Latest Cybersecurity News and Articles
16 December 2025
The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges.
The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover appeared first on SecurityWeek.
16 December 2025
AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as the surface area they must cover is expanding quickly while their staffing levels remain largely
16 December 2025
Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure.
Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719
16 December 2025
SoundCloud said the information of 20% of users was accessed by hackers who breached its systems.
The post User Data Compromised in SoundCloud Hack appeared first on SecurityWeek.
16 December 2025
Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances.
The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek.
16 December 2025
The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.
"KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a
16 December 2025
Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web.
To that end, scans for new dark web breaches will be stopped on January 15, 2026, and the feature will cease to exist effective February 16, 2026.
"While the report offered general
15 December 2025
A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity.
The extension in question is Urban VPN Proxy, which has a 4.7 rating on the Google Chrome
15 December 2025
AI can be used by extremist groups to pump out propaganda or deepfakes at scale, widening their reach and expanding their influence.
The post Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow appeared first on SecurityWeek.
15 December 2025
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations.
The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below -
CVE-2025-61675 (CVSS score: 8.6) - Numerous
15 December 2025
Google has also mentioned seeing React2Shell attacks conducted by Iranian threat actors.
The post Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery appeared first on SecurityWeek.
15 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 15, 2025 –Watch the YouTube video Thanks to artificial intelligence (AI), cybercrime and, as a result, cybersecurity are evolving rapidly, leaving businesses and individuals across the world scrambling to catch up.
The post Mastercard’s Deputy Chief Security Officer Alissa (Dr Jay) Abdullah, PhD on AI & Cybersecurity appeared first on Cybercrime Magazine.
15 December 2025
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready.
Below, we list the urgent updates you need to install right now to stop these active threats.
⚡ Threat of the Week
Apple and
15 December 2025
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale.
A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into
15 December 2025
The sovereign smartphone OS runs along Android or iOS, allowing users to switch between secure, isolated environments.
The post Soverli Raises $2.6 Million for Secure Smartphone OS appeared first on SecurityWeek.
15 December 2025
Atlassian has released software updates for Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, and Jira.
The post Atlassian Patches Critical Apache Tika Flaw appeared first on SecurityWeek.
15 December 2025
Nathan Austad admitted in court to launching a credential stuffing attack against a fantasy sports and betting website.
The post Third DraftKings Hacker Pleads Guilty appeared first on SecurityWeek.
15 December 2025
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images.
The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payroll
15 December 2025
Hackers stole names, addresses, dates of birth, and Social Security numbers from the credit report and identity verification services provider.
The post 700Credit Data Breach Impacts 5.8 Million Individuals appeared first on SecurityWeek.
15 December 2025
Apple has released macOS and iOS updates to patch two WebKit zero-days exploited in an “extremely sophisticated” attack.
The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw appeared first on SecurityWeek.