Latest Internet & Cybersecurity News
Chrome Zero-Day Exploited in the Wild
Attackers are actively exploiting a Chrome zero-day vulnerability, affecting millions of users worldwide. This flaw allows remote code execution and has been confirmed in real-world attacks. Urgent updates are recommended to mitigate risks.
Windows Defender Firewall Service Vulnerability CVE-2025-62468
A flaw in Windows Defender Firewall enables local attackers to read protected memory, potentially chaining with other exploits for escalation. Security experts highlight its role in broader attack chains. Patching is essential despite no remote code execution.
WinRAR Zero-Day CVE-2025-6218 Added to CISA Known Exploited List
U.S. CISA lists WinRAR path traversal vulnerability for active exploitation, allowing remote code execution via malicious RAR files. Users must update immediately to prevent compromise. This affects developers and businesses handling archives.
Rhysida Data Breach Incident on December 13, 2025
Unauthorized actors compromised Rhysida’s systems, potentially exposing sensitive personal information. The breach underscores vulnerabilities in data handling practices. Affected parties should monitor for identity theft and contact legal support.
Massive Coupang Cyberattack Exposes 33.7 Million Customers
South Korea's top retailer Coupang suffered a breach leaking names, emails, phones, and partial financial data. Attackers exploited weak access controls and unpatched systems. This enables phishing and account hijacking risks.
Apple Patches Two Zero-Day Vulnerabilities in iPhone and iPad
Apple confirmed active exploitation of zero-days in targeted attacks on iOS devices. Critical patches address remote code execution flaws. Users should update immediately to protect against surveillance and data theft.
Microsoft December 2025 Patch Tuesday Fixes 57 Vulnerabilities
Microsoft addressed critical Windows and Office flaws enabling remote code execution, plus macOS and Web Deploy exploits. Swift patching is crucial amid rising attacks. Emerging threats highlight patch urgency.
UK Sanctions Chinese Tech Firms for Cyberattacks
UK Foreign Office sanctioned two China-based companies for reckless cyberattacks. This joins efforts against hybrid threats via UK-EU partnerships. Enhanced cooperation targets pan-European responses.
US Indicts Ukrainian for Russian-Sponsored Cyberattacks
Justice Department charged Victoria Dubranova for global intrusions supporting Russia's interests, targeting critical infrastructure. Actions combat state-sponsored hacking groups. International cooperation is key.
APT-C-53 (Gamaredon) Phishing via CVE-2025-8088
Russian-linked Gamaredon group uses CVE-2025-8088 for phishing attacks. Reports from 360 Threat Intelligence detail the campaign's tactics. Organizations face heightened risks from weaponized flaws.
Silver Fox APT Uses False Flags in Microsoft Teams Attack on China
Chinese APT Silver Fox impersonates Russians with Cyrillic false flags in SEO poisoning via Microsoft Teams. Targets Chinese organizations for ValleyRAT deployment. Attribution challenges persist.
OWASP Ranks Top Agentic AI App Risks; CISA Lists Dangerous Flaws
OWASP highlights agentic AI risks like self-compromise via CVE-2025-67511. CISA notes top exploited vulns with high CVSS scores. AI amplifies espionage by groups like APT29.