Latest Cybersecurity News and Articles
04 December 2025
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points.
04 December 2025
The Ministry of Communications on had asked smartphone makers to install the government’s “Sanchar Saathi” app within 90 days and to prevent users from disabling it.
The post India Rolls Back Order to Preinstall Cybersecurity App on Smartphones appeared first on SecurityWeek.
04 December 2025
Significant cybersecurity M&A deals announced by Arctic Wolf, Bugcrowd, Huntress, Palo Alto Networks, and Zscaler.
The post Cybersecurity M&A Roundup: 30 Deals Announced in November 2025 appeared first on SecurityWeek.
04 December 2025
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.
The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos 4.0), a known malware
04 December 2025
Established in 2024 by Cybereason co-founders Lior Div and Yonatan Striem-Amit, the company has raised a total of $166 million in funding.
The post Agentic Security Firm 7AI Raises $130 Million appeared first on SecurityWeek.
04 December 2025
Hackers stole the names, addresses, Social Security numbers, and financial and medical information of 9,542 people.
The post Inotiv Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
04 December 2025
Building a Secure Foundation for the Future of Autonomous Transactions –Dr. Alissa Abdullah, Deputy Chief Security Officer, Mastercard San Jose, Calif. – Dec. 4, 2025 Agentic commerce is changing the way we shop and interact online. Imagine telling your digital assistant to find the best
The post Cybersecurity in Agentic Commerce: Safeguarding the Autonomous Future appeared first on Cybercrime Magazine.
04 December 2025
The state-sponsored hackers relied on phishing emails to deliver a malicious payload to Reporters Without Borders (RSF).
The post Reporters Without Borders Targeted by Russian Hackers appeared first on SecurityWeek.
04 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 4, 2025 – Read the full story from BreachLock Cybersecurity is no longer considered a “technical issue managed by IT departments, according to IBM. Rather, it “dominates concerns among the C-suite.”
The post How To Reframe Cybersecurity Budget Requests And Get Them Approved appeared first on Cybercrime Magazine.
04 December 2025
The 25-page document outlines four principles for securely integrating AI with operational technology.
The post Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT appeared first on SecurityWeek.
04 December 2025
Freedom Mobile says hackers stole customers’ personal information from its account management platform.
The post Personal Information Compromised in Freedom Mobile Data Breach appeared first on SecurityWeek.
04 December 2025
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.
Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing.
DeFi exploit drains funds
Critical yETH Exploit Used to Steal $9M
04 December 2025
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies.
Here are the five threats that reshaped web security this year, and
04 December 2025
The compromised personal and financial information includes names, addresses, Social Security numbers, and card numbers.
The post Marquis Data Breach Impacts Over 780,000 People appeared first on SecurityWeek.
04 December 2025
A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182.
The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek.
04 December 2025
After experiencing an email hacking incident on Oct. 31, the University of Pennsylvania has faced another cyberattack.
04 December 2025
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services.
The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical
04 December 2025
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).
The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. The attack lasted for 69
03 December 2025
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.
It allows "unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints," the React Team said in
03 December 2025
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch.
The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that could lead to remote