Latest Cybersecurity News and Articles
12 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 12, 2025 –Watch the YouTube video In early 2025, self-proclaimed crypto Godfather Adam Iza pleaded guilty to federal criminal charges in a conspiracy that targeted multiple victims in Los Angeles and had ties
The post True Hacking Story: From Teen Computer Whiz To Crypto Godfather appeared first on Cybercrime Magazine.
12 December 2025
Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw.
The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek.
12 December 2025
The Akira ransomware group took credit for the Fieldtex Products hack in November, claiming to have stolen 14 Gb of data.
The post Fieldtex Data Breach Impacts 238,000 appeared first on SecurityWeek.
12 December 2025
Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request.
The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek.
12 December 2025
XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25.
The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek.
12 December 2025
All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services.
The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek.
12 December 2025
Notepad++ found a vulnerability in the way the software updater authenticates update files.
The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek.
12 December 2025
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often by copying/pasting sensitive information directly into prompts or uploading files.
Traditional
12 December 2025
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.
The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in
12 December 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects the React Server Components (RSC) Flight protocol. The underlying cause of the issue is an unsafe deserialization
12 December 2025
Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities.
The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek.
12 December 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to
11 December 2025
Members of Congress from both parties have pushed for more regulations on AI, saying there is not enough oversight for the powerful technology.
The post Trump Signs Executive Order to Block State AI Regulations appeared first on SecurityWeek.
11 December 2025
The past, present, and future of cybercrime. Brought to you by Evolution Equity Partners – Steve Morgan, Editor-In-Chief Sausalito, Calif. – Dec. 11, 2025 If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $10.5 trillion USD globally
The post 2025 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics appeared first on Cybercrime Magazine.
11 December 2025
Day two of the Cyber AI & Automation Summit kicks off at 11AM ET. If you weren't able to attend yesterday, all Day One sessions are already available on-demand.
The post Virtual Event Today: Cyber AI & Automation Summit Day 2 appeared first on SecurityWeek.
11 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 11, 2025 –Read the full story in KBI Media According to research from Cybersecurity Ventures, cybercrime is projected to cost the world $10.5 trillion annually by 2025, and attacks, especially ransomware, are now
The post The Odds Of Suffering A Data Breach appeared first on Cybercrime Magazine.
11 December 2025
Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements.
The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek.
11 December 2025
Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates.
The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek.
11 December 2025
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open.
The new Threatsday Bulletin
11 December 2025
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.
According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a