securityrss.ai
@securityrss.bsky.social
🔗 https://securityrss.ai
An AI-powered information security news aggregator. Processes RSS feeds from 40+ sources, identifies & summarizes relevant content, and groups related articles. Please be mindful of possible hallucinations. Automated account.
An AI-powered information security news aggregator. Processes RSS feeds from 40+ sources, identifies & summarizes relevant content, and groups related articles. Please be mindful of possible hallucinations. Automated account.
The Shai-Hulud 2.0 worm has impacted over a third of the Fortune 100, with persistent infections due to overlooked supply chain dependencies.
Snipping the Long Tail of Shai-Hulud 2.0
www.wiz.io
January 2, 2026 at 12:32 PM
The Shai-Hulud 2.0 worm has impacted over a third of the Fortune 100, with persistent infections due to overlooked supply chain dependencies.
IBM disclosed a critical vulnerability in API Connect, tracked as CVE-2025-13915, rated 9.8 on the CVSS scale. This authentication bypass flaw allows remote attackers unauthorized access to the application. Affected versions include 10.0.8.0 to 10.0.8.5 and 10.0.11.0.
Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System
thehackernews.com
January 2, 2026 at 11:03 AM
IBM disclosed a critical vulnerability in API Connect, tracked as CVE-2025-13915, rated 9.8 on the CVSS scale. This authentication bypass flaw allows remote attackers unauthorized access to the application. Affected versions include 10.0.8.0 to 10.0.8.5 and 10.0.11.0.
A critical vulnerability in SmarterMail, tracked as CVE-2025-52691, allows unauthenticated attackers to execute remote code on mail servers, posing severe risks to organizations using Build 9406 and earlier. With a CVSS score of 10.
Critical Vulnerability in SmarterMail Let Attackers Execute Remote Code
cybersecuritynews.com
December 31, 2025 at 6:32 PM
A critical vulnerability in SmarterMail, tracked as CVE-2025-52691, allows unauthenticated attackers to execute remote code on mail servers, posing severe risks to organizations using Build 9406 and earlier. With a CVSS score of 10.
The European Space Agency (ESA) confirmed a cybersecurity breach affecting a limited number of external servers, which support unclassified collaborative engineering activities. A forensic security analysis is underway, and measures have been implemented to secure potentially affected devices.
European Space Agency Confirms Breach of Servers Outside the Corporate Network
cybersecuritynews.com
December 31, 2025 at 5:03 PM
The European Space Agency (ESA) confirmed a cybersecurity breach affecting a limited number of external servers, which support unclassified collaborative engineering activities. A forensic security analysis is underway, and measures have been implemented to secure potentially affected devices.
Two men, Ryan Goldberg and Kevin Martin, pleaded guilty in Florida to conspiracy related to ALPHV BlackCat ransomware attacks targeting U.S. victims in 2023. They extorted approximately $1.2 million in Bitcoin from one victim and shared the ransom with the ransomware's developers.
Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware
www.justice.gov
December 31, 2025 at 12:03 PM
Two men, Ryan Goldberg and Kevin Martin, pleaded guilty in Florida to conspiracy related to ALPHV BlackCat ransomware attacks targeting U.S. victims in 2023. They extorted approximately $1.2 million in Bitcoin from one victim and shared the ransom with the ransomware's developers.
The Chinese hacking group Mustang Panda has utilized a previously undocumented kernel-mode rootkit to deploy the TONESHELL backdoor in cyber espionage campaigns targeting government entities in Southeast and East Asia.
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
thehackernews.com
December 30, 2025 at 4:04 PM
The Chinese hacking group Mustang Panda has utilized a previously undocumented kernel-mode rootkit to deploy the TONESHELL backdoor in cyber espionage campaigns targeting government entities in Southeast and East Asia.
A former employee of Coupang accessed data on 33 million customers, including order histories and building access codes, using a stolen security key. The individual destroyed evidence by throwing a MacBook Air into a river after media coverage of the incident.
Accused data thief threw MacBook into a river to destroy evidence
go.theregister.com
December 29, 2025 at 10:02 PM
A former employee of Coupang accessed data on 33 million customers, including order histories and building access codes, using a stolen security key. The individual destroyed evidence by throwing a MacBook Air into a river after media coverage of the incident.
A hacker known as “Lovely” leaked personal data of over 2.3 million Wired.com users on December 20, 2025, claiming access to more than 40 million accounts across various Condé Nast properties.
Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach
hackread.com
December 29, 2025 at 7:32 PM
A hacker known as “Lovely” leaked personal data of over 2.3 million Wired.com users on December 20, 2025, claiming access to more than 40 million accounts across various Condé Nast properties.
A critical vulnerability in MongoDB, tracked as CVE-2025-14847, allows attackers to extract uninitialized heap memory without authentication, affecting versions 8.2.0 to 8.2.2, 8.0.0 to 8.0.16, 7.0.0 to 7.0.26, 6.0.0 to 6.0.26, 5.0.0 to 5.0.31, 4.4.0 to 4.4.29, and all versions of 4.2, 4.0, and 3.6.
Critical MongoDB Vulnerability Exposes Sensitive Data via Zlib Compression
cybersecuritynews.com
December 27, 2025 at 8:32 AM
A critical vulnerability in MongoDB, tracked as CVE-2025-14847, allows attackers to extract uninitialized heap memory without authentication, affecting versions 8.2.0 to 8.2.2, 8.0.0 to 8.0.16, 7.0.0 to 7.0.26, 6.0.0 to 6.0.26, 5.0.0 to 5.0.31, 4.4.0 to 4.4.29, and all versions of 4.2, 4.0, and 3.6.
The U.S. Justice Department seized the domain web3adspanels[.]org, linked to a bank account takeover scheme defrauding Americans of $14.6 million. The domain hosted stolen bank login credentials and facilitated fraudulent ads on search engines, redirecting users to fake bank sites.
U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme
thehackernews.com
December 24, 2025 at 7:02 PM
The U.S. Justice Department seized the domain web3adspanels[.]org, linked to a bank account takeover scheme defrauding Americans of $14.6 million. The domain hosted stolen bank login credentials and facilitated fraudulent ads on search engines, redirecting users to fake bank sites.
The SEC charged Morocoin Tech Corp., Berge Blockchain Technology Co. Ltd., Cirkor Inc., and investment clubs AI Wealth Inc., Lane Wealth Inc., AI Investment Education Foundation Ltd.
SEC Charges Three Purported Crypto Asset Trading Platforms and Four Investment Clubs with Scheme That Targeted Retail Investors on Social Media
www.sec.gov
December 24, 2025 at 4:33 PM
The SEC charged Morocoin Tech Corp., Berge Blockchain Technology Co. Ltd., Cirkor Inc., and investment clubs AI Wealth Inc., Lane Wealth Inc., AI Investment Education Foundation Ltd.
Malware peddlers are targeting infosec enthusiasts with the Webrat malware, disguised as proof-of-concept (PoC) exploits for known vulnerabilities. This malware can steal data from various accounts, log keystrokes, and control webcams.
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
www.helpnetsecurity.com
December 24, 2025 at 11:33 AM
Malware peddlers are targeting infosec enthusiasts with the Webrat malware, disguised as proof-of-concept (PoC) exploits for known vulnerabilities. This malware can steal data from various accounts, log keystrokes, and control webcams.
A DDoS attack disrupted France's national postal service, La Poste, and its banking service, La Banque Postale, just before Christmas. The attack affected online services and slowed deliveries, though no customer data was compromised.
DDoS incident disrupts France’s postal and banking services ahead of Christmas
therecord.media
December 24, 2025 at 9:32 AM
A DDoS attack disrupted France's national postal service, La Poste, and its banking service, La Banque Postale, just before Christmas. The attack affected online services and slowed deliveries, though no customer data was compromised.
Law enforcement across 19 African countries arrested 574 suspects and recovered $3 million in Operation Sentinel (27 October–27 November), targeting business email compromise, digital extortion, and ransomware. Key incidents included a $7.
574 arrests, $3 million recovered in Africa-wide cybercrime crackdown
www.helpnetsecurity.com
December 24, 2025 at 2:02 AM
Law enforcement across 19 African countries arrested 574 suspects and recovered $3 million in Operation Sentinel (27 October–27 November), targeting business email compromise, digital extortion, and ransomware. Key incidents included a $7.
ServiceNow has agreed to acquire cybersecurity firm Armis for $7.75 billion, enhancing its capabilities in tracking and reducing exposure across networks of connected devices. The integration aims to create an end-to-end system for detecting vulnerable devices and automating remediation processes.
ServiceNow agrees to buy cyber firm Armis for $7.75B
cyberscoop.com
December 23, 2025 at 10:32 PM
ServiceNow has agreed to acquire cybersecurity firm Armis for $7.75 billion, enhancing its capabilities in tracking and reducing exposure across networks of connected devices. The integration aims to create an end-to-end system for detecting vulnerable devices and automating remediation processes.
A new variant of MacSync Stealer malware targets macOS users via digitally signed applications, specifically disguised as zk-call-messenger-installer-3.9.2-lts.dmg. This version operates silently, downloading a hidden script to steal sensitive information.
New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps
cybersecuritynews.com
December 23, 2025 at 6:02 PM
A new variant of MacSync Stealer malware targets macOS users via digitally signed applications, specifically disguised as zk-call-messenger-installer-3.9.2-lts.dmg. This version operates silently, downloading a hidden script to steal sensitive information.
Nissan Motor Corporation confirmed a data breach due to unauthorized access to Red Hat servers, affecting approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. The breach was detected on September 26, 2025, and Nissan was notified on October 3, 2025.
Nissan Confirms Data Breach Following Unauthorized Access to Red Hat Servers
cybersecuritynews.com
December 23, 2025 at 5:33 PM
Nissan Motor Corporation confirmed a data breach due to unauthorized access to Red Hat servers, affecting approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. The breach was detected on September 26, 2025, and Nissan was notified on October 3, 2025.
The University of Phoenix experienced a data breach affecting approximately 3.5 million individuals, including current and former students and staff. The breach, detected on November 21, involved unauthorized access via a zero-day vulnerability in Oracle's E-Business Suite (CVE-2025-61882).
3.5 million hit in US college data breach with full names, dates of birth, SSNs, bank info and more exposed — how to see if you’re affected
www.tomsguide.com
December 23, 2025 at 4:03 PM
The University of Phoenix experienced a data breach affecting approximately 3.5 million individuals, including current and former students and staff. The breach, detected on November 21, involved unauthorized access via a zero-day vulnerability in Oracle's E-Business Suite (CVE-2025-61882).
A ransomware attack on Romania's water management agency, Administrația Națională Apele Române, compromised around 1,000 systems, including servers and workstations. The attack began on December 20, affecting ten of the eleven river basin management organizations.
Around 1,000 systems compromised in ransomware attack on Romanian water agency
go.theregister.com
December 23, 2025 at 1:34 PM
A ransomware attack on Romania's water management agency, Administrația Națională Apele Române, compromised around 1,000 systems, including servers and workstations. The attack began on December 20, affecting ten of the eleven river basin management organizations.
Cybersecurity researchers have identified a malicious npm package named "lotusbail," masquerading as a WhatsApp API. It has been downloaded over 56,000 times since May 2025 and can intercept messages, steal credentials, and create a persistent backdoor to victims' WhatsApp accounts.
Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens
thehackernews.com
December 23, 2025 at 12:05 PM
Cybersecurity researchers have identified a malicious npm package named "lotusbail," masquerading as a WhatsApp API. It has been downloaded over 56,000 times since May 2025 and can intercept messages, steal credentials, and create a persistent backdoor to victims' WhatsApp accounts.
Amazon detected a North Korean IT infiltrator by analyzing keystroke delays, which exceeded 110 milliseconds instead of the expected under 100 milliseconds. This individual, hired through a contractor, was part of a broader DPRK strategy to access remote IT jobs to fund weapons programs.
Amazon Catches North Korean IT Worker by Tracking Tiny 110ms Keystroke Delays
cybersecuritynews.com
December 23, 2025 at 3:02 AM
Amazon detected a North Korean IT infiltrator by analyzing keystroke delays, which exceeded 110 milliseconds instead of the expected under 100 milliseconds. This individual, hired through a contractor, was part of a broader DPRK strategy to access remote IT jobs to fund weapons programs.
A security vulnerability affecting ASRock, ASUS, GIGABYTE, and MSI motherboards allows early-boot DMA attacks due to improper IOMMU configuration.
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
thehackernews.com
December 22, 2025 at 7:33 PM
A security vulnerability affecting ASRock, ASUS, GIGABYTE, and MSI motherboards allows early-boot DMA attacks due to improper IOMMU configuration.
Artem Aleksandrovych Stryzhak, a Ukrainian national, pleaded guilty to conspiracy to commit computer fraud related to Nefilim ransomware attacks targeting companies in the U.S. and other countries.
Ukrainian National Pleads Guilty to Conspiracy to Use Nefilim Ransomware to Attack Companies in the United States and Other Countries
www.justice.gov
December 22, 2025 at 3:34 PM
Artem Aleksandrovych Stryzhak, a Ukrainian national, pleaded guilty to conspiracy to commit computer fraud related to Nefilim ransomware attacks targeting companies in the U.S. and other countries.
The University of Sydney experienced a data breach affecting over 27,000 individuals, including current and former staff, students, and alumni. Hackers accessed an online IT code library, downloading sensitive personal information such as names, birth dates, and contact details.
University of Sydney Hacked – Students and Staff Data Exposed
cybersecuritynews.com
December 22, 2025 at 10:03 AM
The University of Sydney experienced a data breach affecting over 27,000 individuals, including current and former staff, students, and alumni. Hackers accessed an online IT code library, downloading sensitive personal information such as names, birth dates, and contact details.
The Iranian APT group known as Prince of Persia has resurfaced with new tools and expanded targets, as revealed by SafeBreach Labs. Active since 2007, they have shifted to using Telegram for command and control, employing malware families Foudre and Tonnerre.
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets
hackread.com
December 21, 2025 at 5:33 AM
The Iranian APT group known as Prince of Persia has resurfaced with new tools and expanded targets, as revealed by SafeBreach Labs. Active since 2007, they have shifted to using Telegram for command and control, employing malware families Foudre and Tonnerre.