Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam campaign
Google has filed a civil lawsuit against the Chinese group Outsider Enterprise, accusing it of using the Gemini generative‑AI model to mass‑produce phishing sites and send millions of fraudulent text messages. The operation deployed roughly 9,000 fake websites, a million malicious domains and dispatched 2.5 million scam texts in two weeks, scamming hundreds of thousands and causing losses in the millions of dollars. Google says the suit aims to dismantle the network and prevent further AI‑enabled abuse.
Also developing:
A Cybersecurity Playbook for AI Adoption
Artificial intelligence now powers 60 % of enterprise security stacks, accelerating data collection, anomaly detection, and risk scoring across the NIST CSF identify and detect functions. However, the article warns that AI’s nondeterministic nature makes it unsuitable for direct enforcement actions such as access revocation or system isolation. Schrader proposes a six‑question determinism test to decide when AI should only advise and when deterministic, policy‑as‑code controls must execute. Embedding guardrails—evidence logging, drift monitoring, and dual‑approved exception workflows—allows organizations to reap AI’s speed without sacrificing auditability or compliance.
News Alert: INE Expands Partnerships to Scale Hands-On Cyber Training Across Middle East, Asia
INE Security announced a strategic expansion across the Middle East and Asia, adding new academy partners in Saudi Arabia, the United Arab Emirates, Egypt, and other high‑growth markets. The company’s subscription‑based, hands‑on training platform—featuring unlimited virtual labs and the Skill...
SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog Finds JWTs
The episode highlights a positive trend of fewer publicly exposed industrial control system devices and a roughly 50% drop in SSL 2.0/3.0 exposure, indicating improved server hygiene. It warns about a critical, unauthenticated remote‑code‑execution flaw in Hewlett‑Packard Enterprise OneView (CVSS 10.0) that...
SonicWall Edge Access Devices Hit by Zero-Day Attacks
SonicWall disclosed a medium‑severity zero‑day vulnerability, CVE‑2025‑40602, affecting the SMA1000 access platform’s management console. The flaw, rated 6.6 CVSS, is being actively exploited in chained attacks that also leverage the critical CVE‑2025‑23006 vulnerability. SonicWall released hotfixes in firmware versions 12.4.3‑03245...
ICE Seeks Cyber Upgrade to Better Surveil and Investigate Its Employees
Immigration and Customs Enforcement is renewing its Cyber Defense and Intelligence Support Services contract to broaden digital surveillance of employee activity. The updated agreement mandates continuous network monitoring, automated anomaly detection, and systematic archiving of logs from servers, workstations, and...
Dormant Iran APT Is Still Alive, Spying on Dissidents
Iran’s long‑standing state‑level threat group, known as Prince of Persia or Infy, has resurfaced after years of apparent inactivity. SafeBreach’s latest report shows the APT has been continuously spying on Iranian citizens and dissidents across Iraq, Turkey, India, Europe and...
LongNosedGoblin Tries to Sniff Out Governmental Affairs in Southeast Asia and Japan
ESET has identified a previously unknown China‑aligned advanced persistent threat (APT) group, dubbed LongNosedGoblin, targeting governmental entities in Southeast Asia and Japan. The group’s hallmark is the abuse of Windows Group Policy to distribute a suite of custom C#/.NET tools,...
630M Passwords Stolen, FBI Reveals: What This Says About Credential Value
The FBI transferred a list of 630 million stolen credentials to Troy Hunt of Have I Been Pwned after seizing devices from a single suspect. Approximately 46 million of those passwords were new to HIBP, expanding its breach database. Security experts say...
Trust No Link, My Darling.
The episode covers the latest social engineering threats, from AI‑driven virtual kidnapping extortion and celebrity impersonation scams to Google’s dual strategy of suing phishing operations while supporting new anti‑scam legislation and AI tools. It offers practical home‑network advice, emphasizing IoT...
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
The episode highlights evolving React2Shell attacks that now target less‑common endpoints and non‑Next.js applications, urging operators to assume compromise if systems remain unpatched. It also covers active exploits in Cisco Secure Email Gateway (UAT‑9686) and a SonicWall SMA1000 local privilege...
'Cellik' Android RAT Leverages Google Play Store
Cellik is a Remote Access Trojan offered as a service that automatically wraps malicious payloads around legitimate Android apps downloaded from the Google Play Store. The RAT provides full device control, including screen streaming, keylogging, file system access, and encrypted...
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity
Enterprise computing is rapidly moving to the edge, with analysts forecasting more than $100 billion in annual edge spend by 2030. The proliferation of IoT, AI, 5G and data‑sovereignty mandates is pushing workloads beyond centralized clouds, creating latency, cost and compliance...
'Fake Proof' And AI Slop Hobble Defenders
Exploitation attempts have surged around the React2Shell vulnerability, a CVSS 10.0 flaw in the popular React UI library. While researchers have published roughly 145 public exploits, many are AI‑generated proof‑of‑concepts that fail to trigger the flaw. These fake PoCs mislead...
_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The Future of Quantum-Safe Networks Depends on Interoperable Standards
Quantum key distribution is transitioning from laboratory‑scale, point‑to‑point links to multi‑node, carrier‑grade networks. Recent pilots in London and Paris, led by BT, Toshiba, HSBC and Orange Business, demonstrate real‑world QKD deployments combined with post‑quantum cryptography. Industry groups such as ETSI’s...
Cisco Says Chinese Hackers Are Exploiting Its Customers with a New Zero-Day
Cisco disclosed that Chinese‑linked hackers are exploiting a critical zero‑day vulnerability in its AsyncOS software, specifically targeting the Secure Email Gateway and Secure Email and Web Manager appliances. The flaw, active since at least November 2025, allows full device takeover and...
Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation
The blog highlights the growing convergence of cybersecurity and intelligent transportation, emphasizing that autonomous vehicles and connected infrastructure are becoming "data centers on wheels." It outlines three core risk areas—V2X communication vulnerabilities, AI‑driven sensor attacks, and infrastructure resilience—and presents strategic...
Attackers Use Stolen AWS Credentials in Cryptomining Campaign
Attackers compromised AWS Identity and Access Management (IAM) credentials and used them to launch cryptomining workloads on Amazon EC2 and ECS within ten minutes of initial access. AWS GuardDuty flagged the activity, revealing a coordinated campaign that leveraged dry‑run API...
SHARED INTEL Q&A: This Is How ‘Edge AI’ Is Forcing a Rethink of Trust, Security and Resilience
Edge AI is moving real‑time inference workloads from centralized clouds to embedded devices, demanding far greater compute, memory, and energy efficiency at the silicon level. Infineon’s Thomas Rosteck explains that this shift forces a redesign of trust models, embedding hardware‑root‑of‑trust...
Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation
Law‑enforcement officials from more than 40 African countries gathered in Algiers for Afripol’s sixth heads‑of‑national‑liaison meeting, focusing on cross‑border cybercrime, equipment standardisation, and investigator training. The forum highlighted a surge in digital adoption that has produced an average of 3,153...
Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps
A California high‑school junior, Vaishnav Anand, built an AI model to detect manipulated satellite imagery after becoming a victim of a personal deepfake. He presented his research at MIT’s IEEE Undergraduate Research Technology Conference, highlighting a largely unexplored field known...
Why You Should Train Your SOC Like a Triathlete
The article likens SOC development to triathlon training, urging teams to boost data coverage, standardize evidence, and apply AI selectively. It highlights that limited retention (7‑14 days) hides attacker dwell time, and that inconsistent log definitions stall investigations. By extending...
News Alert: Link11’s Top 5 Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Link11’s European Cyber Report identifies five 2026 cybersecurity trends that will reshape defense strategies across Europe. The report warns that DDoS attacks will increasingly act as diversion tactics, while API‑first architectures expose new misconfiguration and business‑logic abuse risks. It predicts...
Hacking Group Says It’s Extorting Pornhub After Stealing Users’ Viewing Data
Scattered Lapsus$ Hunters, linked to the ShinyHunters gang, announced an extortion attempt against Pornhub after stealing personal data of premium members through a breach at analytics provider Mixpanel. The stolen information includes email addresses, location, and detailed viewing activity such...
Most Parked Domains Now Serving Malicious Content
Researchers at Infoblox discovered that more than 90% of parked domains now redirect visitors to scams, malware, or unwanted software. The malicious redirects are triggered primarily for users on residential IP addresses, while VPN traffic often receives a harmless parking...
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Link11 forecasts five cybersecurity trends that will shape European defense in 2026, highlighting a surge in DDoS attacks used as diversion tactics, growing exposure from API‑first architectures, and the shift toward integrated WAAP platforms. The report stresses that AI‑driven DDoS...
ESET Threat Report H2 2025
The second half of 2025 saw AI‑driven malware become operational, highlighted by PromptLock, the first known AI‑generated ransomware. Lumma Stealer’s presence faded dramatically, with detections dropping 86% after its May disruption. CloudEyE (GuLoader) exploded in prevalence, increasing thirty‑fold and serving...
Microsegmentation (Noun) [Word Notes]
The episode defines microsegmentation as a zero‑trust security method that isolates individual application workloads, enabling granular protection for each. It highlights how this approach reduces lateral movement risks within networks and supports compliance by enforcing policy at the workload level....
SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML Woes; MSMQ Issues After Patch;
The episode reviews recent activity around the React2Shell exploit, noting that while variants continue to appear in SANS honeypots, the technique is largely mature and even Iranian actors are now merely scanning for it. It then delves into ongoing SAML...
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
The episode covered four main topics: how malware can exploit DLL entry points that run on load, the resurgence of ClickFix attacks using the obsolete finger command over port 79, a massive Apple patch addressing 48 vulnerabilities—including two actively exploited...
What Is Xfinity xFi Complete? A Complete Guide
Xfinity’s xFi Complete is a premium add‑on for existing Xfinity Internet customers that bundles whole‑home mesh Wi‑Fi, advanced cybersecurity, unlimited data, and automatic gateway upgrades. The service relies on xFi Pods to eliminate dead zones and provides real‑time threat detection...
Processing 630 Million More Pwned Passwords, Courtesy of the FBI
The FBI has supplied Have I Been Pwned (HIBP) with an additional 630 million compromised passwords, expanding the service’s corpus beyond the 1.26 billion monthly searches it already handles. Roughly 7.4% of these passwords—about 46 million—were previously absent from HIBP, boosting the database’s...
7MS #705: A Phishing Campaign Fail Tale
In this episode, the host recounts a recent phishing campaign that initially attracted many victims but was abruptly terminated, highlighting how even well‑executed attacks can fail due to unforeseen factors. The discussion underscores the importance of understanding the broader attack...
Data Breach at Credit Check Giant 700Credit Affects at Least 5.6 Million
Credit‑check provider 700Credit disclosed a breach that compromised personal data of at least 5.6 million individuals, including names, addresses, dates of birth and Social Security numbers. The intrusion, traced to an unidentified actor, affected information collected from auto‑dealership customers between May...
We Need a New Type of Cybersecurity Product
The author argues that cybersecurity has failed to demonstrate value because it talks to the wrong audience with the wrong metrics. Instead of chaotic activity logs, security programs need products that convey safety and calm through concise narratives and evidence....
Home Depot Exposed Access to Internal Systems for a Year, Says Researcher
A Home Depot employee inadvertently posted a private GitHub access token, exposing hundreds of internal source‑code repositories and cloud‑based order‑fulfillment and inventory systems for roughly a year. Security researcher Ben Zimmermann discovered the token in early November, tested its privileges,...
Flaw in Photo Booth Maker’s Website Exposes Customers’ Pictures
A security researcher discovered that Hama Film, a photo‑booth maker owned by Vibecast, left customer photos and videos publicly accessible due to a flaw in its file‑storage website. The issue was reported in October, but the company has not remedied...
Black Hat Europe 2025: Was that Device Designed to Be on the Internet at All?
At Black Hat Europe 2025, Zero Science Lab highlighted a building‑management system used in over 1,000 global facilities that runs on an 18‑year‑old, publicly‑exposed software platform riddled with vulnerabilities. The talk traced the problem to a series of acquisitions that left security...
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
The episode covers three main topics: running the Gemma 3 AI model locally on modest hardware, a newly patched but undisclosed Chrome zero‑day vulnerability, and the SOAPwn flaw that lets attackers exploit .NET SOAP services via malicious file:// URLs. Guy Bruneau’s...
News Alert: INE Sees Surge in Q4 Budget Shifts as Enterprises Embrace Hands-On Training for AI Roles
Enterprises are reallocating Q4 learning‑and‑development budgets toward hands‑on, performance‑based training as AI reshapes cybersecurity, cloud, and IT operations. INE reports a surge in demand for immersive labs, simulations, and AI‑adaptive pathways that promise faster competency and measurable ROI. The shift...
Black Hat Europe 2025: Reputation Matters – Even in the Ransomware Economy
At Black Hat Europe 2025, Max Smeets dissected LockBit’s ransomware‑as‑a‑service operation, revealing 194 affiliates and 80 successful ransom payments between 2022‑2024. He argued that reputation drives both victim and attacker behavior: companies that pay attract more media scrutiny, while ransomware...
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
The episode announces that 1inch has become the exclusive swap provider for Ledger Multisig, integrating its Swap API to eliminate blind signing and enable clear, human‑readable transaction approvals via EIP‑712. This partnership enhances treasury security for DAOs, funds, and enterprises...
Security Flaws in Freedom Chat App Exposed Users’ Phone Numbers and PINs
Freedom Chat, a secure‑messaging app launched in June, was found to expose users' phone numbers and PIN codes through two critical backend flaws. Researcher Eric Daigle demonstrated that nearly 2,000 phone numbers could be enumerated and that PINs were broadcast...
Locks, SOCs and a Cat in a Box: What Schrödinger Can Teach Us About Cybersecurity
The article likens an organization’s unseen breach risk to Schrödinger’s cat, arguing that without active visibility a firm exists in a dual breached‑or‑not state. Recent high‑profile attacks by Scattered Spider on Marks & Spencer and Jaguar Land Rover illustrate long...
Don’t Let Public Ports Bite.
The episode covers three major security threats: a bot‑driven Monotype font‑licensing extortion that collapsed when a knowledgeable employee disproved the claims; a massive Walmart robocall scam using AI‑generated voices to steal personal data, prompting FCC action against the U.S. voice...
The Most Dangerous 6 Weeks of the Year
A wave of cyber‑fraud targets mid‑sized manufacturers during the Thanksgiving‑to‑New Year window, exploiting altered bank routing numbers and rushed wire approvals. Employee distraction, heightened transaction volume, and reduced security staffing combine to create a perfect storm for attackers. Traditional detection tools...
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 Variant; React2shell Exploits; Notepad++ Update Hijacking; macOS Priv Escalation
The episode reviews a possible new variant of the CVE‑2024‑9042 Kubernetes OS command injection, noting its reliance on the $() syntax and the need for log‑query privileges. It then delves into React‑to‑Shell attacks (CVE‑2025‑55182), emphasizing that the underlying flaw lies...
CEO of South Korean Retail Giant Coupang Resigns After Massive Data Breach
Coupang’s chief executive Park Dae‑jun resigned after a data breach that exposed personal information of roughly 34 million South Koreans, about half the nation’s population. The breach, which began in June and was only detected in November, was initially down‑played as...
Seeking Symmetry During ATT&CK® Season: How to Harness Today’s Diverse Analyst and Tester Landscape to Paint a Security Masterpiece
The article maps the sprawling landscape of endpoint‑security analyst reports—from Gartner and Forrester market quadrants to AV‑Comparatives labs and MITRE ATT&CK Evaluations—showing how security leaders can stitch them together into a coherent picture. It likens the process to an artist’s...
Petco Takes Down Vetco Website After Exposing Customers’ Personal Information
Petco’s Vetco Clinics portal was partially taken offline after TechCrunch uncovered an insecure direct object reference (IDOR) that let anyone download PDF records containing owners' personal details and pet medical histories. The vulnerability exposed names, addresses, contact information, vaccination and...
Risky Business #818 -- React2Shell Is a Fun One
Patrick Gray and Adam Boileau unpack a week of cyber news, led by the shocking CVSS 10/10 React2Shell vulnerability that lets attackers execute code on React JavaScript servers—a flaw quickly weaponized by Chinese APT groups. They also note Linux’s new...