Cybersecurity News from Across the Internet
Grok, the AI chatbot developed by Elon Musk’s xAI, has been found to exhibit more alarming behaviour – this time revealing the home addresses of ordinary people upon request. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas. Why holiday peaks … Read More “How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year? – The Hacker News” »
It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited … Read More “⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More – The Hacker News” »
Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Infoblox Threat Intel reports a campaign that used the Evilginx phishing kit to bypass Multi-Factor Authentication (MFA) and steal credentials from 18 US universities between April and November 2025. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild. The findings come from Intel 471, CYFIRMA, and Zimperium, respectively. FvncBot, which masquerades as a security app developed by mBank, targets mobile banking users in Poland. What’s notable … Read More “Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features – The Hacker News” »
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on … Read More “Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks – The Hacker News” »
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs. “This malware enables remote control of compromised systems by … Read More “MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign – The Hacker News” »
Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular – Read More – The Hacker … Read More “Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks – The Hacker News” »
Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular – Read More – The Hacker … Read More “Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks – The Hacker News” »
Barts Health NHS confirms Cl0p ransomware breach via Oracle flaw. Invoice data exposed. Patient records and clinical systems remain unaffected. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine. The Nerdify homepage. The link between essay mills and Russian attack drones might seem improbable, but understanding it begins with a … Read More “Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill – Krebs on Security” »
CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by … Read More “Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation – The Hacker News” »
Attackers of different origins and motivations swiftly exploited a critical vulnerability dubbed React2Shell, affecting React Server Components shortly after Meta and the React team publicly disclosed the flaw with a patch Wednesday. Multiple security firms are actively responding to active exploitation in the wild as a scrum of reports conclude the malicious activity is limited … Read More “Attackers hit React defect as researchers quibble over proof – CyberScoop” »
Agentic AI tools are being pushed into software development pipelines, IT networks and other business workflows. But using these tools can quickly turn into a supply chain nightmare for organizations, introducing untrusted or malicious content into their workstream that are then regularly treated as instructions by the underlying large language models powering the tools. Researchers … Read More “More evidence your AI agents can be turned against you – CyberScoop” »
A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate … Read More “Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails – The Hacker News” »
A bipartisan group of senators are looking to tackle health care cybersecurity by reviving legislation that would update regulations and guidelines, authorize grants, offer training and clarify federal agency roles. It’s a subset of cybersecurity where Congress hasn’t enacted any sweeping changes to date. The resurrected Health Care Cybersecurity and Resiliency Act from Health, Education … Read More “Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues – CyberScoop” »
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity. “Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an … Read More “Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch – The Hacker News” »
AI is transforming the video-making process of creators. Learn how WondershareFilmora V15 helps individual creators edit smarter using powerful AI. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Torrance, California, USA, 5th December 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The dangerous ClayRat Android spyware has evolved, gaining the ability to steal PINs, record screens, and disable security by abusing Accessibility Services. Users must beware of fake apps spreading through phishing sites and Dropbox. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Madison, United States, 5th December 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Madison, United States, 5th December 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and … Read More “Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability – The Hacker News” »
Aikido Security exposes a new AI prompt injection flaw in GitHub/GitLab pipelines, letting attackers steal secrets. Major companies affected. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created ”Getting to Yes”: An Anti-Sales Guide for MSPs. This guide helps service providers transform … Read More ““Getting to Yes”: An Anti-Sales Guide for MSPs – The Hacker News” »
A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware, Amnesty International said in a report. The link, the non-profit organization said, is a “Predator attack attempt based on the … Read More “Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery – The Hacker News” »
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created ”Getting to Yes”: An Anti-Sales Guide for MSPs. This guide helps service providers transform … Read More ““Getting to Yes”: An Anti-Sales Guide for MSPs – The Hacker News” »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems. “BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. … Read More “CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems – The Hacker News” »
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It’s rooted in Array’s DesktopDirect, a remote … Read More “JPCERT Confirms Active Command Injection Attacks on Array AG Gateways – The Hacker News” »
Qilin ransomware claims it stole internal data from the Church of Scientology, sharing 22 screenshots as proof. The breach remains unconfirmed by the organization. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously warned about in September. The outlook based on their limited visibility into China’s sustained ability to burrow into critical infrastructure and government agency networks undetected, dating back to at least 2022, is grim. … Read More “Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware – CyberScoop” »
Leaked training videos suggest that Intellexa retained the ability to remotely access the systems of customers who had used its Predator spyware, raising questions about human rights safeguards, according to an investigation published Thursday. That was just one finding from a series of separate but overlapping probes released over the past 24 hours. The training … Read More “Intellexa remotely accessed Predator spyware customer systems, investigation finds – CyberScoop” »
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say … Read More “SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security” »
Sen. Mark Kelly, D-Ariz., called for robust safeguards in U.S.-developed AI systems to prevent abuse and misuse, arguing that both the technology and its development standards should reflect “American” values. In a speech Thursday at the Center for American Progress, a left-leaning think tank, Kelly called for massive investment in data centers, water and electricity … Read More “Sen. Mark Kelly: Investing in safe, secure AI is key to U.S. dominance – CyberScoop” »
LummaC2 infostealer infects North Korean hacker’s device, exposing ties to $1.4B Bybit heist and revealing tools, infrastructure and OPSEC failures. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. Read more in my article on the Fortra blog. – Read More – Graham Cluley
Sean Plankey’s nomination to lead the Cybersecurity and Infrastructure Security Agency looks to be over following his exclusion from a Senate vote Thursday to move forward on a panel of Trump administration picks. Multiple senators placed holds or threatened holds on his nomination, none related to cybersecurity. But the hold from Sen. Rick Scott, R-Fla., appeared … Read More “Sean Plankey nomination to lead CISA appears to be over after Thursday vote – CyberScoop” »
Cloudflare’s Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT … Read More “Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China – The Hacker News” »
Austin, TX, USA, 4th December 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The Trump administration is aiming to release its six-part national cybersecurity strategy in January, according to multiple sources familiar with the document. The document, which is a mere five pages long, will possibly be followed by an executive order to implement the new strategy. The administration has been soliciting feedback in recent days, which one … Read More “Five-page draft Trump administration cyber strategy targeted for January release – CyberScoop” »
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds … Read More “ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories – The Hacker News” »
Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service (MaaS) RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies. Here are the five threats that reshaped web security this year, … Read More “5 Threats That Reshaped Web Security This Year [2025] – The Hacker News” »
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical … Read More “GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections – The Hacker News” »
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. … Read More “Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts – The Hacker News” »
A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer… and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025. Plus, … Read More “Smashing Security podcast #446: A hacker doxxes himself, and social engineering-as-a-service – Graham Cluley” »
![5 Threats That Reshaped Web Security This Year [2025] – The Hacker News](https://attackfeed.com/wp-content/uploads/2025/12/reflectiz-rUVNK0.jpg)
