🎯Today's Cybersecurity Pulse
Updated 2h agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform as a remedy for fragmented legacy VPNs and hardware firewalls. The solution uses a single‑pass architecture that runs security checks across a global network spanning over 300 cities, removing service‑chaining bottlenecks. It also integrates zero‑trust capabilities.
Also developing:
By the numbers: Zafran Security raises $60M Series C
News•Dec 25, 2025
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
In 2022 LastPass suffered a breach that exposed encrypted vault backups containing cryptocurrency private keys and seed phrases. TRM Labs now reports that weak master passwords allowed attackers to decrypt these vaults offline, siphoning roughly $35 million in crypto assets through late 2025. The bulk of the stolen funds—$28 million in Bitcoin—were laundered via Wasabi Wallet mixers and funneled to Russian exchanges Cryptex and Audia6. The U.K. ICO has fined LastPass $1.6 million for insufficient security controls.
By The Hacker News
News•Dec 25, 2025
Atomic-Scale Randomness in Graphene Enables Hardware-Level Security Keys
Researchers at UIC, Wayne State and Northwestern have turned random atomic defects in graphene transistors into a physical unclonable function (PUF) for hardware security. Each transistor emits a unique radio signature that encodes its microscopic irregularities, creating a one‑of‑a‑kind cryptographic...
By Graphene-Info
News•Dec 25, 2025
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Fortinet disclosed that CVE‑2020‑12812, a case‑sensitivity flaw in its SSL VPN, is being actively exploited in the wild. The vulnerability lets attackers bypass two‑factor authentication when local users are linked to LDAP groups and usernames are entered with different casing....
By The Hacker News
Podcast•Dec 25, 2025•46 min
Scammers Are Recruiting.
The episode spotlights a surge in social engineering threats, beginning with a conference scam warning and a retired federal investigator's "Scammer Psychological Kill Chain" framework for detecting attacks. It highlights a 1,000% rise in job scams targeting desperate job seekers,...
By Hacking Humans
News•Dec 24, 2025
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper
Researchers uncovered a new macOS stealer, MacSync, delivered via a digitally signed and notarized Swift application masquerading as a messenger installer. The signed DMG bypasses Apple Gatekeeper and XProtect, allowing the dropper to execute an encoded script after user interaction....
By The Hacker News
Blog•Dec 24, 2025
Unredaction Isn't Hacking
The episode explains that the so‑called "unredaction" of Jeffrey Epstein files isn’t a hack but a failure of proper redaction: the FBI merely overlaid black bars or highlights, leaving the underlying text intact and selectable. By demonstrating how text can...
By Errata Security (Robert Graham)
News•Dec 23, 2025
Industry Continues to Push Back on HIPAA Security Rule Overhaul
The U.S. Department of Health and Human Services unveiled a sweeping update to the HIPAA Security Rule in January 2025, aiming to tighten cybersecurity across hospitals and clinics. A coalition of 100 health‑care groups led by CHIME has called for...
By Dark Reading
News•Dec 23, 2025
Sprawling 'Operation Sentinel' Neutralizes African Cybercrime Syndicates
Operation Sentinel, a 19‑nation Interpol‑led effort, dismantled multiple African cybercrime syndicates, arresting 574 suspects and seizing roughly $3 million in assets. The investigation neutralized over 6,000 malicious links and decrypted six ransomware strains, uncovering $21 million in losses from BEC, extortion and...
By Dark Reading
News•Dec 23, 2025
US Insurance Giant Aflac Says Hackers Stole Personal and Health Data of 22.6 Million People
Aflac announced that hackers accessed personal and health information of 22.65 million customers, including Social Security numbers, medical records, and government IDs. The breach, disclosed in June, is linked to the Scattered Spider cyber‑criminal collective, which has been targeting insurers. Aflac’s...
By TechCrunch (Cybersecurity)
News•Dec 23, 2025
Inside Uzbekistan’s Nationwide License Plate Surveillance System
Uzbekistan’s Ministry of Internal Affairs operates a national license‑plate‑reading system that monitors traffic with over a hundred high‑resolution cameras across the country. Security researcher Anurag Sen uncovered that the system’s web interface is publicly accessible without authentication, exposing GPS locations...
By TechCrunch (Cybersecurity)
News•Dec 23, 2025
A Brush with Online Fraud: What Are Brushing Scams and How Do I Stay Safe?
Global e‑commerce sales are set to surpass $6.4 trillion in 2025, fueling intense competition on marketplace review systems. Brushing scams exploit this pressure by sending low‑value items to random addresses, then posting fabricated 5‑star reviews to inflate product rankings. Victims often...
By WeLiveSecurity
News•Dec 23, 2025
Cybersecurity Stagnation in Healthcare: The Hidden Financial Costs
Healthcare providers are confronting a stark financial reality: the cost of maintaining an immature cybersecurity program now exceeds the expense of modernizing it. Breach incidents in the sector average $11‑12 million, while prolonged outages and regulatory penalties add further strain....
By Security Magazine (Cybersecurity)
News•Dec 22, 2025
Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices
WatchGuard disclosed a critical zero‑day vulnerability (CVE‑2025‑14733) in its Firebox firewalls, enabling remote code execution via an out‑of‑bounds write in the Fireware OS. The flaw affects multiple firmware versions and specifically targets the IKEv2 VPN processes, with threat actors actively...
By Dark Reading
News•Dec 22, 2025
Uzbek Users Under Attack by Android SMS-Stealers
Group‑IB reported a fresh wave of Android SMS‑stealer campaigns targeting users in Uzbekistan since October 2025. Threat groups such as TrickyWonders, Blazefang and Ajina distribute malicious APKs via sideloading and Telegram, exploiting stolen Telegram accounts to lure contacts into installation....
By Dark Reading
Blog•Dec 22, 2025
The EU Digital Omnibus
On 19 November 2025 the European Commission unveiled the Digital Omnibus, a package of draft laws that consolidates the EU’s fragmented digital regulatory landscape. It pairs the Data Union Strategy and a proposed European Business Wallet to boost data access for AI...
By BH Consulting Blog
News•Dec 22, 2025
Product Spotlight: 2025 Year in Review
The 2025 Year in Review product spotlight showcases six security‑focused solutions targeting education, enterprise, and financial sectors. Connect ONE’s ERP consolidates school data and grants first‑responder‑only access, while Genetec embeds cloud‑native audio into its Security Center SaaS for real‑time coordination....
By Security Magazine (Cybersecurity)
Podcast•Dec 22, 2025•6 min
SANS Stormcast Monday, December 22nd, 2025: TLS Callbacks; FreeBSD RCE; NIST Time Server Issues
The episode covers three security topics: TLS callbacks (Thread Local Storage) used by malware to execute code before a program's main function, a critical FreeBSD remote code execution flaw in the rtsold daemon that parses unsanitized DNS search lists from...
By SANS Internet StormCast
News•Dec 20, 2025
Hackers Stole Millions of PornHub Users’ Data for Extortion
Hackers from the ShinyHunters subgroup of the Com stole more than 200 million PornHub user records and began extorting the site. At the same time, a critical Cisco AsyncOS zero‑day has been exploited since November with no patch available, threatening enterprise...
By WIRED (Security)
News•Dec 19, 2025
LongNosedGoblin Caught Snooping on Asian Governments
ESET has identified a new Chinese‑backed advanced persistent threat group, LongNosedGoblin, conducting cyber‑espionage against Japan and other Southeast Asian governments since 2023. The group leverages custom C#/.NET malware and uniquely abuses Windows Group Policy to drop payloads and move laterally...
By Dark Reading
Blog•Dec 19, 2025
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration’s 2025‑2026 policy agenda has dramatically reshaped U.S. cyber, privacy and law‑enforcement priorities. New directives such as NSPM‑7 and a FBI cash‑reward program broaden the definition of domestic terrorism to include political dissent, while travel‑screening rules force tourists...
By Krebs on Security
News•Dec 19, 2025
Identity Fraud Among Home-Care Workers Puts Patients at Risk
Home‑care workers are increasingly sending unqualified friends or relatives to patient visits under false identities, a trend highlighted by recent fraud convictions and court cases in the U.S. and U.K. The Department of Health and Human Services reported 298 personal‑care...
By Dark Reading
News•Dec 19, 2025
Hacks, Thefts, and Disruption: The Worst Data Breaches of 2025
TechCrunch’s 2025 cyber‑horror review highlights unprecedented breaches across government, enterprise and consumer sectors. The U.S. federal system faced multiple intrusions, culminating in the DOGE operation led by Elon Musk that accessed citizen records. ransomware gang Clop exploited a zero‑day in...
By TechCrunch (Cybersecurity)
Blog•Dec 19, 2025
Criminal IP and Palo Alto Networks Cortex XSOAR Integrate to Bring AI-Driven Exposure Intelligence to Automated Incident Response
The episode announces the integration of AI‑powered threat intel platform Criminal IP into Palo Alto Networks’ Cortex XSOAR, enabling real‑time exposure intelligence and multi‑stage scanning within automated playbooks. It explains how this AI‑driven enrichment—covering IP/domain behavior, port exposure, CVE links, and SSL...
By Security Ledger
News•Dec 19, 2025
A Cybersecurity Playbook for AI Adoption
Artificial intelligence now powers 60 % of enterprise security stacks, accelerating data collection, anomaly detection, and risk scoring across the NIST CSF identify and detect functions. However, the article warns that AI’s nondeterministic nature makes it unsuitable for direct enforcement actions...
By Dark Reading
Blog•Dec 19, 2025
News Alert: INE Expands Partnerships to Scale Hands-On Cyber Training Across Middle East, Asia
INE Security announced a strategic expansion across the Middle East and Asia, adding new academy partners in Saudi Arabia, the United Arab Emirates, Egypt, and other high‑growth markets. The company’s subscription‑based, hands‑on training platform—featuring unlimited virtual labs and the Skill...
By The Last Watchdog
Podcast•Dec 19, 2025•4 min
SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog Finds JWTs
The episode highlights a positive trend of fewer publicly exposed industrial control system devices and a roughly 50% drop in SSL 2.0/3.0 exposure, indicating improved server hygiene. It warns about a critical, unauthenticated remote‑code‑execution flaw in Hewlett‑Packard Enterprise OneView (CVSS 10.0) that...
By SANS Internet StormCast
News•Dec 18, 2025
SonicWall Edge Access Devices Hit by Zero-Day Attacks
SonicWall disclosed a medium‑severity zero‑day vulnerability, CVE‑2025‑40602, affecting the SMA1000 access platform’s management console. The flaw, rated 6.6 CVSS, is being actively exploited in chained attacks that also leverage the critical CVE‑2025‑23006 vulnerability. SonicWall released hotfixes in firmware versions 12.4.3‑03245...
By Dark Reading
News•Dec 18, 2025
ICE Seeks Cyber Upgrade to Better Surveil and Investigate Its Employees
Immigration and Customs Enforcement is renewing its Cyber Defense and Intelligence Support Services contract to broaden digital surveillance of employee activity. The updated agreement mandates continuous network monitoring, automated anomaly detection, and systematic archiving of logs from servers, workstations, and...
By WIRED (Security)
News•Dec 18, 2025
Dormant Iran APT Is Still Alive, Spying on Dissidents
Iran’s long‑standing state‑level threat group, known as Prince of Persia or Infy, has resurfaced after years of apparent inactivity. SafeBreach’s latest report shows the APT has been continuously spying on Iranian citizens and dissidents across Iraq, Turkey, India, Europe and...
By Dark Reading
News•Dec 18, 2025
LongNosedGoblin Tries to Sniff Out Governmental Affairs in Southeast Asia and Japan
ESET has identified a previously unknown China‑aligned advanced persistent threat (APT) group, dubbed LongNosedGoblin, targeting governmental entities in Southeast Asia and Japan. The group’s hallmark is the abuse of Windows Group Policy to distribute a suite of custom C#/.NET tools,...
By WeLiveSecurity
News•Dec 18, 2025
630M Passwords Stolen, FBI Reveals: What This Says About Credential Value
The FBI transferred a list of 630 million stolen credentials to Troy Hunt of Have I Been Pwned after seizing devices from a single suspect. Approximately 46 million of those passwords were new to HIBP, expanding its breach database. Security experts say...
By Security Magazine (Cybersecurity)
Podcast•Dec 18, 2025•52 min
Trust No Link, My Darling.
The episode covers the latest social engineering threats, from AI‑driven virtual kidnapping extortion and celebrity impersonation scams to Google’s dual strategy of suing phishing operations while supporting new anti‑scam legislation and AI tools. It offers practical home‑network advice, emphasizing IoT...
By Hacking Humans
Podcast•Dec 18, 2025•6 min
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
The episode highlights evolving React2Shell attacks that now target less‑common endpoints and non‑Next.js applications, urging operators to assume compromise if systems remain unpatched. It also covers active exploits in Cisco Secure Email Gateway (UAT‑9686) and a SonicWall SMA1000 local privilege...
By SANS Internet StormCast
News•Dec 17, 2025
'Cellik' Android RAT Leverages Google Play Store
Cellik is a Remote Access Trojan offered as a service that automatically wraps malicious payloads around legitimate Android apps downloaded from the Google Play Store. The RAT provides full device control, including screen streaming, keylogging, file system access, and encrypted...
By Dark Reading
News•Dec 17, 2025
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity
Enterprise computing is rapidly moving to the edge, with analysts forecasting more than $100 billion in annual edge spend by 2030. The proliferation of IoT, AI, 5G and data‑sovereignty mandates is pushing workloads beyond centralized clouds, creating latency, cost and compliance...
By Dark Reading
News•Dec 17, 2025
'Fake Proof' And AI Slop Hobble Defenders
Exploitation attempts have surged around the React2Shell vulnerability, a CVSS 10.0 flaw in the popular React UI library. While researchers have published roughly 145 public exploits, many are AI‑generated proof‑of‑concepts that fail to trigger the flaw. These fake PoCs mislead...
By Dark Reading
_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
News•Dec 17, 2025
The Future of Quantum-Safe Networks Depends on Interoperable Standards
Quantum key distribution is transitioning from laboratory‑scale, point‑to‑point links to multi‑node, carrier‑grade networks. Recent pilots in London and Paris, led by BT, Toshiba, HSBC and Orange Business, demonstrate real‑world QKD deployments combined with post‑quantum cryptography. Industry groups such as ETSI’s...
By Dark Reading
News•Dec 17, 2025
Cisco Says Chinese Hackers Are Exploiting Its Customers with a New Zero-Day
Cisco disclosed that Chinese‑linked hackers are exploiting a critical zero‑day vulnerability in its AsyncOS software, specifically targeting the Secure Email Gateway and Secure Email and Web Manager appliances. The flaw, active since at least November 2025, allows full device takeover and...
By TechCrunch (Cybersecurity)
Blog•Dec 17, 2025
Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation
The blog highlights the growing convergence of cybersecurity and intelligent transportation, emphasizing that autonomous vehicles and connected infrastructure are becoming "data centers on wheels." It outlines three core risk areas—V2X communication vulnerabilities, AI‑driven sensor attacks, and infrastructure resilience—and presents strategic...
By Erdal Ozkaya’s Cybersecurity Blog
News•Dec 17, 2025
Attackers Use Stolen AWS Credentials in Cryptomining Campaign
Attackers compromised AWS Identity and Access Management (IAM) credentials and used them to launch cryptomining workloads on Amazon EC2 and ECS within ten minutes of initial access. AWS GuardDuty flagged the activity, revealing a coordinated campaign that leveraged dry‑run API...
By Dark Reading
Blog•Dec 17, 2025
SHARED INTEL Q&A: This Is How ‘Edge AI’ Is Forcing a Rethink of Trust, Security and Resilience
Edge AI is moving real‑time inference workloads from centralized clouds to embedded devices, demanding far greater compute, memory, and energy efficiency at the silicon level. Infineon’s Thomas Rosteck explains that this shift forces a redesign of trust models, embedding hardware‑root‑of‑trust...
By The Last Watchdog
News•Dec 17, 2025
Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation
Law‑enforcement officials from more than 40 African countries gathered in Algiers for Afripol’s sixth heads‑of‑national‑liaison meeting, focusing on cross‑border cybercrime, equipment standardisation, and investigator training. The forum highlighted a surge in digital adoption that has produced an average of 3,153...
By Dark Reading
News•Dec 16, 2025
Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps
A California high‑school junior, Vaishnav Anand, built an AI model to detect manipulated satellite imagery after becoming a victim of a personal deepfake. He presented his research at MIT’s IEEE Undergraduate Research Technology Conference, highlighting a largely unexplored field known...
By Dark Reading
News•Dec 16, 2025
Why You Should Train Your SOC Like a Triathlete
The article likens SOC development to triathlon training, urging teams to boost data coverage, standardize evidence, and apply AI selectively. It highlights that limited retention (7‑14 days) hides attacker dwell time, and that inconsistent log definitions stall investigations. By extending...
By Dark Reading
Blog•Dec 16, 2025
News Alert: Link11’s Top 5 Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Link11’s European Cyber Report identifies five 2026 cybersecurity trends that will reshape defense strategies across Europe. The report warns that DDoS attacks will increasingly act as diversion tactics, while API‑first architectures expose new misconfiguration and business‑logic abuse risks. It predicts...
By The Last Watchdog
News•Dec 16, 2025
Hacking Group Says It’s Extorting Pornhub After Stealing Users’ Viewing Data
Scattered Lapsus$ Hunters, linked to the ShinyHunters gang, announced an extortion attempt against Pornhub after stealing personal data of premium members through a breach at analytics provider Mixpanel. The stolen information includes email addresses, location, and detailed viewing activity such...
By TechCrunch (Cybersecurity)
Blog•Dec 16, 2025
Most Parked Domains Now Serving Malicious Content
Researchers at Infoblox discovered that more than 90% of parked domains now redirect visitors to scams, malware, or unwanted software. The malicious redirects are triggered primarily for users on residential IP addresses, while VPN traffic often receives a harmless parking...
By Krebs on Security
Blog•Dec 16, 2025
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Link11 forecasts five cybersecurity trends that will shape European defense in 2026, highlighting a surge in DDoS attacks used as diversion tactics, growing exposure from API‑first architectures, and the shift toward integrated WAAP platforms. The report stresses that AI‑driven DDoS...
By Security Ledger
News•Dec 16, 2025
ESET Threat Report H2 2025
The second half of 2025 saw AI‑driven malware become operational, highlighted by PromptLock, the first known AI‑generated ransomware. Lumma Stealer’s presence faded dramatically, with detections dropping 86% after its May disruption. CloudEyE (GuLoader) exploded in prevalence, increasing thirty‑fold and serving...
By WeLiveSecurity
Podcast•Dec 16, 2025•6 min
Microsegmentation (Noun) [Word Notes]
The episode defines microsegmentation as a zero‑trust security method that isolates individual application workloads, enabling granular protection for each. It highlights how this approach reduces lateral movement risks within networks and supports compliance by enforcing policy at the workload level....
By Hacking Humans