Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-04 16:00 PST
- Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
BleepingComputer • 2025-12-04 15:05 • www.bleepingcomputer.com
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. […]
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/ - SMS Phishers Pivot to Points, Taxes, Fake Retailers
KrebsOnSecurity • 2025-12-04 15:02 • krebsonsecurity.com
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points.
https://krebsonsecurity.com/2025/12/sms-phishers-pivot-to-points-taxes-fake-retailers/ - NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices
BleepingComputer • 2025-12-04 14:21 • www.bleepingcomputer.com
The UK’s National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment. […]
https://www.bleepingcomputer.com/news/security/ncscs-proactive-notifications-warns-orgs-of-flaws-in-exposed-devices/ - Predator spyware uses new infection vector for zero-click attacks
BleepingComputer • 2025-12-04 12:47 • www.bleepingcomputer.com
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed “Aladdin” that compromised specific targets when simply viewing a malicious advertisement. […]
https://www.bleepingcomputer.com/news/security/predator-spyware-uses-new-infection-vector-for-zero-click-attacks/ - Russia blocks FaceTime and Snapchat for alleged use by terrorists
BleepingComputer • 2025-12-04 11:12 • www.bleepingcomputer.com
Russian telecommunications watchdog Roskomnadzor has blocked access to Apple’s FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they’re being used to coordinate terrorist attacks. […]
https://www.bleepingcomputer.com/news/security/russia-blocks-facetime-and-snapchat-over-use-in-terrorist-attacks/ - CISA warns of Chinese "BrickStorm" malware attacks on VMware servers
BleepingComputer • 2025-12-04 10:19 • www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. […]
https://www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
