Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-10 07:00 PST
- New Spiderman phishing service targets dozens of European banks
BleepingComputer • 2025-12-10 06:53 • www.bleepingcomputer.com
A new phishing kit called Spiderman is being used to target customers of dozens of European banks and cryptocurrency holders with pixel-perfect cloned sites impersonating brands and organizations. […]
https://www.bleepingcomputer.com/news/security/new-spiderman-phishing-service-targets-dozens-of-european-banks/ - Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
The Hacker News • 2025-12-10 05:32 • thehackernews.com
Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker to serious risks.
The flaws impact PCIe Base Specification Revision 5.0 and onwards in the protocol mechanism introduced by the IDE Engineering Change Notice (ECN), according to the PCI Special
https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html - Ukrainian hacker charged with helping Russian hacktivist groups
BleepingComputer • 2025-12-10 04:26 • www.bleepingcomputer.com
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. […]
https://www.bleepingcomputer.com/news/security/ukrainian-hacker-charged-with-helping-russian-hacktivist-groups/ - FBI Warns of Fake Video Scams
Schneier on Security • 2025-12-10 04:05 • www.schneier.comThe FBI is warning of AI-assisted fake kidnapping scams:
Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence towards the loved one if the ransom is not paid immediately. The criminal actor will then send what appears to be a genuine photo or video of the victim’s loved one, which upon close inspection often reveals inaccurac…
https://www.schneier.com/blog/archives/2025/12/fbi-warns-of-fake-video-scams.html - Four years later, Irish health service offers €750 to victims of ransomware attack
Graham Cluley • 2025-12-10 04:00 • www.bitdefender.com
Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021? Four years on, and it seems victims who had their data exposed will finally receive compensation.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/four-years-later-irish-health-service-offers-eu750-to-victims-of-ransomware-attack - Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
The Hacker News • 2025-12-10 03:54 • thehackernews.com
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code.
Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world.
Next week, the Cortex Cloud team at Palo Alto Networks
https://thehackernews.com/2025/12/webinar-how-attackers-exploit-cloud.html - Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
The Hacker News • 2025-12-10 03:54 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation
https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
