In his 2020 book, “Future Politics,” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our collective life should be determined by the state, and what should be left to the market…
CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution
At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware (versions 12.2.1.4.0 and 14.1.2.1.0). Multiple threat actors are already exploiting the vulnerability…
Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers
The Codex CLI vulnerability tracked as CVE-2025-61260 can be exploited for command execution. The post Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Saporo Raises $8 Million for Identity Security Platform
The Swiss cybersecurity firm will scale its R&D, sales and marketing teams as it pursues expansion across Europe. The post Saporo Raises $8 Million for Identity Security Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Span Cyber Security Arena 2026 to offer new perspectives on the development of cybersecurity
Through lectures, deep-dive presentations, best practice examples, and masterclasses, the focus of Span Cyber Security Arena 2026 will be on what strengthens our defense against cyber threats. Span Cyber Security Arena 2026 will be held in Poreč from May 20…
Proxyearth Tool Lets Anyone Trace Users in India with Just a Mobile Number
Proxyearth is a new site that shows names, Aadhaar numbers, and live locations of users in India using only mobile numbers, raising serious privacy and security concerns. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech,…
AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk
Baltimore, MD, 2nd December 2025, CyberNewsWire AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been indexed from…
Apache Struts Vulnerability Let Attackers Trigger Disk Exhaustion Attacks
A critical security flaw in Apache Struts could allow attackers to trigger disk exhaustion attacks, rendering affected systems unusable. The vulnerability, tracked as CVE-2025-64775, stems from a file leak in multipart request processing that enables denial-of-service conditions. Apache Struts researcher…
Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi
The Evil Crow Cable Wind is a stealthy tool for red teamers that hides a powerful hacking implant inside what appears to be a standard USB charging cable. Designed by security researcher Joel Serna Moreno, this device functions as a…
Google patches 107 Android flaws, including two being actively exploited
Google’s December update fixes two Android bugs that criminals are actively exploiting. Update as soon as you can. This article has been indexed from Malwarebytes Read the original article: Google patches 107 Android flaws, including two being actively exploited
Radiant Logic expands RadiantOne with composable remediation and unified identity observability
Radiant Logic announced major enhancements to its RadiantOne Platform. The release introduces new AI-powered collaborative remediation, an agentic AI-first approach that leverages the Model Context Protocol (MCP) standard, and support for the Shared Signals Framework (SSF) with the Continuous Access…
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be…
Hackers Exploit Telegram, WinSCP, Chrome, and Teams to Deliver ValleyRat Malware
Researchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion techniques, including kernel-level driver abuse, endpoint security tampering, and multi-stage…
OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data.…
Azure API Management Vulnerability Lets Attackers Create Accounts Across Tenants
A critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpatched as Microsoft considers it working…
DevilsTongue Spyware Targets Windows Users Across Multiple Countries
Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing an ongoing campaign deploying the sophisticated DevilsTongue malware against Windows users across several nations. The discovery highlights the persistent threat…
Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild
Google said it found indications that two newly identified vulnerabilities affecting Android “may be under limited, targeted exploitation” This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild
Google’s latest Android security update fixes two actively exploited flaws
Google’s latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google’s new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components.…
Personal Information of 33.7 Million Stolen From Coupang
Names, addresses, email addresses, and phone numbers were compromised in a five-month-long data breach. The post Personal Information of 33.7 Million Stolen From Coupang appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Personal…
Indian Teen Enables Apple-Exclusive AirPods Features on Android
As Apple’s AirPods have long been known, they offer a wide range of intelligent features, such as seamless device switching, adaptive noise control, and detailed battery indicators, but only if they are paired with an iPhone. This has left Android…
How a noisy ransomware intrusion exposed a long-term espionage foothold
Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisier intrusion can draw attention to a far stealthier threat that might otherwise…
IT Security News Hourly Summary 2025-12-02 12h : 5 posts
5 posts were published in the last hour 10:32 : Texas Probes Shein Over Consumer Safety 10:32 : Kaspersky Security Bulletin 2025. Statistics 10:32 : MuddyWater cyber campaign adds new backdoors in latest wave of attacks 10:32 : Most Companies…
Texas Probes Shein Over Consumer Safety
Texas attorney general investigates Shein over labor practices, consumer safety as France seeks to suspend platform in country This article has been indexed from Silicon UK Read the original article: Texas Probes Shein Over Consumer Safety
Kaspersky Security Bulletin 2025. Statistics
Kaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to October 2025, which are based on anonymized data voluntarily provided by Kaspersky users via Kaspersky Security Network (KSN). This article has been indexed from Securelist…