[ News | Newsletters | Blogs | Reddits | Lists | Media | Jobs ] HoneyDB
DarkReading
Cisco VPNs, Email Services Hit in Separate Threat Campaigns
LongNosedGoblin Caught Snooping on Asian Governments
Identity Fraud Among Home-Care Workers Puts Patients at Risk
A Good Year for North Korean Cybercriminals
A Cybersecurity Playbook for AI Adoption
SonicWall Edge Access Devices Hit by Zero-Day Attacks
Dormant Iran APT is Still Alive, Spying on Dissidents
Critical Fortinet Flaws Under Active Attack
In Cybersecurity, Claude Leaves Other LLMs in the Dust
'Cellik' Android RAT Leverages Google Play Store
Ars Technica
OpenAI’s new ChatGPT image generator makes faking photos easy
Browser extensions with 8 million users collect extended AI conversations
Merriam-Webster’s word of the year delivers a dismissive verdict on junk AI content
Microsoft will finally kill obsolete cipher that has wreaked decades of havoc
Roomba maker iRobot swept into bankruptcy
OpenAI built an AI coding agent and uses it to improve the agent itself
OpenAI releases GPT-5.2 after “code red” Google threat alert
Disney invests $1 billion in OpenAI, licenses 200 characters for AI video app Sora
Oracle shares slide on $15B increase in data center spending
A new open-weights AI coding model is closing in on proprietary options
CyberScoop
Ukrainian national pleads guilty to Nefilim ransomware attacks
Former incident responders plead guilty to ransomware attack spree
FBI says ‘ongoing’ deepfake impersonation of U.S. gov officials dates back to 2023
Policymakers grapple with fallout from Chinese AI-enabled hack
Cisco customers hit by fresh wave of zero-day attacks from China-linked APT
U.S. Sentencing Commission seeks input on criminal penalties for deepfakes
Senate Intel chair urges national cyber director to safeguard against open-source software threats
React2Shell fallout spreads to sensitive targets as public exploits hit all-time high
DOJ announces takedown of alleged laundering platform used by cybercriminal groups
Illusory Systems settles with FTC over 2022 cryptocurrency hack
HITBSecNews
Found on VirusTotal: The world’s first UEFI bootkit for Linux
OpenAI is at war with its own Sora video testers following brief public leak
North Korean hackers posing as IT workers steal over $1B in cyberattack
WhatsApp: NSO Group Operates Pegasus Spyware for Customers
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
CISA Director Jen Easterly, in Place Since 2021, to Step Down
Man sick of crashes sues Intel for allegedly hiding CPU defects
North Korean hackers target cryptocurrency with malware
Law enforcement operation takes down 22,000 malicious IP addresses worldwide
Youth of today say passwords are old news, passkeys are the future
ZDNet
This simple monitor adjustment is the productivity upgrade I deeply regret not doing sooner
5 ways Lenovo's AI strategy can deliver real results for you too
Verizon will give you a free Nintendo Switch for just a few more days - here's how to qualify
Want to unplug for the holidays? I bricked my iPhone to prevent doomscrolling - and it actually worked
This Bluetooth tracker that replaced my AirTags has more features at a cheaper price
I didn't expect a retro amp to sound this accurate across every genre - but this one nails it
Can't hear TV dialogue? This portable soundbar worked wonders for my audio (at a low price)
How to disable ACR on your TV (and why you should do it ASAP)
Buying your next Windows laptop? This Lenovo with a tandem OLED display is my top pick
Attention, shoppers: Visa has a plan to tell real agents from bad bots
The Hacker News
U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft
BleepingComputer
Microsoft confirms Teams is down and messages are delayed
Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock
Over 25,000 FortiCloud SSO devices exposed to remote attacks
Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response
Denmark blames Russia for destructive cyberattack on water utility
New critical WatchGuard Firebox firewall flaw exploited in attacks
FTC: Instacart to refund $60M over deceptive subscription tactics
Windows 10 OOB update released to fix Message Queuing (MSMQ) issues
Cybersecurity Dive
State-linked and criminal hackers use device code phishing against M365 users
Rockrose Development suffers security breach affecting 47,000 people
Top lawmaker asks White House to address open-source software risks
Surge of credential-based hacking targets Palo Alto Networks GlobalProtect
China-linked hackers exploit insecure setting in Cisco security products
NIST adds to AI security guidance with Cybersecurity Framework profile
FortiGate devices targeted with malicious SSO logins
React2Shell attacks expand widely across multiple sectors
Russia-linked hackers breach critical infrastructure organizations via edge devices
Cybersecurity concerns are paramount among executives in almost all roles, regions and industries
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
ATM jackpotting gang accused of unleashing Ploutus malware across US
WatchGuard sounds alarm as critical Firebox flaw comes under active attack
Sydney Uni data goes walkabout after criminals raid code repo
HPE tells customers to patch fast as OneView RCE bug scores a perfect 10
Ministers confirm breach at UK Foreign Office but details remain murky
Faith in the internet is fading among young Brits
AI and cybersecurity: Two sides of the same coin
China turns on a vast experimental network it says is an heir to ARPANET
Amazon blocked 1,800 suspected North Korean scammers seeking jobs
Your car’s web browser may be on the road to cyber ruin
VentureBeat
Enterprise AI coding grows teeth: GPT‑5.2‑Codex weaves security into large-scale software refactors
Echo raises $35M to secure the enterprise cloud's base layer — container images — with autonomous AI agents
Anthropic vs. OpenAI red teaming methods reveal different security priorities for enterprise AI
AI models block 87% of single attacks, but just 8% when attackers persist
Hybrid cloud security must be rebuilt for an AI war it was never designed to fight
Prompt Security's Itamar Golan on why generative AI security requires building a category, not a feature
DeepSeek injects 50% more security bugs when prompted with Chinese political triggers
TechCrunch
Hundreds of Cisco customers are vulnerable to new Chinese hacking campaign, researchers say
Hacks, thefts, and disruption: The worst data breaches of 2025
Tech provider for NHS England confirms data breach
Cisco says Chinese hackers are exploiting its customers with a new zero-day
Hacking group says it’s extorting Pornhub after stealing users’ viewing data
Google and Apple roll out emergency security updates after zero-day attacks
Data breach at credit check giant 700Credit affects at least 5.6 million
Home Depot exposed access to internal systems for a year, says researcher
Flaw in photo booth maker’s website exposes customers’ pictures
Security flaws in Freedom Chat app exposed users’ phone numbers and PINs
Network World Security
WatchGuard fixes ‘critical’ zero-day allowing firewall takeover
Attackers bring their own passwords to Cisco and Palo Alto VPNs
Cisco: Latest news and insights
Snowflake software update caused 13-hour outage across 10 regions
HPE OneView vulnerable to remote code execution attack
Networking terms and definitions
Breaking the ransomware kill chain: Why distributed lateral security is no longer optional
Cisco confirms zero-day exploitation of Secure Email products
The state of open-source networking: Foundations and technologies driving today’s networks
Cisco defines AI security framework for enterprise protection
Help Net Security
AI isn’t one system, and your threat model shouldn’t be either
LLMs work better together in smart contract audits
Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management
Identity risk is changing faster than most security teams expect
New infosec products of the week: December 19, 2025
Crypto theft in 2025: North Korean hackers continue to dominate
Apiiro unveils AI SAST built on deep code analysis to eliminate false positives
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring
AppGate extends zero trust to secure AI workloads with Agentic AI Core Protection
Microsoft 365 users targeted in device code phishing attacks
InfoSecurity Magazine
Denmark Blames Russia for "Destructive" Cyber-Attacks
US Charges 54 in Massive ATM Jackpotting Conspiracy
FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime
OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365
North Korea Steals Over $2bn in Crypto in 2025
New BeaverTail Malware Variant Linked to Lazarus Group
HMRC Warns of Over 135,000 Scam Reports
Motors WordPress Vulnerability Exposes Sites to Takeover
New “Lies-in-the-Loop” Attack Undermines AI Safety Dialogs
ISACA Named Global Credentialing Authority for DoD’s CMMC Program
© 2025 RiskDiscovery | Sponsored by: Deception Logic