Cloudflare has confirmed that it is currently experiencing a significant outage that is affecting the Cloudflare Dashboard and several Cloudflare API services. The issue began earlier today and has caused widespread disruptions for users who rely on Cloudflare’s management tools…
Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified
Data leaks have shed a new light on Intellexa’s flagship spyware infrastructure and attack vectors This article has been indexed from www.infosecurity-magazine.com Read the original article: Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified
EU Probes Meta Over WhatsApp AI Rules
European Commission says new rules governing third-party AI chatbots on WhatsApp Business may illegally limit competition This article has been indexed from Silicon UK Read the original article: EU Probes Meta Over WhatsApp AI Rules
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised…
Waymo Cars Filmed Illegally Passing School Buses 19 Times
US highway regulator investigates latest Waymo blunder after automated taxis filmed repeatedly illegally passing school buses in Austin, Texas This article has been indexed from Silicon UK Read the original article: Waymo Cars Filmed Illegally Passing School Buses 19 Times
New Anonymous Phone Service
A new anonymous phone service allows you to sign up with just a zip code. This article has been indexed from Schneier on Security Read the original article: New Anonymous Phone Service
SEEDSNATCHER Android Malware Attacking Users to Exfiltrate Sensitive Data and Execute Malicious Commands
SeedSnatcher represents a significant threat to cryptocurrency users worldwide. Packaged under the seemingly innocent name “Coin” and distributed through Telegram, this Android malware has emerged as a sophisticated tool designed specifically to steal digital wallet recovery codes and execute remote…
Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions
A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgrades. The vulnerability, tracked as CVE-2025-20386 for Splunk Enterprise and CVE-2025-20387 for Universal Forwarder. Allows…
Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely
A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from…
Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer
A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked…
Check Point introduces Quantum Firewall R82.10 with new AI and zero trust security capabilities
Check Point announced its new Check Point Quantum Firewall Software, R82.10, introducing 20 new capabilities designed to help enterprises safely adopt AI, protect distributed environments, and simplify zero trust across hybrid networks. “As organizations embrace AI, security teams are under…
Predator spyware, Russia blocks FaceTime, US cyber strategy coming
Predator spyware spotted across several countries Russia blocks FaceTime Draft US cyber strategy set for January release Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What’s your 2 AM security worry? Is it “Do I have…
IT Security News Hourly Summary 2025-12-05 09h : 6 posts
6 posts were published in the last hour 8:4 : Ofcom Fines Adult Provider £1m Over Age Checks 8:4 : From Idea to Proof of Concept to MVP: The POC stage (2/3) 8:4 : Imperva Customers Protected Against React Server…
Ofcom Fines Adult Provider £1m Over Age Checks
Adult site provider AVS Group fined additional £50,000 for failing to make any response to Ofcom, in biggest Online Safety Act penalty to date This article has been indexed from Silicon UK Read the original article: Ofcom Fines Adult Provider…
From Idea to Proof of Concept to MVP: The POC stage (2/3)
We continue the series of 3 articles with the second one, about the Proof of Concept (POC). Here is the first article in the series, From Idea to Proof of Concept to MVP: The Idea stage (1/3) . 2. The…
Imperva Customers Protected Against React Server Components (RSC) Vulnerability
Overview On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability (CVSS 10.0), identified as React2Shell, affecting applications that leverage React Server Components together with Server Actions or Server Functions. The React2Shell vulnerability stems from improper…
Chinese Hackers Exploiting React2Shell Vulnerability
AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Chinese Hackers Exploiting React2Shell…
AutoIT3 Compiled Scripts Dropping Shellcodes, (Fri, Dec 5th)
AutoIT3[1] is a powerful language that helps to built nice applications for Windows environments, mainly to automate tasks. If it looks pretty old, the latest version was released last September and it remains popular amongst developers, for the good… or…
To what extent can users hide their location at X?
After X introduced the “About this account” feature, users can no longer completely hide their location on X. However, users on Elon Musk’s social media… The post To what extent can users hide their location at X? appeared first on…
Building the missing layers for an internet of agents
Cybersecurity teams are starting to think about how large language model agents might interact at scale. A new paper from Cisco Research argues that the current network stack is not prepared for this shift. The work proposes two extra layers…
What security leaders should watch for when companies buy or sell a business
In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, and divestitures. Sullivan talks about the types of risk an acquiring company can take…
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was…
New SVG Technique Enables Highly Interactive Clickjacking Attacks
A security researcher has unveiled a novel web exploitation technique dubbed “SVG clickjacking,” which significantly elevates the sophistication of traditional user-interface redress attacks. Unlike standard clickjacking, which typically involves tricking users into clicking a hidden button on a static overlay,…
New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer
Cybersecurity researchers uncover a sophisticated Linux campaign that blends legacy botnet capabilities with modern evasion techniques. A newly discovered Linux malware campaign is demonstrating the evolving sophistication of threat actors by combining Mirai-derived distributed denial-of-service (DDoS) functionality with a stealthy,…