ICO Fines LastPass UK £1.2m For Data Breach
The Information Commissioner’s Office (ICO) has fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information…
Month: December 2025
MITRE shares 2025’s top 25 most dangerous software weaknesses
MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June…
Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware
A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the…
Swissbit adds HID Seos to iShield Key 2
Swissbit is expanding its portfolio of multi-application security keys with the launch of the iShield Key 2, introducing a new variant featuring HID Seos, one…
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
Dec 12, 2025Ravie LakshmananSoftware Security / Vulnerability The React team has released fixes for two new types of flaws in React Server Components (RSC) that,…
Cyberattack On Russia Disrupts Digital Military Draft System
A cyberattack on Russia has reportedly targeted Russia’s digital military draft system. According to Grigory Sverdlin, head of the draft-dodging nonprofit Idite Lesom, anonymous hackers…
Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges
Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474,…
New infosec products of the week: December 12, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Apptega, Backslash Security, BigID, Black Kite, Bugcrowd, NinjaOne, Nudge Security,…
CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks
An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its…
Severe Flaws in React Server Components Enable DoS Attacks and Code Exposure
Security researchers have disclosed two new vulnerabilities in React Server Components that expose servers to Denial-of-Service (DoS) attacks and to source code leaks. These flaws…
LLM privacy policies keep getting longer, denser, and nearly impossible to decode
People expect privacy policies to explain what happens to their data. What users get instead is a growing wall of text that feels harder to…
Microsoft Expands Bug Bounty With In Scope By Default
Microsoft Corp. has announced a major update to its bug bounty program, extending coverage to include any vulnerability affecting its online services. This new framework,…