A critical Stored XSS vulnerability in Angular’s template compiler (CVE-2025-66412) allows attackers to execute arbitrary code by weaponizing SVG animation attributes. Bypassing Angular’s built-in security sanitization mechanisms and affecting applications using versions below 19.2.17, 20.3.15, or 21.0.2. The Angular template…
HTB AI Range benchmarks the safety and limits of autonomous security agents
Hack The Box (HTB) unveiled HTB AI Range, a controlled AI cyber range built to test and benchmark the safety, limits, and capabilities of autonomous AI security agents. HTB AI Range replicates live, high stakes cyber battlegrounds tailored for enterprise…
Nvidia Says $100bn OpenAI Deal Still Not Finalised
Nvidia says landmark AI infrastructure deal between it and OpenAI still not finalised two months after it was announced This article has been indexed from Silicon UK Read the original article: Nvidia Says $100bn OpenAI Deal Still Not Finalised
India mandates SIM-linked messaging apps to fight rising fraud
India ordered messaging apps to work only with active SIM cards linked to users’ phone numbers to curb fraud and misuse. India’s Department of Telecommunications (DoT) now requires providers of messaging apps to work only with active SIM cards linked…
Exploits and vulnerabilities in Q3 2025
This report provides statistical data on vulnerabilities published and exploits we researched during the third quarter of 2025. It also includes summary data on the use of C2 frameworks. This article has been indexed from Securelist Read the original article:…
’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season
The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover (ATO) attacks…
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. The Rust…
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool’s protections. Picklescan, developed and maintained by Matthieu Maitre (@mmaitre314),…
Samsung Launches Double-Hinged Smartphone
Samsung’s Galaxy Z TriFold is its first entry into emerging double-hinged foldable smartphone market, as foldables grow rapidly This article has been indexed from Silicon UK Read the original article: Samsung Launches Double-Hinged Smartphone
Let’s Encrypt to Reduce Certificate Validity from 90 Days to 45 Days
Let’s Encrypt has officially announced plans to reduce the maximum validity period of its SSL/TLS certificates from 90 days to 45 days. The transition, which will be completed by 2028, aligns with broader industry shifts mandated by the CA/Browser Forum…
Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence
Matanbuchus represents a significant threat in the cybercriminal landscape as a dangerous malware downloader written in C++. Since 2020, this tool has been sold as Malware-as-a-Service, allowing threat actors to rent access and deploy it against targeted organizations. In July…
BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters
Two sophisticated Linux rootkits are posing increasingly serious threats to network security by exploiting eBPF technology to hide their presence from traditional detection systems. BPFDoor and Symbiote, both originating from 2021, represent a dangerous class of malware that combines advanced…
Nvidia Buys $2bn Stake In Synopsys
AI chip maker Nvidia buys 2.6 percent stake in chip-design software maker Synopsys, in latest deal linking tech companies together This article has been indexed from Silicon UK Read the original article: Nvidia Buys $2bn Stake In Synopsys
Chrome 143 Patches High-Severity Vulnerabilities
Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine. The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
BlackFog releases ADX Vision to block data loss from unapproved AI use
BlackFog announced the availability of its newest solution, ADX Vision. Designed to secure every endpoint and every LLM interaction, ADX Vision gives organizations the visibility and control needed to manage AI securely. Operating directly on the device, it detects shadow…
Wasabi Covert Copy strengthens cloud storage security
Wasabi has expanded its cyber resilient cloud storage capabilities with Covert Copy, a patent pending, ransomware-resistant storage solution that allows users to create a locked, hidden copy of storage buckets to ensure critical data remains untouchable, even in the event…
British MP Calls For Australia-Style Social Media Ban
Suffolk MP Jess Asato calls for online age of consent to be raised from 13 to 16 amid fears of a ‘lost generation’ due to social media This article has been indexed from Silicon UK Read the original article: British…
Morphisec enhances Anti-Ransomware Suite to block evasive attacks across key blind spots
Morphisec announced an expansion of its Anti-Ransomware Assurance Suite, adding new capabilities that include Network Share Ransomware Protection for Windows and Linux, Identity Risk Visibility, and enhancements to its existing EDR Tampering Protection. These updates strengthen enterprise defenses against the…
Microsoft Defender outage disrupts threats, Apple resists India’s app order, MuddyWater strikes Israel
Microsoft Defender outage disrupts threats Apple resists India’s state-run app order MuddyWater strikes Israel with MuddyViper Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What’s your 2 AM security worry? Is it “Do I have the…
Apple AI Chief Giannandrea To Step Down
Apple’s chief of AI efforts, including Siri, to leave company in spring as company struggles to catch up to rivals This article has been indexed from Silicon UK Read the original article: Apple AI Chief Giannandrea To Step Down
Bank Of England Warns Of AI Risk To Financial Stability
Central bank warns of risks from ‘stretched’ valuations of AI-focused tech companies in US, UK, increased reliance on debt This article has been indexed from Silicon UK Read the original article: Bank Of England Warns Of AI Risk To Financial…
Datadog introduces Bits AI SRE to automate alert investigation and root cause analysis
Datadog has launched Bits AI SRE, an AI agent aware of telemetry, architecture, and organizational context that investigates alerts and surfaces action able root cause in minutes, giving engineers the information they need to confidently resolve incidents faster, save engineering…
IT Security News Hourly Summary 2025-12-03 09h : 6 posts
6 posts were published in the last hour 7:32 : Researchers Catch Lazarus Group’s Recruitment Workflow on Camera via Honeypot 7:32 : Multiple Django Vulnerability Expose Applications to SQL Injection and DoS Attacks 7:32 : CISA Alerts on Iskra iHUB…
Researchers Catch Lazarus Group’s Recruitment Workflow on Camera via Honeypot
A groundbreaking collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has lifted the curtain on North Korean threat actors from the Lazarus Group, revealing their recruitment tactics and operational methods in unprecedented detail. The research team documented…