A massive credential-theft campaign dubbed PCPcat compromised 59,128 Next.js servers in under 48 hours. The operation exploits critical vulnerabilities CVE-2025-29927 and CVE-2025-66478, achieving a 64.6% success rate across 91,505 scanned targets. PCPCat scanners, distributed via react.py malware, probe public Next.js…
Interpol Taken Down 6 Ransomware Variants and Arrested 500+ Suspects
Law enforcement agencies across 19 African nations have achieved a landmark victory against cybercrime. Arresting 574 suspects and dismantling six ransomware variants during Operation Sentinel, a month-long coordinated crackdown that concluded on November 27. The operation, which ran from October…
Ransomware Attack on Romanian Waters Authority – 1,000+ IT Systems Compromised
Romania’s National Administration “Apele Române” (Romanian Waters) disclosed a severe ransomware attack on December 20, 2025. That compromised approximately 1,000 IT systems across the agency and 10 of its 11 regional water basin administrations. The incident affected critical infrastructure responsible…
Conjur: Open-source secrets management and application identity
Conjur is an open-source secrets management project designed for environments built around containers, automation, and dynamic infrastructure. It focuses on controlling access to credentials such as database passwords, API keys, and tokens that applications need at runtime. The project is…
What if your face could say “don’t record me”? Researchers think it’s possible
Phones, smart glasses, and other camera-equipped devices capture scenes that include people who never agreed to be recorded. A newly published study examines what it would take for bystanders to signal their privacy choices directly to nearby cameras. BLINDSPOT system…
Governance maturity defines enterprise AI confidence
AI security has reached a point where enthusiasm alone no longer carries organizations forward. New Cloud Security Alliance research shows that governance has become the main factor separating teams that feel prepared from those that do not. Governance separates confidence…
Critical MongoDB Flaw Leaks Sensitive Data Through zlib Compression
MongoDB has disclosed a critical security vulnerability tracked as CVE-2025-14847 that could allow attackers to extract uninitialized heap memory from database servers without authentication. The flaw, affecting multiple MongoDB versions dating back to v3.6, stems from a client-side exploit in…
WebRAT Malware Campaign Leveraging GitHub-Hosted Proof-of-Concept Code
Cybersecurity specialists from the Solar 4RAYS cyberthreat research center, a division of the Solar Group, have uncovered a dangerous new malware strain dubbed “Webrat.” This sophisticated threat has been identified as a multi-functional remote access tool (RAT) and information stealer…
Operation PCPcat Exploits Next.js and React, Impacting 59,000+ Servers
A sophisticated credential-stealing campaign named “Operation PCPcat” has compromised over 59,000 Next.js servers worldwide, exploiting critical vulnerabilities in the popular React framework to harvest sensitive authentication data at industrial scale. Security researchers discovered the campaign through honeypot monitoring and gained…
“Purifying” photons: Scientists found a way to clean light itself
A new discovery shows that messy, stray light can be used to clean up quantum systems instead of disrupting them. University of Iowa researchers found that unwanted photons produced by lasers can be canceled out by carefully tuning the light…
Counterfeit defenses built on paper have blind spots
Counterfeit protection often leans on the idea that physical materials have quirks no attacker can copy. A new study challenges that comfort by showing how systems built on paper surface fingerprints can be disrupted or bypassed. The research comes from…
Elementary OS 8.1 rolls out with a stronger focus on system security
Elementary OS 8.1 is now available for download and shipping on select hardware from retailers such as Star Labs, Slimbook, and Laptop with Linux. The update arrives after more than a year of refinements based on community feedback and issue…
What happens to enterprise data when GenAI shows up everywhere
Generative AI is spreading across enterprise workflows, shaping how employees create, share, and move information between systems. Security teams are working to understand where data ends up, who can access it, and how its use reshapes security assumptions. This article…
Year End Repeat: Pig Butchering: Operation Shamrock Fights Back
Over the holidays we are rerunning some of our favourite episodes. This one first aired this summer and was one of my first conversations with the fascinating head of Operation Shamrock. We’ll be back with regular programming on January 5th. …
IT Security News Hourly Summary 2025-12-24 06h : 2 posts
2 posts were published in the last hour 5:2 : What are Access Tokens? Complete Guide to Access Token Structure, Usage & Security 4:31 : Медицинская лаборатория Гемотест (Gemotest) – 6,341,495 breached accounts
What are Access Tokens? Complete Guide to Access Token Structure, Usage & Security
Learn everything about access tokens: their structure, how they work in SSO and CIAM, and critical security measures to protect them from threats. The post What are Access Tokens? Complete Guide to Access Token Structure, Usage & Security appeared first…
Медицинская лаборатория Гемотест (Gemotest) – 6,341,495 breached accounts
In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients. The data contained 6.3 million unique email addresses along with names, physical addresses, dates of birth, passport and insurance numbers. Gemotest was later fined…
A brush with online fraud: What are brushing scams and how do I stay safe?
Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow. This article has been indexed from WeLiveSecurity Read the original article: A brush with…
Microsoft wants to replace its entire C and C++ codebase, perhaps by 2030
Plans move to Rust, with help from AI Microsoft wants to translate its codebase to Rust, and is hiring people to make it happen.… This article has been indexed from The Register – Security Read the original article: Microsoft wants…
Formal Verification of MCP Security Properties against Post-Quantum Adversaries
Explore formal verification’s role in securing Model Context Protocol (MCP) deployments against quantum computing attacks. Learn how mathematical proofs and verification tools ensure robust AI infrastructure security. The post Formal Verification of MCP Security Properties against Post-Quantum Adversaries appeared first…
SAML Security: Complete Guide to SAML Request Signing & Response Encryption
Learn how SAML request signing and response encryption protect your SSO implementation. A comprehensive guide covering integrity, confidentiality, and best practices. The post SAML Security: Complete Guide to SAML Request Signing & Response Encryption appeared first on Security Boulevard. This…
Who Does Cybersecurity Need? You!
Cybersecurity thrives on diverse skills, not just coding and engineering. From writers to designers, there’s a place for you in this field. The post Who Does Cybersecurity Need? You! appeared first on Unit 42. This article has been indexed from…
IT Security News Hourly Summary 2025-12-24 00h : 6 posts
6 posts were published in the last hour 23:2 : What makes an AI system adaptable to new security challenges 23:2 : What features ensure scalability in secret management 23:2 : Why staying ahead with Agentic AI is crucial for…
What makes an AI system adaptable to new security challenges
Can Non-Human Identities Enhance Security in the Age of AI? The Intersection of AI Systems and Non-Human Identities How do organizations ensure that their AI systems remain adaptable to new security challenges? Non-Human Identities (NHIs) are a critical component in…