Hackers Exploit AWS IAM Eventual Consistency for Persistence
A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders…
Month: December 2025
US Contributes to 44% of Cyber Attacks; Public Administration Targeted for Financial Gains
Global cybercrime is accelerating toward a projected cost of 15.63 trillion dollars by 2029, up from an estimated 10.5 trillion dollars today, as criminals exploit…
Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478) — API Security
The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit,…
Major drug research company confirms cyberattack compromised employee and partner data
Listen to the article 2 min This audio is auto-generated. Please let us know if you have feedback. The pharmaceutical research company Inotiv has confirmed…
Defense bill addresses secure phones, AI training, cyber troop mental health
The Defense Department would require that senior leaders have secure mobile phones, that personnel would get cybersecurity training that includes a focus on artificial intelligence…
New GhostFrame Super Stealthy Phishing Kit Attacks Millions of Users Worldwide
A sophisticated new phishing kit called GhostFrame has already been used to launch over 1 million attacks. First discovered in September 2025 by Security researchers…
Hackers Exploit Multiple Ad Networks to Distribute Triada Malware to Android Users
Adex, the anti-fraud and traffic-quality platform operating under AdTech Holding, has successfully identified and neutralized a sophisticated, multi-year malware operation linked to the infamous Triada…
How phishers hide banking scams behind free Cloudflare Pages
During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and…
How police live facial recognition subtly reconfigures suspicion
Police use of live facial recognition (LFR) technology reconfigures suspicion in subtle yet important ways, undermining so-called human-in-the-loop safeguards. Despite the long-standing controversies surrounding police…
Oracle EBS zero-day used by Clop to breach Barts Health NHS
Oracle EBS zero-day used by Clop to breach Barts Health NHS Pierluigi Paganini December 08, 2025 Clop ransomware stole data from Barts Health NHS after…
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
QuasarRAT, initially surfacing in 2014 under the alias xRAT, began its lifecycle as a legitimate remote administration tool for Windows environments. Over the last decade,…
Apple, Google, and Samsung May Soon Activate Always-On GPS in India
India’s government is considering a controversial proposal that could require smartphone manufacturers to enable satellite location tracking on all devices permanently. The plan has sparked…