Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-05 12:00 PST
- Barts Health NHS discloses data breach after Oracle zero-day hack
BleepingComputer • 2025-12-05 10:55 • www.bleepingcomputer.com
Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. […]
https://www.bleepingcomputer.com/news/security/barts-health-nhs-discloses-data-breach-after-oracle-zero-day-hack/ - Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
The Hacker News • 2025-12-05 09:53 • thehackernews.com
A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google Drive contents, findings from Straiker STAR Labs show.
The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them
https://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.html - FBI warns of virtual kidnapping scams using altered social media photos
BleepingComputer • 2025-12-05 08:37 • www.bleepingcomputer.com
The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. […]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-virtual-kidnapping-ransom-scams-using-altered-social-media-photos/ - Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
The Hacker News • 2025-12-05 08:23 • thehackernews.com
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.
The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity.
“Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an
https://thehackernews.com/2025/12/critical-xxe-bug-cve-2025-66516-cvss.html - A Practical Guide to Continuous Attack Surface Visibility
BleepingComputer • 2025-12-05 07:00 • www.bleepingcomputer.com
Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface visibility. […]
https://www.bleepingcomputer.com/news/security/a-practical-guide-to-continuous-attack-surface-visibility/ - EU fines X $140 million over deceptive blue checkmarks
BleepingComputer • 2025-12-05 06:41 • www.bleepingcomputer.com
The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). […]
https://www.bleepingcomputer.com/news/security/eu-fines-x-140-million-over-deceptive-blue-checkmarks-transparency-violations/ - Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
The Hacker News • 2025-12-05 06:10 • thehackernews.com
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.
The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1.
According
https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
