Category: SecurityNews
-
Randall Munroe’s XKCD ‘Fifteen Years’
Tags: datavia the insightful artistry and dry wit of Randall Munroe, creator of XKCD Permalink First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/12/randall-munroes-xkcd-fifteen-years/
-
Randall Munroe’s XKCD ‘Fifteen Years’
Tags: datavia the insightful artistry and dry wit of Randall Munroe, creator of XKCD Permalink First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/12/randall-munroes-xkcd-fifteen-years/
-
NDSS 2025 PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation
Session 6C: Sensor Attacks Authors, Creators & Presenters: Yan Jiang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Yancheng Jiang (Zhejiang University), Kai Wang (Zhejiang University), Chenren Xu (Peking University), Wenyuan Xu (Zhejiang University) PAPER NDSS 2025 – PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation Sensors are key components to enable various applications, e.g., home intrusion…
-
NDSS 2025 PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation
Session 6C: Sensor Attacks Authors, Creators & Presenters: Yan Jiang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Yancheng Jiang (Zhejiang University), Kai Wang (Zhejiang University), Chenren Xu (Peking University), Wenyuan Xu (Zhejiang University) PAPER NDSS 2025 – PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation Sensors are key components to enable various applications, e.g., home intrusion…
-
10 Major Cyberattacks And Data Breaches In 2025
Among the major cyberattacks and data breaches in 2025 were nation-state infiltration by China and North Korea, as well as massive data theft and ransomware attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/10-major-cyberattacks-and-data-breaches-in-2025
-
University of Sydney reports data breach affecting over 20,000 staff, affiliates
The university said it detected the incident last week in an online code repository used by its IT teams and quickly secured the system. First seen on therecord.media Jump to article: therecord.media/university-of-sydney-reports-data-breach
-
WatchGuard sounds alarm as critical Firebox flaw comes under active attack
Newly disclosed vulnerability already being abused, users urged to lock down exposed firewalls First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/watchguard_firebox/
-
ISMG Editors’: When KYC No Longer Signals Trust
Also: Cyber Insurers Brace for AI Risk, Shopping Agents Rewrite E-commerce. In this week’s ISMG Editors’ Panel, four editors examine how artificial intelligence is quietly reshaping trust, risk and decision-making, from identity verification and cyber insurance to the rise of AI agents in online shopping. The ISMG Editors’ Panel runs weekly. First seen on govinfosecurity.com…
-
Scam Centers Fueling Thailand’s Border War With Cambodia
UN Says Southeast Asian Scam Centers Generate $41 Billion in Illicit Annual Profits. Southeast Asian scam centers tied to $41 billion in illicit annual profits gleaned from romance and investment scams, ongoing gambling, and holding some of the hundreds of thousands of victims trafficked to work at the centers to ransom, continue to fuel geopolitical…
-
Nigeria arrests dev of Microsoft 365 ‘Raccoon0365’ phishing platform
The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nigeria-arrests-dev-of-microsoft-365-raccoon0365-phishing-platform/
-
CultureAI Selected for Microsoft’s Agentic Launchpad Initiative to Advance Secure AI Usage
UK-based AI safety and governance company CultureAI has been named as one of the participants in Microsoft’s newly launched Agentic Launchpad, a technology accelerator aimed at supporting startups working on advanced AI systems. The inclusion marks a milestone for CultureAI’s growth and signals broader industry interest in integrating AI safety and usage control into emerging…
-
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-365-accounts-targeted-in-wave-of-oauth-phishing-attacks/
-
Vulnerability Management’s New Mandate: Remediate What’s Real
Live from AWS re:Invent, Snir Ben Shimol makes the case that vulnerability management is at an inflection point: visibility is no longer the differentiator”, remediation is. Organizations have spent two decades getting better at scanning, aggregating and reporting findings. But the uncomfortable truth is that many of today’s incidents still trace back to vulnerabilities that…
-
Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread
Amazon is warning organizations that a North Korean effort to impersonate IT workers is more extensive than many cybersecurity teams may realize after discovering the cloud service provider was also victimized. A North Korean imposter was uncovered working as a remote systems administrator in the U.S. after their keystroke input lag raised suspicions. Normally, keystroke..…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
SentinelOne Hires Google, Cisco And Symantec Vet As New CTO
SentinelOne hires cybersecurity leader Jeff Reed as its new chief technology officer, who has experience working at Cisco, Google Cloud and Symantec. First seen on crn.com Jump to article: www.crn.com/news/cloud/2025/sentinelone-hires-google-cisco-and-symantec-vet-as-new-cto
-
Nigeria arrests suspected RaccoonO365 phishing kit developer on tip from Microsoft, FBI
One of the alleged developers behind the RaccoonO365 subscription-based phishing kit was arrested by Nigerian police this week. First seen on therecord.media Jump to article: therecord.media/nigeria-raccoon-developer-tip
-
Denmark summons Russian ambassador over alleged cyberattacks on water utility, elections
Russia’s ambassador to Copenhagen, Vladimir Barbin, confirmed to Russian state media on Friday that he had been called to the Danish foreign ministry, but rejected the accusations as unfounded. First seen on therecord.media Jump to article: therecord.media/denmark-summons-russian-ambassador-cyberattack-elections
-
Hacks, thefts, and disruption: The worst data breaches of 2025
TechCrunch looks back at the biggest data breaches, disruptive cyberattacks, and damaging hacks of 2025, from the raiding of U.S. government databases to a hack every month in South Korea. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/19/hacks-thefts-and-disruption-the-worst-data-breaches-of-2025/
-
‘Sensitive’ data stolen in Westminster City Council cyber attack
London borough confirms that data breach affecting three neighbouring councils in a shared IT services operation led to personal information being copied by a third party First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636738/Sensitive-data-stolen-in-Westminster-City-Council-cyber-attack
-
Keeper Security Bolsters Federal Leadership to Advance Government Cybersecurity Initiatives
Keeper Security has announced the appointment of two new additions to its federal team, with Shannon Vaughn as Senior Vice President of Federal and Benjamin Parrish, Vice President of Federal Operations. Vaughn will lead Keeper’s federal business strategy and expansion, while Parrish will oversee the delivery and operational readiness of Keeper’s federal initiatives, supporting civilian,…
-
Waterfox browser goes AI-free, targets the Firefox faithful
Even if Mozilla is going to add an AI kill switch, that may not be enough to reassure many. First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/firefox_no_ai_alternative_waterfox/
-
Keyboard Lag Leads Amazon to North Korean Impostor in Remote Role
Amazon Security Chief explains how a subtle keyboard delay exposed a North Korean impostor. Read about the laptop farm scheme and how 110 milliseconds of lag ended a major corporate infiltration. First seen on hackread.com Jump to article: hackread.com/keyboard-lag-amazon-north-korea-impostor-remote-role/
-
OWASP Drops First AI Agent Risk List
These aren’t simple chatbots anymore”, these AI agents access data and tools and carry out tasks, making them infinitely more capable and dangerous. The post OWASP Drops First AI Agent Risk List appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-owasp-ai-agent-risk-list/
-
OpenAI Launches GPT-5.2-Codex for Secure Coding
OpenAI has launched GPT-5.2-Codex, an agentic coding model that boosts real-world software engineering and AI-powered vulnerability research. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openai-launches-gpt-5-2-codex-for-secure-coding/
-
LongNosedGoblin Caught Snooping on Asian Governments
New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/longnosedgoblin-caught-snooping-on-asian-governments
-
Google Shutting Down Dark Web Report Met with Mixed Reactions
Google is shutting down its dark web report tool, which was released in 2023 to alert users when their information was found available on the darknet. However, while the report sent alerts, Google said users found it didn’t give them next steps to take if their data was detected. First seen on securityboulevard.com Jump to…
-
Google Shutting Down Dark Web Report Met with Mixed Reactions
Google is shutting down its dark web report tool, which was released in 2023 to alert users when their information was found available on the darknet. However, while the report sent alerts, Google said users found it didn’t give them next steps to take if their data was detected. First seen on securityboulevard.com Jump to…