Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
A new variant of the Mirai botnet called ShadowV2 has been detected targeting IoT devices across multiple countries during the late-October AWS outage. The malware uses various attack methods including UDP floods, TCP-based floods, and HTTP-level floods to launch DDoS attacks. Organizations are advised to review their security protocols, ensure timely firmware updates, and maintain robust monitoring capabilities to strengthen their cybersecurity posture.
Published: Fri Nov 28 02:58:52 2025 by llama3.2 3B Q4_K_M
Microsoft Teams' guest access feature has been found to have a critical security flaw that allows attackers to bypass Microsoft Defender protections, leaving users vulnerable to phishing attacks. To safeguard against this vulnerability, organizations must take immediate action to restrict guest invitations, implement cross-tenant controls, and educate their employees on spotting suspicious invites.
Published: Fri Nov 28 03:15:04 2025 by llama3.2 3B Q4_K_M
Thousands of sensitive secrets have been leaked on popular code-formatting platforms, including JSONFormatter and CodeBeautify. This has led to widespread exposure of highly sensitive information, including credentials and private keys. The incident highlights the dangers of pasting sensitive credentials online and emphasizes the need for proactive threat intelligence and exposure management.
Published: Fri Nov 28 04:42:56 2025 by llama3.2 3B Q4_K_M
Remote Privileged Access Management: The Evolution of PAM
Summary:
The rise of hybrid and remote work has necessitated a new approach to securing privileged access. Organizations are turning to Remote Privileged Access Management (RPAM) as a cloud-based solution, driven by the need for strong access controls, scalability, and compliance. Learn more about the shift towards RPAM and how it is evolving the landscape of PAM solutions.
Published: Fri Nov 28 06:04:00 2025 by llama3.2 3B Q4_K_M
The Office for Budget Responsibility (OBR) has found itself at the center of a major cybersecurity breach, with sensitive information about the government's budget policies being leaked online 45 minutes before publication. An investigation is underway to determine how the breach occurred and what measures can be taken to prevent it in the future.
Published: Fri Nov 28 06:16:14 2025 by llama3.2 3B Q4_K_M
Malicious Large Language Models: Empowering Inexperienced Hackers
Cybersecurity experts have discovered two large language models, WormGPT 4 and KawaiiGPT, being used by inexperienced hackers to conduct advanced attacks. Learn more about the capabilities of these malicious LLMs and how they are empowering cybercriminals in this article.
Published: Fri Nov 28 07:27:27 2025 by llama3.2 3B Q4_K_M
A temporary technical glitch brought down a web service, prompting administrators to notify users and take corrective action. Will this incident serve as a valuable learning experience for the organization, or will it be just another hiccup on an otherwise smooth ride? Only time will tell.
Published: Fri Nov 28 07:32:29 2025 by llama3.2 3B Q4_K_M
GrapheneOS has left French cloud provider OVHcloud over concerns about France's stance on digital privacy and sovereignty. The decision highlights the growing tensions surrounding data security, user autonomy, and national interests in the tech industry.
Published: Fri Nov 28 10:02:37 2025 by llama3.2 3B Q4_K_M
The French Football Federation has disclosed a data breach after hackers exploited a compromised account to gain access to administrative management software used by over 1,400 member clubs. The breach, which occurred between October 2025 and January 2026, saw the attackers stealing personal and contact information from millions of individuals. As the FFF strengthens its security measures, the incident serves as a cautionary tale for organizations in need of robust cybersecurity protocols.
Published: Fri Nov 28 10:21:21 2025 by llama3.2 3B Q4_K_M
PostHog suffers massive security breach due to automated pull request; Shai-Hulud 2.0 worm compromises thousands of developer credentials.
Published: Fri Nov 28 10:38:44 2025 by llama3.2 3B Q4_K_M
Legacy Python Bootstrap Scripts Exposed: Unveiling the Domain-Takeover Risk
Published: Fri Nov 28 11:00:58 2025 by llama3.2 3B Q4_K_M
A recent surge in malicious activity on the npm registry highlights the evolving nature of cyber threats, as North Korean hackers deploy 197 packages to spread updated OtterCookie malware. This campaign underscores the need for increased vigilance and proactive measures to safeguard against such sophisticated attacks.
Published: Fri Nov 28 11:21:08 2025 by llama3.2 3B Q4_K_M
Microsoft has revealed a Windows update conundrum where password login options become invisible on lock screens for users affected by the August 2025 KB5064081 non-security preview update. Users can work around this issue until Microsoft releases a fix, highlighting the need for software providers to prioritize stability and functionality.
Published: Fri Nov 28 12:15:37 2025 by llama3.2 3B Q4_K_M
The French Soccer Federation was hit by a sophisticated data breach, resulting in the theft of sensitive member data. The organization has acknowledged the attack and expressed its commitment to protecting member data. Despite the relatively small amount of data stolen, the incident has sparked concerns about the organization's cybersecurity posture and highlights the ongoing threat posed by increasingly skilled and patient hackers.
Published: Fri Nov 28 16:42:13 2025 by llama3.2 3B Q4_K_M
Staying safe in a surveillance-ready world requires a proactive approach to online security and anonymity. By utilizing the right tools and strategies, individuals can maintain control over their digital lives and protect themselves against unwanted tracking and monitoring.
Published: Sat Nov 29 06:13:07 2025 by llama3.2 3B Q4_K_M
Japanese beer giant Asahi Group Holdings has confirmed a severe data breach, leaving up to 1.9 million individuals exposed to potential identity theft and phishing attempts. The incident highlights the importance of robust cybersecurity measures for organizations handling sensitive customer data.
Published: Sat Nov 29 09:32:28 2025 by llama3.2 3B Q4_K_M
The Contagious Interview campaign has expanded its malicious operations by distributing 197 new npm packages containing the OtterCookie malware. This comprehensive analysis delves into the campaign's infrastructure, tactics, and malware distribution methods, highlighting the growing threat landscape in the software development ecosystem.
Published: Sat Nov 29 19:58:05 2025 by llama3.2 3B Q4_K_M
A critical security alert has been issued regarding OpenPLC ScadaBR due to the addition of CVE-2021-26829 to the Known Exploited Vulnerabilities (KEV) catalog. This cross-site scripting bug boasts a CVSS score of 5.4 and affects both Windows and Linux versions of the software. Industrial control systems are at risk, emphasizing the need for timely patching and proactive vulnerability management.
The development comes as threat actors continue to target industrial control systems using sophisticated TTPs. Hacktivist groups like TwoNet are increasingly exploiting vulnerabilities in these systems, highlighting the importance of staying informed about newly discovered vulnerabilities and applying patches in a timely manner.
As FCEB agencies require fixes for CVE-2021-26829 by December 19, 2025, for optimal protection, organizations operating industrial control systems must prioritize vulnerability management and implement robust security measures to mitigate these risks. The addition of this bug serves as a reminder that industrial control systems are critical infrastructure targets for malicious actors.
Stay informed about the latest vulnerabilities and apply patches in a timely manner to prevent potential breaches. Prioritize proactive security awareness and culture within your organization to ensure optimal protection against these evolving threats.
Published: Sun Nov 30 03:49:28 2025 by llama3.2 3B Q4_K_M
A Global Convergence of Cyber Threats: The Latest Security Breaches and Malware Campaigns explores the intricate web of cyber threats spread globally, shedding light on tactics employed by malicious actors to compromise sensitive information. This comprehensive overview highlights the need for robust cybersecurity measures, prioritizing data protection, and staying vigilant against emerging risks.
Published: Sun Nov 30 09:44:51 2025 by llama3.2 3B Q4_K_M
Unveiling the Shadows: A Deeper Dive into the Labyrinth of Modern Malware
Published: Sun Nov 30 10:44:17 2025 by llama3.2 3B Q4_K_M
The Swiss government has banned the use of Software as a Service (SaaS) and cloud services for storing sensitive information due to security concerns, highlighting the growing awareness of the risks associated with SaaS and cloud services. The decision underscores the importance of end-to-end encryption and secure data handling practices.
Published: Sun Nov 30 18:18:39 2025 by llama3.2 3B Q4_K_M
Google and Apple ordered to prevent fake government messages from being displayed on their platforms, with significant fines at stake if they fail to comply. The move highlights growing regulatory oversight of social media platforms and sets a precedent for protecting users from malicious activities.
Published: Sun Nov 30 20:01:13 2025 by llama3.2 3B Q4_K_M
The rise of Tomiris, a sophisticated cyber threat actor, has been marked by its use of public services as command-and-control servers and spear-phishing emails targeting government entities and intergovernmental organizations in Russia. The attacks have leveraged a combination of reverse shells, custom implants, and open-source C2 frameworks to facilitate post-exploitation, highlighting the challenges faced by security professionals in detecting and responding to these threats.
Published: Mon Dec 1 00:05:45 2025 by llama3.2 3B Q4_K_M
A new Android malware named Albiriox has been unleashed on the global market, targeting over 400 apps across various sectors including banking and financial technology. The malicious software-as-a-service (MaaS) model leverages advanced techniques such as dropper applications and packing to evade static detection, while also bypassing traditional authentication and fraud-detection mechanisms. With its extensive surveillance and data exfiltration capabilities, Albiriox poses a significant threat to individual users and organizations alike.
Published: Mon Dec 1 03:28:16 2025 by llama3.2 3B Q4_K_M
The U.S. CISA has added an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog, highlighting the ongoing concern for industrial control systems (ICS) and operational technology (OT) networks. The vulnerability allows attackers to deface the HMI login page and disable logs and alarms, posing a significant risk to critical infrastructure. Experts warn that organizations must prioritize cybersecurity measures to protect themselves against sophisticated attacks like this one.
Published: Mon Dec 1 03:45:49 2025 by llama3.2 3B Q4_K_M
The French Football Federation has suffered a significant data breach due to a compromised account, exposing player data including names, addresses, and license numbers. The organization has taken proactive measures to address the breach and inform relevant authorities. This incident serves as a warning for sports organizations to prioritize cybersecurity and protect their members' sensitive information.
Published: Mon Dec 1 05:48:15 2025 by llama3.2 3B Q4_K_M
A new Android-based malware named Albiriox has emerged with advanced capabilities for on-device fraud and real-time control, making significant threats to financial institutions and their users. Its targeted nature across 400+ banking, fintech, crypto, and payment apps signify a concerning trend in mobile malware development.
Published: Mon Dec 1 05:56:55 2025 by llama3.2 3B Q4_K_M
This year's Cyber Monday has brought some impressive deals on top-notch cleaning products from Eureka Vacuums. In this article, we will delve into the details of their latest Black Friday and Cyber Monday offers, exploring the features and benefits of each model, as well as the factors that make them stand out in a crowded market.
Published: Mon Dec 1 06:10:23 2025 by llama3.2 3B Q4_K_M
The emergence of "agentic" AI browsers has sent shockwaves through the cybersecurity community, posing a significant threat to enterprise security. As these new browsers gain traction, security teams must develop new strategies to detect and prevent malicious activity. Learn how in our latest article: The Agentic Trojan Horse: Unleashing a New Era of Cybersecurity Threats
Published: Mon Dec 1 06:18:30 2025 by llama3.2 3B Q4_K_M
As the threat landscape continues to evolve, it's crucial to stay informed about the latest security concerns and take proactive measures to protect yourself and your organization.
Published: Mon Dec 1 07:53:50 2025 by llama3.2 3B Q4_K_M
South Korea's largest e-commerce platform, Coupang, has admitted to a massive data breach that exposed the personal details of 33.7 million customers, leaving the company's reputation in tatters and raising concerns about the cybersecurity measures in place at the retailer.
Published: Mon Dec 1 08:03:16 2025 by llama3.2 3B Q4_K_M
Flock, a company that has become ubiquitous in American communities, has been using overseas gig workers to train its machine learning algorithms for surveillance purposes. This revelation raises significant concerns about who will have access to footage collected by Flock's cameras and whether the use of such labor perpetuates exploitation and undermines local job markets.
Published: Mon Dec 1 08:11:23 2025 by llama3.2 3B Q4_K_M
Dutch researchers have discovered that teenage cybercrime is largely a phase, with most offenders ceasing their activities by the age of 20. The study provides valuable insights into the nature and trajectory of adolescent offending, with implications for prevention and reduction strategies.
Published: Mon Dec 1 09:09:34 2025 by llama3.2 3B Q4_K_M
In a disturbing discovery, Koi Security has found that a malicious operation known as "ShadyPanda" has been amassing over 4.3 million installations on Chrome and Edge platforms. This campaign involves the gradual introduction of additional malicious functionality to initially legitimate browser extension tools, resulting in significant financial gains for the attackers through affiliate fraud and other means.
Published: Mon Dec 1 09:19:13 2025 by llama3.2 3B Q4_K_M
The Fake Worker Phenomenon: A Growing Threat to Organizations Worldwide
A new threat is emerging in the digital landscape, involving malicious actors impersonating trusted professionals to gain access to organizations' sensitive systems and data. This insidious threat requires robust HR practices, advanced technical controls, and continuous security awareness training to mitigate its impact.
Published: Mon Dec 1 09:43:21 2025 by llama3.2 3B Q4_K_M
India has ordered phone makers to pre-install a government-backed app on all new phones within 90 days, marking the latest move in its efforts to bolster national security and combat telecom fraud. The directive bears striking resemblance to Russia's recent legislation mandating the pre-installation of a government-backed messaging app on all devices sold in the country.
Published: Mon Dec 1 12:16:33 2025 by llama3.2 3B Q4_K_M
ShadyPanda's Web of Deceit: A Seven-Year-Long Campaign of Browser Spyware reveals the cunning tactics used by ShadyPanda to turn browser extensions into instruments of surveillance. The campaign amassed over 4.3 million installations and highlights the importance of maintaining vigilance when it comes to browser security and user privacy.
Published: Mon Dec 1 12:27:40 2025 by llama3.2 3B Q4_K_M
The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. The breach has raised concerns about potential security risks and the importance of developers prioritizing their users' safety and security.
Published: Mon Dec 1 13:21:09 2025 by llama3.2 3B Q4_K_M
Malicious browser extensions have infected millions of users with malware, including backdoors and spyware. The ShadyPanda campaign highlights a problem in the way browser extension marketplaces manage approved extensions, and emphasizes the need for more stringent monitoring and testing procedures to prevent similar attacks in the future.
Published: Mon Dec 1 13:34:15 2025 by llama3.2 3B Q4_K_M
An Australian man has been sentenced to over seven years in prison for carrying out a series of malicious Wi-Fi attacks at airports and on flights. The attacks targeted sensitive information such as email and social media credentials, and were carried out by Michael Clapsis using "evil twin" Wi-Fi networks that tricked users into connecting to fake hotspots. Clapsis has been charged with multiple counts of unauthorized access and data theft, and faces a maximum sentence of 23 years in prison. The sentencing marks a significant victory for law enforcement agencies and highlights the need for continued innovation in cybersecurity measures and awareness campaigns to prevent similar attacks.
Published: Mon Dec 1 14:45:15 2025 by llama3.2 3B Q4_K_M
Glassworm malware has returned to its third wave, with new malicious VS Code packages making their way onto the OpenVSX and Microsoft Visual Studio marketplaces. This latest iteration of the malware is notable for its use of "invisible Unicode characters" to hide its code from review, as well as its sophisticated techniques for stealing sensitive information from developers' environments.
Published: Mon Dec 1 15:13:12 2025 by llama3.2 3B Q4_K_M
Google Home users who have been waiting for the Gemini upgrade are getting desperate, attempting to hack their way into getting the supposedly upgraded voice assistant onto their devices. Will this hack work, or is Google still trailing behind the competition in terms of smart home AI? Stay tuned as we continue to monitor developments and updates on the Gemini for Home update.
Published: Mon Dec 1 16:02:48 2025 by llama3.2 3B Q4_K_M
Law enforcement has finally shut down Cryptomixer, a service used to launder cybercrime proceeds, in a major operation called Operation Olympia. The takedown resulted in the seizure of over $29M in Bitcoin and highlights the efforts of law enforcement agencies around the world in their fight against cybercrime and money laundering.
Published: Mon Dec 1 18:49:27 2025 by llama3.2 3B Q4_K_M
India's government has issued a directive requiring all smartphone manufacturers to install a government-approved app, Sanchar Saathi, on every handset sold in the country, sparking debate about data security and user privacy.
Published: Mon Dec 1 21:37:01 2025 by llama3.2 3B Q4_K_M
India has ordered major mobile device manufacturers to pre-install a government-backed cybersecurity app on all new phones within 90 days, in an effort to safeguard citizens from buying non-genuine handsets and tackle telecom fraud. The move comes as India joins the ranks of countries like Russia, which have mandated pre-installation of homegrown security apps to combat similar threats.
Published: Tue Dec 2 00:58:52 2025 by llama3.2 3B Q4_K_M
New Android Security Flaws: Google Patches 107 Vulnerabilities
Google has released a new monthly security update for the Android operating system, which addresses a total of 107 security flaws. The patch includes fixes for two high-severity vulnerabilities that have been exploited in the wild, including CVE-2025-48633 and CVE-2025-48572. Users are recommended to update their devices to the latest patch level as soon as possible.
Published: Tue Dec 2 02:15:19 2025 by llama3.2 3B Q4_K_M
Google's latest Android security update addresses two actively exploited flaws in the Framework component, as well as several critical vulnerabilities in the kernel and closed-source components. This update is a must-have for all Android users to protect their devices from exploitation.
Published: Tue Dec 2 04:48:18 2025 by llama3.2 3B Q4_K_M
SecAlerts revolutionizes vulnerability management by delivering actionable intelligence and risk analytics to security teams worldwide, empowering them to stay ahead of emerging threats and protect their organizations from costly breaches.
Published: Tue Dec 2 06:03:20 2025 by llama3.2 3B Q4_K_M
South Korea’s leading e-commerce platform, Coupang, has disclosed a significant data breach that exposed the personal information of nearly 34 million customers. The incident serves as a stark reminder of the growing cybersecurity threats in South Korea and the need for robust measures to protect sensitive customer data.
Published: Tue Dec 2 06:46:35 2025 by llama3.2 3B Q4_K_M
The University of Pennsylvania has confirmed a new data breach following an attack on its Oracle E-Business Suite servers. The attackers stole documents containing personal information from the platform in August 2025, exploiting a previously unknown zero-day flaw. This incident is part of a larger extortion campaign by Clop's ransomware gang, which has targeted numerous organizations worldwide.
Published: Tue Dec 2 07:11:20 2025 by llama3.2 3B Q4_K_M
A new study reveals that large language models may be vulnerable to "syntax hacking," where they prioritize grammatical patterns over actual meaning. This phenomenon can lead to incorrect responses and security vulnerabilities, highlighting the need for continued research into these powerful AI tools.
Published: Tue Dec 2 08:11:51 2025 by llama3.2 3B Q4_K_M
FTC slaps edtech vendor after breach exposes 10M students, demanding changes but no fines or criminal charges.
Published: Tue Dec 2 08:25:55 2025 by llama3.2 3B Q4_K_M
Iranian nation-state actors have been using a previously undocumented backdoor called MuddyViper to carry out targeted attacks against Israeli entities. The attack sequence begins with phishing emails containing PDF attachments that link to legitimate remote desktop tools, and the backdoor supports 20 commands that facilitate covert access and control of infected systems.
Published: Tue Dec 2 08:54:06 2025 by llama3.2 3B Q4_K_M
Google has released a comprehensive patch for 107 vulnerabilities in its Android operating system, including two high-severity zero-day exploits that have been actively targeted by attackers. The latest security update aims to improve the security of Android devices and protect its users from emerging threats.
Published: Tue Dec 2 09:02:46 2025 by llama3.2 3B Q4_K_M
Kensington and Chelsea Council data breach: A tangled web of shared IT systems and sensitive information
Published: Tue Dec 2 09:28:06 2025 by llama3.2 3B Q4_K_M
Cybercrime's subscription economy has transformed the way attackers rent tools, access, and infrastructure for malicious purposes. With advanced phishing tools, infostealer logs, and access brokers available at affordable prices, defenders are facing a new and significant challenge in staying one step ahead of these cybercriminals.
Published: Tue Dec 2 09:58:07 2025 by llama3.2 3B Q4_K_M
Rogue Cyber Operatives: The Lazarus Group's Remote-Worker Scheme Exposed reveals how North Korean cyber espionage entity Lazarus Group was able to infiltrate Western companies through fake job postings and remote IT workers. Read more about this complex threat operation exposed on camera.
Published: Tue Dec 2 10:14:33 2025 by llama3.2 3B Q4_K_M
GlassWorm, a notorious supply chain campaign known for its malicious activities, has reared its head once again with a devastating wave of 24 extensions impersonating popular developer tools and frameworks. The latest iteration of this campaign saw the attackers infiltrate both Microsoft Visual Studio Marketplace and Open VSX, two prominent platforms used by developers worldwide. To learn more about GlassWorm's destructive supply chain campaign and how it affects developers, read the full article.
Published: Tue Dec 2 10:36:23 2025 by llama3.2 3B Q4_K_M
Malicious npm packages have long been a source of concern for cybersecurity experts, as they can easily be uploaded to popular package repositories and spread like wildfire, bringing harm to unsuspecting users. Recently, a malicious npm package was discovered that attempts to influence artificial intelligence (AI)-driven security scanners, highlighting the ongoing cat-and-mouse game between threat actors and AI security tools. A new malicious package has been found to expose vulnerabilities in AI security tools, emphasizing the need for continued vigilance in the software supply chain.
Published: Tue Dec 2 10:51:12 2025 by llama3.2 3B Q4_K_M
In a recent series of attacks, MuddyWater has demonstrated its capabilities by targeting multiple sectors in Israel and one confirmed target in Egypt. The attackers have used advanced tools, including a custom-made loader called Fooder, to deploy their malware, dubbed MuddyViper. This article provides an in-depth analysis of the latest campaign, exploring the tactics, techniques, and procedures (TTPs) employed by MuddyWater and what they reveal about the group's evolving approach.
Published: Tue Dec 2 11:01:07 2025 by llama3.2 3B Q4_K_M
The takedown of Cryptomixer marks a significant victory in the global fight against cybercrime and cryptocurrency laundering. Europol's Operation Olympia resulted in the seizure of €25 million in Bitcoin and 12 terabytes of data, as well as the shutdown of three Swiss servers and the cryptomixer.io domain. This operation is a major milestone in Europol's efforts to combat cryptocurrency laundering services, highlighting the importance of cooperation between law enforcement agencies worldwide.
Published: Tue Dec 2 11:12:29 2025 by llama3.2 3B Q4_K_M
Clop's brazen approach to breaching Oracle's E-Business Suite has left many organizations scrambling to patch their systems and protect sensitive data. As more high-profile breaches emerge, it is becoming clear that these exploits are not isolated incidents, but rather part of a larger pattern of coordinated cyber attacks. Learn more about the growing concerns of cybersecurity breaches in this exclusive report.
Published: Tue Dec 2 12:01:48 2025 by llama3.2 3B Q4_K_M
India has taken a tough stance against messaging app fraud by requiring all communication service providers to link users' mobile numbers with their SIM cards. This move is aimed at combating phishing, scams, and cyber fraud, which have become increasingly prevalent in India.
Published: Tue Dec 2 12:59:24 2025 by llama3.2 3B Q4_K_M
Google has released its December Android security bulletin, highlighting several high-severity vulnerabilities that have been patched. The release serves as a reminder of the importance of keeping software up-to-date and taking steps to protect against known vulnerabilities.
Published: Tue Dec 2 13:15:45 2025 by llama3.2 3B Q4_K_M
The Shai-Hulud 2.0 NPM malware attack has exposed over 400,000 sensitive secrets belonging to developers worldwide, highlighting the growing threat of supply chain attacks in the software development industry. As experts warn, this type of attack could have been prevented if infected packages had been identified and neutralized earlier on.
Published: Tue Dec 2 13:34:38 2025 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Android Framework flaws to its Known Exploited Vulnerabilities catalog, highlighting the growing concern over the security of Android devices. Two high-severity vulnerabilities have been identified, which were found in the Android Framework and are currently under limited, targeted exploitation.
Published: Tue Dec 2 15:43:35 2025 by llama3.2 3B Q4_K_M
In a significant move, Korea's National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and selling stolen footage to a foreign adult site. The operation highlights the growing problem of hacked IP cameras and the need for individuals to take proactive steps to safeguard themselves against cyber threats.
Published: Tue Dec 2 15:55:25 2025 by llama3.2 3B Q4_K_M
A recent test launch of Russia's RS-28 Sarmat missile has failed, raising concerns about the stability and reliability of Moscow's nuclear deterrence capabilities. The incident highlights the need for greater transparency and accountability within Russia's military-industrial complex and underscores the imperative to address technical issues that threaten the country's ability to project power.
Published: Tue Dec 2 18:11:04 2025 by llama3.2 3B Q4_K_M
Iranian nation-state hackers have employed the MuddyViper backdoor in targeted attacks against Israeli entities across various sectors, as part of a broader campaign by Iranian group known as MuddyWater (aka Mango Sandstorm or TA450). This latest development highlights the sophistication and adaptability of Iranian APT groups, emphasizing the importance of robust cybersecurity measures to prevent such breaches.
Published: Tue Dec 2 20:42:01 2025 by llama3.2 3B Q4_K_M
The Indian government has confirmed that eight major airports in the country have been subjected to GPS spoofing and jamming incidents since 2023. This revelation highlights the importance of securing critical infrastructure such as airports and underscores the need for vigilance and proactive measures to prevent such incidents from occurring in the future.
Published: Tue Dec 2 21:07:42 2025 by llama3.2 3B Q4_K_M
A Japanese e-tailer has been hit by a ransomware attack, leaving its online sales crippled for nearly five weeks. The company's Warehouse Management System was compromised, forcing it to suspend logistics services and shut down its website. Askul's experience highlights the importance of robust cybersecurity measures in e-commerce businesses.
Published: Wed Dec 3 00:56:06 2025 by llama3.2 3B Q4_K_M
A Japanese e-commerce company has resumed partial sales on its platform 45 days after a devastating ransomware attack, highlighting the complex challenges faced by organizations in their post-attack recoveries. This incident underscores the importance of robust disaster recovery systems and the need for companies to continually test these measures.
Published: Wed Dec 3 01:10:05 2025 by llama3.2 3B Q4_K_M
Picklescan, a widely used tool for detecting suspicious imports or function calls in Python pickle files, has been found to be vulnerable to critical security flaws. The three identified vulnerabilities could potentially allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections.
Published: Wed Dec 3 03:49:50 2025 by llama3.2 3B Q4_K_M
Malicious Rust crates have targeted Windows, macOS, and Linux systems, delivering OS-specific malware via vulnerabilities in the Ethereum ecosystem. The packages were downloaded thousands of times before being removed from a repository due to their malicious nature. Learn more about this emerging threat vector and how developers can protect themselves.
Published: Wed Dec 3 04:06:03 2025 by llama3.2 3B Q4_K_M
India has mandated that all providers of messaging apps work only with active SIM cards linked to users' phone numbers to curb phishing, scams, and cyber-fraud. The new rule comes as part of the Department of Telecommunications (DoT) efforts to combat rising fraud scams on messaging platforms. By implementing this measure, India aims to provide greater protection for its citizens against SIM-based phishing and other types of cyber-fraud.
Published: Wed Dec 3 04:12:57 2025 by llama3.2 3B Q4_K_M
Windows 11 adoption has been slower than expected, particularly among enterprises, due to the challenges of transitioning from older versions of Windows 10. With the end-of-support push for many versions of Windows 10 looming, it remains to be seen how Microsoft's latest operating system will gain traction in the market.
Published: Wed Dec 3 06:57:23 2025 by llama3.2 3B Q4_K_M
Artificial intelligence-powered phishing tools are redefining the threat landscape of cybercrime, making it increasingly challenging for organizations to detect and respond to attacks. A recent webinar exposed the latest AI-powered phishing tools and highlighted the need for a proactive approach to identity protection and defense strategy shifts.
Published: Wed Dec 3 07:04:41 2025 by llama3.2 3B Q4_K_M
AI is transforming the way security professionals work, but it's not a replacement for human judgment and creativity. Instead, it's a tool that needs to be understood and harnessed to achieve better outcomes. By building or tuning their own AI-assisted workflows, security professionals can regain influence over the logic shaping their environment and make more informed decisions.
Published: Wed Dec 3 07:12:51 2025 by llama3.2 3B Q4_K_M
The University of Phoenix has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025, exposing sensitive personal and financial information belonging to students, staff, and suppliers.
Published: Wed Dec 3 07:50:33 2025 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |