JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability
JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability Pierluigi Paganini December 05, 2025 Array Networks AG gateways have...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
M365 customers should explore alternatives, plan to dicker as prices hikes loom — analysts
There are now more than 430 million commercial M365 users globally, Microsoft said during an earnings call earlier this year. ...
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
Dec 05, 2025Ravie LakshmananEmail Security / Threat Research A new agentic browser attack targeting Perplexity's Comet browser that's capable of...
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
Dec 05, 2025Ravie LakshmananApplication Security / Vulnerability A critical security flaw has been disclosed in Apache Tika that could result...
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Dec 05, 2025Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing the newly...
CrowdStrike Identifies New China-Nexus Espionage Actor
Image: Adobe Stock A newly identified China-nexus cyber adversary, tracked by CrowdStrike as WARP PANDA, has emerged as one of...
Google Rolls Out Chrome 143 Update for Billions Worldwide
Source: Zulfugar Karimov/Unsplash Billions of Chrome users are getting a crucial safety upgrade before the year ends. Google has begun...
Sharpening the knife: GOLD BLADE’s strategic evolution
Between February 2024 and August 2025, Sophos analysts investigated nearly 40 intrusions related to STAC6565, a campaign the analysts assess...
OpenAI prompts AI models to ‘confess’ when they cheat
OpenAI trained a version of GPT-5 Thinking to produce the confessions and tested the technique on stress-test datasets designed to...
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions Pierluigi Paganini December 05, 2025 CISA details BRICKSTORM, a China-linked backdoor...
Weekly Update 481
05 December 2025 Twelve years (and one day) since launching Have I Been Pwned, it's now a service that Charlotte...
ShadyPanda Takes its Time to Weaponize Legitimate Extensions
ShadyPanda has been playing the long game. Over the last seven years, the group has been uploading malicious extensions on...
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the...
“Getting to Yes”: An Anti-Sales Guide for MSPs
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in...
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been...
