Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-19 02:00 PST
- FTC: Instacart to refund $60M over deceptive subscription tactics
BleepingComputer • 2025-12-19 01:19 • www.bleepingcomputer.com
Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. […]
https://www.bleepingcomputer.com/news/legal/instacart-to-refund-60m-over-deceptive-subscription-tactics/ - New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
The Hacker News • 2025-12-19 00:25 • thehackernews.com
Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input–output memory management unit (IOMMU).
UEFI and IOMMU are designed to enforce a security
https://thehackernews.com/2025/12/new-uefi-flaw-enables-early-boot-dma.html - Yet another DCOM object for lateral movement
Securelist • 2025-12-19 00:00 • securelist.com
Kaspersky expert describes how DCOM interfaces can be abused to load malicious DLLs into memory using the Windows Registry and Control Panel.
https://securelist.com/lateral-movement-via-dcom-abusing-control-panel/118232/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
