AI development keeps accelerating while the safeguards around it move on uneven ground, according to The International AI Safety Report. Security leaders are being asked to judge exposure without dependable benchmarks. Developers build layered defenses Across the AI ecosystem, developers…
Mandatory ‘Undeletable’ Security App to Be Installed on Every Smartphone in India
In a significant decision that will affect millions of mobile phone users, the Indian government has ordered all smartphone companies to install a specific security app on every new device sold in the country. The Department of Telecommunications (DoT) issued…
Cybersecurity jobs available right now: December 2, 2025
Application Security Manager Oddity | Israel | On-site – View job details As an Application Security Manager, you will conduct threat modeling based on a deep understanding of product features and workflows. You will coordinate manual and automated penetration testing…
The collapse of trust at the identity layer
Identity verification has become the latest front in the fight against industrialized fraud, according to a new report from Regula. The shift is visible across sectors that once relied on predictable verification routines. Criminals have learned to target the identity…
Banking Malware Can Hack.Communications via Encrypted Apps
Sturnus hacks communication A new Android banking malware dubbed Sturnus can hack interactions from entirety via encrypted messaging networks like Signal, WhatsApp, and Telegram, as well as take complete control of the device. While still under growth, the virus is…
India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones
India’s Department of Telecommunications (DoT) has ordered smartphone manufacturers to preload a government-backed cybersecurity app, “Sanchar Saathi,” on all new devices sold in the country. The order, issued privately on November 28, 2025, gives major players like Apple, Samsung, Xiaomi,…
India demands smartphone makers install a government app on every handset
‘Sanchar Saathi’ shares data to help fight fraud and protect carrier security India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days…
ISC Stormcast For Tuesday, December 2nd, 2025 https://isc.sans.edu/podcastdetail/9720, (Tue, Dec 2nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, December 2nd, 2025…
What’s your CNAPP maturity?
More and more enterprises are opting for cloud-native application protection platforms (CNAPPs) instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey. This article has been indexed from Trend Micro…
Law enforcement shuts down Cryptomixer in major crypto crime takedown
Authorities seized $29M in Bitcoin after takedown of Cryptomixer, a service used to launder cybercrime proceeds. Europol announced the seizure of $29M in Bitcoin after shutting down Cryptomixer, a crypto-mixing service used for cybercrime and money laundering. The Europol reported…
Department of Know: Prompt injection problems, California browser law, Hacklore’s security myths
Link to episode page This week’s Department of Know is hosted by Rich Stroffolino with guests Mathew Biby, director, cybersecurity, TixTrack, and Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University Thanks to our show sponsor,…
[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)
[This is a Guest Diary by James Woodworth, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…
Malicious VS Code Extension as Icon Theme Attacking Windows and macOS Users
A malicious Visual Studio Code extension posing as the popular “Material Icon Theme” has been used to attack Windows and macOS users, turning the add-on into a hidden backdoor. The fake extension shipped through the marketplace with backdoored files, giving…
IT Security News Hourly Summary 2025-12-02 00h : 4 posts
4 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-12-01 22:31 : Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware 22:31 : KimJongRAT Attacking Windows Users via Weaponized .hta Files…
IT Security News Daily Summary 2025-12-01
129 posts were published in the last hour 22:31 : Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware 22:31 : KimJongRAT Attacking Windows Users via Weaponized .hta Files to Steal Logins 22:31 : Chinese Front Companies…
Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware
A sophisticated cyberespionage campaign dubbed “Operation Hanoi Thief” has surfaced, specifically targeting IT professionals and recruitment teams in Vietnam. Discovered on November 3, 2025, this threat activity employs a complex multi-stage infection chain designed to harvest sensitive browser credentials and…
KimJongRAT Attacking Windows Users via Weaponized .hta Files to Steal Logins
A new remote access trojan dubbed KimJongRAT has surfaced, posing a severe threat to Windows users. This sophisticated malware is believed to be orchestrated by the Kimsuky group, a threat actor with alleged state backing. The campaign typically begins with…
Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations
Advanced steganography techniques are becoming increasingly central to state-sponsored cyber operations. Recent analysis has exposed two Chinese technology companies, BIETA and CIII, that allegedly provide sophisticated steganography solutions to support advanced persistent threat campaigns. These organizations operate as front companies…
Man Sentenced After Running Fake Airport and In-Flight Wi-Fi Networks
A man who ran fake airport and in-flight Wi-Fi networks to steal traveler credentials has been sentenced to over seven years in prison. The post Man Sentenced After Running Fake Airport and In-Flight Wi-Fi Networks appeared first on eSecurity Planet.…
Hackers Registered 2,000+ Fake Holiday-Themed Online Stores to Steal User Payments
With the holiday shopping season kicking into high gear, a massive cybersecurity threat has emerged, putting online shoppers at significant risk. A coordinated campaign has been discovered, involving the registration of over 2,000 fake holiday-themed online stores. These malicious sites…
Shai-hulud 2.0 Turns npm Installs Into a Full Cloud Compromise Path
A new Shai-hulud variant turns trusted npm installs into a stealthy path for cloud-credential theft and supply chain compromise. The post Shai-hulud 2.0 Turns npm Installs Into a Full Cloud Compromise Path appeared first on eSecurity Planet. This article has…
European cops shut down crypto mixing website that helped launder 1.3B euros
Europol announced the seizure of Cryptomixer’s official website, as well as 25 million euros and 12 terabytes of data from the mixer’s service. This article has been indexed from Security News | TechCrunch Read the original article: European cops shut…
Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks
Australian Michael Clapsis got 7 years and 4 months in prison for Wi-Fi attacks at airports and on flights, stealing sensitive data. Australian man Michael Clapsis (44) was sentenced to 7 years and 4 months in prison for conducting Wi-Fi…
The Dual Role of AI in Cybersecurity: Shield or Weapon?
Artificial intelligence isn’t just another tool in the security stack anymore – it’s changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why…