Threat Attack Update for the 9th of December 2025
Threat Attack Update for the 9th of December 2025
Aggregator
Ransomware Attack Update for the 9th of December 2025
2 weeks 6 days ago
Ransomware Attack Update for the 9th of December 2025
Dark Web Informer
SAP fixes three critical vulnerabilities across multiple products
2 weeks 6 days ago
SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. [...]
Bill Toulas
Sinobi
2 weeks 6 days ago
You must login to view this content
cohenido
Microsoft Fixes Exploited Zero Day in Light Patch Tuesday
2 weeks 6 days ago
Proof-of-concept exploit code is publicly available for two other flaws in this month's Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year.
Jai Vijayan, Contributing Writer
Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft
2 weeks 6 days ago
Varonis threat analysts warn about Spiderman, a dangerous new kit that automates attacks against European banks and crypto customers, stealing a victim’s full identity profile.
Deeba Ahmed
Ivanti warns customers of new EPM flaw enabling remote code execution
2 weeks 6 days ago
Ivanti warns users to address a newly disclosed Endpoint Manager vulnerability that could let attackers execute code remotely. Software firm Ivanti addressed a newly disclosed vulnerability, tracked as CVE-2025-10573 (CVSS score 9.6), in its Endpoint Manager (EPM) solution. The vulnerability is a Stored XSS that could allow a remote unauthenticated attacker to execute arbitrary “Stored […]
Pierluigi Paganini
Qilin
2 weeks 6 days ago
You must login to view this content
cohenido
The Dark Web Economy Behind Ad Fraud: What Marketers Don’t See
2 weeks 6 days ago
Ad fraud networks use bots, deepfakes and spoofed traffic to drain PPC budgets. This report shows how fake clicks distort performance data.
Owais Sultan
California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
2 weeks 6 days ago
Evan Tangeman became the ninth person to plead guilty as part of a wider Justice Department takedown of a criminal group known as the Social Engineering Enterprise.
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
2 weeks 6 days ago
The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. Attackers maliciously modified hundreds of publicly available packages, targeting developer environments, continuous integration and continuous delivery (CI/CD) pipelines, and cloud-connected workloads to harvest credentials and configuration secrets. The Shai‑Hulud 2.
The post Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack appeared first on Microsoft Security Blog.
Microsoft Defender Security Research Team
Organizations can now buy cyber insurance that covers deepfakes
2 weeks 6 days ago
Cybersecurity insurer Coalition said it will start covering certain incidents where AI and deepfakes lead to reputational harm.
The post Organizations can now buy cyber insurance that covers deepfakes appeared first on CyberScoop.
djohnson
Joint cyber security advisory on pro-Russia hacktivists conducting opportunistic attacks on global critical infrastructure
2 weeks 6 days ago
Canadian Centre for Cyber Security
Microsoft security advisory – December 2025 monthly rollup (AV25-822)
2 weeks 6 days ago
Canadian Centre for Cyber Security
Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day
2 weeks 6 days ago
Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.
The post Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day appeared first on CyberScoop.
Matt Kapko
LeakNet
2 weeks 6 days ago
You must login to view this content
cohenido
VMware security advisory (AV25-820)
2 weeks 6 days ago
Canadian Centre for Cyber Security
Windows PowerShell now warns when running Invoke-WebRequest scripts
2 weeks 6 days ago
Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. [...]
Sergiu Gatlan
Mozilla security advisory (AV25-819)
2 weeks 6 days ago
Canadian Centre for Cyber Security
Sinobi
2 weeks 6 days ago
You must login to view this content
cohenido