MITRE has published the list of Top 25 most common software vulnerabilities of 2025, also known as the CWE Top 25

cwe.mitre.org/top25/archive/20…

Looks like Notepad++ has fixed its update system: community.notepad-plus-plus.or…

This is after reports that users received malicious Notepad++ updates containing malware: doublepulsar.com/small-numbers…

Notepad++ v8.8.9: Vulnerability-fix

Notepad++ release 8.8.9 is available: https://notepad-plus-plus.org/news/v889-released/ Notepad++ v8.8.9 new security enhancement, new features, regression f...

^Community

Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies)

pushsecurity.com/blog/consentf…

Google is rolling out a new feature for Android users that will let them share live video with emergency services.

The new feature is being rolled out in the US and some regions in Mexico and Germany.

It will be available for Android 8 (2017) devices or higher

blog.google/products/android/e…

Share live video with emergency services to get the help you need

During an emergency call or text, a dispatcher can send a request to your Android phone to share live video.

^{Alastair Breeze (Google)}

RE: mastodon.social/@campuscodi/11…

More research of this type

Intruder found 43k secrets across 5 million single-page apps: businesswire.com/news/home/202…

Bitsight has found more than 1,000 MCP servers exposed on the internet with no authorization in place and exposing sensitive data: bitsight.com/blog/exposed-mcp-…

It’s 2 AM. Do You Know Which AIs Your MCP Server Is Talking To?

Bitsight TRACE research team found roughly 1,000 exposed MCP servers with no authorization in place, revealing new AI vulnerabilities. Read the report now.

^{João Cruz (BitSight)}

Catalin Cimpanu

2025-12-11 11:10:59

Security firm Flare has scanned the Docker Hub portal and found secrets and tokens, including for production systems, in more than 10,000 images

flare.io/learn/resources/docke…

Thousands of Exposed Secrets Found on Docker Hub - Flare

In a month, we found Docker Hub images that contained leaked secrets (including live credentials to production systems) from over 100 companies.

^Flare

CA/B Forum to sunset 11 domain validation methods used to issue TLS certificates

security.googleblog.com/2025/1…

UK ICO fines LastPass £1.2m for 2022 data breach

ico.org.uk/about-the-ico/media…

Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK

The Information Commissioner’s Office (ICO) has fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information of up to 1.6 million of its UK users. 

^ico.org.uk

Looks like Twitter finally took down the NoName057 account after yesterday's indictment

x.com/Safety/status/1998528342…

SOAPwn -- new bugs that can lead to RCE in .NET apps

Vulnerable applications include the Umbraco CMS, Barracuda's Service Center, the Ivanti Endpoint Manager, and more

Microsoft did not fix them

labs.watchtowr.com/soapwn-pwni…

SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL

Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025). Weeeeeeeee.

^{Piotr Bazydlo (@chudyPB) (watchTowr Labs)}

Dutch prosecutors are seeking an eight-month prison sentence for a man who launched DDoS attacks against the country's 112 emergency line.

The suspect allegedly tried to frame some business partners for the attack

om.nl/actueel/nieuws/2025/12/1…

Zakelijk conflict leidt tot DDoS-aanval 112-centrale: celstraf geëist

Het Landelijk Parket (LP) van het Openbaar Ministerie (OM) heeft woensdag een onvoorwaardelijke gevangenisstraf van acht maanden en een geldboete geëist tegen een 47-jarige man uit Delft.

^www.om.nl

There's this image on social media about how most of the Red Bull team that helped Verstappen win his titles are now gone... but few people posting this remember this drama started from the Verstappens.

This is the definition of shooting yourself in the nuts. You should have 0 sympathy for him

The Paxful cryptocurrency exchange has pleaded guilty to laundering crypto-assets linked to scams, fraud, and extortions

Will pay a $4mil fine only

justice.gov/opa/pr/virtual-ass…

Virtual Asset Trading Platform Pleads Guilty to Violating the Travel Act and Other Federal Criminal Charges

Paxful Holdings Inc., an online virtual currency trading platform, agreed to plead guilty yesterday to a three-count information filed in the Eastern District of California and agreed to pay a criminal penalty of $4 million based on its ability to pa…

^{www.justice.gov}

This constant stream of malicious VSCode extensions won't end anytime soon....

This batch hid its payload, a Rust-based trojan, as PNG files inside the dependencies folder

reversinglabs.com/blog/malicio…

VS Code extensions contain trojan-laden fake image | ReversingLabs

RL researchers have identified 19 malicious extensions on the VS Code Marketplace — the majority containing a malicious file posing as a PNG.

^{ReversingLabs}

A popular reverse proxy and ingress controller shipped misconfigured versions for the past five months.

The Traefik setting that enabled TLS verification was actually disabling it across the board.

aisle.com/blog/cve-2025-66491-…

CVE-2025-66491: Traefik's "Verify=On" Turned TLS Off

Learn how CVE-2025-66491 exposed a critical TLS verification flaw in Traefik, where "Verify=On" accidentally disabled security for 5 months.

^AISLE

Pffff... the Coupang insider, who allegedly stole the company's data, was apparently a cybersecurity employee

koreajoongangdaily.joins.com/n…

Alleged Coupang data leaker had only worked at company for two years, say police

The former Coupang employee accused of leaking 33.7 million customer data had worked at the company for just two years, according to police on Thursday.

^{Korea JoongAng Daily}

Security firm Flare has scanned the Docker Hub portal and found secrets and tokens, including for production systems, in more than 10,000 images

flare.io/learn/resources/docke…

Thousands of Exposed Secrets Found on Docker Hub - Flare

In a month, we found Docker Hub images that contained leaked secrets (including live credentials to production systems) from over 100 companies.

^Flare

The Justice Department charged a former product manager at Accenture Federal Services with falsely misleading government customers about the security posture of a cloud product offered by the company.

nextgov.com/cybersecurity/2025…

US charges former Accenture employee with misleading feds on cloud platform’s security

Danielle Hillmer, most recently employed with SentinelOne, allegedly concealed a cloud product’s noncompliance with federal security regulations.

^{David DiMolfetta (Nextgov/FCW)}

RE: flipboard.com/@retrowarehouse/…

If any font needs to be banned, it should be Trebuchet MS...

Inter all the things!!!!

Calibri font is the latest casualty in the Trump administration's war on diversity and inclusion

Secretary of State Marco Rubio directed U.S. diplomats worldwide to use Times New Roman 14-point font for official documents, reversing a Biden-era directive to use Calibri. It’s the rise of the Roman Empire at the U.S.

^{NBC News - By Alexandra Marquez and Abigail Williams}

The ENISA yearly survey is out: enisa.europa.eu/publications/n…

Yo, EU! Patch your stuff!

A new US startup named Operation Bluebird has asked the US Patent and Trademark Office to vacate old Twitter trademarks, claiming that Elon Musk has abandoned them

reuters.com/technology/us-star…

-Linux adds PCIe encryption to secure cloud servers
-Europol cracks down on Violence-as-a-Service providers
-ICC designates cyberspace as a genocide enabler
-Cambodia busts SMS blaster warehouse
-Police raid Coupang offices
-New Khashoggi lawsuit filed in France
-Aeroflot hack originated from contractor network
-FTC denies SpyFone CEO petition
-Meta agrees to use less personal data for ads in EU

Podcast: risky.biz/RBNEWS506/
Newsletter: news.risky.biz/risky-bulletin-…

The point of entry for the Aeroflot hack (from July) appears to have been Bakka Soft, an IT company that developed the airline's mobile and web apps

thebell.io/istoriya-bolshogo-v…

История большого взлома. Как хакеры парализовали «Аэрофлот»

С начала войны число атак украинских и белорусских хакеров на крупные российские компании выросло кратно, но не всегда о них

^{Мария Коломыченко (The Bell — деловые новости и аналитика)}

New Zealand's cybersecurity agency is notifying more than 26,000 users who have been infected with the Lumma Stealer

ncsc.govt.nz/news/nz-cyber-age…

Germany's cybersecurity agency has conducted a security audit of ten password managers and found that three of them can access a user's stored passwords—Google Chrome, mSecure, and PassSecurium

bsi.bund.de/DE/Service-Navi/Pr…

Untersuchung: BSI identifiziert Verbesserungsbedarf bei Passwortmanagern

Aufgrund der Sensibilität der in Passwortmanagern gespeicherten Daten bestehen hohe Anforderungen an deren IT-Sicherheit.

^{Bundesamt für Sicherheit in der Informationstechnik}

Cydome has spotted Broadside, a new variant of the Mirai IoT malware.

The botnet is targeting TBK DVRs, commonly used by the maritime sector, including on some vessels.

cydome.io/cydome-identifies-br…

Europol arrests 193 in crackdown against Violence-as-a-Service platforms.

Unclear if any of the arrests are TheCom members

europol.europa.eu/media-press/…

Operational Taskforce GRIMM: 193 arrests in 6 months tackling violence-as-a-service networks | Europol

Europol’s Operational Taskforce (OTF) GRIMM has made significant progress in its first six months of operation, arresting 193 individuals and disrupting criminal networks behind the growth of violence-as-a-service (VaaS).

^Europol

The International Criminal Court will investigate genocide and war crimes that have been enabled through cyberspace (hacks, leaks, social media posts)

The ICC published its new policy and has put cyber on the same footing as crimes committed through other means

icc-cpi.int/news/icc-office-pr…

Per Sysdig, North Korean hackers are now exploiting React2Shell to drop EtherRAT, a remote access trojan that uses Ethereum smart contracts as C2

sysdig.com/blog/etherrat-dprk-…

EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks

A novel Ethereum-powered backdoor, EtherRAT, is being deployed through the React2Shell vulnerability (CVE-2025-55182). With multi-layer persistence, blockchain C2, and self-updating payloads, this malware poses a significant threat.

^Sysdig

RE: techhub.social/@Techmeme/11568…

Coupang also filed a complaint over the hack against a former employee, identified as a Chinese national

Techmeme

2025-12-09 11:01:52

South Korean media: police raided Coupang's HQ, searching for evidence related to a historic data breach that compromised 30M+ people's personal information (Jane Lanhee Lee/Bloomberg)

bloomberg.com/news/articles/20…
techmeme.com/251209/p10#a25120…

South Korean media: police raided Coupang's HQ, searching for evidence related to a historic data breach that compromised 30M+ people's personal information

By Jane Lanhee Lee / Bloomberg. View the full context on Techmeme.

^Techmeme

Koi Security researchers have discovered a malicious VSCode theme (Bitcoin Black) and extension (Codo AI) that captures a user's screen and sends it to attackers, in the hopes of capturing passwords and crypto-wallet seed phrases

koi.ai/blog/the-vs-code-malwar…

The VS Code Malware That Captures Your Screen | Koi Blog

^www.koi.ai

Meta told the EU it will use less personal data for ads

...and those dummies believed it!!!

ec.europa.eu/commission/pressc…

Daily News 08 \/ 12 \/ 2025

Meta commits to give EU users choice on personalised ads under DMA\nThe European Commission acknowledges Meta\'s undertaking to offer users in the EU an alternative choice of Facebook and Instagram serv

^{European Commission - European Commission}

Does nobody monitor that grid? How do you even steal that much power?

bloomberg.com/news/articles/20…

Bitcoin (BTC) Miners Hunted After Stealing $1 Billion Power From Malaysia Grid

Cracking down on illegal Bitcoin mining gangs has become a cat-and-mouse game in Malaysia.

^{Ryan Weeks (Bloomberg)}

"Three Ukrainian men found with an arsenal of hacking equipment were arrested in Poland, amid concerns they could be plotting to orchestrate cyberattacks on the country’s IT infrastructure."

tvpworld.com/90441395/ukrainia…

Three Ukrainians detained in Warsaw with arsenal of suspicious hacking devices in car

Police said the men suddenly “forgot” English when being interviewed.

^{Maria Kamińska (Telewizja Polska S.A)}

The US State Department is offering a $10 million reward for an Iranian couple who works for a contractor for Iran's Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).

The couple allegedly works for the company behind the Emennet Pasargad hacktivist group.

rewardsforjustice.net/rewards/…

A Chinese think tank has published a hit piece on seven cybersecurity and policy experts specializing in Chinese cyber operations

guancha.cn/xinzhiguanchasuo/20…