Latest Internet & Cybersecurity News
'Gentlemen' ransomware campaign spreads across 17+ countries
Security researchers report a new ransomware family called 'Gentlemen' has been observed striking manufacturing, construction, and healthcare targets in at least 17 countries, causing data extortion and service disruption; researchers warn of rapid global spread and targeted extortion tactics.
Windows RasMan zero‑day actively exploited in ransomware intrusions
Researchers observed threat actors exploiting a Windows RasMan zero‑day to escalate privileges and move laterally in enterprise networks, enabling subsequent ransomware deployment and data theft; organizations are urged to prioritize mitigations and patch when Microsoft updates are available.
Google issues emergency Chrome update for latest exploited zero‑day
Google pushed an emergency Chrome update addressing another in-the-wild exploited zero‑day — the company's eighth exploited Chrome zero‑day this year — highlighting browsers as an immediate vector for token and cookie theft.
Comcast vendor breach claim attributed to 'Space Bears' mirrors supply‑chain pattern
Attackers claiming to be the 'Space Bears' allege access to Comcast data via a compromised vendor (Quasar Inc.), illustrating ongoing supply‑chain risks where small partner compromises enable pivots into larger enterprises; the claim remained unverified but prompted heightened vendor-access reviews.
Mass-email provider breach in Thailand exploited weak OTP controls
Thailand's PDPC investigated a November incident where a mass-email service was compromised and used to send phishing to over 1 million users after attackers brute‑forced long‑lived OTPs without rate limits, prompting regulatory guidance rather than penalties.
AI‑powered remote IT worker scams surge, automating social engineering
The World Economic Forum analysis and reporting show adversaries increasingly use AI to automate remote IT‑worker impersonation and support‑scam workflows, magnifying success rates and scale of business-targeted scams.
Anthropic incident prompts U.S. congressional scrutiny of adversarial AI in cyber operations
Reports that Chinese-linked groups used automated AI tools (e.g., Claude Code) to orchestrate cyberattacks have led to planned hearings by the House Homeland Security Committee to examine AI's role in enabling large-scale automated cyber operations.
China's Cybersecurity Incident Reporting Measures come into effect
New Chinese rules for cybersecurity incident reporting entered into force, imposing updated obligations on incident disclosure and cooperation with authorities as part of Beijing's tightened cyber governance regime.
Germany's NIS2 implementing law takes effect, raising cyber rules for essential entities
Germany enacted national implementing legislation for the EU's NIS2 directive on 6 December 2025, expanding security, incident‑reporting, and governance requirements for essential and important entities across sectors.
PDVSA cyber incident highlights energy-sector operational risks
A December 13 cyberattack targeting Venezuela's state oil company PDVSA prompted containment and infrastructure response actions, illustrating persistent threats to energy-sector operational technology and national critical infrastructure.
Black Hat Europe: AI security and cloud/AI hacking competitions spotlighted
Black Hat Europe 2025 concluded with keynotes and summits emphasizing adversarial AI, cloud security, and AI-driven defenses, alongside industry competitions such as Wiz's ZeroDay Cloud event that highlighted attacker/defender dynamics.
Holiday fraud and consumer phishing advisories from U.S. Treasury
The U.S. Treasury's Office of Cybersecurity and Critical Infrastructure Protection issued its annual consumer advisory warning of heightened holiday scams and advising consumers about common fraud and phishing tactics during seasonal shopping periods.
Vitas Healthcare confirms breach affecting over 300,000 individuals
Vitas Healthcare disclosed a breach impacting more than 300,000 people; Microsoft December patches addressed 57 vulnerabilities including three zero‑days, underscoring the tight window between disclosure and exploit availability.
New ransomware/extortion groups target education and credential services during breaks
Past trends and reporting note that attackers often exploit holiday breaks to target schools and edtech providers (e.g., PowerSchool incidents), with recent advisories warning districts to maintain monitoring and patching over holiday periods.