Stay on top of cybersecurity news with curated feeds spanning tools, breaches, ransomware, CTF events, exploits, and more.
📰 News
-
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
Latest Newsroom — Sat, 13 Dec 2025 12:33:00 +0000CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks Read more Published Date: Dec 13, 2025 (53 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-66516 CVE-2025-0108 CVE-2024-12856 CVE-2024-9474 CVE-2024-0012 CVE-2018-4063
-
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
The Hacker News — Sat, 13 Dec 2025 18:03:00 +0530The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an...
-
React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners
Latest Newsroom — Sat, 13 Dec 2025 08:49:12 +0000React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners Read more Published Date: Dec 13, 2025 (4 hours, 36 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-8110 CVE-2025-55182
-
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
Latest Newsroom — Sat, 13 Dec 2025 05:32:00 +0000Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild Read more Published Date: Dec 13, 2025 (7 hours, 54 minutes ago) Vulnerabilities has been mentioned in this article.
-
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
The Hacker News — Sat, 13 Dec 2025 11:02:00 +0530Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below...
-
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
Latest Newsroom — Sat, 13 Dec 2025 02:44:13 +0000Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users Read more Published Date: Dec 13, 2025 (10 hours, 41 minutes ago) Vulnerabilities has been mentioned in this article.
-
Apache Airflow Flaws Leak Sensitive Credentials in UI via DAG Tracebacks & Template Rendering
Latest Newsroom — Sat, 13 Dec 2025 02:04:58 +0000Apache Airflow Flaws Leak Sensitive Credentials in UI via DAG Tracebacks & Template Rendering Read more Published Date: Dec 13, 2025 (11 hours, 21 minutes ago) Vulnerabilities has been mentioned in this article.
-
Apple fixes two zero-day flaws exploited in 'sophisticated' attacks
BleepingComputer — Fri, 12 Dec 2025 18:23:25 -0500Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. [...]
-
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
The Hacker News — Sat, 13 Dec 2025 00:20:00 +0530Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few...
-
Coupang data breach traced to ex-employee who retained system access
BleepingComputer — Fri, 12 Dec 2025 13:28:30 -0500A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. [...]
-
Fake ‘One Battle After Another’ torrent hides malware in subtitles
BleepingComputer — Fri, 12 Dec 2025 12:12:47 -0500A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. [...]
-
Kali Linux 2025.4 released with 3 new tools, desktop updates
BleepingComputer — Fri, 12 Dec 2025 10:27:16 -0500Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support. [...]
-
Shadow spreadsheets: The security gap your tools can’t see
BleepingComputer — Fri, 12 Dec 2025 10:01:11 -0500When official systems can't support everyday workflows, employees turn to spreadsheets — creating "shadow spreadsheets" that circulate unchecked. Grist shows how these spreadsheets expose sensitive data, create version sprawl, and remove the audit trails security teams depend on. [...]
-
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
The Hacker News — Fri, 12 Dec 2025 19:34:00 +0530Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture...
-
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
The Hacker News — Fri, 12 Dec 2025 15:48:00 +0530The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often by copying/pasting...
-
User Scanner: Scan a username across multiple social, developer, gaming and creator platforms to see if it’s available
OSINT - Dark Web Informer — Thu, 11 Dec 2025 20:06:04 GMTUser Scanner: Scan a username across multiple social, developer, gaming and creator platforms to see if it’s available
-
GitHub: Threat Actor Usernames Scrape
OSINT - Dark Web Informer — Thu, 11 Dec 2025 19:14:53 GMTGitHub: Threat Actor Usernames Scrape
-
React2Shell — The Day 5 Reality Check
Brandefense — Wed, 10 Dec 2025 14:38:36 +0000React2Shell (CVE-2025-55182) is a pre-auth RCE vulnerability in React Server Components with a CVSS 10.0 score. This blog examines the first five days after disclosure, how attackers weaponized it, and the urgent actions organizations must take to reduce exposure. The post React2Shell — The Day 5 Reality Check...
-
TraderTraitor: North Korea’s Crypto Heist Machine
Brandefense — Sat, 06 Dec 2025 10:34:40 +0000TraderTraitor—also known as Jade Sleet and UNC4899—is one of North Korea’s most aggressive financial APT groups. Responsible for major crypto thefts, including the $1.5B ByBit hack, it targets blockchain developers, exchanges, and fintech firms worldwide. The post TraderTraitor: North Korea’s Crypto Heist Machine...
-
Handala: The Rise of a Decentralized Pro-Palestinian Hacktivist Collective
Brandefense — Fri, 05 Dec 2025 07:05:00 +0000Handala is a pro-Palestinian hacktivist collective active since 2022, conducting defacements, DDoS attacks, and politically motivated data leaks targeting Israeli, U.S., and Western entities during regional conflicts. The post Handala: The Rise of a Decentralized Pro-Palestinian Hacktivist Collective appeared first...
-
Moonlight Tiger (APT-C-09, Patchwork, Dropping Elephant): India’s Silent Espionage Arm in the Digital Battlefield
Brandefense — Thu, 04 Dec 2025 01:40:00 +0000Moonlight Tiger (APT-C-09) is a long-running India-linked cyber-espionage group conducting spearphishing, modular malware campaigns, and intelligence-gathering operations across South and East Asia. Targeting government, defense, academic, and foreign policy institutions, the group continues to evolve through...
-
WebSift: An Open-Source OSINT Tool for Web-Based Threat Hunting
OSINT - Dark Web Informer — Wed, 03 Dec 2025 13:47:00 GMTWebSift: An Open-Source OSINT Tool for Web-Based Threat Hunting
-
Inside WageMole: North Korea’s Fusion of Cybercrime and Espionage
Brandefense — Wed, 03 Dec 2025 10:06:07 +0000WageMole is a North Korean APT active since 2018, operating at the intersection of cyber-espionage and financial theft. The group targets cryptocurrency, fintech, and defense sectors using fake recruiters, supply-chain attacks, and AI-enhanced phishing. Learn how this hybrid threat operates. The post Inside...
-
Scilla: Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
OSINT - Dark Web Informer — Tue, 05 Aug 2025 17:19:27 GMTScilla: Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
-
OSGINT: OSINT tool to find informations about a github user (email2username, username2email, creation date ...)
OSINT - Dark Web Informer — Sat, 02 Aug 2025 20:17:14 GMTOSGINT: OSINT tool to find informations about a github user (email2username, username2email, creation date ...)