Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam texting
Google filed a civil lawsuit against the Chinese cybercrime group Outsider Enterprise, accusing it of leveraging its Gemini AI model to mass‑produce phishing websites and send 2.5 million scam text messages. The operation deployed roughly 9,000 fake sites and a million fraudulent domains, scamming hundreds of thousands of victims and causing multi‑million‑dollar losses.
Also developing:
WordPress Admins Targeted by Renewal Email Phishing Scam
A sophisticated phishing campaign is targeting WordPress administrators with fake domain renewal emails. The emails direct victims to a counterfeit WordPress payment portal that harvests credit‑card details and 3‑D Secure one‑time passwords. Stolen data is immediately relayed to attacker‑controlled Telegram bots. The scheme relies on urgency, polished branding, and realistic UI delays to convince administrators to complete the fraudulent transaction.
A Hacker, Known as Martha Root, Takes Down a White Supremacist Dating Site Live
At the Chaos Communication Congress, German hacker known as “Martha Root” publicly dismantled a white‑supremacist dating website. Dressed as a pink Power Ranger, she demonstrated live how she had breached the platform, downloaded every user profile, and ran an AI...
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats From 900,000 Users
Security researchers have identified two malicious Chrome extensions—"Chat GPT for Chrome with GPT‑5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude, and more"—that together have been installed by roughly 900,000 users. The extensions harvest OpenAI ChatGPT...
MacOS Flaw Enables Silent Bypass of Apple Privacy Controls
A newly disclosed macOS vulnerability (CVE-2025-43530) lets attackers silently bypass the Transparency, Consent, and Control (TCC) privacy framework by exploiting trusted VoiceOver services. The flaw combines a lax file‑based validation of Apple‑signed binaries with a TOCTOU race condition, enabling arbitrary...
High-Severity Flaw in Open WebUI Affects AI Connections
A high‑severity vulnerability (CVE‑2025‑64496) was found in Open WebUI versions 0.6.34 and earlier when the Direct Connections feature is enabled. The flaw lets a malicious AI endpoint send crafted server‑sent events that execute JavaScript in the user’s browser, stealing localStorage tokens and...
IQT The Quantum Dragon Podcast Episode 78 – “Open a Secure Channel.”
In this episode, Ryan Lafler of Quantum Corridor and Terry Cronin of Toshiba discuss their landmark demonstration of cross‑state Quantum Key Distribution (QKD) over a live commercial metro fiber network, highlighting its significance for scaling secure communications across state lines....
What Is a Proxy Server? A Complete Guide to Types, Uses, and Benefits
A proxy server acts as an intermediary between client devices and the Internet, forwarding requests, filtering data, and returning responses. The guide distinguishes forward proxies, which protect users by masking IPs, enforcing policies, caching content, and inspecting traffic, from reverse...
How to Avoid Phishing Incidents in 2026: A CISO Guide
By 2026 phishing emails will mimic legitimate messages, evading traditional filters. CISOs are turning to behavior‑based sandbox analysis to see the full attack chain within seconds, dramatically cutting verdict times. Automated interactivity and real‑time threat context enable faster, more accurate...
What Is Identity Dark Matter?
Identity dark matter describes the growing pool of unmanaged human and non‑human identities spread across SaaS, IaaS, on‑prem and shadow applications. Traditional IAM and IGA tools only cover the managed half, leaving bots, service accounts and orphaned users invisible. This...
VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX
AI‑powered forks of Microsoft VS Code such as Cursor, Windsurf, Google Antigravity and Trae have been found recommending extensions that do not exist in the Open VSX registry. Because the extension names are unclaimed, threat actors can publish malicious packages under those...
Open WebUI Bug Turns the ‘Free Model’ Into an Enterprise Backdoor
Security researchers have uncovered a high‑severity vulnerability (CVE‑2025‑64496) in Open WebUI, a self‑hosted interface for large language models. The flaw resides in the Direct Connections feature, where unsafe handling of server‑sent events lets a malicious model server inject JavaScript that...
Jaguar Land Rover's Q3 Sales Crash Amid Cyber-Attack Fallout
Jaguar Land Rover reported a sharp sales decline in Q3 2025 after a late‑August cyber‑attack crippled its factories. Retail volumes fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Production stoppages in September and lingering...
Critical N8n Vulnerability Allows Arbitrary Command Execution (CVE-2025-68668)
A critical vulnerability (CVE‑2025‑68668) in n8n’s Python Code Node lets authenticated users bypass the sandbox and execute arbitrary system commands. The flaw affects all n8n versions from 1.0.0 up to, but not including, 2.0.0 and carries a CVSS score of...
![Poisoned at the Source. [OMITB]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Poisoned at the Source. [OMITB]
In this episode, Selena Larson, Keith Mularski, and Dave Bittner examine supply‑chain attacks, focusing on a large‑scale Android malware campaign that embeds malicious code in firmware and reseller‑installed system images before devices reach consumers. They compare this threat to other...
Connex IT Partners with AccuKnox for Zero Trust CNAPP Security in Southeast Asia
AccuKnox has named Connex Information Technologies as its authorized distribution partner for Zero Trust CNAPP solutions across South and Southeast Asia. Connex, operating in 14 countries with a network of over 1,500 channel partners, will drive localized deployment, partner enablement...
Connex IT Partners with AccuKnox for Zero Trust CNAPP Security in Southeast Asia
The episode announces AccuKnox's partnership with Connex Information Technologies to serve as its authorized distribution partner for Zero Trust CNAPP security across South and Southeast Asia. It highlights how Connex's extensive regional channel network and partner‑first approach will enable localized...
6 Strategies for Building a High-Performance Cybersecurity Team
Veteran security leaders outline six strategies to transform cybersecurity groups from collections of high‑performing individuals into cohesive, high‑performing teams. The approach emphasizes hiring a blend of ambitious innovators and reliable "rock stars," while also seeking diverse backgrounds for broader perspective....
Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers
A critical path‑traversal flaw (CVE‑2026‑21440) in the @adonisjs/bodyparser npm package received a CVSS score of 9.2, allowing remote attackers to write arbitrary files when MultipartFile.move() is called without proper sanitization. The vulnerability affects versions up to 10.1.1 and 11.0.0‑next.5 and...
SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln;
The episode highlights three emerging security concerns: the growing use of inexpensive IP KVM devices that often expose out‑of‑band access to the internet, the release of TailSnitch—a tool that audits TailScale configurations for misconfigurations, and a critical buffer‑overflow vulnerability (CVSS 9.8) in...
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Startup Trends Shaking Up Browsers, SOC Automation, AppSec
Startups are reshaping cybersecurity by turning browsers into the new endpoint, leveraging Chrome’s Manifest V3 extensions for Browser Detection and Response, and applying large‑language models to AppSec and SOC automation. MV3‑based extensions from SquareX, Keep Aware and LayerX give real‑time...
Advisor360 Gets a Handle on Shadow AI via Automation
Advisor360, a wealth‑management platform, faced uncontrolled shadow AI use as employees adopted free AI tools, creating security blind spots. Its small security operations center struggled to manually vet tools, taking days to assess risk. In 2024 the firm partnered with...
CISOs Face a Tighter Insurance Market in 2026
Cyber‑insurance premiums have softened but rate cuts are slowing, and insurers now demand verifiable security controls before underwriting. Boards increasingly view cyber coverage as a non‑negotiable component of risk‑management, pairing it with robust controls rather than treating it as a...
Russia-Linked APT UAC-0184 Uses Viber to Spy on Ukrainian Military in 2025
Russia‑linked APT group UAC‑0184 has resumed espionage against Ukraine’s military and the Verkhovna Rada by abusing the Viber messaging platform. The campaign distributes malicious ZIP archives that contain LNK shortcuts or PowerShell scripts, which trigger a multi‑stage infection chain ending...
Why Arbor Edge Defense and CDN-Based DDoS Protection Are Better Together
Arbor Edge Defense (AED) complements CDN‑based DDoS mitigation by providing inline, on‑premises protection against low‑volume, application‑layer and state‑exhaustion attacks that cloud scrubbing services often miss. AED leverages AI/ML and NETSCOUT’s ATLAS threat intelligence, which monitors roughly half of global internet...
Why Cybersecurity Needs to Focus More on Investigation and Less on Just Detection and Response
Cybersecurity strategies prioritize detection and response, but over‑reliance limits long‑term protection. The article argues that investigative analysis—examining packet‑level data, attack vectors, and root causes—provides essential insights to prevent repeat incidents. Advanced threats like APTs and zero‑days often evade detection, making...
5 Myths About DDoS Attacks and Protection
The article debunks five common DDoS myths, highlighting that attacks are far more frequent and diverse than many believe. NETSCOUT’s ASERT team recorded over 15 million DDoS incidents in 2024, with a 43 % rise in sub‑gigabit, application‑layer assaults. It explains why...
Researchers Warn of Data Exposure Risks in Claude Chrome Extension
Anthropic launched a beta Claude Chrome extension that lets the AI browse, click, and type on users' behalf, fundamentally shifting the browser security model. Zenity Labs discovered the tool stays logged in permanently, exposing OAuth tokens, console logs, and personal...
Stress Caused by Cybersecurity Threats Is Taking Its Toll
Cyber threats are increasingly complex, sparking a mental‑health crisis among IT and security teams. A recent Object First survey of 500 professionals found 84% feel uncomfortably stressed and 78% fear personal blame for breaches. Nearly 60% are actively looking for...
Ca: Leduc County Target of Christmas Day Cybersecurity Attack
Leduc County in Alberta disclosed that a deliberate ransomware attack struck on December 25, disabling several of its information technology systems. The county became aware of the intrusion on Christmas Day and immediately initiated incident response protocols. While officials have...
VVS Stealer Uses Advanced Obfuscation to Target Discord Users
The VVS stealer, a Python‑based malware family distributed as a PyInstaller package, employs Pyarmor obfuscation to evade detection and specifically harvest Discord tokens and browser credentials. It injects malicious JavaScript into the Discord client, extracts data from Chromium‑based and Firefox...
Handala Leak Shows Telegram Account Risk, Not iPhone Hacks
Iran‑linked group Handala claimed full phone compromise of former Israeli PM Naftali Bennett and Chief of Staff Tzachi Braverman, but Kela researchers found the breach was limited to their Telegram accounts. The attackers likely used SIM‑swap, SS7 interception, phishing lures...
EP257 Beyond the 'Kaboom': What Actually Breaks When OT Meets the Cloud?
In this episode, Chris Sistrunk explains that the biggest OT risks now stem from routine IT‑style attacks—often “living‑off‑the‑land” exploits on engineering workstations—rather than dramatic malware like Stuxnet, as organizations connect industrial systems to the cloud for telemetry and AI. He...
Telegram Hosting World’s Largest Darknet Market
Elliptic’s latest analysis reveals that Telegram now hosts the world’s largest Chinese‑language darknet markets, with Tudou Guarantee and Xinbi Guarantee together processing roughly $2 billion each month in money‑laundering, stolen‑data sales, AI deep‑fake tools, and other illicit services. Despite Telegram’s 2025...
SANS Stormcast Monday, January 5th, 2026: MongoBleed/React2Shell Recap; Crypto Scams; DNS Stats; Old Fortinet Vulns
The episode recaps recent security news, highlighting ongoing activity of the React2Shell exploit and the need to patch and isolate MongoDB servers against the MongoBleed vulnerability. It warns about classic advance‑fee cryptocurrency scams promising large payouts, and shares a practical...
Reminder: Survey on Threats Experienced by Journalists and Security Researchers
DataBreaches.net and security journalist Zack Whittaker have issued a reminder for cybersecurity journalists and researchers to complete a threat‑experience survey. The questionnaire captures legal actions, court orders, and violent intimidation faced while covering cybercrime. Participation is free via a Google...
8 WhatsApp Features to Boost Your Security and Privacy
WhatsApp, with over 3 billion users, faces growing security threats such as GhostPairing and mass phone‑number exposure. Meta has added a suite of privacy tools—including Privacy Checkup, disappearing messages, two‑factor authentication with PIN, app and chat locks, advanced security settings, and...
How to Protect Your iPhone or Android Device From Spyware
Recent zero‑click spyware attacks on iPhone and Android devices have prompted Apple and Google to release critical patches. High‑profile victims such as Jeff Bezos and activists illustrate the threat’s reach beyond nation‑state targets. Experts advise using Lockdown Mode, Android Advanced...
Overview of Content Published in 2025
In 2025 Didier Stevens published an extensive series of blog entries, delivering more than 70 incremental updates to his open‑source forensic utilities such as strings.py, oledump.py, pdf‑parser.py, and xorsearch.py. The posts also include quick‑takes on power consumption, hardware testing, and...
Friday Squid Blogging: Squid Found in Light Fixture
The UK government’s three‑month trial of Microsoft 365 Copilot revealed no measurable productivity uplift, echoing broader industry findings that generative AI often underdelivers. Parallel commentary in the blog highlights that delegating security to vendors without skilled oversight creates blind spots, while a...
Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats
In a year‑end panel, cybersecurity leaders forecast that 2026 will be dominated by AI‑driven threats, with agentic AI and deepfake‑enabled social engineering emerging as top attack vectors. Identity management will shift toward zero‑trust models that include non‑human identities, while supply‑chain...
CTO New Year's Resolutions for a More Secure 2026
Security‑focused CTOs are setting five priority resolutions for 2026. First, they will operationalize AI governance by embedding repeatable controls, model gateways and telemetry into engineering pipelines to enforce "secure to ship" AI features. Second, they will add dedicated security controls...
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia
Transparent Tribe, also known as APT36, has launched a new wave of remote‑access‑trojan (RAT) attacks against Indian government, academic and strategic organizations. The campaign delivers weaponized LNK files disguised as PDFs, which execute HTA scripts via mshta.exe and load a...
7MS #708: Tales of Pentest Fail – Part 6
In this episode, the host recounts a recent web application penetration test that went disastrously wrong, highlighting the missteps and unexpected challenges that can arise during a pentest. The story underscores the importance of thorough planning, clear communication with clients,...
The ROI Problem in Attack Surface Management
Attack surface management (ASM) tools promise reduced risk by expanding visibility, yet most programs deliver only larger asset inventories and louder dashboards. Security teams see counts climb and alerts surge, but leadership still struggles to answer whether incidents actually decline....
Hot Sauce and Hot Takes: An Only Malware in the Building Special.
In this special in‑studio episode, hosts Selena Larson, Dave Bittner, and former FBI cybercrime investigator Keith Mularski tackle a hot‑wings challenge while fielding personal and career‑focused questions, offering listeners a candid look at their backgrounds and the moments that shaped...
NEW TECH Q&A: Why Data Bill of Materials (DBOM) Is Surfacing as a Crucial Tool to Secure AI
Enterprises racing to embed AI realized in 2025 they lacked visibility into the data feeding models, prompting a governance shift. Bedrock Security’s research shows most leaders cannot map training or inference datasets, exposing firms to audit failures and regulatory penalties....
Identity Security 2026: Four Predictions & Recommendations
Todd Thiemann forecasts four identity‑security trends for 2026. AI agents will move from SaaS sandboxes into core business processes, creating new breach vectors that demand holistic identity controls. Mid‑market firms, facing app sprawl, will finally adopt Identity Governance and Administration...
Fears Mount That US Federal Cybersecurity Is Stagnating—Or Worse
U.S. federal cybersecurity faces a potential setback as the Cybersecurity and Infrastructure Security Agency (CISA) shed roughly 1,000 employees, leaving a 40% vacancy rate across critical mission areas. Recent White House staffing cuts, compounded by the lingering effects of the...
Cybercrime Economics: AI’s Impact and How to Shift Defenses
Generative AI is reshaping fraud economics by automating and personalizing attacks, lowering the skill barrier for cybercriminals. The article explains how traditional perimeter‑centric, rule‑based defenses are increasingly ineffective against AI‑driven, adaptive threats. It advocates a shift to continuous, behavior‑driven detection,...
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Treasury’s Office of Foreign Assets Control removed three individuals tied to the Intellexa Consortium—responsible for the Predator commercial spyware—from the Specially Designated Nationals list. The delisting followed petitions asserting the subjects had distanced themselves from the consortium, though...