Latest Internet & Cybersecurity News
Trend Micro Honors Global Cybersecurity Leaders with 2025 Awards
Trend Micro announced recipients of its 2025 Global Customer Awards, celebrating top organizations for innovation and leadership in cybersecurity. The awards highlight collaboration, AI-driven defense strategies, and cyber resilience practices globally, underscoring cybersecurity as a business growth enabler beyond mere protection.
Alarming Spyware 'Aladdin' Infects Devices via Malicious Ads Without Clicking
Intellexa developed 'Aladdin,' a spyware infection method activating merely by viewing a malicious ad, using fake ad networks to evade detection across multiple countries. This covert tactic complicates defense and raises concerns over widespread espionage attempts fueled by AI and browser vulnerabilities.
Critical React2Shell Vulnerability Exploited Globally, Prompting Emergency Measures
The React2Shell vulnerability (CVE-2025-55182) in React Server Components enables remote code execution through crafted HTTP requests. Rapid exploitation cases—affecting millions of services including Next.js—have led to CISA adding it to their Emergency KEV catalog, demanding patching by December 26, 2025. Attackers deploy tools like Cobalt Strike, with confirmed compromises in over 30 organizations.
Major Data Breaches Impact Millions Across Banking, Legal, Healthcare, and Retail Sectors
Ransomware and unauthorized access incidents affected Marquis Software Solutions (780,000+ customers), Persante Health Care, law firm DMC (54,000+ PHI exposures), and South Korea’s Coupang (nearly 34 million customers). These breaches involved theft of personal data such as Social Security numbers and health records, alarming industries worldwide.
Microsoft Releases Patch for 56 Vulnerabilities Including Actively Exploited Zero-Day
Microsoft patched 56 flaws, three critical, including CVE-2025-62221—actively exploited to escalate privileges and achieve domain control. CISA mandates federal patching by December 30, 2025. Additional command injection flaws affect PowerShell and GitHub Copilot, posing risks of unauthorized code execution and persistence.
Ransomware Groups Announce Alliances Amid Internal Exposures and Rivalries
Ransomware-as-a-Service (RaaS) ecosystems witnessed new alliances announced among groups like Stormous, Devman, and Nova, although some collaborations remain unconfirmed. Internal leaks exposing Nova’s staff and infrastructure reflect tension within criminal groups and highlight the evolving complexity of ransomware operations.
Splunk Enterprise Vulnerabilities Raise Data Security Concerns
Two critical vulnerabilities (CVE-2025-20386 and CVE-2025-20387) discovered in Splunk Enterprise may expose sensitive data or allow unauthorized access. Security experts advise affected users to apply patches and review access controls to mitigate potential breaches.
Critical Vulnerabilities Identified in Multiple Fortinet Products
Fortinet disclosed several critical flaws including CVE-2025-59718 impacting FortiCloud SSO login, enabling authentication bypass. The vulnerabilities pose significant risks to network security, urging immediate updates to affected devices and platforms.
Explosive Spread of React2Shell Exploits Hits Smart Homes Globally
Nearly 29,000 IPs with smart home services remain vulnerable to React2Shell exploits as threat actors scan and attack exposed devices. This growth in smart home attacks reveals the increasing convergence of IoT risks with web application security flaws.
UK NCSC Warns of Large-Scale Breach Risks from AI Vulnerability Misunderstanding
The UK National Cyber Security Centre (NCSC) issued an alert about misconceptions around generative AI vulnerabilities, which could lead to broad cyber breaches if unaddressed. Experts stress the need for clear understanding and mitigation strategies to prevent exploitation of emergent AI-related security flaws.