News•Dec 19, 2025
LongNosedGoblin Caught Snooping on Asian Governments
ESET has identified a new Chinese‑backed advanced persistent threat group, LongNosedGoblin, conducting cyber‑espionage against Japan and other Southeast Asian governments since 2023. The group leverages custom C#/.NET malware and uniquely abuses Windows Group Policy to drop payloads and move laterally across networks. Its toolkit includes NosyHistorian for browser‑history harvesting, NosyDoor backdoor that uses Microsoft OneDrive for command‑and‑control, and additional modules such as NosyDownloader and NosyStealer. Fewer than a dozen victims have been confirmed, indicating a moderate‑level, highly targeted operation.
By Dark Reading
News•Dec 19, 2025
Identity Fraud Among Home-Care Workers Puts Patients at Risk
Home‑care workers are increasingly sending unqualified friends or relatives to patient visits under false identities, a trend highlighted by recent fraud convictions and court cases in the U.S. and U.K. The Department of Health and Human Services reported 298 personal‑care...
By Dark Reading
News•Dec 19, 2025
Hacks, Thefts, and Disruption: The Worst Data Breaches of 2025
TechCrunch’s 2025 cyber‑horror review highlights unprecedented breaches across government, enterprise and consumer sectors. The U.S. federal system faced multiple intrusions, culminating in the DOGE operation led by Elon Musk that accessed citizen records. ransomware gang Clop exploited a zero‑day in...
By TechCrunch (Cybersecurity)
News•Dec 19, 2025
A Cybersecurity Playbook for AI Adoption
Artificial intelligence now powers 60 % of enterprise security stacks, accelerating data collection, anomaly detection, and risk scoring across the NIST CSF identify and detect functions. However, the article warns that AI’s nondeterministic nature makes it unsuitable for direct enforcement actions...
By Dark Reading
News•Dec 18, 2025
SonicWall Edge Access Devices Hit by Zero-Day Attacks
SonicWall disclosed a medium‑severity zero‑day vulnerability, CVE‑2025‑40602, affecting the SMA1000 access platform’s management console. The flaw, rated 6.6 CVSS, is being actively exploited in chained attacks that also leverage the critical CVE‑2025‑23006 vulnerability. SonicWall released hotfixes in firmware versions 12.4.3‑03245...
By Dark Reading
News•Dec 18, 2025
ICE Seeks Cyber Upgrade to Better Surveil and Investigate Its Employees
Immigration and Customs Enforcement is renewing its Cyber Defense and Intelligence Support Services contract to broaden digital surveillance of employee activity. The updated agreement mandates continuous network monitoring, automated anomaly detection, and systematic archiving of logs from servers, workstations, and...
By WIRED (Security)
News•Dec 18, 2025
Dormant Iran APT Is Still Alive, Spying on Dissidents
Iran’s long‑standing state‑level threat group, known as Prince of Persia or Infy, has resurfaced after years of apparent inactivity. SafeBreach’s latest report shows the APT has been continuously spying on Iranian citizens and dissidents across Iraq, Turkey, India, Europe and...
By Dark Reading
News•Dec 18, 2025
LongNosedGoblin Tries to Sniff Out Governmental Affairs in Southeast Asia and Japan
ESET has identified a previously unknown China‑aligned advanced persistent threat (APT) group, dubbed LongNosedGoblin, targeting governmental entities in Southeast Asia and Japan. The group’s hallmark is the abuse of Windows Group Policy to distribute a suite of custom C#/.NET tools,...
By WeLiveSecurity
News•Dec 18, 2025
630M Passwords Stolen, FBI Reveals: What This Says About Credential Value
The FBI transferred a list of 630 million stolen credentials to Troy Hunt of Have I Been Pwned after seizing devices from a single suspect. Approximately 46 million of those passwords were new to HIBP, expanding its breach database. Security experts say...
By Security Magazine (Cybersecurity)
News•Dec 17, 2025
'Cellik' Android RAT Leverages Google Play Store
Cellik is a Remote Access Trojan offered as a service that automatically wraps malicious payloads around legitimate Android apps downloaded from the Google Play Store. The RAT provides full device control, including screen streaming, keylogging, file system access, and encrypted...
By Dark Reading
News•Dec 17, 2025
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity
Enterprise computing is rapidly moving to the edge, with analysts forecasting more than $100 billion in annual edge spend by 2030. The proliferation of IoT, AI, 5G and data‑sovereignty mandates is pushing workloads beyond centralized clouds, creating latency, cost and compliance...
By Dark Reading
News•Dec 17, 2025
'Fake Proof' And AI Slop Hobble Defenders
Exploitation attempts have surged around the React2Shell vulnerability, a CVSS 10.0 flaw in the popular React UI library. While researchers have published roughly 145 public exploits, many are AI‑generated proof‑of‑concepts that fail to trigger the flaw. These fake PoCs mislead...
By Dark Reading
_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
News•Dec 17, 2025
The Future of Quantum-Safe Networks Depends on Interoperable Standards
Quantum key distribution is transitioning from laboratory‑scale, point‑to‑point links to multi‑node, carrier‑grade networks. Recent pilots in London and Paris, led by BT, Toshiba, HSBC and Orange Business, demonstrate real‑world QKD deployments combined with post‑quantum cryptography. Industry groups such as ETSI’s...
By Dark Reading
News•Dec 17, 2025
Cisco Says Chinese Hackers Are Exploiting Its Customers with a New Zero-Day
Cisco disclosed that Chinese‑linked hackers are exploiting a critical zero‑day vulnerability in its AsyncOS software, specifically targeting the Secure Email Gateway and Secure Email and Web Manager appliances. The flaw, active since at least November 2025, allows full device takeover and...
By TechCrunch (Cybersecurity)
News•Dec 17, 2025
Attackers Use Stolen AWS Credentials in Cryptomining Campaign
Attackers compromised AWS Identity and Access Management (IAM) credentials and used them to launch cryptomining workloads on Amazon EC2 and ECS within ten minutes of initial access. AWS GuardDuty flagged the activity, revealing a coordinated campaign that leveraged dry‑run API...
By Dark Reading
News•Dec 17, 2025
Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation
Law‑enforcement officials from more than 40 African countries gathered in Algiers for Afripol’s sixth heads‑of‑national‑liaison meeting, focusing on cross‑border cybercrime, equipment standardisation, and investigator training. The forum highlighted a surge in digital adoption that has produced an average of 3,153...
By Dark Reading
News•Dec 16, 2025
Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps
A California high‑school junior, Vaishnav Anand, built an AI model to detect manipulated satellite imagery after becoming a victim of a personal deepfake. He presented his research at MIT’s IEEE Undergraduate Research Technology Conference, highlighting a largely unexplored field known...
By Dark Reading
News•Dec 16, 2025
Why You Should Train Your SOC Like a Triathlete
The article likens SOC development to triathlon training, urging teams to boost data coverage, standardize evidence, and apply AI selectively. It highlights that limited retention (7‑14 days) hides attacker dwell time, and that inconsistent log definitions stall investigations. By extending...
By Dark Reading
News•Dec 16, 2025
Hacking Group Says It’s Extorting Pornhub After Stealing Users’ Viewing Data
Scattered Lapsus$ Hunters, linked to the ShinyHunters gang, announced an extortion attempt against Pornhub after stealing personal data of premium members through a breach at analytics provider Mixpanel. The stolen information includes email addresses, location, and detailed viewing activity such...
By TechCrunch (Cybersecurity)
News•Dec 16, 2025
ESET Threat Report H2 2025
The second half of 2025 saw AI‑driven malware become operational, highlighted by PromptLock, the first known AI‑generated ransomware. Lumma Stealer’s presence faded dramatically, with detections dropping 86% after its May disruption. CloudEyE (GuLoader) exploded in prevalence, increasing thirty‑fold and serving...
By WeLiveSecurity
News•Dec 13, 2025
What Is Xfinity xFi Complete? A Complete Guide
Xfinity’s xFi Complete is a premium add‑on for existing Xfinity Internet customers that bundles whole‑home mesh Wi‑Fi, advanced cybersecurity, unlimited data, and automatic gateway upgrades. The service relies on xFi Pods to eliminate dead zones and provides real‑time threat detection...
By Cybers Guards
News•Dec 12, 2025
Data Breach at Credit Check Giant 700Credit Affects at Least 5.6 Million
Credit‑check provider 700Credit disclosed a breach that compromised personal data of at least 5.6 million individuals, including names, addresses, dates of birth and Social Security numbers. The intrusion, traced to an unidentified actor, affected information collected from auto‑dealership customers between May...
By TechCrunch (Cybersecurity)
News•Dec 12, 2025
We Need a New Type of Cybersecurity Product
The author argues that cybersecurity has failed to demonstrate value because it talks to the wrong audience with the wrong metrics. Instead of chaotic activity logs, security programs need products that convey safety and calm through concise narratives and evidence....
By Unsupervised Learning
News•Dec 12, 2025
Home Depot Exposed Access to Internal Systems for a Year, Says Researcher
A Home Depot employee inadvertently posted a private GitHub access token, exposing hundreds of internal source‑code repositories and cloud‑based order‑fulfillment and inventory systems for roughly a year. Security researcher Ben Zimmermann discovered the token in early November, tested its privileges,...
By TechCrunch (Cybersecurity)
News•Dec 12, 2025
Flaw in Photo Booth Maker’s Website Exposes Customers’ Pictures
A security researcher discovered that Hama Film, a photo‑booth maker owned by Vibecast, left customer photos and videos publicly accessible due to a flaw in its file‑storage website. The issue was reported in October, but the company has not remedied...
By TechCrunch (Cybersecurity)
News•Dec 12, 2025
Black Hat Europe 2025: Was that Device Designed to Be on the Internet at All?
At Black Hat Europe 2025, Zero Science Lab highlighted a building‑management system used in over 1,000 global facilities that runs on an 18‑year‑old, publicly‑exposed software platform riddled with vulnerabilities. The talk traced the problem to a series of acquisitions that left security...
By WeLiveSecurity
News•Dec 11, 2025
Black Hat Europe 2025: Reputation Matters – Even in the Ransomware Economy
At Black Hat Europe 2025, Max Smeets dissected LockBit’s ransomware‑as‑a‑service operation, revealing 194 affiliates and 80 successful ransom payments between 2022‑2024. He argued that reputation drives both victim and attacker behavior: companies that pay attract more media scrutiny, while ransomware...
By WeLiveSecurity
News•Dec 11, 2025
Security Flaws in Freedom Chat App Exposed Users’ Phone Numbers and PINs
Freedom Chat, a secure‑messaging app launched in June, was found to expose users' phone numbers and PIN codes through two critical backend flaws. Researcher Eric Daigle demonstrated that nearly 2,000 phone numbers could be enumerated and that PINs were broadcast...
By TechCrunch (Cybersecurity)
News•Dec 11, 2025
Locks, SOCs and a Cat in a Box: What Schrödinger Can Teach Us About Cybersecurity
The article likens an organization’s unseen breach risk to Schrödinger’s cat, arguing that without active visibility a firm exists in a dual breached‑or‑not state. Recent high‑profile attacks by Scattered Spider on Marks & Spencer and Jaguar Land Rover illustrate long...
By WeLiveSecurity
News•Dec 11, 2025
The Most Dangerous 6 Weeks of the Year
A wave of cyber‑fraud targets mid‑sized manufacturers during the Thanksgiving‑to‑New Year window, exploiting altered bank routing numbers and rushed wire approvals. Employee distraction, heightened transaction volume, and reduced security staffing combine to create a perfect storm for attackers. Traditional detection tools...
By Security Magazine (Cybersecurity)
News•Dec 10, 2025
CEO of South Korean Retail Giant Coupang Resigns After Massive Data Breach
Coupang’s chief executive Park Dae‑jun resigned after a data breach that exposed personal information of roughly 34 million South Koreans, about half the nation’s population. The breach, which began in June and was only detected in November, was initially down‑played as...
By TechCrunch (Cybersecurity)
News•Dec 10, 2025
Seeking Symmetry During ATT&CK® Season: How to Harness Today’s Diverse Analyst and Tester Landscape to Paint a Security Masterpiece
The article maps the sprawling landscape of endpoint‑security analyst reports—from Gartner and Forrester market quadrants to AV‑Comparatives labs and MITRE ATT&CK Evaluations—showing how security leaders can stitch them together into a coherent picture. It likens the process to an artist’s...
By WeLiveSecurity
News•Dec 10, 2025
Petco Takes Down Vetco Website After Exposing Customers’ Personal Information
Petco’s Vetco Clinics portal was partially taken offline after TechCrunch uncovered an insecure direct object reference (IDOR) that let anyone download PDF records containing owners' personal details and pet medical histories. The vulnerability exposed names, addresses, contact information, vaccination and...
By TechCrunch (Cybersecurity)
News•Dec 9, 2025
The Big Catch: How Whaling Attacks Target Top Executives
Whaling attacks—spear‑phishing campaigns aimed at C‑suite leaders—are delivering multi‑million‑dollar losses, exemplified by a $8.7 million fraud that crippled Levitas Capital. Executives’ privileged access, time pressure, and public visibility make them prime targets for business‑email‑compromise schemes. The rise of generative AI now...
By WeLiveSecurity