Kaspersky expert describes how DCOM interfaces can be abused to load malicious DLLs into memory using the Windows Registry and Control Panel. This article has been indexed from Securelist Read the original article: Yet another DCOM object for lateral movement
Tag: EN
China-Aligned APT Hackers Exploit Windows Group Policy to Deploy Malware
A sophisticated cyberespionage campaign targeting governmental entities in Southeast Asia and Japan has unveiled a new China-aligned threat actor dubbed LongNosedGoblin. Active since at least September 2023, this advanced persistent threat (APT) group distinguishes itself by leveraging a diverse toolset…
AI Agents are Man-in-the-Middle Attacks
After 25 years defending against man-in-the-middle attacks, a security veteran explains why most AI agents replicate the same architectural risks—creating compliance gaps, opaque decision-making, and zero-trust violations CISOs can’t ignore. The post AI Agents are Man-in-the-Middle Attacks appeared first on…
LLMs work better together in smart contract audits
Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead…
AI isn’t one system, and your threat model shouldn’t be either
In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses why partitioning AI systems by function and impact matters, how to…
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions This article has been indexed from WeLiveSecurity Read the original article: LongNosedGoblin tries to sniff out governmental affairs in…
Amazon Catches North Korean IT Worker by Tracking Tiny 110ms Keystroke Delays
A slight delay in keystrokes from a supposed U.S.-based IT worker alerted Amazon to a North Korean infiltrator accessing a corporate laptop. The commands should have zipped from the worker’s machine to Amazon’s Seattle headquarters in under 100 milliseconds. Instead,…
Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management
NAKIVO Backup & Replication v11.1 brings a host of benefits to MSPs and their clients. It eliminates the need for client-side port configuration, enhances security with encrypted multi-platform support, and introduces automated failover capabilities. These features are designed specifically for…
Identity risk is changing faster than most security teams expect
Security leaders are starting to see a shift in digital identity risk. Fraud activity is becoming coordinated, automated, and self-improving. Synthetic personas, credential replay, and high speed onboarding attempts now operate through shared infrastructures that behave less like scattered threats…
On the Zero Day of Christmas – Cisco Devices Under Attack
Cybersecurity Today: Cisco Zero Day Exploited & Maritime Cyber Attack Unfolds In this episode of Cybersecurity Today, host David Shipley discusses a series of critical cybersecurity incidents, including the exploitation of a zero-day flaw in Cisco email security infrastructure by…
OpenAI GPT-5.2-Codex Supercharges Agentic Coding and Vulnerability Detection
OpenAI has unveiled GPT-5.2-Codex, a cutting-edge model optimized for agentic coding and enhanced cybersecurity tasks. The release highlights breakthroughs in handling complex software engineering and vulnerability detection. GPT-5.2-Codex tops SWE-Bench Pro with 56.4% accuracy, outperforming GPT-5.2 at 55.6% and GPT-5.1…
INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskillin
Cary, North Carolina, USA, December 18th, 2025, CyberNewsWire Growth in Egypt, UAE, and Kingdom of Saudi Arabia Fueled by Demand for Expert-Led, Hands-On Training to Meet National Digital Transformation Goals INE Security, a global leader in specialized cybersecurity and IT…
New infosec products of the week: December 19, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Apiiro, Astra Security, Push Security, Trellix, and XM Cyber. Apiiro unveils AI SAST built on deep code analysis to eliminate false positives Apiiro introduced Apiiro…
OpenAI GPT-5.2-Codex Supercharges Agentic Coding and Cyber Vulnerability Detection
OpenAI has unveiled GPT-5.2-Codex, a cutting-edge model optimized for agentic coding and enhanced cybersecurity tasks. The release highlights breakthroughs in handling complex software engineering and vulnerability detection. GPT-5.2-Codex tops SWE-Bench Pro with 56.4% accuracy, outperforming GPT-5.2 at 55.6% and GPT-5.1…
China turns on a vast experimental network it says is an heir to ARPANET
Beijing wants to ‘seize the initiative in the international competition in cyberspace’ Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking…
Risk Management in Banking: Leveraging AI and Advanced Analytics
Key Takeaways Risk management in banking depends on how effectively information moves through established structures. A persistent challenge is how early emerging signals are recognized, how consistently they’re interpreted across teams, and how directly they inform decisions. AI and advanced…
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems
Cisco disclosed that a China-linked hacking group exploited a previously unknown vulnerability in its email security products, allowing attackers to compromise systems that sit at the center of enterprise email traffic. The flaw affected Cisco Secure Email Gateway and Secure…
ISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746, (Fri, Dec 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, December 19th, 2025…
Amazon blocked 1,800 suspected North Korean scammers seeking jobs
Plus: Lazarus Group has a brand new BeaverTail Even Amazon isn’t immune to North Korean scammers who try to score remote jobs at tech companies so they can funnel their wages to Kim Jong Un’s coffers.… This article has been…
Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season
Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a…