State-linked and criminal hackers use device code phishing against M365 users
Multiple threat groups have been ramping up attacks using a technique called device code phishing to trick users into granting access to their Microsoft 365…
Month: December 2025
‘Sensitive’ data stolen in Westminster City Council cyber attack
Westminster City Council has said that “potentially sensitive and personal” data was stolen by hackers during the cyber attack that hit three neighbouring London authorities…
Rockrose Development suffers security breach affecting 47,000 people
Dive Brief: Apartment owner and developer Rockrose Development Corp. recently found that unauthorized individuals hacked its systems and claimed to have acquired confidential information, according…
New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock
The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory…
Scripted Sparrow Uses Automation to Generate and Send their Attack Messages
Scripted Sparrow is a newly identified Business Email Compromise (BEC) group operating across three continents. Their operations are vast, leveraging significant automation to generate and…
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of…
AI safeguards improving, says UK government-backed body
The safeguards in place to ensure that artificial intelligence (AI) models behave appropriately and as intended appear to be improving, or so claims the UK…
Over 25,000 FortiCloud SSO devices exposed to remote attacks
Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability.…
Cloud Atlas Hacker Group Exploiting Office Vulnerabilities to Execute Malicious Code
The Cloud Atlas advanced persistent threat group has continued its sophisticated campaign targeting organizations across Eastern Europe and Central Asia during the first half of…
OpenAI’s GPT-5.2 Codex Boosts Agentic Coding and Cyber Vulnerability Detection
OpenAI has officially released GPT-5.2-Codex, marking a significant leap forward in AI-driven software engineering and defensive cybersecurity. Described as the most advanced “agentic” coding model to…
Iranian Nation-State APT Targeting Networks and Critical Infrastructure Organizations
Iranian state-sponsored threat actors, commonly tracked as “Prince of Persia,” have resurfaced with a sophisticated cyberespionage campaign targeting global critical infrastructure and private networks. Active…
University of Sydney Suffers Cyberattack, Student and Staff Data Exposed
The University of Sydney has alerted its community to a significant cybersecurity breach involving the unauthorized access of a code library. The incident, confirmed by…