Google is expanding support for its Android's in-call scam protection to multiple banks and financial applications in the United States. [...]

Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. [...]

DragonForce expanded its ransomware operation in 2025 by working with English-speaking hackers known for advanced social engineering and initial access. Acronis explains how the "Scattered Spider" collaboration enables coordinated, multistage intrusions across major environments. [...]

In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second. [...]

The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. [...]

Japan’s Askul still can’t run all its sites, but at least the fax line held up OK Japanese e-tailer Askul has resumed online sales, 45 days after a ransomware attack.... [...]

Extra infosec investments are taxiing towards the runway India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports.... [...]

The Korean National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and then selling stolen footage to a foreign adult site. [...]

The Federal Trade Commission (FTC) is proposing that education technology provider Illuminate Education to delete unnecessary student data and improve its security to settle allegations related to an incident in 2021 that exposed info of 10 million students. [...]

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. [...]

Christmas comes early for attackers this year Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin.... [...]

Ivy League school warns more than 1,400 people after attackers siphon data via zero-day The University of Pennsylvania has become the latest victim of Clop's smash-and-grab spree against Oracle's E-Business Suite (EBS) customers, with the Ivy League school now warning more than a thousand individuals that their personal …

Operation Olympia pulls Swiss servers offline and scoops up 12TB of data in latest crime infrastructure crackdown Law enforcement agencies in Germany and Switzerland have shut down cryptocurrency laundering platform Cryptomixer in Europe's latest pushback against cybercrime infrastructure.... [...]

Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities for the past 10 hours. [...]

Borough says attackers copied 'historical' info as three-council cyber woes drag on Kensington and Chelsea Council has admitted that data was quietly lifted from its systems during last week's cyber meltdown, confirming that the outage was not just an IT faceplant but a bona fide data breach.... [...]

Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service" economy lowers the barrier to entry and gives low-skill attackers on-demand access to advanced capabilities. [...]

In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. [...]

Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...]

Regulator says Illuminate ignored years of warnings, stored kids' data in plain text, and kept districts in the dark US edtech provider Illuminate Education just got dinged by the Federal Trade Commission for allegedly failing to keep an attacker from pilfering data on 10 million students.... [...]

An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. [...]

​The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. [...]

In his 2020 book, “ Future Politics, ” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our collective life should be determined by the state, and what should be left to the market and civil society?” But in the early decades of …

'Sanchar Saathi' shares data to help fight fraud and protect carrier security India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days to get the job done – and to ensure …

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. [...]

And some are still active in the Microsoft Edge store A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people's data to servers in China. And, according to Koi researchers, five of the extensions with …

The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. [...]

Plus: Aussie Wi-Fi phisher and Brit dark web dealer nailed Cybercrime suspects and offenders across three continents have been rounded up this week, with cases spanning hacked IP cameras in South Korea, evil twin Wi-Fi traps in Australia, and a dark web drug empire in rural England.... [...]

South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. [...]

Hackers impersonate IT pros with deepfakes, fake resumes, and stolen identities, turning hiring pipelines into insider threats. Huntres sLabs explains how stronger vetting and access controls help stop these threats. [...]

A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. [...]

Only a select few continue into later life, mainly for the love of the game Young threat actors may be rebels without a cause. These cybercriminals typically grow out of their offending ways by the time they turn 20, according to data published by the Dutch government.... [...]

Coupang confirms internationally routed intrusion compromised more than half of the country's population South Korean retail behemoth Coupang has admitted to a data breach that exposed the personal details of 33.7 million customers, turning the company's famed "Rocket Delivery" logistics empire into an express shipment for personal information …

This is crazy. Lawmakers in several US states are contemplating banning VPNs, because...think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105 / S.B. 130. It’s an age …

Zut alors! Cybercrooks scored names, numbers, and license IDs The French Football Federation (FFF) has conceded that attackers broke into its member management software using a compromised account, scoring a match sheet's worth of player data in the process.... [...]

Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder over €1.3 billion in Bitcoin since its launch in 2016. [...]

PLUS: India wants to build big airliners; Half of South Koreans caught in data leak; Minimum wage for gig workers in Oz; And more! Asia in Brief Singapore’s government last week told Google and Apple to prevent fake government messages.... [...]

PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; and more! Infosec In Brief Switzerland’s Conference of Data Protection Officers, Privatim, last week issued a resolution calling on Swiss public bodies to avoid using hyperscale clouds and …

Asahi Group Holdings, Japan's largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. [...]

A meter-long flying neon squid ( Ommastrephes bartramii ) was found dead on an Israeli beach. The species is rare in the Mediterranean. [...]

A 44-year-old man was sentenced to seven years and four months in prison for operating an "evil twin" WiFi network to steal the data of unsuspecting travelers at various airports across Australia. [...]

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. [...]

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer …

The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. [...]

Crims claim to know which customers are marked 'vulnerable' British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files.... [...]

Project cites fears of state access as cloud sovereignty row deepens French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy.... [...]

In a new paper, “ Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the models: Abstract : We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across …

Training outfit scrambles to fix all-male lineup before December kickoff Cybersecurity training provider TryHackMe is scrambling to recruit women infosec pros to help with its Christmas challenge following backlash concerning a lack of gender diversity.... [...]

Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC) chief Ciaran Martin to sniff out how its Budget day forecast wandered onto the open internet before the Chancellor …

OBR says the scheme will cost £600M a year with no identified savings The UK government has finally put a £1.8 billion price tag on its digital ID plans – days after the minister responsible refused to name a figure.... [...]

Talk about buyer’s remorse South Korean web giant Naver has had an interesting week, after it acquired a cryptocurrency exchange that the next day revealed it had suffered a serious cyberattack.... [...]