Thousands of devices have been infected with malware through New Zealand’s National Cyber Security Center, showing the persistent risk posed by credential-stealing cybercrime, which has been causing New Zealand’s National Cyber Security Center to notify individuals after an exposure. About…
India Witnesses Sharp Surge in Cybercrime, Fraud Dominates NCRB 2023 Report
The cybercrime landscape in India has witnessed a drastic increase with NCRB data indicating cases jacking up from above 52,000 in 2021 to over 86,000 by 2023 led by fraud and online financial crime. Concurrently, threat intelligence shows that India is…
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring
Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms to…
Apiiro unveils AI SAST built on deep code analysis to eliminate false positives
Apiiro introduced Apiiro AI SAST, a new approach to static application security testing (SAST) that automates code risk detection, validation and fixes with the precision and cognitive process of an expert application security engineer. Grounded in Apiiro’s patented Deep Code…
IT Security News Hourly Summary 2025-12-18 15h : 12 posts
12 posts were published in the last hour 14:2 : From the Hill: The AI-Cybersecurity Imperative in Financial Services 14:2 : Researchers Uncovered New Lazarus and Kimsuky Infrastructure with Active Tools and Tunnelling Nodes 14:2 : The ghosts of WhatsApp:…
From the Hill: The AI-Cybersecurity Imperative in Financial Services
Financial institutions face a dual mandate: embrace AI for cyber defense and secure AI with Secure AI by Design. Discover the path forward. The post From the Hill: The AI-Cybersecurity Imperative in Financial Services appeared first on Palo Alto Networks…
Researchers Uncovered New Lazarus and Kimsuky Infrastructure with Active Tools and Tunnelling Nodes
A joint investigation by Hunt.io and the Acronis Threat Research Unit has exposed an extensive network of North Korean state-sponsored infrastructure, revealing fresh connections between Lazarus and Kimsuky operations across global campaigns. The research uncovered active tool-staging servers, credential-theft environments,…
The ghosts of WhatsApp: How GhostPairing hijacks accounts
Criminals are tricking WhatsApp users into linking an attacker’s browser to their account using fake login pages and routine-looking prompts. This article has been indexed from Malwarebytes Read the original article: The ghosts of WhatsApp: How GhostPairing hijacks accounts
FBI dismantles alleged $70M crypto laundering operation
Justice Department claims unlicensed exchange funneled ransomware profits US feds have dismantled a crypto laundering service that they say helped cybercrooks wash tens of millions of dollars in dirty digital cash, seizing its servers and unsealing charges against an alleged…
What the Latest OpenAI Security Breach Reveals About the State of AI Protection
A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk—even without direct system compromise. The post What the Latest OpenAI Security Breach Reveals About the State of AI Protection appeared first on…
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when…
AppGate extends zero trust to secure AI workloads with Agentic AI Core Protection
AppGate announced the launch of Agentic AI Core Protection, a new capability within AppGate ZTNA designed to secure AI workloads deployed in enterprise core environments across on-prem and cloud venues. This innovation enables organizations to embrace AI-driven transformation while maintaining…
Chrome extension slurps up AI chats after users installed it for privacy
The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to. This article has been indexed from Malwarebytes Read the original article: Chrome extension slurps up AI chats after users installed it…
NHS tech supplier probes cyberattack on internal systems
Around 2,000 GP practices use its products An NHS tech supplier is investigating a cyberattack that affected its systems in the early hours of Sunday.… This article has been indexed from The Register – Security Read the original article: NHS…
CISA Warns of Exploited Flaw in Asus Update Tool
Tracked as CVE-2025-59374, the issue is a software backdoor implanted in Asus Live Update in a supply chain attack. The post CISA Warns of Exploited Flaw in Asus Update Tool appeared first on SecurityWeek. This article has been indexed from…
North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion…
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From…
Why Organizations Need to Modify Their Cybersecurity Strategy for 2026
Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Why Organizations Need…
GhostPairing Attack: How Hackers Secretly Hijack WhatsApp
A recent investigation by cybersecurity firm Gen Digital has uncovered a social engineering campaign known as “GhostPairing Attack.”… The post GhostPairing Attack: How Hackers Secretly Hijack WhatsApp appeared first on Hackers Online Club. This article has been indexed from Hackers…
North Korea Steals Over $2bn in Crypto in 2025
Chainalysis warns North Korea continues to steal billions in crypto for its weapons program This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korea Steals Over $2bn in Crypto in 2025
Agentic AI in Cloud-Native Systems: Security and Architecture Patterns
AI has long progressed past statistical models that generate forecasts or probabilities. The next generation of AI systems is agents, autonomous cloud-native systems capable of acting and intervening in an environment without human intervention or approval. Agents can provision infrastructure,…
The Case for Dynamic AI-SaaS Security as Copilots Scale
Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major…
FBI Seizes Crypto Laundering Hub E-Note Linked to Russian Admin
The FBI and international police have shut down E-Note, a cryptocurrency exchange that laundered over $70 million for cybercriminals. Read about the indictment of a Russian and how the global task force ended his decade-long operation. This article has been…
Chinese-based Ink Dragon Compromises Asia and South America into European Government Networks
Ink Dragon, a Chinese espionage group, has significantly expanded its operations from Southeast Asia and South America into European government networks. This advancement marks a notable shift in the threat actor’s strategic focus, utilizing a blend of well-engineered tools combined…