‘ShadyPanda’ Hackers Weaponize Millions of Browsers – Dark Reading
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. – Read More
December 2025
Critical React Flaw Triggers Calls for Immediate Action – Dark Reading
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers. – Read More
Arizona AG Sues Temu Over ‘Stealing’ User Data – Dark Reading
The suit alleges the Chinese retailer’s app secretly accesses and harvests users’ sensitive information without their knowledge or consent. – Read More
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution – The Hacker News
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS…
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation – The Hacker News
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS…
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts – The Hacker News
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a…
Jus Mundi partners with the London Court of International Arbitration – Legal IT Insider
Jus Mundi, the AI-powered global arbitration intelligence platform, and the London Court of International Arbitration (LCIA), one of the world’s most respected arbitral institutions, today (3 December) announced a strategic…
Hybrid 2FA phishing kits are making attacks harder to detect – CSO Online
Some 2FA-phishing attacks are becoming significantly harder to spot as threat actors blend two previously distinct phishing-as-a-service (PhaaS) kits: Salty2FA and Tycoon2FA, into a single hybrid strain. Researchers at Any.Run…
[Dark Reading Virtual Event] Cybersecurity Outlook 2026 – Dark Reading
Post Content – Read More
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud – The Hacker News
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate…
Get poetic in prompts and AI will break its guardrails – CSO Online
Poetry can be a perplexing art form for humans to decipher at times, and apparently AI is being tripped up by it too. Researchers from Icaro Lab (part of the…
The Ransomware Holiday Bind: Burnout or Be Vulnerable – Dark Reading
Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag. – Read More
Neue bösartige Browser-Erweiterungen entdeckt – CSO Online
Cyberangreifer nutzen Chrome- und Edge-Add-ons zur Datenerfassung, Suchmanipulation und als Backdoor. Ascannio – shutterstock.com Forscher des Security-Anbieters Koi haben eine Cyberbande namens „ShadyPanda“ dabei ertappt, wie sie vertrauenswürdige Browser-Erweiterungen für…
Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar – The Hacker News
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a “Prince” in a distant country? Those days are over. Today, a 16-year-old with zero…
ILFM Autumn Conference: The Future of Client Money – Legal Futures
As the legal sector continues to evolve and, no doubt, with changes for the SRA and other regulators over the next few months, the role of finance professionals remains absolutely…