🎯Today's Cybersecurity Pulse
Updated 1h agoWhat's happening: Cloudflare pushes agile SASE with Cloudflare One to replace legacy VPNs
Cloudflare announced a series of technical deep‑dives showcasing its Cloudflare One agile SASE platform, positioning it as a single‑pass solution to the fragmentation of legacy VPNs and hardware firewalls. The platform runs security checks across a global network spanning over 300 cities, eliminating service‑chaining bottlenecks and integrating zero‑trust controls.
Also developing:
Blog•Dec 16, 2025
Most Parked Domains Now Serving Malicious Content
Researchers at Infoblox discovered that more than 90% of parked domains now redirect visitors to scams, malware, or unwanted software. The malicious redirects are triggered primarily for users on residential IP addresses, while VPN traffic often receives a harmless parking page. The study identified large portfolios of typosquatting domains targeting high‑profile brands such as Google, Netflix, and the FBI’s IC3, employing multi‑step redirect chains that profile devices. Recent changes to Google Ads default settings may unintentionally amplify exposure to these malicious parking pages.
By Krebs on Security
Blog•Dec 16, 2025
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Link11 forecasts five cybersecurity trends that will shape European defense in 2026, highlighting a surge in DDoS attacks used as diversion tactics, growing exposure from API‑first architectures, and the shift toward integrated WAAP platforms. The report stresses that AI‑driven DDoS...
By Security Ledger
News•Dec 16, 2025
ESET Threat Report H2 2025
The second half of 2025 saw AI‑driven malware become operational, highlighted by PromptLock, the first known AI‑generated ransomware. Lumma Stealer’s presence faded dramatically, with detections dropping 86% after its May disruption. CloudEyE (GuLoader) exploded in prevalence, increasing thirty‑fold and serving...
By WeLiveSecurity
![Microsegmentation (Noun) [Word Notes]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Podcast•Dec 16, 2025•6 min
Microsegmentation (Noun) [Word Notes]
The episode defines microsegmentation as a zero‑trust security method that isolates individual application workloads, enabling granular protection for each. It highlights how this approach reduces lateral movement risks within networks and supports compliance by enforcing policy at the workload level....
By Hacking Humans
Podcast•Dec 16, 2025•5 min
SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML Woes; MSMQ Issues After Patch;
The episode reviews recent activity around the React2Shell exploit, noting that while variants continue to appear in SANS honeypots, the technique is largely mature and even Iranian actors are now merely scanning for it. It then delves into ongoing SAML...
By SANS Internet StormCast
Podcast•Dec 15, 2025•6 min
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
The episode covered four main topics: how malware can exploit DLL entry points that run on load, the resurgence of ClickFix attacks using the obsolete finger command over port 79, a massive Apple patch addressing 48 vulnerabilities—including two actively exploited...
By SANS Internet StormCast
News•Dec 13, 2025
What Is Xfinity xFi Complete? A Complete Guide
Xfinity’s xFi Complete is a premium add‑on for existing Xfinity Internet customers that bundles whole‑home mesh Wi‑Fi, advanced cybersecurity, unlimited data, and automatic gateway upgrades. The service relies on xFi Pods to eliminate dead zones and provides real‑time threat detection...
By Cybers Guards
Blog•Dec 12, 2025
Processing 630 Million More Pwned Passwords, Courtesy of the FBI
The FBI has supplied Have I Been Pwned (HIBP) with an additional 630 million compromised passwords, expanding the service’s corpus beyond the 1.26 billion monthly searches it already handles. Roughly 7.4% of these passwords—about 46 million—were previously absent from HIBP, boosting the database’s...
By Troy Hunt’s Blog
Podcast•Dec 12, 2025•21 min
7MS #705: A Phishing Campaign Fail Tale
In this episode, the host recounts a recent phishing campaign that initially attracted many victims but was abruptly terminated, highlighting how even well‑executed attacks can fail due to unforeseen factors. The discussion underscores the importance of understanding the broader attack...
By 7 Minute Security
News•Dec 12, 2025
Data Breach at Credit Check Giant 700Credit Affects at Least 5.6 Million
Credit‑check provider 700Credit disclosed a breach that compromised personal data of at least 5.6 million individuals, including names, addresses, dates of birth and Social Security numbers. The intrusion, traced to an unidentified actor, affected information collected from auto‑dealership customers between May...
By TechCrunch (Cybersecurity)
News•Dec 12, 2025
We Need a New Type of Cybersecurity Product
The author argues that cybersecurity has failed to demonstrate value because it talks to the wrong audience with the wrong metrics. Instead of chaotic activity logs, security programs need products that convey safety and calm through concise narratives and evidence....
By Unsupervised Learning
News•Dec 12, 2025
Home Depot Exposed Access to Internal Systems for a Year, Says Researcher
A Home Depot employee inadvertently posted a private GitHub access token, exposing hundreds of internal source‑code repositories and cloud‑based order‑fulfillment and inventory systems for roughly a year. Security researcher Ben Zimmermann discovered the token in early November, tested its privileges,...
By TechCrunch (Cybersecurity)
News•Dec 12, 2025
Flaw in Photo Booth Maker’s Website Exposes Customers’ Pictures
A security researcher discovered that Hama Film, a photo‑booth maker owned by Vibecast, left customer photos and videos publicly accessible due to a flaw in its file‑storage website. The issue was reported in October, but the company has not remedied...
By TechCrunch (Cybersecurity)
News•Dec 12, 2025
Black Hat Europe 2025: Was that Device Designed to Be on the Internet at All?
At Black Hat Europe 2025, Zero Science Lab highlighted a building‑management system used in over 1,000 global facilities that runs on an 18‑year‑old, publicly‑exposed software platform riddled with vulnerabilities. The talk traced the problem to a series of acquisitions that left security...
By WeLiveSecurity
Blog•Dec 12, 2025
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
The episode breaks down the critical React2Shell (CVE‑2025‑55182) vulnerability that enables unauthenticated remote code execution in React Server Components, highlighting its CVSS 10.0 severity and the rapid emergence of exploitation attempts after disclosure. It explains how the flaw affects the...
By Security Ledger
Podcast•Dec 12, 2025•6 min
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
The episode covers three main topics: running the Gemma 3 AI model locally on modest hardware, a newly patched but undisclosed Chrome zero‑day vulnerability, and the SOAPwn flaw that lets attackers exploit .NET SOAP services via malicious file:// URLs. Guy Bruneau’s...
By SANS Internet StormCast
Blog•Dec 11, 2025
News Alert: INE Sees Surge in Q4 Budget Shifts as Enterprises Embrace Hands-On Training for AI Roles
Enterprises are reallocating Q4 learning‑and‑development budgets toward hands‑on, performance‑based training as AI reshapes cybersecurity, cloud, and IT operations. INE reports a surge in demand for immersive labs, simulations, and AI‑adaptive pathways that promise faster competency and measurable ROI. The shift...
By The Last Watchdog
News•Dec 11, 2025
Black Hat Europe 2025: Reputation Matters – Even in the Ransomware Economy
At Black Hat Europe 2025, Max Smeets dissected LockBit’s ransomware‑as‑a‑service operation, revealing 194 affiliates and 80 successful ransom payments between 2022‑2024. He argued that reputation drives both victim and attacker behavior: companies that pay attract more media scrutiny, while ransomware...
By WeLiveSecurity
Blog•Dec 11, 2025
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
The episode announces that 1inch has become the exclusive swap provider for Ledger Multisig, integrating its Swap API to eliminate blind signing and enable clear, human‑readable transaction approvals via EIP‑712. This partnership enhances treasury security for DAOs, funds, and enterprises...
By Security Ledger
News•Dec 11, 2025
Security Flaws in Freedom Chat App Exposed Users’ Phone Numbers and PINs
Freedom Chat, a secure‑messaging app launched in June, was found to expose users' phone numbers and PIN codes through two critical backend flaws. Researcher Eric Daigle demonstrated that nearly 2,000 phone numbers could be enumerated and that PINs were broadcast...
By TechCrunch (Cybersecurity)
News•Dec 11, 2025
Locks, SOCs and a Cat in a Box: What Schrödinger Can Teach Us About Cybersecurity
The article likens an organization’s unseen breach risk to Schrödinger’s cat, arguing that without active visibility a firm exists in a dual breached‑or‑not state. Recent high‑profile attacks by Scattered Spider on Marks & Spencer and Jaguar Land Rover illustrate long...
By WeLiveSecurity
Podcast•Dec 11, 2025•50 min
Don’t Let Public Ports Bite.
The episode covers three major security threats: a bot‑driven Monotype font‑licensing extortion that collapsed when a knowledgeable employee disproved the claims; a massive Walmart robocall scam using AI‑generated voices to steal personal data, prompting FCC action against the U.S. voice...
By Hacking Humans
News•Dec 11, 2025
The Most Dangerous 6 Weeks of the Year
A wave of cyber‑fraud targets mid‑sized manufacturers during the Thanksgiving‑to‑New Year window, exploiting altered bank routing numbers and rushed wire approvals. Employee distraction, heightened transaction volume, and reduced security staffing combine to create a perfect storm for attackers. Traditional detection tools...
By Security Magazine (Cybersecurity)
Podcast•Dec 11, 2025•6 min
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 Variant; React2shell Exploits; Notepad++ Update Hijacking; macOS Priv Escalation
The episode reviews a possible new variant of the CVE‑2024‑9042 Kubernetes OS command injection, noting its reliance on the $() syntax and the need for log‑query privileges. It then delves into React‑to‑Shell attacks (CVE‑2025‑55182), emphasizing that the underlying flaw lies...
By SANS Internet StormCast
News•Dec 10, 2025
CEO of South Korean Retail Giant Coupang Resigns After Massive Data Breach
Coupang’s chief executive Park Dae‑jun resigned after a data breach that exposed personal information of roughly 34 million South Koreans, about half the nation’s population. The breach, which began in June and was only detected in November, was initially down‑played as...
By TechCrunch (Cybersecurity)
News•Dec 10, 2025
Seeking Symmetry During ATT&CK® Season: How to Harness Today’s Diverse Analyst and Tester Landscape to Paint a Security Masterpiece
The article maps the sprawling landscape of endpoint‑security analyst reports—from Gartner and Forrester market quadrants to AV‑Comparatives labs and MITRE ATT&CK Evaluations—showing how security leaders can stitch them together into a coherent picture. It likens the process to an artist’s...
By WeLiveSecurity
News•Dec 10, 2025
Petco Takes Down Vetco Website After Exposing Customers’ Personal Information
Petco’s Vetco Clinics portal was partially taken offline after TechCrunch uncovered an insecure direct object reference (IDOR) that let anyone download PDF records containing owners' personal details and pet medical histories. The vulnerability exposed names, addresses, contact information, vaccination and...
By TechCrunch (Cybersecurity)
Podcast•Dec 10, 2025•58 min
Risky Business #818 -- React2Shell Is a Fun One
Patrick Gray and Adam Boileau unpack a week of cyber news, led by the shocking CVSS 10/10 React2Shell vulnerability that lets attackers execute code on React JavaScript servers—a flaw quickly weaponized by Chinese APT groups. They also note Linux’s new...
By Risky Business
Podcast•Dec 10, 2025•8 min
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby Patches.
The episode reviews the latest Patch Tuesday releases, highlighting Microsoft’s 57 fixes—including a privileged‑escalation bug in the Cloud Files Mini‑filters driver that’s already being exploited and new warnings for PowerShell’s Invoke‑WebRequest and AI co‑pilot integrations—while noting critical flaws remain in...
By SANS Internet StormCast
News•Dec 9, 2025
The Big Catch: How Whaling Attacks Target Top Executives
Whaling attacks—spear‑phishing campaigns aimed at C‑suite leaders—are delivering multi‑million‑dollar losses, exemplified by a $8.7 million fraud that crippled Levitas Capital. Executives’ privileged access, time pressure, and public visibility make them prime targets for business‑email‑compromise schemes. The rise of generative AI now...
By WeLiveSecurity