Latest Cybersecurity News and Articles
11 December 2025
The past, present, and future of cybercrime. Brought to you by Evolution Equity Partners – Steve Morgan, Editor-In-Chief Sausalito, Calif. – Dec. 11, 2025 If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $10.5 trillion USD globally
The post 2025 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics appeared first on Cybercrime Magazine.
11 December 2025
Day two of the Cyber AI & Automation Summit kicks off at 11AM ET. If you weren't able to attend yesterday, all Day One sessions are already available on-demand.
The post Virtual Event Today: Cyber AI & Automation Summit Day 2 appeared first on SecurityWeek.
11 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 11, 2025 –Read the full story in KBI Media According to research from Cybersecurity Ventures, cybercrime is projected to cost the world $10.5 trillion annually by 2025, and attacks, especially ransomware, are now
The post The Odds Of Suffering A Data Breach appeared first on Cybercrime Magazine.
11 December 2025
Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements.
The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek.
11 December 2025
Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates.
The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek.
11 December 2025
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open.
The new Threatsday Bulletin
11 December 2025
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.
According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a
11 December 2025
In April 2025, hackers stole personal information belonging to patrons and employees and their family members.
The post Pierce County Library Data Breach Impacts 340,000 appeared first on SecurityWeek.
11 December 2025
Cybersecurity companies have been seeing a wide range of malware being delivered in attacks exploiting the critical React vulnerability dubbed React2Shell. A researcher discovered recently that React, the popular open source library for creating application user interfaces, is affected by a critical vulnerability that can be exploited for unauthenticated remote code execution via specially crafted […]
The post Wide Range of Malware Delivered in React2Shell Attacks appeared first on SecurityWeek.
11 December 2025
The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution.
The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek.
11 December 2025
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber
11 December 2025
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.
Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor has trained its sights
11 December 2025
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz.
The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix for the issue is said to be currently in the
11 December 2025
Most of the 100 vulnerabilities resolved this week, including critical flaws, were in third-party dependencies.
The post IBM Patches Over 100 Vulnerabilities appeared first on SecurityWeek.
11 December 2025
The Chrome zero-day does not have a CVE and it's unclear who reported it and which browser component it affects.
The post Google Patches Mysterious Chrome Zero-Day Exploited in the Wild appeared first on SecurityWeek.
11 December 2025
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.
The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other disclosures, Google has opted to keep information about the CVE identifier, the affected component, and
11 December 2025
Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far.
"Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization and remote code execution," security researcher Bryan Masters said.
10 December 2025
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress.
This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based
10 December 2025
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution.
WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely to be
10 December 2025
Over the past decade, overall funding in Israeli cybersecurity companies has increased by more than 500%, according to YL Ventures.
The post Israeli Cybersecurity Funding Hits $4.4 Billion Record High appeared first on SecurityWeek.