The US Won’t Sanction China for Salt Typhoon Hacking
An AI image creator startup left its database unsecured, exposing more than a million images and videos its users had created—the “overwhelming majority” of which…
Month: December 2025
Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data
Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised…
Over 644,000 Domains Exposed to Critical React Server Components Vulnerability
The Shadowserver Foundation has released alarming new data regarding the exposure of web applications to CVE-2025-55182, a critical vulnerability affecting React Server Components. Following significant…
2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’
To try to determine the probability of those name repetitions being a coincidence, Cary checked two databases of Chinese names and consulted with Yi Fuxian,…
Microsoft Releases New Guidance to Combat the Shai-Hulud 2.0 Supply Chain Threat
Microsoft has published comprehensive guidance addressing the Shai-Hulud 2.0 supply chain attack, one of the most significant cloud-native ecosystem compromises observed in recent months. The…
North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits – Hackread – Cybersecurity News, Data Breaches, AI, and More
A team of cybersecurity researchers at Sysdig, a firm specialising in protecting cloud and container-based apps, has found a new malware called EtherRAT being deployed…
December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices
These updates from Microsoft fix serious security issues, including three that attackers are already exploiting to take control of Windows systems. In total, the security…
React Server Components crisis escalates as security teams respond to compromises
Security teams on Tuesday said they are responding to a rising number of potential compromises linked to a critical vulnerability in React Server Components. The…
New Spiderman Phishing Kit Lets Attackers Create Malicious Bank Login Pages in Few Clicks
A sophisticated new phishing framework dubbed “Spiderman” has emerged in the cybercrime underground, dramatically lowering the barrier to entry for financial fraud. This toolkit, observed…
Gemini Zero-Click Flaw Let Attackers Access Gmail, Calendar, and Google Docs
A critical vulnerability in Google Gemini Enterprise and Vertex AI Search, dubbed GeminiJack, that allows attackers to exfiltrate sensitive corporate data without any user interaction or…
How digital twins are helping people with motor neurone disease speak
An initiative by a UK-based charity, supported by technology companies and universities, has developed an artificial intelligence (AI)-powered digital twin that allows people with communications…
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea Pierluigi Paganini December 10, 2025 NK-linked hackers are likely exploiting the React2Shell flaw to…