SecurityWeek Briefing
- Get link
- X
- Other Apps
"Microsoft patches three Zero-Days" and "US posts $10M bounty for Iranian hackers."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.
Accessed on 09 December 2025, 2136 UTC.
Content and Source: "SecurityWeek Briefing" via email subscription to https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek
More security news at https://www.securityweek.com.
Please check subscription link, URL, or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
56
Today
by Ionut Arghire / 56min
The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs. The post appeared first on SecurityWeek .
by Ionut Arghire / 1h
Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. The post appeared first on SecurityWeek .
by Mike Lennon / 1h
Promotions across Microsoft’s security organization reinforce the company’s shift toward AI-driven defense and tighter operational oversight under Global CISO Igor Tsyganskiy. The post appeared first on SecurityWeek .
The AI-powered platform autonomously conducts security design reviews and proactively identifies design flaws across development work. The post appeared first on SecurityWeek .
by SecurityWeek News / 5h
Learn how GRC and SOC teams can turn shared threat intelligence into faster action, clearer communication, and stronger organizational resilience. The post appeared first on SecurityWeek .
by Eduard Kovacs / 6h
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT. The post appeared first on SecurityWeek .
The funding round was led by KKR, with participation from Sixth Street Growth, TenEleven, and Carrick Capital Partners. The post appeared first on SecurityWeek .
by Ionut Arghire / 8h
The US seeks information on the leader of Emennet Pasargad, Mohammad Bagher Shirinkar, and long-time employee Fatemeh Sedighian Kashi. The post appeared first on SecurityWeek .
by Eduard Kovacs / 9h
Proofpoint said Hornetsecurity brings in nearly $200 million in annual recurring revenue, with a 20% year-over-year growth rate. The post appeared first on SecurityWeek .
by Ionut Arghire / 9h
The botnet attempts to steal credentials from infected TBK DVR devices, in addition to abusing them to launch DDoS attacks. The post appeared first on SecurityWeek .
by Ionut Arghire / 10h
The Italian startup will use the investment to build proprietary AI models, accelerate global expansion, and hire new talent. The post appeared first on SecurityWeek .
Yesterday
by Eduard Kovacs / 11h
Vitas, the largest for-profit hospice chain in the United States, discovered a cybersecurity intrusion in October. The post appeared first on SecurityWeek .
by Ionut Arghire / 1d
Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations. The post appeared first on SecurityWeek .
by Kevin Townsend / 1d
From a basement computer lab to the C-Suite: How Keith McCammon built his career and Red Canary with zero formal training. The post appeared first on SecurityWeek .
The cybersecurity startup will use the investment to accelerate product development and fuel global expansion. The post appeared first on SecurityWeek .
by Eduard Kovacs / 1d
Tri-Century Eye Care was targeted recently by the Pear ransomware group, which claimed to have stolen over 3 Tb of data. The post appeared first on SecurityWeek .
by Ionut Arghire / 1d
Ransomware payments reached the highest level in 2023, at $1.1 billion paid in 1,512 reported incidents. The post appeared first on SecurityWeek .
by Ionut Arghire / 1d
The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. The post appeared first on SecurityWeek .
Dec 7, 2025
by Eduard Kovacs / 1d
An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post appeared first on SecurityWeek .
Dec 5, 2025
by SecurityWeek News / 4d
Other noteworthy stories that might have slipped under the radar: Akamai patches HTTP smuggling vulnerability, Claude Skills used to execute ransomware, PickleScan flaws. The post appeared first on SecurityWeek .
The critical React vulnerability has been exploited in the wild by Chinese and other threat actors. The post appeared first on SecurityWeek .
The cybersecurity startup detects impersonation risk in real-time, across video, phone, and chat communication. The post appeared first on SecurityWeek .
by Ionut Arghire / 4d
Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations. The post appeared first on SecurityWeek .
The startup will invest in expanding its engineering and research teams, deepening product integrations, and scaling go-to-market efforts. The post appeared first on SecurityWeek .
2 TTPs
by Eduard Kovacs / 4d
Cloudflare recently mitigated a new record-breaking Aisuru attack that peaked at 14.1 Bpps. The post appeared first on SecurityWeek .
Dec 4, 2025
by Ionut Arghire / 4d
Helmet Security has built an end-to-end platform that secures the infrastructure for agentic AI communication. The post appeared first on SecurityWeek .
AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post appeared first on SecurityWeek .
The Ministry of Communications on had asked smartphone makers to install the government’s “Sanchar Saathi” app within 90 days and to prevent users from disabling it. The post appeared first on SecurityWeek .
by Eduard Kovacs / 5d
Significant cybersecurity M&A deals announced by Arctic Wolf, Bugcrowd, Huntress, Palo Alto Networks, and Zscaler. The post appeared first on SecurityWeek .
by Mike Lennon / 5d
Established in 2024 by Cybereason co-founders Lior Div and Yonatan Striem-Amit, the company has raised a total of $166 million in funding. The post appeared first on SecurityWeek .
by Ionut Arghire / 5d
Hackers stole the names, addresses, Social Security numbers, and financial and medical information of 9,542 people. The post appeared first on SecurityWeek .
The state-sponsored hackers relied on phishing emails to deliver a malicious payload to Reporters Without Borders (RSF). The post appeared first on SecurityWeek .
The 25-page document outlines four principles for securely integrating AI with operational technology. The post appeared first on SecurityWeek .
Freedom Mobile says hackers stole customers’ personal information from its account management platform. The post appeared first on SecurityWeek .
The compromised personal and financial information includes names, addresses, Social Security numbers, and card numbers. The post appeared first on SecurityWeek .
A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post appeared first on SecurityWeek .
Dec 3, 2025
by Ionut Arghire / 6d
The startup will invest the funds in accelerating development of its second-generation fully homomorphic encryption (FHE) platforms. The post appeared first on SecurityWeek .
A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post appeared first on SecurityWeek .
Arizona is the latest state to sue Temu and its parent company PDD Holdings over allegations that the Chinese online retailer is stealing customers’ data. The post appeared first on SecurityWeek .
by Eduard Kovacs / 6d
Veza Security was recently valued at more than $800 million after raising $108 million in Series D funding. The post appeared first on SecurityWeek .
The University of Pennsylvania and the University of Phoenix confirm that they are victims of the recent Oracle EBS hacking campaign. The post appeared first on SecurityWeek .
AWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event. The post appeared first on SecurityWeek .
by Ionut Arghire / 6d
Windows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post appeared first on SecurityWeek .
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.