Initiative to Fight Online Scams 19:32 : Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account…
HubSpot Phishing Campaign Bypasses Trusted Email Defenses
A phishing campaign targeting HubSpot users bypassed email defenses by abusing trusted platforms and authenticated infrastructure. The post HubSpot Phishing Campaign Bypasses Trusted Email Defenses appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Thailand Conference Launches International Initiative to Fight Online Scams
Similar pledges to fight scam networks were made by members of the Association of Southeast Asian Nations in the months leading up to the Bangkok conference. The post Thailand Conference Launches International Initiative to Fight Online Scams appeared first on…
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks. The activity, ongoing since September 2025, is being tracked by Proofpoint under…
Fortifying Cloud Security Operations with AI-Driven Threat Detection
With the rapid adoption of cloud technologies, organizations are rushing to migrate their workloads and data to the cloud — often at a breakneck pace. Cyber hackers are not far behind in this race. On-premises systems are no longer the…
25,000+ FortiCloud SSO-Enabled Devices Exposed to Remote Attacks
Over 25,000 Fortinet devices worldwide with FortiCloud Single Sign-On (SSO) enabled, leaving them potentially exposed to remote attacks. The finding stems from enhanced device fingerprinting in a new Device Identification report, which scanned global IP addresses and flagged these systems…
WatchGuard sounds alarm as critical Firebox flaw comes under active attack
Newly disclosed vulnerability already being abused, users urged to lock down exposed firewalls WatchGuard is in emergency patch mode after confirming that a critical remote code execution flaw in its Firebox firewalls is under active attack.… This article has been…
Randall Munroe’s XKCD ‘Fifteen Years’
via the insightful artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Fifteen Years’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall Munroe’s…
Vulnerability Management’s New Mandate: Remediate What’s Real
Live from AWS re:Invent, Snir Ben Shimol makes the case that vulnerability management is at an inflection point: visibility is no longer the differentiator—remediation is. Organizations have spent two decades getting better at scanning, aggregating and reporting findings. But the…
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 8, 2025 to December 14, 2025)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…
Hacks, thefts, and disruption: The worst data breaches of 2025
TechCrunch looks back at the biggest data breaches, disruptive cyberattacks, and damaging hacks of 2025, from the raiding of U.S. government databases to a hack every month in South Korea. This article has been indexed from Security News | TechCrunch…
CultureAI Selected for Microsoft’s Agentic Launchpad Initiative to Advance Secure AI Usage
UK-based AI safety and governance company CultureAI has been named as one of the participants in Microsoft’s newly launched Agentic Launchpad, a technology accelerator aimed at supporting startups working on advanced AI systems. The inclusion marks a milestone for CultureAI’s…
Keeper Security Bolsters Federal Leadership to Advance Government Cybersecurity Initiatives
Keeper Security has announced the appointment of two new additions to its federal team, with Shannon Vaughn as Senior Vice President of Federal and Benjamin Parrish, Vice President of Federal Operations. Vaughn will lead Keeper’s federal business strategy and expansion,…
Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread
Amazon is warning organizations that a North Korean effort to impersonate IT workers is more extensive than many cybersecurity teams may realize after discovering the cloud service provider was also victimized. A North Korean imposter was uncovered working as a…
Zero Trust Model for Nonprofits: Protecting Mission in the Digital Age
In an increasingly globally connected world, nonprofit organizations are as much at risk and vulnerable to cyber threats as large multinational corporations, if not more so. To keep cyber threats at bay, traditional security models have often relied on devices…
OpenAI Launches GPT-5.2-Codex for Secure Coding
OpenAI has launched GPT-5.2-Codex, an agentic coding model that boosts real-world software engineering and AI-powered vulnerability research. The post OpenAI Launches GPT-5.2-Codex for Secure Coding appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Sydney Uni data goes walkabout after criminals raid code repo
Attackers helped themselves to historical personal info on 27K people The University of Sydney is ringing around thousands of current and former staff and students after admitting attackers helped themselves to historical personal data stashed inside one of its online…
IT Security News Hourly Summary 2025-12-19 18h : 11 posts
11 posts were published in the last hour 17:2 : Why AppSec Can’t Keep Up With AI-Generated Code 17:2 : Google Shutting Down Dark Web Report Met with Mixed Reactions 17:2 : State-linked and criminal hackers use device code phishing…
Why AppSec Can’t Keep Up With AI-Generated Code
StackHawk co-founder and CSO Scott Gerlach has spent most of his career running security teams, and his take on application security is shaped by a simple reality: developers are still too often the last to know when their code ships…