The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application. [...]

Ah, the good old days when 0-day development took a year Interview "In my past life, it would take us 360 days to develop an amazing zero day," Zafran Security CEO Sanaz Yashar said.... [...]

An Interpol-coordinated initiative called Operation Sentinel led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents. [...]

Anna’s Archive’s idealism doesn’t quite survive its own blog post What would happen to the world's music collections if streaming services disappeared? One hacktivist group says it has a solution: scrape around 300 terabytes of music and metadata from Spotify and offer it up for free …

After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have …

Judge says former most-wanted fugitive Mark Acklom will likely never return to the UK The UK's Crown Prosecution Service (CPS) says a fraudster who claimed to be part of MI6 must repay £125,000 ($168,000) to a former love interest that he conned.... [...]

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. [...]

Romanian Waters (Administrația Națională Apele Române), the country's water management authority, was hit by a ransomware attack over the weekend. [...]

The Clop ransomware gang has stolen the data of nearly 3.5 million University of Phoenix (UoPX) students, staff, and suppliers after breaching the university's network in August. [...]

Coupang disclosed a data breach affecting 33.7 million customers after unauthorized access to personal data went undetected for nearly five months. Penta Security explains how the incident highlights insider credential abuse risks and why encrypting customer data beyond legal requirements can reduce exposure and limit damage. [...]

On-site staff keep key systems working while all but one region battles with encrypted PCs Romania's cybersecurity agency confirms a major ransomware attack on the country's water management administration has compromised around 1,000 systems, with work to remediate them still ongoing.... [...]

An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. [...]

A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. [...]

Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. [...]

SK Telecom's epic infosec fail will cost it another $1.5 billion South Korea's government on Friday announced it will require local mobile carriers to verify the identity of new customers with facial recognition scans, in the hope of reducing scams.... [...]

PLUS: Debian supports Chinese chips ; Hong Kong’s Christmas Karaoke crackdown; Asahi admits it should have prevented hack; And more! APAC in Brief Google and Apple last week started to allow developers of mobile applications to distribute their wares through third-party app stores and accept payments from alternative payment …

PLUS: Texas sues alleged TV spies; The Cloud is full of holes; Hospital leaked its own data; And more Infosec In Brief Google will soon end its “Dark Web Report”, an email service that alerts users when their personal information appears on the internet’s dark underbelly.... [...]

More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. [...]

Time signals shifted by a tiny amount that only very sensitive users would find upsetting UPDATED A staffer at the USA’s National Institute of Standards and Technology (NIST) tried to disable backup generators powering some of its Network Time Protocol infrastructure, after a power outage around Boulder, Colorado …

A rare case of deliberately trying to induce an outage A staffer at the USA’s National Institute of Standards and Technology (NIST) tried to disable backup generators powering some of its Network Time Protocol infrastructure, after a power outage around Boulder, Colorado, led to errors.... [...]

The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. [...]

Video from Reddit shows what could go wrong when you try to pet a—looks like a Humboldt—squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. [...]

Latest charges join the mountain of indictments facing alleged Tren de Aragua members A Venezuelan gang described by US officials as "a ruthless terrorist organization" faces charges over alleged deployment of malware on ATMs across the country, illegally siphoning millions of dollars.... [...]

The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. [...]

Newly disclosed vulnerability already being abused, users urged to lock down exposed firewalls WatchGuard is in emergency patch mode after confirming that a critical remote code execution flaw in its Firebox firewalls is under active attack.... [...]

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. [...]

Attackers helped themselves to historical personal info on 27K people The University of Sydney is ringing around thousands of current and former staff and students after admitting attackers helped themselves to historical personal data stashed inside one of its online code repositories.... [...]

Welcome to the second Cloud CISO Perspectives for December 2025. Today, Google Cloud’s Nick Godfrey, senior director, and Anton Chuvakin, security advisor, look back at the year that was. As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If …

The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. [...]

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s …

Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability. [...]

Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks' Cortex XSOAR. [...]

Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform Hewlett Packard Enterprise has told customers to drop whatever they're doing and patch OneView after admitting a maximum-severity bug could let attackers run code on the management platform without so much as a login prompt.... [...]

Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations. [...]

At least some of this is coming to light : Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone farm to manage at least hundreds of AI-generated social media accounts and promote products has been hacked. The hack reveals what products the AI-generated accounts are promoting, often …

Officials admit 'there certainly has been a hack,' but refuse to confirm China link or data theft The UK's Foreign Office is investigating a confirmed cyberattack it learned about in October, senior ministers say.... [...]

Ofcom survey finds 18-34s increasingly see life online as bad for society and their mental health Young Brits are souring on the internet, with increasing numbers seeing it as damaging to society and their mental health, according to latest research published by Ofcom.... [...]

WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. [...]

Practical lessons on securing AI and using AI to strengthen defence Sponsored Post AI is moving from experimentation to everyday use inside the enterprise. That shift brings new opportunities, but it also changes the security equation. Attacks are becoming faster and more convincing, while organizations are simultaneously trying to …

Beijing wants to 'seize the initiative in the international competition in cyberspace' Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking research.... [...]

Plus: Lazarus Group has a brand new BeaverTail Even Amazon isn't immune to North Korean scammers who try to score remote jobs at tech companies so they can funnel their wages to Kim Jong Un's coffers.... [...]

Hackers gained access to an online coding repository belonging to the University of Sydney and stole files with personal information of staff and students. [...]

The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. [...]

Study finds built-in browsers across gadgets often ship years out of date Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn't the case for those that reside within game consoles, televisions, e-readers, cars, and other devices. These outdated, embedded browsers can …

'Within 10 minutes of gaining initial access, crypto miners were operational' Your AWS account could be quietly running someone else's cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute …

ByBit attack doing some seriously heavy lifting North Korea's yearly cryptocurrency thefts have accelerated, with Kim's state-backed cybercriminals plundering just over $2 billion worth of tokens in 2025.... [...]

An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. [...]

I’m sure there’s a story here : Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items. The man deceived the BA check-in agent by posing as a family member who had their passports …

Law enforcement has seized the servers and domains of the E-Note cryptocurrency exchange, allegedly used by cybercriminal groups to launder more than $70 million. [...]

NIS2 puts identity and access controls under the spotlight, with weak passwords and poor authentication now a compliance risk. Specops Software explains how to align password policies and MFA with NIS2 requirements. [...]