BleepingComputer.com
"CyberVolk's ransomware debut stumbles on cryptography weakness."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 13 December 2025, 1518 UTC.
Content and Source: "BleepingComputer.com."
URL--https://www.bleepingcomputer.com/
Please check URL or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
CyberVolk’s ransomware debut stumbles on cryptography weakness
The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free.
- December 13, 2025
- 10:11 AM
0
This Montessori-inspired app for kids is now only $40 for life
Finding screen time options that are both educational and stress-free can be a challenge for parents. Pok Pok offers a lifetime subscription to its Montessori-inspired learning app for just $39.97 with coupon code PLAY20 (reg. $250).
- December 13, 2025
- 08:09 AM
- 1
New Webinar: How phishing attacks evolved in 2025
This year, we've seen a huge amount of phishing evolution, with new techniques, toolkits, and delivery methods identified every day.
Register for the webinar to get the latest insights from Push Security analysing key stats, getting hands-on with phishing kits, and sharing case studies from the field.
Apple fixes two zero-day flaws exploited in 'sophisticated' attacks
Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals.
- December 12, 2025
- 06:23 PM
- 0
Coupang data breach traced to ex-employee who retained system access
A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company.
- December 12, 2025
- 01:28 PM
- 0
Fake ‘One Battle After Another’ torrent hides malware in subtitles
A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware.
- December 12, 2025
- 12:12 PM
- 0
Kali Linux 2025.4 released with 3 new tools, desktop updates
Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support.
- December 12, 2025
- 10:27 AM
- 0
Shadow spreadsheets: The security gap your tools can’t see
When official systems can't support everyday workflows, employees turn to spreadsheets — creating "shadow spreadsheets" that circulate unchecked. Grist shows how these spreadsheets expose sensitive data, create version sprawl, and remove the audit trails security teams depend on.
- December 12, 2025
- 10:01 AM
- 0
Grab this $100 smart projector through 12/15 for holiday delivery
The XGODY Gimbal N5 Portable Smart Projector is now just $99.99 (MSRP $269.90), and if you purchase by December 15, it'll arrive in time for Christmas.
- December 12, 2025
- 07:12 AM
- 0
New Windows RasMan zero-day flaw gets free, unofficial patches
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service.
- December 12, 2025
- 06:28 AM
- 0
CISA orders feds to patch actively exploited Geoserver flaw
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks.
- December 12, 2025
- 04:48 AM
- 0
MITRE shares 2025's top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025.
- December 12, 2025
- 03:43 AM
- 0
MKVCinemas streaming piracy service with 142M visits shuts down
An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years.
- December 12, 2025
- 02:14 AM
- 0
Brave browser starts testing agentic AI mode for automated tasks
Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user.
- December 11, 2025
- 06:03 PM
- 1
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and sharing.
- December 11, 2025
- 04:49 PM
- 0
Notepad++ fixes flaw that let attackers push malicious update files
Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages.
- December 11, 2025
- 04:04 PM
- 0
Malicious VSCode Marketplace extensions hid trojan in fake PNG file
A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders.
- December 11, 2025
- 03:54 PM
- 0
Enjoy Costco Gold Star Membership for a year and get $40 to use later
Holiday prep brings plenty of lists—meals to plan, gatherings to host, and gifts to organize. A Costco Gold Star Membership may help make all of that easier, and this current offer adds even more value. When you sign up for $65, you receive a $40 Digital Costco Shop Card* that you can use on a later visit or online.
- December 11, 2025
- 02:08 PM
- 0
UK fines LastPass over 2022 data breach impacting 1.6 million users
The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach.
- December 11, 2025
- 12:09 PM
- 3
Microsoft bounty program now includes any flaw impacting its services
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party.
- December 11, 2025
- 11:00 AM
- 0
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications.
- December 11, 2025
- 10:10 AM
- 1
Comments
Post a Comment
Please leave a comment about our recent post.