Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan

Cybersecurity firm Ontinue reveals how the open-source tool Nezha is being used as a Remote Access Trojan RAT to bypass security and control servers globally...

How an LMS Cloud Model Supports Scalable Learning

There's a new era for training and development programs, making the LMS Learning Management System cloud model the…...

Insider Threat: Hackers Paying Company Insiders to Bypass Security

A new report from Check Point Research reveals a growing trend of cyber criminals recruiting employees at banks, telecoms, and tech giants. Learn how hackers use the darknet and Telegram to offer payouts up to $15,000 for internal access to companies like Apple, Coinbase, and the Federal Reserve...

DevOps and Cybersecurity: Building a New Line of Defense Against Digital Threats

Learn how DevOps and DevSecOps strengthen cybersecurity through automation, CI/CD, and secure DevOps development services...

FBI Seizes Fake ID Template Domains Operating from Bangladesh

US authorities have charged Zahid Hasan with running TechTreek, a $2.9 million online marketplace selling fake ID templates. The investigation, involving the FBI and Bangladesh police, uncovered a global scheme selling fraudulent passports and social security cards to over 1,400 customers...

Keyboard Lag Leads Amazon to North Korean Impostor in Remote Role

Amazon Security Chief explains how a subtle keyboard delay exposed a North Korean impostor. Read about the laptop farm scheme and how 110 milliseconds of lag ended a major corporate infiltration...

Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response

Torrance, United States / California, 19th December 2025, CyberNewsWire...

Docker Fixes ‘Ask Gordon’ AI Flaw That Enabled Metadata-Based Attacks

Pillar Security has identified a critical indirect prompt injection vulnerability in Docker’s ‘Ask Gordon’ assistant. By poisoning metadata on Docker Hub, attackers could bypass security to exfiltrate private build logs and chat history. Discover how the "lethal trifecta" enabled this attack and...

The Asset Layer of the Web: Tokenization Is Becoming Finance’s New Backend Infrastructure

Crypto’s public image lagged reality. Stablecoins, tokenization, and regulation now power a blockchain backend settling global finance at institutional scale...

INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling

Cary, North Carolina, USA, 18th December 2025, CyberNewsWire...

Lazarus Group Embed New BeaverTail Variant in Developer Tools

North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts...

Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets

SafeBreach reports the resurgence of the Iranian APT group Prince of Persia Infy. Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada...

Why Organizations Need to Modify Their Cybersecurity Strategy for 2026

Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every…...

FBI Seizes Crypto Laundering Hub E-Note Linked to Russian Admin

The FBI and international police have shut down E-Note, a cryptocurrency exchange that laundered over $70 million for cybercriminals. Read about the indictment of a Russian and how the global task force ended his decade-long operation...

France Arrests 22 Year Old After Hack of Interior Ministry Systems

France confirms a cyberattack on its Interior Ministry as a 22-year-old is arrested. Hacker claims access to police, tax, and criminal record systems...

The Cybersecurity Side of AI Crypto Bots: What Users Need to Know

Many crypto investors remain sceptical about using AI in their trading. They are aware that the technology exists,…...

14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data

ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data...

10 Best AI Video Enhancers in 2025 to Instantly Boost Video Quality

Looking for the best AI video enhancer in 2025? Explore top AI tools to upscale videos, restore clarity, reduce noise, and achieve stunning 4K quality in just a few clicks...

New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware

Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe...

Hackers Claim Stealing 94GB of Pornhub Premium User Watch Histories

Cybercriminal group ShinyHunters targets former Pornhub Premium users in a massive 94GB data extortion campaign. Learn about the stolen data details, the involvement of a smishing attack, and the conflicting reports on the breach...

SoundCloud Hit by Cyberattack, Breach Affects 20% of its Users

SoundCloud confirms a breach affecting an estimated 20% of users, resulting in stolen email addresses. The company is dealing with follow-up DoS attacks by unnamed attackers while media reports allege involvement of ShinyHunters...

Amazon: Russian GRU hackers favor misconfigured devices over vulnerabilities

Amazon Threat Intelligence reports Russian GRU hackers are increasingly breaking into critical infrastructure by abusing misconfigured devices instead of exploiting software vulnerabilities...

JumpCloud Remote Assist Flaw Lets Users Gain Full Control of Company Devices

A critical vulnerability CVE-2025-34352 found by XM Cyber in the JumpCloud Remote Assist for Windows agent allows local users to gain full SYSTEM privileges. Businesses must update to version 0.317.0 or later immediately to patch the high-severity flaw...

Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026

Frankfurt am Main, Germany, 16th December 2025, CyberNewsWire...

700Credit Data Breach Impacts Millions of Car Owners

US auto loan service 700Credit confirms a data breach exposed names, addresses, and Social Security numbers of dealership customers. Free credit monitoring is offered...

GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware

A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as…...

16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records

Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII...

Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices

New report by Unit 42 reveals the Hamas-linked Ashen Lepus WIRTE group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics...

Coupang CEO Steps Down After Data Breach Hits 33.7 Million Users

South Korean e-commerce giant Coupang faces intense scrutiny after CEO Park Dae-jun resigns over a data breach that exposed 33.7 million customer accounts. Read about the police raids, US lawsuit, and regulatory orders from PIPC...

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 React2Shell, a vulnerability in React…...

UK’s ICO Fine LastPass £1.2 Million Over 2022 Security Breach

UK's ICO fines LastPass £1.2M for the 2022 data breach that exposed 1.6 million users’ data. Learn how a flaw in an employee's personal PC led to the massive security failure...

Fake Microsoft Teams and Google Meet Downloads Spread Oyster Backdoor

The Oyster backdoor also known as Broomstick is targeting the financial world, using malicious search ads for PuTTY, Teams, and Google Meet...

Development Team Augmentation: A Strategic Approach for High-Performance Teams

Scale software teams fast with development team augmentation. Learn when it works best, key models, common mistakes, and how to choose the right partner...

New PyStoreRAT Malware Targets OSINT Researchers Through GitHub

A new malware called PyStoreRAT is being through fake OSINT tools on GitHub targeting IT and OSINT pros. Read Morphisec's report detailing how it uses AI and evades security...

What Happens Inside PDFAid in Seconds: From Upload to Download

Disclosure: This article was submitted by PDFAid for publication...

Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files

VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file...

New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera

Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC...

1inch Named Exclusive Swap Provider at Launch for Ledger Multisig

Road Town, British Virgin Islands, 11th December 2025, CyberNewsWire...

Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks

Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services...

INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps

Cary, North Carolina, USA, 11th December 2025, CyberNewsWire...

Top 10 Data Anonymization Solutions for 2026

Every business today has to deal with private information – whether it is about customers, employees, or financial…...

CastleLoader Malware Now Uses Python Loader to Bypass Security

Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory...

Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla

Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users...

North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits

Sysdig discovered North Korea-linked EtherRAT, a stealthy new backdoor using Ethereum smart contracts for C2 after exploiting the critical React2Shell vulnerability CVE-2025-55182...

Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group

Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty...

New Portuguese Law Shields Ethical Hackers from Prosecution

Portugal updates its cybercrime law Decree Law 125/2025 to grant ethical hackers a 'safe harbour' from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to the CNCS, and how other nations are following this trend...

Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft

Varonis threat analysts warn about Spiderman, a dangerous new kit that automates attacks against European banks and crypto customers, stealing a victim’s full identity profile...

The Dark Web Economy Behind Ad Fraud: What Marketers Don’t See

Ad fraud networks use bots, deepfakes and spoofed traffic to drain PPC budgets. This report shows how fake clicks distort performance data...

Police Dismantle EUR 700 Million Crypto Scam That Used Deepfakes

Europol and Eurojust led a massive international police operation that successfully dismantled a crypto fraud network that laundered over €700M using deepfake ads...

New GeminiJack 0-Click Flaw in Gemini AI Exposed Users to Data Leaks

Google AI systems Gemini Enterprise had a critical 'GeminiJack' security flaw allowing attackers to steal Gmail, Docs, and Calendar data with no clicks...