Author: Andy Stern
-
Organizations can now buy cyber insurance that covers deepfakes
Cybersecurity insurer Coalition said it will start covering certain incidents where AI and deepfakes lead to reputational harm. First seen on cyberscoop.com Jump to article: cyberscoop.com/url-coalition-cybersecurity-insurance-coverage-deepfakes-reputational-harm/
-
Microsoft patched over 1,100 CVEs in 2025
The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to over 1,100. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636275/Microsoft-patched-over-1100-CVEs-in-2025
-
Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft
Varonis threat analysts warn about Spiderman, a dangerous new kit that automates attacks against European banks and crypto customers, stealing a victim’s full identity profile. First seen on hackread.com Jump to article: hackread.com/spiderman-phishing-kit-european-banks-credential-theft/
-
Synthetic Businesses: the New Billion-Dollar Fraud Machine
Weak State Controls and AI-Generated Documents Fuel Surge in Synthetic Entity Fraud. Fraudsters are exploiting weak state controls to create synthetic businesses for less than $150, with potential payouts of more than $100,000 for each fake identity. Synthetic entity fraud has rapidly shifted from a niche threat to a mainstream risk, said Dun & Bradstreet’s…
-
Organizations can now buy cyber insurance that covers deepfakes
Cybersecurity insurer Coalition said it will start covering certain incidents where AI and deepfakes lead to reputational harm. First seen on cyberscoop.com Jump to article: cyberscoop.com/url-coalition-cybersecurity-insurance-coverage-deepfakes-reputational-harm/
-
European Commission Probes Google AI Summaries
Regulators Question Whether Google Compensates Publishers for Auto Summaries. Google faces a fresh probe into its competitive practices after the European Union said it will investigate the search engine giant’s propensity to convert web content into fuel for its artificial intelligence models. The commission said the investigation is a matter of priority. First seen on…
-
The Dark Web Economy Behind Ad Fraud: What Marketers Don’t See
Ad fraud networks use bots, deepfakes and spoofed traffic to drain PPC budgets. This report shows how fake clicks distort performance data. First seen on hackread.com Jump to article: hackread.com/ad-fraud-dark-web-economy-market/
-
European Commission Probes Google AI Summaries
Regulators Question Whether Google Compensates Publishers for Auto Summaries. Google faces a fresh probe into its competitive practices after the European Union said it will investigate the search engine giant’s propensity to convert web content into fuel for its artificial intelligence models. The commission said the investigation is a matter of priority. First seen on…
-
The Dark Web Economy Behind Ad Fraud: What Marketers Don’t See
Ad fraud networks use bots, deepfakes and spoofed traffic to drain PPC budgets. This report shows how fake clicks distort performance data. First seen on hackread.com Jump to article: hackread.com/ad-fraud-dark-web-economy-market/
-
How to answer the door when the AI agents come knocking
Identity management vendors like Okta see an opening to calm CISOs worried about agents running amok First seen on theregister.com Jump to article: www.theregister.com/2025/12/09/okta_agent_control/
-
Microsoft Security Update Summary (9. Dezember 2025)
Microsoft hat am 9. Dezember 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 56 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert und wird ausgenutzt. Nachfolgend findet sich ein kompakter … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/microsoft-security-update-summary-9-dezember-2025/
-
Windows PowerShell now warns when running Invoke-WebRequest scripts
Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/
-
Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day
Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-december-2025/
-
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/packer-as-a-service-shanya-hides-ransomware-kills-edr
-
Google Patches AI Flaw That Turned Gemini Into a Spy
Zero-Click Vulnerability Let Attackers Weaponize Enterprise AI Assistant. Google patched a vulnerability in Gemini Enterprise that allowed attackers to steal corporate data through a shared document, calendar invitation or email without any user action or security alerts. No malware was executed, no credentials were phished and no data left through approved channels. First seen on…
-
Microsoft releases Windows 10 KB5071546 extended security update
Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/
-
Indirect Malicious Prompt Technique Targets Google Gemini Enterprise
Noma Security today revealed it has discovered a vulnerability in the enterprise edition of Google Gemini that can be used to inject a malicious prompt that instructs an artificial intelligence (AI) application or agent to exfiltrate data. Dubbed GeminiJack, cybercriminals can use this vulnerability to embed a malicious prompt in, for example, a Google Doc..…
-
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/
-
Broadside Mirai Botnet Hijacks Ship Cameras for DDoS
The Broadside Mirai variant exploits vulnerable maritime DVRs to gain stealthy access and threaten global shipping. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/broadside-mirai-botnet-hijacks-ship-cameras-for-ddos/
-
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.”EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and First seen on thehackernews.com…
-
Indirect Malicious Prompt Technique Targets Google Gemini Enterprise
Noma Security today revealed it has discovered a vulnerability in the enterprise edition of Google Gemini that can be used to inject a malicious prompt that instructs an artificial intelligence (AI) application or agent to exfiltrate data. Dubbed GeminiJack, cybercriminals can use this vulnerability to embed a malicious prompt in, for example, a Google Doc..…
-
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/
-
Windows 11 KB5072033 & KB5071417 cumulative updates released
Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/
-
Smuggling Ring Charged as Trump Okays Nvidia Sales to China
Operation Gatekeeper Targets Illegal Export of Nvidia Processors to China. An alleged smuggling ring illegally sold at least $160 million in advanced Nvidia artificial intelligence chips to China, U.S. federal prosecutors said Monday while announcing charges against found individuals. U.S. President Donald Trump also said that day he approved H200 chip sales to China. First…
-
Police Dismantle EUR 700 Million Crypto Scam That Used Deepfakes
Europol and Eurojust led a massive international police operation that successfully dismantled a crypto fraud network that laundered over Euro700M using deepfake ads. First seen on hackread.com Jump to article: hackread.com/police-bust-eur-700m-deepfake-crypto-network/
-
Saviynt Raises $700M at Approximately $3B Valuation
Tags: unclassifiedSaviynt has today announced a $700M Series B Growth Equity Financing at a valuation of approximately $3 billion. Funds managed by KKR, a leading global investment firm, led the round with participation from Sixth Street Growth and TenEleven, as well as new funding from existing Series A investor Carrick Capital Partners. The investment reflects what…
-
Saviynt Raises $700M at Approximately $3B Valuation
Tags: unclassifiedSaviynt has today announced a $700M Series B Growth Equity Financing at a valuation of approximately $3 billion. Funds managed by KKR, a leading global investment firm, led the round with participation from Sixth Street Growth and TenEleven, as well as new funding from existing Series A investor Carrick Capital Partners. The investment reflects what…
-
Police Dismantle EUR 700 Million Crypto Scam That Used Deepfakes
Europol and Eurojust led a massive international police operation that successfully dismantled a crypto fraud network that laundered over Euro700M using deepfake ads. First seen on hackread.com Jump to article: hackread.com/police-bust-eur-700m-deepfake-crypto-network/