Latest Cybersecurity News and Articles
04 December 2025
The 25-page document outlines four principles for securely integrating AI with operational technology.
The post Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT appeared first on SecurityWeek.
04 December 2025
Freedom Mobile says hackers stole customers’ personal information from its account management platform.
The post Personal Information Compromised in Freedom Mobile Data Breach appeared first on SecurityWeek.
04 December 2025
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.
Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing.
DeFi exploit drains funds
Critical yETH Exploit Used to Steal $9M
04 December 2025
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies.
Here are the five threats that reshaped web security this year, and
04 December 2025
The compromised personal and financial information includes names, addresses, Social Security numbers, and card numbers.
The post Marquis Data Breach Impacts Over 780,000 People appeared first on SecurityWeek.
04 December 2025
A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182.
The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek.
04 December 2025
After experiencing an email hacking incident on Oct. 31, the University of Pennsylvania has faced another cyberattack.
04 December 2025
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services.
The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical
04 December 2025
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).
The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. The attack lasted for 69
03 December 2025
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.
It allows "unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints," the React Team said in
03 December 2025
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch.
The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that could lead to remote
03 December 2025
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild.
The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration.
It affects versions
03 December 2025
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in attacks targeting users in Brazil.
The latest wave is characterized by the attackers shifting from PowerShell to a Python-based variant that spreads the
03 December 2025
The startup will invest the funds in accelerating development of its second-generation fully homomorphic encryption (FHE) platforms.
The post Niobium Raises $23 Million for FHE Hardware Acceleration appeared first on SecurityWeek.
03 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 3, 2025 – Read the full story in IoT for all IoT for all reports that over the past decade, ransomware has evolved from a small-scale threat targeting personal computers into a
The post A Decade of Ransomware Chaos – How Much It Costs appeared first on Cybercrime Magazine.
03 December 2025
A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites.
The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
03 December 2025
Arizona is the latest state to sue Temu and its parent company PDD Holdings over allegations that the Chinese online retailer is stealing customers’ data.
The post Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims appeared first on SecurityWeek.
03 December 2025
Veza Security was recently valued at more than $800 million after raising $108 million in Series D funding.
The post ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal appeared first on SecurityWeek.
03 December 2025
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country?
Those days are over.
Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don't need to be smart; they just need to subscribe to the right AI tool.
We are witnessing the industrialization of
03 December 2025
The University of Pennsylvania and the University of Phoenix confirm that they are victims of the recent Oracle EBS hacking campaign.
The post Penn and Phoenix Universities Disclose Data Breach After Oracle Hack appeared first on SecurityWeek.