Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August…
ByteDance Limits Mobile AI Agent After Pushback
ByteDance restricts capabilities of Doubao AI agent built into new smartphone, after major platforms block it This article has been indexed from Silicon UK Read the original article: ByteDance Limits Mobile AI Agent After Pushback
Gartner Calls For Pause on AI Browser Use
Gartner has called for organizations to block today’s AI browsers on security concerns This article has been indexed from www.infosecurity-magazine.com Read the original article: Gartner Calls For Pause on AI Browser Use
Chinese Open-Source AI Shows Huge Rise This Year
Chinese open-source AI models account for nearly 30 percent of worldwide generative AI tokens, a sharp rise since late 2024 This article has been indexed from Silicon UK Read the original article: Chinese Open-Source AI Shows Huge Rise This Year
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered…
Trains Halted Over Hoax Image On Social Media
Network Rail stops trains in Lancashire after suspected AI-generated hoax image spread on social media shows serious damage to bridge This article has been indexed from Silicon UK Read the original article: Trains Halted Over Hoax Image On Social Media
Ransomware costs billions, cybercrime leads to real violence, three arrested for hacking tools
Ransomware payments pass $4.5 billion Cybercrime networks orchestrate real-world violence Three arrested over possessing hacking tools Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI.…
IT Security News Hourly Summary 2025-12-09 09h : 6 posts
6 posts were published in the last hour 8:2 : EU Fines X €120m Over ‘Deceptive’ Blue Checkmarks 8:2 : From Idea to Proof of Concept to MVP – 3 article series 8:2 : Burp Suite’s Scanning Arsenal Powered With…
EU Fines X €120m Over ‘Deceptive’ Blue Checkmarks
EU imposes fine on X for ‘deceptive’ blue checkmarks, lack of transparency around advertising system and public research data This article has been indexed from Silicon UK Read the original article: EU Fines X €120m Over ‘Deceptive’ Blue Checkmarks
From Idea to Proof of Concept to MVP – 3 article series
This is a a developer focused guide in three parts to evolving code, architecture, and processes with the purpose of turning a raw concept into a usable product. This process is one of the hardest parts of software development. Teams…
Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities
PortSwigger has enhanced Burp Suite’s scanning arsenal with the latest update to its ActiveScan++ extension, introducing detection for the critical React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478). This server-side request forgery (SSRF) flaw in React applications allows attackers to execute arbitrary shell…
500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online
Over 565 internet-exposed Apache Tika Server instances are vulnerable to a critical XML External Entity (XXE) injection flaw. That could enable attackers to steal sensitive data, launch denial-of-service attacks, or conduct server-side request forgery operations. The vulnerability, tracked as CVE-2025-66516,…
SAP Security Patch Day: Fix for Critical Vulnerabilities in SAP Solution Manager, NetWeaver, and Other Products
SAP released 14 new security notes on its monthly Security Patch Day on December 9, 2025, addressing vulnerabilities across key products, including SAP Solution Manager, NetWeaver, Commerce Cloud, and more. Three critical flaws with CVSS scores exceeding 9.0 demand immediate…
AI-driven threats are heading straight for the factory floor
In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, discusses how industrial organizations are adapting to a shift in cyber risk driven by AI. She notes that in-house capability, especially for OT response and recovery, is…
Researchers spot 700 percent increase in hypervisor ransomware attacks
Get your Hyper-V and VMware ESXi setups in order, people Researchers at security software vendor Huntress say they’ve noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they’re as secure as can be and properly…
New image signature can survive cropping, stop deepfakes from hijacking trust
Deepfake images can distort public debate, fuel harassment, or shift a news cycle before anyone checks the source. A new study from researchers at the University of Pisa examines one specific part of this problem. They introduced a way to…
AI agents break rules in unexpected ways
AI agents are starting to take on tasks that used to be handled by people. These systems plan steps, call tools, and carry out actions without a person approving every move. This shift is raising questions for security leaders. A…
The simple shift that turns threat intel from noise into real insight
In this Help Net Security video, Alankrit Chona, CTO at Simbian, explains how security teams can put threat intelligence to work in a way that supports detection, response, and hunting. Chona walks through why many teams stumble. The problem is…
Cybersecurity jobs available right now: December 9, 2025
Associate Analyst, Cyber Threat Intelligence Sony | USA | Remote – View job details As an Associate Analyst, Cyber Threat Intelligence, you will collect and analyze open-source threat data to identify signs of cyber threats. You will prepare analysis reports,…
Apple, Google and Samsung May Enable Always-On GPS in India
The Indian government is currently evaluating a controversial proposal from the telecom industry that would mandate smartphone manufacturers to enable “always-on” satellite location tracking. This move has sparked significant opposition from major technology companies, including Apple, Google, and Samsung, who…
IT Security News Hourly Summary 2025-12-09 03h : 2 posts
2 posts were published in the last hour 2:2 : ISC Stormcast For Tuesday, December 9th, 2025 https://isc.sans.edu/podcastdetail/9730, (Tue, Dec 9th) 2:2 : Department of Know: CISO hiring warning, critical threat actor law, Microsoft Defender outage
ISC Stormcast For Tuesday, December 9th, 2025 https://isc.sans.edu/podcastdetail/9730, (Tue, Dec 9th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, December 9th, 2025…
Department of Know: CISO hiring warning, critical threat actor law, Microsoft Defender outage
Link to episode page This week’s Department of Know is hosted by Sarah Lane with guests Jason Shockey, CISO, Cenlar FSB, and Mike Lockhart, CISO, Eagleview Thanks to our show sponsor, Adaptive Security This episode is brought to you by…
FinCEN data shows $4.5B in ransomware payments, record spike in 2023
Ransomware payments reported to FinCEN exceeded $4.5B by 2024, with 2023 marking a record year at $1.1B across 1,512 incidents. FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) reports filed from January 2022 to February 2025. During this period,…