Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-09 12:00 PST
- Microsoft releases Windows 10 KB5071546 extended security update
BleepingComputer • 2025-12-09 11:54 • www.bleepingcomputer.com
Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/ - Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
BleepingComputer • 2025-12-09 10:38 • www.bleepingcomputer.com
Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/ - Fortinet warns of critical FortiCloud SSO login auth bypass flaws
BleepingComputer • 2025-12-09 10:36 • www.bleepingcomputer.com
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. […]
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/ - Windows 11 KB5072033 & KB5071417 cumulative updates released
BleepingComputer • 2025-12-09 10:31 • www.bleepingcomputer.com
Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/ - North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
The Hacker News • 2025-12-09 10:25 • thehackernews.com
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.
“EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and
https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html - Ivanti warns of critical Endpoint Manager code execution flaw
BleepingComputer • 2025-12-09 09:10 • www.bleepingcomputer.com
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. […]
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-endpoint-manager-code-execution-flaw/ - Maintaining enterprise IT hygiene using Wazuh SIEM/XDR
BleepingComputer • 2025-12-09 09:09 • www.bleepingcomputer.com
Poor IT hygiene, such as unused accounts, outdated software, and risky extensions, creates hidden exposure in your infrastructure. Wazuh, the open-source XDR and SIEM, shows how continuous inventory monitoring across endpoints helps teams spot drift and tighten security. […]
https://www.bleepingcomputer.com/news/security/maintaining-enterprise-it-hygiene-using-wazuh-siem-xdr/ - Spain arrests teen who stole 64 million personal data records
BleepingComputer • 2025-12-09 08:57 • www.bleepingcomputer.com
The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. […]
https://www.bleepingcomputer.com/news/security/spain-arrests-teen-who-stole-64-million-personal-data-records/ - California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
Graham Cluley • 2025-12-09 08:13 • www.bitdefender.com
When you spend half a million dollars in a single night at a nightclub, purchase exotic cars worth millions, and rent mansions under false names, you are risking drawing attention to yourself…Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/california-man-admits-role-in-263-million-cryptocurrency-theft-that-funded-lavish-lifestyle - Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
The Hacker News • 2025-12-09 08:01 • thehackernews.com
Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model.
The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150.
https://thehackernews.com/2025/12/four-threat-clusters-using-castleloader.html - North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
BleepingComputer • 2025-12-09 07:43 • www.bleepingcomputer.com
A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. […]
https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-react2shell-flaw-in-etherrat-malware-attacks/ - The AI Fix #80: DeepSeek’s cheap GPT-5 rival, Antigravity fails, and your LLM likes it when you’re rude
Graham Cluley • 2025-12-09 07:30 • grahamcluley.com
In episode 80 of The AI Fix, your hosts look at DeepSeek 3.2 “Speciale”, the bargain-basement model that claims GPT-5-level brains at 10% of the price, Jensen Huang’s reassuring vision of a robot fashion industry, and a 75kg T-800 style humanoid that can do flying kicks because robot-marketing departments have clearly learned nothing from Terminator.Meanwhile in Miami, flesh-coloured robot dogs with hyper-realistic billionaire heads wander around pooping NFT “excrement samples” out of their rear ends.
Plus – Graham tells a cautionary tale of Google’s Antigravity IDE enthusiastically “cle…
https://grahamcluley.com/the-ai-fix-80/ - Ransomware IAB abuses EDR for stealthy malware execution
BleepingComputer • 2025-12-09 07:24 • www.bleepingcomputer.com
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. […]
https://www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
