Owners of hundreds of Porsche vehicles across Russia are facing a sudden crisis: their high-performance cars have been rendered completely undrivable due to a widespread malfunction in the German automaker’s factory-installed alarm systems. Reports from the Rolf dealership network, Russia’s…
Pharma Firm Inotiv Confirms Data Breach Following Ransomware Attack
A leading contract research organization specializing in pharmaceutical drug discovery and development services disclosed a significant data breach stemming from a ransomware attack that occurred in early August 2025. The Inotiv company announced the cybersecurity incident in its fiscal 2025…
Shanya EDR Killer Leveraged by Ransomware Groups to Clear the Way for Ransomware Infection
The cybercriminal landscape has recently witnessed the aggressive rise of “Shanya,” a potent packer-as-a-service and EDR killer now fueling major ransomware operations. Emerging on underground forums in late 2024 under the alias “VX Crypt,” this tool was engineered to supersede…
Crypto User Loses $9,000 in Seconds After Clicking Instagram Ad Promising Easy Profits
Jack, a Solana enthusiast using the Phantom wallet, fell victim to a sophisticated crypto drainer scam that wiped out $9,000 from his wallet almost instantly. He informed Cybersecurity News that the incident began with an attractive Instagram advertisement touting quick…
TikTok To Build $38bn Data Centre In Brazil
The project, TikTok’s first in Latin America, will be powered entirely by renewable wind sources and will use closed-loop water cooling This article has been indexed from Silicon UK Read the original article: TikTok To Build $38bn Data Centre In…
Strengthening Fraud Prevention with Real-Time Mobile Identity Signals
Fraud is rising quickly in digital channels, making it harder for businesses to stay secure without adding customer friction. Deterministic, mobile-based identity signals provide the real-time, authoritative verification that outdated probabilistic tools can’t, enabling stronger fraud prevention with smoother onboarding.…
From Idea to Proof of Concept to MVP: The Minimum Viable Product – MVP (3/3)
We continue the series of 3 articles with the second one, about the Minimum Viable Product (MVP). Here is the first article in the series, From Idea to Proof of Concept to MVP: The Idea stage (1/3) and the second article,…
A week in security (December 1 – December 7)
A list of topics we covered in the week of December 1 to December 7 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (December 1 – December 7)
Palo Alto VPN attacks, NATO cyberdefense exercise, Chinese exploit React2Shell
New wave of VPN login attempts on Palo Alto portals NATO holds its largest-ever cyberdefense exercise Chinese hackers exploiting React2Shell bug Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first…
IT Security News Hourly Summary 2025-12-08 09h : 6 posts
6 posts were published in the last hour 8:4 : Meta Shuts Down Australian Teenagers’ Accounts 8:4 : Critical Vulnerabilities in GitHub Copilot, Gemini CLI, Claude, and Other Tools Impact Millions of Users 8:4 : Next.js Released a Scanner to Detect…
Meta Shuts Down Australian Teenagers’ Accounts
Meta begins shutting down Facebook, Instagram, Threads accounts of under-16s ahead of social media ban that begins this week This article has been indexed from Silicon UK Read the original article: Meta Shuts Down Australian Teenagers’ Accounts
Critical Vulnerabilities in GitHub Copilot, Gemini CLI, Claude, and Other Tools Impact Millions of Users
The software development landscape has been fundamentally altered by AI-driven integrated development environments (IDEs). Tools like GitHub Copilot, Gemini CLI, and Claude Code have evolved from simple autocompletion engines into autonomous agents capable of executing tasks. However, this rapid pursuit…
Next.js Released a Scanner to Detect and Update Apps Impacted by React2Shell Vulnerability
A dedicated command-line tool, fix-react2shell-next, to help developers immediately detect and patch the critical “React2Shell” vulnerability (CVE-2025-66478). This new scanner offers a one-line solution to identify vulnerable versions of Next.js and React Server Components (RSC). Automatically apply the required security updates…
CISA Releases New AI-in-OT Security Guidance: Key Principles & Risks
CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety. The post CISA Releases New AI-in-OT Security Guidance: Key Principles & Risks appeared first on Security Boulevard. This…
December 2025 Patch Tuesday forecast: And it’s a wrap
It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand out in my mind. First, there is…
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to…
Malicious Go Packages Mimic as Google’s UUID Library to Exfiltrate Sensitive Data
Security researchers have uncovered a long-running supply chain attack targeting the Go programming community. The Socket Threat Research Team recently identified two malicious packages. github.com/bpoorman/uuid and github.com/bpoorman/uid. That has been silently stealing data from unsuspecting developers for years. The attack relies on…
Critical React2Shell RCE Vulnerability Exploited in the Wild to Execute Malicious Code
A critical remote code execution vulnerability, tracked as CVE-2025-55182 and dubbed “React2Shell,” is now under active exploitation in the wild. GreyNoise researchers have detected opportunistic, largely automated exploitation attempts targeting the unsafe deserialization flaw in the React Server Components Flight…
Predator Spyware Compamy Used 15 Zero-Days Since 2021 to Target iOS Users
A commercial spyware company called Intellexa has exploited 15 zero-day vulnerabilities since 2021 to target iOS and Android users worldwide. The company, known for developing the Predator spyware, continues operations despite being sanctioned by the US government. The threats remain…
The Bastion: Open-source access control for complex infrastructure
Operational teams know that access sprawl grows fast. Servers, virtual machines and network gear all need hands-on work and each new system adds more identities to manage. A bastion host tries to bring order to this problem. It acts as…
NVIDIA research shows how agentic AI fails under attack
Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models,…
Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude, and Other AI Tools Affect Millions
A groundbreaking security research project has uncovered a new class of vulnerabilities affecting virtually every major AI-powered integrated development environment (IDE) and coding assistant on the market. Dubbed “IDEsaster,” this attack chain exploits fundamental features of underlying IDE platforms to…
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code
A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked as CVE-2025-55182 and dubbed “React2Shell,” affects React and downstream ecosystems, including the…
Shanya EDR Killer: The New Favorite Tool for Ransomware Operators
A sophisticated new “packer-as-a-service” tool known as Shanya has emerged in the cybercriminal underground, rapidly becoming a preferred weapon for major ransomware groups looking to neutralize endpoint defenses. According to new research from Sophos, Shanya is an evolution in the…