12/29/2025 December 29, 2025December 29, 2025 ~ The Cyber Beat ~ Leave a comment The Worst Hacks of 2025Happy 16th Birthday, KrebsOnSecurity.com!Indian Cops Cuff Ex-Coinbase Rep Over Selling Customer Info to CrimsHacker Arrested for KMSAuto Malware Campaign with 2.8 Million DownloadsAccused Data Thief Threw MacBook Into a River to Destroy EvidenceKorean Air Data Breach Exposes Data of Thousands of EmployeesRomanian Energy Provider Oltenia Energy Complex Hit by Gentlemen Ransomware AttackTwo More Banks Notifying Thousands of Victims About Marquis Software Ransomware Attack27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
12/26-28/2025 December 28, 2025December 28, 2025 ~ The Cyber Beat ~ Leave a comment China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot MalwareThe U.S. Must Stop Underestimating Drone WarfareLastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs FindsDeath, Torture, and Amputation: How Cybercrime Shook the World in 2025From Video Games to Cyber Defense: If You Don’t Think Like a Hacker, You Won’t WinCoupang Founder Kim Bom Apologises for Data Leak, Pledges CompensationShaping the Next Generation of Cyber ExpertsTrust Wallet Users Lose $7 Million to Hacked Chrome ExtensionFake GrubHub Emails Promise Tenfold Return on Sent CryptocurrencyUbisoft Shuts Down ‘Rainbow Six Siege’ Servers Following HackHacker Claims to Leak WIRED Database with 2.3 million RecordsEverest Ransomware Group Claims Theft of Over 1TB of Chrysler DataExploited MongoBleed Flaw Leaks MongoDB Secrets, 87K Servers ExposedCritical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
12/25/2025 December 25, 2025 ~ The Cyber Beat ~ Leave a comment Why Hackers Love the Holidays, Especially Christmas and the LikeOpenAI is Reportedly Testing Multiple Claude-Like Skills For ChatGPTStudy Reveals Businesses Continue to Underinvest in Cybersecurity and are Neglect in Vulnerability AssessmentsThe Biggest Cybersecurity Mergers and Acquisitions of 2025Somerset County (PA) Utilizing New 911 Alert System After Cyber AttackNomani Investment Scam Surges 62% Using AI Deepfake Ads on Social MediaFortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass VulnerabilityCISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution
12/24/2025 December 24, 2025December 24, 2025 ~ The Cyber Beat ~ Leave a comment Pro-Russian Hackers Noname057 Claim Cyberattack on French Postal ServiceNIST, MITRE Partner on $20m AI Centers For Manufacturing and CybersecurityThe Age of the All-Access AI Agent Is HerePen Testers Accused of ‘Blackmail’ After Reporting Eurostar Chatbot FlawsAll I Want for Christmas Is Not a Scam – Tips to Avoid Digital Threats During the Festive SeasonAI Powered Cyber Attack Hits Chinese TikTok Short Video Rival KuaishouCoordinated Scams Target MENA Region Extensively With Fake Online Job AdsFake MAS Windows Activation Domain Used to Spread PowerShell MalwareMongoDB Warns Admins to Patch Severe RCE Flaw ImmediatelyCyber Volunteer Effort for Small Water Utilities Announces New MSSP Effort
12/23/2025 December 24, 2025December 24, 2025 ~ The Cyber Beat ~ Leave a comment 86% Surge in Fake Delivery Websites Hits Shoppers During Holiday RushDozens of Flock AI Camera Feeds Were Just Out ThereFCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security RisksChinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets EverSEC Sues Crypto Firms for Defrauding Investors Out of $14 MillionU.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover SchemeNYPD Sued Over Possible Records Collected Through Muslim Spying ProgramItaly Fines Apple $116 Million Over App Store Privacy Policy IssuesMore Than 22 Million Aflac Customers Impacted by June Data BreachBaker University (KS) Says 2024 Data Breach Impacts 53,000 PeopleTwo Chrome Extensions Caught Secretly Stealing Credentials from Over 170 SitesWebRAT Malware Spread via Fake Vulnerability Exploits on GithubCritical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of InstancesMicrosoft Rolls Out Hardware-Accelerated BitLocker in Windows 11A Cybersecurity Playbook for AI AdoptionServiceNow Opens $7.7b Ticket Titled ‘Buy Security Company, Make It Armis’
12/22/2025 December 22, 2025December 22, 2025 ~ The Cyber Beat ~ Leave a comment Cyber Spies Use Fake New Year Concert Invites to Target Russian MilitaryRomanian Water Authority Hit by BitLocker Ransomware Attack Over WeekendHacktivists Scrape 86M Spotify Tracks, Claim Their Aim Is to Preserve CultureMicrosoft Windows ‘Hack Your Own Password’ Attack Warning IssuedSouth Korea to Require Facial Recognition for New Mobile NumbersJudge Rules That NSO Cannot Continue to Install Spyware via WhatsApp Pending AppealInterpol-Led Action Decrypts 6 Ransomware Strains, Arrests HundredsNefilim Ransomware Affiliate Pleads GuiltyFrance’s National Post Office Hit by Suspected Cyber-Attack, Delaying DeliveriesUniversity of Phoenix Data Breach Impacts Nearly 3.5 Million IndividualsNissan Says Thousands of Customers Exposed in Red Hat BreachScripted Sparrow Sends Millions of BEC Emails Each MonthAndroid Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at ScaleNew MacSync Malware Dropper Evades macOS Gatekeeper ChecksFake WhatsApp API Package on npm Steals Messages, Contacts, and Login TokensMonitoring Tool Nezha Abused For Stealthy Post-Exploitation Access
12/19-21/2025 December 21, 2025December 21, 2025 ~ The Cyber Beat ~ Leave a comment Inquiry Ongoing After UK Government Hacked, Says MinisterFirms Warned to Be On ‘High Alert’ for Scam EmailsIranian Infy APT Resurfaces with New Malware Activity After Years of SilenceRussian Defense Firms Targeted by Hackers Using AI, Other TacticsTrump Signs Defense Bill Allocating Millions for Cyber Command, Mandating Pentagon Phone SecuritySenate Confirms New Pentagon CIOKrebs on Dismantling Defenses: Trump 2.0 Cyber Year in ReviewHere’s What’s in the DOJ’s Epstein Files Release—And What’s MissingU.S. Charges 54 in Massive ATM Jackpotting ConspiracyNigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 AttacksEx-Michigan Assistant Matt Weiss Seen on Video Hacking Into Student Accounts, Security Footage RevealsHacks, Thefts, and Disruption: The Worst Data Breaches of 2025Richmond Behavioral Health Authority (VA) Breach Hits Over 113KCracked Software and YouTube Videos Spread CountLoader and GachiLoader MalwareRansomHouse Upgrades Encryption With Multi-Layered Data ProcessingHow RomCom Became a Multipurpose CyberweaponWatchGuard Warns of Active Exploitation of Critical Fireware OS VPN VulnerabilityOver 25,000 FortiCloud SSO Devices Exposed to Remote AttacksNew UEFI Flaw Enables Pre-Boot Attacks on Motherboards from Gigabyte, MSI, ASUS, ASRockDocker Hardened Images Now Open Source and Available for FreePalo Alto Networks Announces Multibillion-Dollar Deal With Google CloudFTC: Instacart to Refund $60M Over Deceptive Subscription Tactics
12/18/2025 December 19, 2025December 19, 2025 ~ The Cyber Beat ~ Leave a comment Denmark Says Russia Was Behind Two ‘Destructive and Disruptive’ Cyber-AttacksLongNosedGoblin: China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage MalwareNew BeaverTail Malware Variant Linked to Lazarus GroupKimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery AppNorth Korea Steals Over $2bn in Crypto in 2025Amazon Blocked 1,800 Suspected North Korean Scammers Seeking JobsHaotian: The Ultra-Realistic AI Face Swapping Platform Driving Romance ScamsFrance Arrests Latvian for Installing Malware on Italian FerryAustria’s High Court Orders Meta to Change Its Personalized Ad PracticesPa. High Court Rules That Police Can Access Google Searches Without a WarrantTech Provider for NHS England DXS International Confirms Data BreachUniversity of Sydney Suffers Data Breach Exposing Student and Staff InfoHMRC Warns of Over 135,000 Scam ReportsOAuth Device Code Phishing Campaigns Surge Targets Microsoft 365Clop Ransomware Targets Gladinet Centrestack in Data Theft AttacksYour Car’s Web Browser May Be On the Road to Cyber RuinNew Password Spraying Attacks Target Cisco, PAN VPN GatewaysCISA Flags Critical ASUS Live Update Flaw After Evidence of Active ExploitationHPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code ExecutionBlackBerry Lifts Lower End of Annual Revenue Forecast on Cybersecurity Demand
12/17/2025 December 18, 2025December 18, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Ink Dragon Group Hides in European Government NetworksAPT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing CampaignNew Spyware Discovered on Belarusian Journalist’s Phone After InterrogationFormer Israeli Prime Minister Bennett’s Telegram Hacked, Not Phone, Despite Iranian Group’s ClaimsMicrosoft Will Finally Kill an Encryption Cipher That Enabled a Decade of Windows HacksBorder Patrol Bets on Small Drones to Expand U.S. Surveillance ReachTrump Targets Defense Giants’ Shareholder Payouts as Cost Overruns Mount, Sources SayBlockchain Company Nomad to Repay Users Under FTC Deal After $186M CyberattackFBI Takes Down Alleged Money Laundering Service for Ransomware GroupsFrance Arrests Suspect Tied to Cyberattack on Interior MinistryTikTok Tracked User’s Grindr Activity in Violation of European Law, Rights Group AllegesPrivacy Advocates See Risk in New Meta Policy That Uses AI Chats to Serve Targeted AdsU.S. Autoparts Maker LKQ Confirms Oracle EBS BreachNew ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary EmailsCritical React2Shell Flaw Exploited in Ransomware AttacksKimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS AttacksCellik Android Malware Builds Malicious Versions From Google Play AppsWhatsApp Device Linking Abused in Account Hijacking AttacksNew “Lies-in-the-Loop” Attack Undermines AI Safety DialogsMotors WordPress Vulnerability Exposes Sites to TakeoverCisco Warns of Unpatched AsyncOS Zero-Day Exploited in AttacksSonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 AppliancesZeroday Cloud Hacking Event Awards $320,0000 for 11 Zero DaysThink Like an Attacker: Cybersecurity Tips From a CISORoblox in Talks With Russia to Restore Access After Platform Ban Sparks Backlash
12/16/2025 December 16, 2025December 16, 2025 ~ The Cyber Beat ~ Leave a comment Amazon Warns Russian GRU Hackers Target Western Firms via Edge DevicesCyberattack Disrupts Venezuelan Oil Giant PDVSA’s Operations…Venezuela State Oil Company Blames Cyberattack on U.S. After Tanker SeizureHouse Homeland Security Chairman Keeps Attention on Cyber IssuesSenior Official at Indo-Pacific Command Is Set to Be Trump’s Pick to Lead Cyber Command, NSAReact2Shell Vulnerability Actively Exploited to Deploy Linux BackdoorsPhishing Messages and Social Scams Flood Users Ahead of ChristmasKrebs: Most Parked Domains Now Serving Malicious ContentEuropean Authorities Dismantle Call Center Fraud Ring in UkraineStill Using Windows 10? You’re a Prime Target for Ransomware Now – Unless You Do ThisHacking Group ‘ShinyHunters’ Threatens to Expose Premium Users of Sex Site PornHub…Analytics Provider Mixpanel: We Didn’t Expose You to CrimsCity of Westminster (SC) Missing Public Funds After Cyber Attack, Officials SayMadison Healthcare (MN) Confirms Data Breach After Ransomware AttackUrban VPN Proxy Accused of Harvesting AI Chat ConversationsGhostPoster Attacks Hide Malicious JavaScript in Firefox Addon LogosCompromised IAM Credentials Power a Large AWS Crypto Mining CampaignRogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet DataJumpCloud Windows Agent Flaw Enables Local Privilege EscalationFortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass
12/15/2025 December 16, 2025December 16, 2025 ~ The Cyber Beat ~ Leave a comment Suspected Russian Hackers Step Up Attacks on U.S. Energy Firms, Research ShowsGerman Parliament Suffers Suspected Cyber Attack During Zelenskyy’s VisitFrench Interior Ministry Confirms Cyberattack on Email ServersGoogle Links More Chinese Hacking Groups to React2Shell AttacksMI6 Chief Warns ‘Front Line Is Everywhere’ and Signals Intent to Pressure PutinU.S. Government Launches Campaign to Hire Engineers for AI, Tech RolesStarlink Claims Chinese Launch Came Within 200 Meters of Broadband SatelliteGoogle’s Turning off Its Dark Web Monitoring Service That Scoured Data Breaches for Your InfoTexas Sues 5 Smart TV Manufacturers Over Data Collection PracticesThird Defendant Pleads Guilty in Fantasy Sports Betting Hack CaseVibe Coding: Innovation Demands Vigilance700Credit Data Breach Impacts 5.8 Million Vehicle Dealership Customers…Nearly 20 Million Affected by Prosper, 700Credit Data BreachesAskul Confirms Theft of 740K Customer Records in Ransomware AttackPornHub Extorted After Hackers Steal Premium Member Activity DataMore Than 238K Hit by Akira-Claimed Fieldtex Product HackOngoing SoundCloud Issue Blocks VPN Users With 403 Server Error…SoundCloud Confirms Breach After Member Data Stolen, VPN Access DisruptedRussian Phishing Campaign Delivers Phantom Stealer Via ISO FilesNew SantaStealer Malware Steals Data From Browsers, Crypto WalletsFeatured Chrome Browser Extension Caught Intercepting Millions of Users’ AI ChatsFreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
12/12-14/2025 December 14, 2025December 14, 2025 ~ The Cyber Beat ~ Leave a comment React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency MitigationGermany Summons Russian Ambassador Over Cyberattack, Election DisinformationAnnounced Pick for No. 2 at NSA Won’t Get the Job as Another Candidate SurfacesTrump Order on AI May Not Deter State LawsAI Toys for Kids Talk About Sex and Issue Chinese Communist Party Talking Points, Tests ShowU.S. Bill Seeks Phase-Out of Chinese Sensors in Self-Driving Cars, After Space Hack FearsServiceNow in Talks to Acquire Cybersecurity Startup Armis in Potential $7 Billion DealUncle Sam Sues Ex-Accenture Manager Over Army Cloud Security ClaimsCoupang Data Breach Traced to Ex-Employee Who Retained System AccessMKVCinemas Streaming Piracy Service With 142M Visits Shuts DownCanada’s Privacy Regulator to Probe Billboards Equipped With Facial Scanning TechStreisand Effect: Businesses That Pay Ransomware Gangs Are More Likely to Hit the HeadlinesCyberVolk’s Ransomware Debut Stumbles on Cryptography WeaknessMore Than 340,000 Impacted by Cyberattack on Library System of Pierce County (WA)Hamas-Affiliated APT Targeting Government Agencies in the Middle East, MoroccoBeware: PayPal Subscriptions Abused to Send Fake Purchase EmailsFake ‘One Battle After Another’ Torrent Hides Malware in SubtitlesNew Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at ScaleFake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware PayloadsNew React RSC Vulnerabilities Enable DoS and Source Code ExposureCISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV CatalogCISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE AttacksNew Windows RasMan Zero-Day Flaw Gets Free, Unofficial PatchesApple Issues Security Updates After Two WebKit Flaws Found Exploited in the WildMITRE Shares 2025’s Top 25 Most Dangerous Software WeaknessesKali Linux 2025.4 Released With 3 New Tools, Desktop Updates
12/11/2025 December 11, 2025December 11, 2025 ~ The Cyber Beat ~ Leave a comment Hackers Reportedly Breach Developer Involved With Russia’s Military Draft DatabaseOpenAI Enhances Defensive Models to Mitigate Cyber-ThreatsGoogle Ads for Shared ChatGPT, Grok Guides Push macOS Infostealer MalwareRussian Hackers Debut Simple Ransomware Service, but Store Keys in Plain TextLawmaker Calls Facial Recognition on Doorbell Cameras a ‘Privacy Nightmare’Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private DataLastPass Hammered With £1.2M Fine for 2022 Breach FiascoFederal Agencies Now Only Have One More Day to Patch React2Shell BugData Breach at 700Credit Impacts 160,000 MichigandersWIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage BackdoorNew ConsentFix Attack Hijacks Microsoft Accounts via Azure CLINANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows SystemsMalware Discovered in 19 Visual Studio Code ExtensionsChrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity FlawUnpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active AttacksActive Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code ExecutionNotepad++ Fixes Flaw That Let Attackers Push Malicious Update Files
12/10/2025 December 10, 2025December 10, 2025 ~ The Cyber Beat ~ Leave a comment React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple SectorsU.S. Says Russia-Backed Hacks Targeted Critical Infrastructure…U.S. Extradites Ukrainian Woman Accused of Hacking Meat Processing Plant for Russia2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’U.S. Halts Plans to Sanction Chinese Spy AgencyBritish Government Sanctions Russian and Chinese Groups Over Information WarfareOpenAI Warns New Models Pose ‘High’ Cybersecurity RiskLog4Shell Downloaded 40 Million Times in 2025Nvidia Builds Location Verification Tech That Could Help Fight Chip SmugglingCoupang CEO Resigns Over Data Breach in South KoreaSenators Return to Effort to Boost Cybersecurity for Commercial Satellite IndustryCoalition Adds Deepfake Response to Cyber Insurance Policies GloballyPetco Takes Down Vetco Website After Exposing Customers’ Personal InformationRussia’s Flagship Airline Aeroflot Hacked Through Little-Known Tech Vendor Bakka Soft, According to New ReportClickFix Social Engineering Sparks Rise of CastleLoader AttacksNew Spiderman Phishing Service Targets Dozens of European BanksNew DroidLock Malware Locks Android Devices and Demands a RansomOver 10,000 Docker Hub Images Found Leaking Credentials, Auth KeysWarning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDLThree PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data HandlingGoogle Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate DataMicrosoft Teams to Warn of Suspicious Traffic With External Domains
12/9/2025 December 10, 2025December 10, 2025 ~ The Cyber Beat ~ Leave a comment React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics…Deploy New EtherRAT MalwareGartner Calls For Pause on AI Browser UseAnalysts Warn of Cybersecurity Risks in Humanoid RobotsHow to Answer the Door When the AI Agents Come KnockingTrump Plans Executive Order Curbing State AI LawCyber Startup Saviynt Raises $700 Million to Secure Identity and AccessCalifornia Man Pleads Guilty to Rico Charges as DOJ Indicts Crypto Theft GangSpain Arrests Teen Who Stole 64 Million Personal Data RecordsSeoul Cyber Investigators Seize Data, Devices From ‘South Korea’s Amazon’ Following Data BreachKhashoggi Widow Files Complaint in France Alleging Saudi Government Infected Devices With SpywaresSpace Bears Ransomware Claims Comcast Data Breach via Contractor Quasar Inc.Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL SideloadingSTAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt RansomwareDeadLock Ransomware Uses BYOVD to Evade Security MeasuresResearchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer DataFortinet Warns of Critical FortiCloud SSO Login Auth Bypass FlawsIvanti Warns of Critical Endpoint Manager Code Execution FlawSAP Fixes Three Critical Vulnerabilities Across Multiple ProductsKrebs: Microsoft Patch Tuesday, December 2025 EditionWindows PowerShell Now Warns When Running Invoke-WebRequest Scripts
12/8/2025 December 9, 2025December 9, 2025 ~ The Cyber Beat ~ Leave a comment MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan CampaignThree Hacking Groups, Two Vulnerabilities and All Eyes on ChinaU.S. to Allow Nvidia H200 Chip Shipments to China, Trump SaysMeta Proposal for Less Data Sharing Is Approved by European CommissionUK Moves to Strengthen Undersea Cable Defenses as Russian Snooping Ramps UpHome Office Kept Police Facial Recognition Flaws to Itself, UK Data Watchdog FumesPoland Arrests Ukrainians Utilizing ‘Advanced’ Hacking Equipment193 Cybercrims Arrested, Accused of Plotting ‘Violence-As-A-Service’Russian Police Bust Bank-Account Hacking Gang That Used NFCGate-Based MalwareRussian Kids Revolt as Kremlin Bans Roblox, Other Popular AppsResearchers Track Dozens of Organizations Affected by React2Shell Compromises Tied to China’s MSSExperts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RATMalicious VSCode Extensions on Microsoft’s Registry Drop InfostealersRansomware Gangs Turn to Shanya EXE Packer to Hide EDR KillersClayRat Android Spyware Expands Capabilities…Malware Families FvncBot, and SeedSnatcher TooTotal Ransomware Payments Surpass $4.5 Billion Since 2013…Over $2.1B From 2022 To 2024Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet AttacksUK Intelligence Warns AI ‘Prompt Injection’ Attacks Might Never Go Away
12/5-7/2025 December 8, 2025December 8, 2025 ~ The Cyber Beat ~ Leave a comment China-Linked Warp Panda Targets North American Firms in Espionage CampaignChinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability…React2Shell Flaw Exploited to Breach 30 Orgs, 77K IP Addresses VulnerableCloudflare Restores Services After Minor Dashboard Outage…Cloudflare Blames Today’s Outage on react2shell MitigationsKrebs: SMS Phishers Pivot to Points, Taxes, Fake RetailersKrebs: Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay MillCrims Using Social Media Images, Videos in ‘Virtual Kidnapping’ ScamsLouvre to Bolster Its Security, Issues €57m Public TenderPortugal Updates Cybercrime Law to Exempt Security ResearchersMaryland Man Sentenced for N. Korea IT Worker Scheme Involving U.S. Government ContractsEU Fines X $140 Million Over Deceptive Blue CheckmarksSolarWinds’ Tim Brown Escaped the SEC. Future Cyber Chiefs Might Not.Pharma Firm Inotiv Discloses Data Breach After Ransomware AttackBarts Health NHS Discloses Data Breach After Oracle Zero-Day HackHuge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed DatabaseNew Wave of VPN Login Attempts Targets Palo Alto GlobalProtect PortalsZero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted EmailsNovel Clickjacking Attack Relies on CSS and SVGHackers are Exploiting ArrayOS AG VPN Flaw to Plant WebshellsResearchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE AttacksCritical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent PatchNCSC’s ‘Proactive Notifications’ Warns Orgs of Flaws in Exposed DevicesDeath to One-Time Text Codes: Passkeys Are the New Hotness in MFAA Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability
12/4/2025 December 4, 2025December 4, 2025 ~ The Cyber Beat ~ Leave a comment Amid Rising Threats, NATO Holds Its Largest-Ever Cyberdefense ExerciseTwins Who Hacked State Dept Hired to Work for Gov Again, Now Charged With Deleting DatabasesUK Sanctions Russia’s GRU Agency and Cyber Spies Over Deadly Nerve Agent AttackFBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6Pentagon’s Signalgate Report Finds Pete Hegseth Violated Military PoliciesTaiwan to Ban China’s Xiaohongshu App for One Year on Fraud ConcernsA New Anonymous Phone Carrier Lets You Sign Up With Nothing but a Zip CodeBritish Officials Seek to Expand Facial Recognition Technology UseCybersecurity Startup 7AI Raises $130 Million in Series A FundingI Saw Drone Deliveries Launch in Atlanta – How They Work and Which Cities Are NextCISA Warns of Chinese “BrickStorm” Malware Attacks on VMware ServersPredator Spyware Uses New Infection Vector for Zero-Click AttacksSilver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in ChinaGoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ InfectionsNew GhostFrame Phishing Framework Hits Over One Million AttacksCritical React, Next.js Flaw Lets Hackers Execute Code on ServersCISA and International Partners Issue Guidance for Secure AI in InfrastructureRussia Blocks FaceTime and Snapchat for Alleged Use by TerroristsRussian Scientist Sentenced to 21 Years on Treason, Cyber Sabotage Charges
12/3/2025 December 3, 2025December 3, 2025 ~ The Cyber Beat ~ Leave a comment French NGO Reporters Without Borders Targeted by Star BlizzardDisinformation and Cyber-Threats Among Top Global Business Exec Concerns‘Exploitation Is Imminent’ as 39 Percent of Cloud Environs Have Max-Severity React HoleUK Ransomware Payment Ban to Come with Exemptions, Security Minster SayIndia Revokes Order to Preload Cybersecurity App on Smartphones After OutcryFDA Scrutiny of WHOOP Signals Challenges for Niche Wearable Device MakersRussia Wants This Mega Missile to Intimidate the West, but It Keeps CrashingSecurity Startup Verkada Hits $5.8 Billion Valuation in Latest Funding Round Led by CapitalGHow Amazon Finds Its Cybersecurity Weak SpotsRussia Blocks Roblox Over Distribution of LGBT “Propaganda”Google Expands Android Scam Protection Feature to Chase, Cash App in U.S.DOJ Takes Down Myanmar Scam Center Website Spoofing TickMill Trading PlatformCanadian Police Department Becomes First to Trial Body Cameras Equipped With Facial Recognition TechnologyFrench DIY Retail Giant Leroy Merlin Discloses a Data BreachUniversity of Phoenix Discloses Data Breach After Oracle HackJapan’s Askul Resumes Limited Online Sales 6 Weeks After Ransomware AttackASUS Listed by Everest Ransomware Group, 1 TB Data StolenFreedom Mobile Discloses Data Breach Exposing Customer DataFintech Firm Marquis Alerts Dozens of U.S. Banks and Credit Unions of a Data Breach After Ransomware Attack…Impacts Over 74 U.S. Banks, Credit UnionsYearn Finance yETH Pool Hit by $9M ExploitBrazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay FraudAisuru Botnet Behind New Record-Breaking 29.7 Tbps DDoS AttackMalicious Rust Crate Delivers OS-Specific Malware to Web3 Developer SystemsCritical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code ExecutionWordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin AccountsMicrosoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
12/1-2/2025 December 2, 2025December 2, 2025 ~ The Cyber Beat ~ Leave a comment India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and MisuseShadyPanda’s Seven-Year Campaign Infects 4.3M Chrome and Edge UsersIran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted AttacksOfficials Accuse North Korea’s Lazarus of $30 Million Theft From Crypto ExchangeMost Companies Fear State-Sponsored Cyber-Attacks and Want More Government HelpResearchers Capture Lazarus APT’s Remote-Worker Scheme Live on CameraFlock Uses Overseas Gig Workers to Build its Surveillance AIFormer Cyber Spy Raises $60 Million to Fight AI ThreatsCrowdStrike Forecasts Upbeat Quarterly Revenue as AI Adoption Fuels GrowthOkta Projects Strong Quarterly Revenue on Rising Demand for Cybersecurity ToolsAxiado Raises $100 Million for Chip to Save Space, Power in AI Data CentersYour Data Might Determine How Much You Pay for EggsICO Set to Check If Mobile Games Comply with Children’s CodeFTC Settlement Requires Illuminate to Delete Unnecessary Student DataKorea Arrests Suspects Selling Intimate Videos From Hacked IP CamerasEuropol Nukes Cryptomixer Laundering Hub, Seizing €25M in BitcoinIndia Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud…Faces BacklashChatGPT Is Down Worldwide, Conversations Dissapeared for UsersMicrosoft Defender Portal Outage Disrupts Threat Hunting AlertsGoogle Deletes X Post After Getting Caught Using a ‘Stolen’ AI Recipe InfographicUniversity of Pennsylvania Joins List of Victims From Clop’s Oracle EBS RaidShai-Hulud 2.0 NPM Malware Attack Exposed Up To 400,000 Dev SecretsSouthold (NY) Police Are Reporting With Pen and Paper After Cyber AttackFake Calendly Invites Spoof Top Brands to Hijack Ad Manager AccountsSmartTube YouTube App for Android TV Breached to Push Malicious UpdateTomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government TargetsGlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer ToolsNew Android Albiriox Malware Gains Traction in Dark Web MarketsMalicious npm Package Uses Hidden Prompt and Script to Evade AI Security ToolsCritical PickleScan Vulnerabilities Expose AI Model Supply ChainsGoogle Releases Patches for Android Zero-Day Flaws Exploited in the Wild