Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-11 12:00 PST
- React2Shell flaw (CVE-2025-55182) exploited for remote code execution
Sophos Threat Research • 2025-12-11 10:07 • news.sophos.com
The availability of exploit code will likely lead to more widespread opportunistic attacks
https://news.sophos.com/en-us/2025/12/11/react2shell-flaw-cve-2025-55182-exploited-for-remote-code-execution/ - UK fines LastPass over 2022 data breach impacting 1.6 million users
BleepingComputer • 2025-12-11 09:09 • www.bleepingcomputer.com
The UK Information Commissioner’s Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. […]
https://www.bleepingcomputer.com/news/security/uk-fines-lastpass-over-2022-data-breach-impacting-16-million-users/ - AIs Exploiting Smart Contracts
Schneier on Security • 2025-12-11 09:06 • www.schneier.comI have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature.
Here’s some interesting research on training AIs to automatically exploit smart contracts:
AI models are increasingly good at cyber tasks, as we’ve written about before. But what is the economic impact of these capabilities? In a recent MATS and Anthropic Fellows proj…
https://www.schneier.com/blog/archives/2025/12/ais-exploiting-smart-contracts.html - Microsoft bounty program now includes any flaw impacting its services
BleepingComputer • 2025-12-11 08:00 • www.bleepingcomputer.com
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-bounty-program-now-includes-any-flaw-impacting-its-services/ - New ConsentFix attack hijacks Microsoft accounts via Azure CLI
BleepingComputer • 2025-12-11 07:10 • www.bleepingcomputer.com
A new variation of the ClickFix attack dubbed ‘ConsentFix’ abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. […]
https://www.bleepingcomputer.com/news/security/new-consentfix-attack-hijacks-microsoft-accounts-via-azure-cli/ - AI is accelerating cyberattacks. Is your network prepared?
BleepingComputer • 2025-12-11 07:05 • www.bleepingcomputer.com
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. […]
https://www.bleepingcomputer.com/news/security/ai-is-accelerating-cyberattacks-is-your-network-prepared/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
