ICYMI: 2025-12-12
Latest Headlines
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
In Other News: PromptPwnd Attack, macOS Bounty Complaints, Chinese Hackers Trained in Cisco Academy
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking
$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits
Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3
New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials
New Research Details on What Happens to Data Stolen in a Phishing Attack
Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels
New AiTM Attack Campaign That Bypasses MFA Targeting Microsoft 365 and Okta Users
Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis
CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems
New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI
NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems
Apple fixes two zero-day flaws exploited in ‘sophisticated’ attacks
Coupang data breach traced to ex-employee who retained system access
Fake ‘One Battle After Another’ torrent hides malware in subtitles
Kali Linux 2025.4 released with 3 new tools, desktop updates
New Windows RasMan zero-day flaw gets free, unofficial patches
MITRE shares 2025’s top 25 most dangerous software weaknesses
MKVCinemas streaming piracy service with 142M visits shuts down
– MTZ