Cybersecurity researchers have uncovered a critical ChatGPT Atlas browser attack, confirming the danger of the ongoing surge in the ClickFix threat. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the…
The Vault or the Vulnerability? Why Your Password Manager Might Be the New Cyber Risk
For years, the cybersecurity community has fought the scourge of weak, reused passwords. The solution, which was overwhelmingly adopted by both businesses and consumers, was the password manager (PM). These tools moved us from flimsy ‘123456’ credentials to unique, 30-character…
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle. Over the last few years,…
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS Security’s 0patch. The vulnerability in question is CVE-2025-9491 (CVSS score:…
Attackers Actively Exploiting Critical Vulnerability in Sneeit Framework Plugin
On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes. This vulnerability can be leveraged to…
Microsoft Confirms Windows 11 25H2 UI Features Broken also Along With 24H2 Following Update
Microsoft has acknowledged a significant issue affecting Windows 11 versions 24H2 and 25H2. Where critical user interface components break following the installation of monthly cumulative updates released on or after July 2025. The problem impacts XAML-dependent modern applications, including core…
Examining the Risk of AI-Assisted MedusaLocker Ransomware Attacks
Researchers at Cato CTRL have demonstrated that the feature, designed to streamline AI workflows, can be easily weaponized to deploy MedusaLocker ransomware without the user’s knowledge. A new cybersecurity investigation has revealed a critical oversight in Anthropic’s rapidly growing “Claude…
CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild and prompting immediate action from organizations and device users worldwide. The vulnerabilities CVE-2025-48572…
Hackers Exploit Critical Yearn Finance’s yETH Pool Vulnerability to Steal $9 Million in Ethereum
The decentralized finance sector witnessed a devastating breach targeting Yearn Finance’s yETH pool, resulting in the theft of approximately $9 million on November 30, 2025. The attacker executed a highly sophisticated exploit, minting an astronomical 235 septillion yETH tokens while…
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant…
French NGO Reporters Without Borders Targeted by Star Blizzard
A fresh wave of spear-phishing linked to the Russia-based Star Blizzard group has been detected by Sekoia This article has been indexed from www.infosecurity-magazine.com Read the original article: French NGO Reporters Without Borders Targeted by Star Blizzard
DDoS attack volume rises in Q3 as Aisuru botnet fuels record-setting attacks
A report by Cloudflare also shows a surge in attacks targeting AI companies. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: DDoS attack volume rises in Q3 as Aisuru botnet fuels record-setting attacks
IT Security News Hourly Summary 2025-12-03 18h : 15 posts
15 posts were published in the last hour 16:32 : Implementing Zero Trust on Google Cloud 16:32 : Hackers Using Calendly-Themed Phishing Attack to Steal Google Workspace Account 16:32 : 29.7 Tbps DDoS Attack Via Aisuru Botnet Breaks Internet With…
Implementing Zero Trust on Google Cloud
Cybersecurity now requires more than just perimeter defences. As you adopt microservices, hybrid workloads, and AI pipelines on Google Cloud, identity becomes your new perimeter. Zero Trust means never trust and always verify. It is no longer optional but essential.…
Hackers Using Calendly-Themed Phishing Attack to Steal Google Workspace Account
A sophisticated phishing campaign has emerged targeting business professionals with Calendly-themed emails, combining social engineering with advanced credential theft techniques. The attack specifically focuses on Google Workspace and Facebook Business accounts, using carefully crafted job opportunity lures to trick users…
29.7 Tbps DDoS Attack Via Aisuru Botnet Breaks Internet With New World Record
A new 29.7 Tbps distributed denial-of-service (DDoS) blast from the Aisuru botnet has set a new world record for attack volume, underscoring how fragile core internet infrastructure remains under extreme load. The previous record of 22Tbps, quietly broken in Q3…
Attackers have a new way to slip past your MFA
Attackers are using a tool called Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token. This article has been indexed from Malwarebytes Read the original article: Attackers have a new way to slip…
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in…
UK’s Cyber Service for Telcos Blocks 1 Billion Malicious Site Attempts
A new cyber defense service has prevented almost one billion early-stage cyber-attacks in the past year, British Security Minister claims This article has been indexed from www.infosecurity-magazine.com Read the original article: UK’s Cyber Service for Telcos Blocks 1 Billion Malicious…
Leading surveillance camera vendor signs CISA’s product-security pledge
Axis Communications is the first major surveillance camera maker to vow to adhere to CISA’s security guidelines. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Leading surveillance camera vendor signs CISA’s product-security pledge
New Joint Guide Advances Secure Integration of Artificial Intelligence in Operational Technology
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from CISA News Read the original article: New Joint Guide Advances Secure Integration of Artificial Intelligence in Operational…
Check Point Named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security
We’re proud to announce that Gartner® has recognized Check Point as a Leader in the 2025 Magic Quadrant™ for Email Security (published December 2025). We believe that this independent evaluation from the industry’s most trusted research firm validates our commitment…
CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology
CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This guidance aims to help critical infrastructure owners and…
Malicious Rust Evm-Units Mimic as EVM Version Silently Executes OS-specific Payloads
The open-source software supply chain recently encountered a deceptive threat in the form of evm-units, a malicious Rust crate published by the author ablerust. Masquerading as a standard utility for verifying Ethereum Virtual Machine (EVM) versions, the package accumulated thousands…