515/68 Tuesday, December 9, 2025 Cybersecurity agencies have issued a warning about BRICKSTORM, an advanced backdoor malware written in Go, which is designed to target government entities and IT industry organizations. Reports indicate that state-sponsored threat actors have been using this tool to infiltrate networks and maintain long-term persistence for espionage operations, with activity observed […]
514/68 Tuesday, December 9, 2025 Hundreds of Porsche cars in Russia became inoperable due to a malfunction in the factory-installed satellite security system, which caused sudden fuel cut-offs and unexpected engine shutdowns. When the Vehicle Tracking System (VTS) module lost connectivity, the cars were at risk of being automatically immobilized. According to the Rolf service […]
513/68 Tuesday, December 9, 2025 Portugal has announced a major update to its computer crime legislation by adding a new provision, Article 8.o-A, titled “Acts Not Considered Offenses Due to Public Interest in Cybersecurity.” The amendment establishes a legal safe harbor for cybersecurity researchers or white-hat hackers who perform system testing with good intentions. Actions […]
512/68 Monday, December 8, 2025 systems, with ongoing login attempts and network scanning activities. The attacks originate from over 7,000 IP addresses, many of which are linked to hosting infrastructure based in Germany, and have since expanded to target the SonicWall SonicOS API. Analysis indicates that attackers initially attempted to access GlobalProtect through brute-force password […]
511/68 Monday, December 8, 2025 A critical vulnerability in Apache Tika, tracked as CVE-2025-66516 with a maximum CVSS score of 10.0, enables attackers to perform XML External Entity (XXE) Injection across multiple components, including the core module (tika-core), the PDF module (tika-pdf-module), and the parser module (tika-parsers). Attackers can embed a crafted XFA file inside […]
510/68 Monday, December 8, 2025 Cybersecurity researchers have confirmed that the critical React2Shell (CVE-2025-55182) vulnerability is being actively exploited, exposing systems using React Server Components and related frameworks such as Next.js to unauthenticated remote code execution (RCE) via a single crafted HTTP request. At least 30 organizations worldwide have been compromised, and more than 77,000 […]
509/68 Thursday, December 4, 2025 The GlassWorm supply-chain attack campaign has resurfaced, leveraging the Microsoft Visual Studio Marketplace and the Open VSX platform to distribute more than 24 malicious extensions. These extensions impersonate popular developer tools, including Flutter, React, Tailwind, and Vue, in an attempt to trick developers into installing them. GlassWorm was first uncovered […]
508/68 Thursday, December 4, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, a list of security flaws that have been confirmed as actively exploited in the wild and are subject to mandatory remediation timelines for government agencies. The newly added vulnerabilities […]
507/68 Thursday, December 4, 2025 South Korean police have arrested four individuals accused of hacking more than 120,000 internet-connected IP cameras across the country, including cameras installed in private residences and commercial buildings. The group allegedly stole live footage and recorded videos of victims’ private activities and sold the content to pornographic websites hosted abroad […]
506/68 Wednesday, December 3, 2025 Coupang, South Korea’s largest e-commerce company, has disclosed a major data breach affecting more than 33.7 million user accounts. The leaked data includes customer names, phone numbers, email addresses, physical addresses, and purchase histories. The company detected suspicious activity on November 18, and further investigation revealed that the intrusion may […]
