Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for RSF Cyberattack Link ...

 Cyber News

Reporters Without Borders (RSF) has determined that a phishing operation targeting the organization in early 2025 was carried out by a group associated with Russia’s Federal Security Service (FSB). The RSF cyberattack conclusion follows a months-long technical investigation conducted with the support of French   show more ...

cybersecurity firm Sekoia.   According to RSF, the attempted RSF cyberattack was first identified in March 2025 when an employee received a message written in French that appeared to come from a trusted contact. The email requested the recipient to open an attachment that was, in fact, missing, an established phishing technique designed to prompt a reply, allowing attackers to later send infected documents or malicious links.   The Failed RSF Cyberattack When the response from the supposed sender arrived in English instead of French, the inconsistency raised immediate suspicion. The employee reported the exchange to RSF’s cybersecurity team, preventing the RSF cyberattack from progressing.  RSF then sought Sekoia’s assistance to conduct a deeper inquiry. The company later published a detailed account attributing the attack to the group known as Callisto or Calisto, also identified as UNC4057, Star Blizzard, or ColdRiver. Intelligence agencies in the United States, the United Kingdom, New Zealand, and Australia have connected this group to the FSB. Sekoia describes Callisto as an advanced persistent threat capable of maintaining hidden, long-term access to targeted information systems.  Kremlin Pressure and Designation as an “Undesirable Organization”  In its statement, Reporters Without Borders noted that the organization frequently faces digital interference from Russian state services and pro-Kremlin actors. RSF has long been involved in defending press freedom in Russia and supporting journalists fleeing the country, making it a recurring target of Russian-linked operations.  RSF Director of Advocacy and Assistance Antoine Bernard said the March attack was not accidental. “RSF, which defends global press freedom and actively assists Russian journalists fleeing their country, is a regular target of the Kremlin and the constellation surrounding Vladimir Putin’s regime,” he stated. Bernard added that this incident was one of multiple politically motivated operations directed at the organization in recent months. In August 2025, Russian authorities escalated their pressure by officially declaring RSF an “undesirable organization,” exposing anyone connected to it to prison sentences of up to four years under Russian law.  RSF Chief Information Security Officer Nicolas Diaz emphasized ongoing cybersecurity challenges. “In the face of cyberthreats, RSF benefits from cutting-edge technical solutions as well as external expertise capable of detecting and characterizing the cyberoperations that target us,” he explained. Diaz highlighted the need to strengthen cyber defense capabilities and ensure users recognize the subtle warning signs that often precede an attempted intrusion we saw in the RSF cyberattack. Disinformation Campaigns and Broader Press Freedom Concerns  RSF reported that the phishing operation fits into a larger pattern of attempts to undermine its work. In March 2025, the NGO denounced a disinformation campaign that used doctored videos falsely claiming to show statements by RSF leadership. A year earlier, in 2024, RSF filed a complaint against platform X (previously Twitter) after repeated posts containing disinformation against the organization remained unaddressed.   Among the most notable examples was a fabricated BBC-style video alleging that RSF had produced a study accusing Ukrainian soldiers of harboring Nazi sympathies. This false content was later circulated by Russian authorities and amplified by pro-Kremlin influencers.  The organization released its annual press freedom report, stating that Russia currently detains more foreign journalists than any other country. RSF also co-led an investigation into the final weeks of Ukrainian freelance journalist Viktoria Roshchyna, 27, who died in Russian captivity in 2024. According to the report, only Israel and organized crime groups were responsible for more journalist deaths worldwide in 2025. 

image for Microsoft Patch Tues ...

 Cyber News

Microsoft patched 57 vulnerabilities in its Patch Tuesday December 2025 update, including one exploited zero-day and six high-risk vulnerabilities. The exploited zero-day is CVE-2025-62221, a 7.8-rated Use After Free vulnerability in Windows Cloud Files Mini Filter Driver that could allow an authorized attacker to   show more ...

elevate privileges locally and gain SYSTEM privileges. CISA promptly added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft credited its own Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) for the find. Microsoft’s Patch Tuesday December 2025 update also issued fixes for 13 non-Microsoft CVEs; all the non-Microsoft CVEs were for Chromium-based Edge vulnerabilities. Other vendors issuing critical Patch Tuesday updates included Fortinet (CVE-2025-59718 and CVE-2025-59719), Ivanti (CVE-2025-10573) and SAP (CVE-2025-42880, CVE-2025-42928, and Apache Tomcat-related vulnerabilities CVE-2025-55754 and CVE-2025-55752). High-Risk Vulnerabilities Fixed in Patch Tuesday December 2025 Update Microsoft rated six vulnerabilities as “Exploitation More Likely.” The six are all rated 7.8 under CVSS 3.1, and three are Heap-based Buffer Overflow vulnerabilities. The six high-risk vulnerabilities include: CVE-2025-59516, a 7.8-severity Windows Storage VSP Driver Elevation of Privilege vulnerability. The Missing Authentication for Critical Function flaw in Windows Storage VSP Driver could allow an authorized attacker to elevate privileges locally. CVE-2025-59517, also a 7.8-rated Windows Storage VSP Driver Elevation of Privilege vulnerability. Improper access control in Windows Storage VSP Driver could allow an authorized attacker to elevate privileges locally. CVE-2025-62454, a 7.8-rated Windows Cloud Files Mini Filter Driver Elevation of Privilege vulnerability. The Heap-based Buffer Overflow vulnerability in Windows Cloud Files Mini Filter Driver could allow an authorized attacker to elevate privileges locally. CVE-2025-62458, a 7.8-severity Win32k Elevation of Privilege vulnerability. The Heap-based Buffer Overflow vulnerability in Windows Win32K - GRFX could allow an authorized attacker to elevate privileges locally. CVE-2025-62470, a 7.8-rated Windows Common Log File System Driver Elevation of Privilege vulnerability. The Heap-based Buffer Overflow vulnerability in the Windows CLFS Driver could allow local privilege elevation by an authorized attacker. CVE-2025-62472, a 7.8-severity Windows Remote Access Connection Manager Elevation of Privilege vulnerability. The use of uninitialized resource flaw in Windows Remote Access Connection Manager could allow an authorized attacker to elevate privileges locally. High-Severity Office, Copilot, SharePoint Vulnerabilities also Fixed The highest-rated vulnerabilities in the December 2025 Patch Tuesday update were rated 8.8, and there were three 8.4-severity vulnerabilities too. All were rated as being at lower risk of exploitation by Microsoft. The four 8.8-rated vulnerabilities include: CVE-2025-62549, a Windows Routing and Remote Access Service (RRAS) Remote Code Execution vulnerability CVE-2025-62550, an Azure Monitor Agent Remote Code Execution vulnerability CVE-2025-62456, a Windows Resilient File System (ReFS) Remote Code Execution vulnerability CVE-2025-64672, a Microsoft SharePoint Server Spoofing vulnerability The three 8.4-severity vulnerabilities include: CVE-2025-64671, a GitHub Copilot for Jetbrains Remote Code Execution vulnerability CVE-2025-62557, a Microsoft Office Remote Code Execution/Use After Free vulnerability CVE-2025-62554, a Microsoft Office Remote Code Execution/Type Confusion vulnerability

image for Rise in Device-Drive ...

 Cyber News

Recent data released by the National Crime Records Bureau (NCRB) paints a troubling picture of the rapid rise in cybercrime in India, particularly cases executed through mobile phones and computers.   The NCRB report notes that India recorded over 52,000 cybercrime incidents in 2021, a number that escalated to more   show more ...

than 86,000 by 2023. The Minister of State for Home Affairs, Bandi Sanjay Kumar, shared these figures in a written reply in the Rajya Sabha.  Regional Trends Show Sharp Contrasts Across Northern India  Haryana recorded 751 cybercrime cases in 2023, making it the highest among northern states, followed by Himachal Pradesh with 127 cases, a major jump from just 77 the previous year. Punjab, however, reported a decline, registering 511 cases in 2023 compared to 697 in 2022.  Among northern Union Territories, Delhi led with 407 cases, followed by Jammu & Kashmir with 185 and Chandigarh with 23. To strengthen cyber forensic capabilities, the Ministry of Home Affairs provided support to 20 states and UTs under the Nirbhaya-funded scheme. Punjab received ₹7.98 crore from 2018–19, while Himachal Pradesh received ₹7.29 crore.  Ransomware Surge Places India and Asia-Pacific in a High-Risk Zone  Beyond NCRB’s findings, rising digital threats in the Asia-Pacific region further illustrate the scale of cybercrime in India and neighboring countries. Cyble’s Monthly Threat Landscape Report: July 2025 reveals that India remains a priority target for ransomware groups. The Warlock ransomware group breached an India-based manufacturing firm, exfiltrating HR files, financial records, design archives, and internal repositories.   Additional leaks on dark web forums exposed stolen data from two Indian companies, a technology consulting firm and a subscription-based SaaS platform.  Unauthorized access to an Indian telecom network was also put up for sale for US$35,000, including credentials, CLI access, and operational network details. Regionally, Thailand, Japan, and Singapore each recorded six ransomware victims, with India and the Philippines close behind. The manufacturing, government, and critical infrastructure sectors faced the brunt of attacks. Meanwhile, South Asia witnessed hacktivist activity, with the pro-India Team Pelican Hackers claiming breaches of major Pakistani research and academic institutions.  Globally, July 2025 saw 423 ransomware victims, with the U.S. accounting for 223. Qilin ransomware topped global activity with 73 victims, followed by INC Ransom with 59. Cyble’s sensors also detected more than 1,000 daily attacks on U.S. industrial control systems, while the UK, Vietnam, China, Singapore, and Hong Kong recorded high targeting levels. A booming market for zero-day exploits added to the risk landscape, with vulnerabilities in WinRAR and leading VPN platforms being sold for USD $80,000 to 1 BTC.  Insights from 2024 Call for Urgency of Cyber Preparedness  Insights from the India Threat Landscape Report 2024 add critical context to the rising threat levels highlighted by the National Crime Records Bureau (NCRB). In the first half of 2024 alone, India recorded 593 cyberattacks, 388 data breaches, 107 data leaks, and 39 ransomware incidents, highlighting the need for stronger threat intelligence across tactical, operational, strategic, and technical layers.  Combined with Cyble’s observations on escalating ransomware activity, dark web exposure, and exploit markets, cybercrime in India is becoming the next big thing and demands a coordinated, intelligence-driven response.  Organizations seeking to stay protected from these threats can benefit from Cyble’s AI-powered threat intelligence ecosystem and autonomous security capabilities. Explore Cyble’s platform, experience Blaze AI, or schedule a free demo to strengthen your organization’s preparedness against modern-day cyber risks. 

image for CBI Files Chargeshee ...

 Cyber Essentials

India's Central Bureau of Investigation filed a chargesheet against 30 accused including two Chinese nationals who allegedly ran a cyber fraud network that siphoned over ₹1,000 crore (approximately US$112 million) from Indian investors through fake cryptocurrency mining platforms, loan apps, and bogus online job   show more ...

offers during the COVID-19 lockdown period. The HPZ Token Investment Fraud case has exposed a well-coordinated transnational criminal syndicate that exploited India's emerging payment aggregation systems to launder proceeds at unprecedented speed through multiple shell companies before converting funds to cryptocurrency and transferring them overseas. The fraud began when Shigoo Technology Pvt. Ltd., an entity owned and controlled by Chinese nationals, launched a fake mobile application titled "HPZ Tokens" claiming investments would be used for cryptocurrency mining yielding very high returns. Within just three months, crores were collected and diverted by fraudsters targeting vulnerable investors during pandemic lockdowns. Chinese Nationals Directed Shell Company Network Wan Jun served as director of Jilian Consultants India Private Limited, a subsidiary of Chinese entity Jilian Consultants. With help from accomplice Dortse, Wan Jun successfully created several shell companies including Shigoo Technologies that became conduits to collect and launder proceeds from major organized cyber frauds. The second Chinese national charged, Li Anming, played key roles directing operations alongside Wan Jun. CBI investigation revealed these frauds were connected and controlled by a single organized criminal syndicate based overseas. Jilian Consultants hired professionals including company secretaries and chartered accountants to create shell companies that helped them run the operation with ease. Money collected was converted into cryptocurrencies before being sent out of the country. Also read: CBI Arrests Fugitive Cybercrime Kingpin, Busts Fifth Illegal Call Center Targeting US Nationals Exploitation of Payment Aggregators The investigation revealed misuse of payment aggregation systems that had just taken off in India at the time of the Covid-19 pandemic. Payment aggregators were providing large collection and money disbursal services using technology to genuine companies, with systems allowing users to access large numbers of bank accounts simultaneously. Fraudsters exploited this well-structured payment infrastructure to launder money at high speed from accounts of one shell company to another. The system also allowed them to partially disburse money back to investors to gain confidence, sustaining the fraud scheme longer. Total money moved from bank accounts of these companies surpassed ₹1,000 crore within just a few months. Ongoing Investigation in Cyber Fraud Network CBI initially arrested six people named Dortse, Rajni Kohli, Sushanta Behra, Abhishek, Mohd Imdhad Husain, and Rajat Jain. The agency has now filed chargesheet against 27 accused persons and three companies, with further investigation continuing against other suspects. The investigation revealed this was not an isolated incident but part of a large cyber crime network responsible for several scams targeting Indian citizens in the post-COVID period using loan apps, fake investment platforms, and bogus online job offers. "The CBI remains steadfast in its unwavering commitment to dismantling these sophisticated cyber fraud networks through relentless operations like Chakra-V," the agency said. The CBI will continue to fortify India's digital economy, protect vulnerable investors, execute targeted arrests, seize assets, and forge international collaborations." Also read: Indo-U.S. Agencies Dismantle Cybercrime Network Targeting U.S. Nationals

image for Russian State-Suppor ...

 Cyber News

The U.S. Department of Justice has unveiled a series of actions against two Russian state-supported cyber collectives, CARR (also known as CyberArmyofRussia_Reborn or CyberArmyofRussia) and NoName057(16), with prosecutors unsealing dual indictments against Ukrainian national Victoria Eduardovna Dubranova, 33.   show more ...

Dubranova, known online as “Vika,” “Tory,” and “SovaSonya,” is accused of participating in destructive campaigns against critical infrastructure worldwide on behalf of Russian geopolitical objectives.  Dubranova was extradited to the United States earlier in 2025 on charges tied to CARR, and she has now been arraigned on a second indictment connected to NoName057(16). She pleaded not guilty in both proceedings. Trial in the NoName057(16) case is scheduled for February 3, 2026, while the CARR case is set for April 7, 2026.  Russian Government Involvement  According to prosecutors, both CARR and NoName057(16) operated with direct or indirect support from Moscow. CARR allegedly received Russian government funding used to acquire cyber tools, including subscriptions to DDoS-for-hire services. NoName057(16) was described as a covert, state-blessed endeavor tied to the Center for the Study and Network Monitoring of the Youth Environment (CISM), an IT organization established in 2018 by presidential order in Russia. Employees of that organization reportedly helped build NoName057(16)’s proprietary DDoS software, known as DDoSia.  [caption id="" align="alignnone" width="2048"] Notification of CARR and Z-Pentest Hackers (Source: Rewards for Justice)[/caption] Assistant Attorney General for National Security John A. Eisenberg said the enforcement effort demonstrates the Department’s commitment “to disrupting malicious Russian cyber activity, whether conducted directly by state actors or their criminal proxies,” emphasizing the need to defend key resources such as food and water systems.  First Assistant U.S. Attorney Bill Essayli warned that state-aligned hacktivist groups, including CARR and NoName057(16), pose serious national security concerns because they enable foreign intelligence services to obscure their involvement by using civilian proxies.  FBI Cyber Division Assistant Director Brett Leatherman stated that the Bureau will continue exposing and pursuing pro-Russia actors, including those with ties to the GRU. EPA Acting Assistant Administrator Craig Pritzlaff added that targeting water systems presents immediate hazards, pledging continued pursuit of individuals who threaten public resources.  Cyber Army of Russia Reborn (CARR / CyberArmyofRussia)  According to the indictments, CARR, also known as Z-Pentest and linked to CyberArmyofRussia, was created, funded, and directed by Russia’s GRU. The group has claimed responsibility for hundreds of global cyberattacks, including intrusions into U.S. critical infrastructure. CARR regularly published evidence of its operations on Telegram, where it amassed more than 75,000 followers and reportedly consisted of over 100 members, some of whom were juveniles.  The group allegedly targeted industrial control systems and carried out widespread DDoS attacks. Victims included public drinking water systems in multiple U.S. states, where operational disruptions led to the release of hundreds of thousands of gallons of drinking water. In November 2024, CARR allegedly attacked a meat processing plant in Los Angeles, causing thousands of pounds of meat to spoil and triggering an ammonia leak. The group also targeted election infrastructure and websites linked to nuclear regulatory bodies.  A figure known as “Cyber_1ce_Killer,” associated with at least one GRU officer, allegedly advised CARR on target selection and financed access to cybercriminal services. Dubranova faces charges including conspiracy to damage protected computers, tampering with public water systems, damaging protected computers, access device fraud, and aggravated identity theft. The statutory maximum penalty is 27 years in federal prison.  NoName057(16)  The indictment describes NoName057(16) as a clandestine project involving CISM personnel and external cyber actors. The group conducted hundreds of DDoS attacks in support of Russian interests, using its proprietary tool DDoSia. Participants worldwide were encouraged to run DDoSia, with rankings published on Telegram and cryptocurrency rewards doled out to top performers.  Targets included government agencies, ports, rail systems, financial institutions, and other high-value operations. For Dubranova, the NoName057(16) indictment carries a single charge of conspiracy to damage protected computers, with a maximum penalty of five years.  The law enforcement actions form part of Operation Red Circus, with coordination from Europol’s Operation Eastwood. In July 2025, investigators across 19 countries disrupted more than 100 servers linked to NoName057(16). Authorities also arrested two members outside Russia, announced charges against five individuals, and conducted searches of two service providers and 22 group members. The FBI also suspended the group’s primary X account.  Rewards and Prior Sanctions  The State Department simultaneously announced rewards of up to $2 million for information on CARR / CyberArmyofRussia members and up to $10 million for intelligence on NoName057(16) actors. A Joint Cybersecurity Advisory released by multiple U.S. agencies warned that Russian-aligned hacktivist groups exploit insecure VNC connections to access critical operational technology devices, a tactic linked to physical damage in several incidents.  Federal action against CARR is longstanding. On July 19, 2024, the Treasury Department sanctioned Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko for cyber operations targeting U.S. infrastructure. Degtyarenko was accused of accessing a SCADA system belonging to a U.S. energy company and developing training materials on exploiting similar systems.  CARR’s attacks escalated in late 2023 and throughout 2024, including manipulations of unsecured industrial systems across water, hydroelectric, wastewater, and energy facilities in the U.S. and Europe. Water utilities in Indiana, New Jersey, and Texas were among the affected sites, with one town forced into manual operations. In January 2024, CARR published a video showing interference with human-machine interfaces at a U.S. water utility. 

image for Australia’s Social ...

 Cyber News

On a cozy December morning, as children in Australia set their bags aside for the holiday season and held their tabs and phones in hand to take that selfie and announce to the world they were all set for the fun to begin, something felt a miss. They couldn't access their Snap Chat and Instagram accounts. No it   show more ...

wasn't another downtime caused by a cyberattack, because they could see their parents lounging on the couch and laughing at the dog dance reels. So why were they not able to? The answer: the ban on social media for children under 16 had officially taken effect. It wasn't just one or 10 or 100 but more than one million young users who woke up locked out of their social media. No TikTok scroll. No Snapchat streak. No YouTube comments. Australia had quietly entered a new era, the world’s first nationwide ban on social media for children under 16, effective December 10. The move has initiated global debate, parental relief, youth frustration, and a broader question: Is this the start of a global shift, or a risky social experiment? Prime Minister Anthony Albanese was clear about why his government took this unparalleled step. “Social media is doing harm to our kids, and I’m calling time on it,” he said during a press conference. “I’ve spoken to thousands of parents… they’re worried sick about the safety of our kids online, and I want Australian families to know that the Government has your back.” Under the Anthony Albanese social media policy, platforms including Instagram, Facebook, X, Snapchat, TikTok, Reddit, Twitch, Kick, Threads and YouTube must block users under 16, or face fines of up to AU$32 million. Parents and children won’t be penalized, but tech companies will. [caption id="attachment_107569" align="aligncenter" width="448"] Source: eSafety Commissioner[/caption] Australia's Ban on Social Media: A Big Question Albanese pointed to rising concerns about the effects of social media on children, from body-image distortion to exposure to inappropriate content and addictive algorithms that tug at young attention spans. [caption id="attachment_107541" align="aligncenter" width="960"] Source: Created using Google Gemini[/caption] Research supports these concerns. A Pew Research Center study found: 48% of teens say social media has a mostly negative effect on people their age, up sharply from 32% in 2022. 45% feel they spend too much time on social media. Teen girls experience more negative impacts than boys, including mental health struggles (25% vs 14%) and loss of confidence (20% vs 10%). Yet paradoxically, 74% of teens feel more connected to friends because of social media, and 63% use it for creativity. These contradictions make the issue far from black and white. Psychologists remind us that adolescence, beginning around age 10 and stretching into the mid-20s, is a time of rapid biological and social change, and that maturity levels vary. This means that a one-size-fits-all ban on social media may overshoot the mark. Ban on Social Media for Users Under 16: How People Reacted Australia’s announcement, first revealed in November 2024, has motivated countries from Malaysia to Denmark to consider similar legislation. But not everyone is convinced this is the right way forward. Supporters Applaud “A Chance at a Real Childhood” Pediatric occupational therapist Cris Rowan, who has spent 22 years working with children, celebrated the move: “This may be the first time children have the opportunity to experience a real summer,” she said.“Canada should follow Australia’s bold initiative. Parents and teachers can start their own movement by banning social media from homes and schools.” Parents’ groups have also welcomed the decision, seeing it as a necessary intervention in a world where screens dominate childhood. Others Say the Ban Is Imperfect, but Necessary Australian author Geoff Hutchison puts it bluntly: “We shouldn’t look for absolutes. It will be far from perfect. But we can learn what works… We cannot expect the repugnant tech bros to care.” His view reflects a broader belief that tech companies have too much power, and too little accountability. Experts Warn Against False Security  However, some experts caution that the Australia ban on social media may create the illusion of safety while failing to address deeper issues. Professor Tama Leaver, Internet Studies expert at Curtin University, told The Cyber Express that while the ban on social media addresses some risks, such as algorithmic amplification of inappropriate content and endless scrolling, many online dangers remain. “The social media ban only really addresses on set of risks for young people, which is algorithmic amplification of inappropriate content and the doomscrolling or infinite scroll. Many risks remain. The ban does nothing to address cyberbullying since messaging platforms are exempt from the ban, so cyberbullying will simply shift from one platform to another.” Leaver also noted that restricting access to popular platforms will not drive children offline. Due to ban on social media young users will explore whatever digital spaces remain, which could be less regulated and potentially riskier. “Young people are not leaving the digital world. If we take some apps and platforms away, they will explore and experiment with whatever is left. If those remaining spaces are less known and more risky, then the risks for young people could definitely increase. Ideally the ban will lead to more conversations with parents and others about what young people explore and do online, which could mitigate many of the risks.” From a broader perspective, Leaver emphasized that the ban on social media will only be fully beneficial if accompanied by significant investment in digital literacy and digital citizenship programs across schools: “The only way this ban could be fully beneficial is if there is a huge increase in funding and delivery of digital literacy and digital citizenship programs across the whole K-12 educational spectrum. We have to formally teach young people those literacies they might otherwise have learnt socially, otherwise the ban is just a 3 year wait that achieves nothing.” He added that platforms themselves should take a proactive role in protecting children: “There is a global appetite for better regulation of platforms, especially regarding children and young people. A digital duty of care which requires platforms to examine and proactively reduce or mitigate risks before they appear on platforms would be ideal, and is something Australia and other countries are exploring. Minimizing risks before they occur would be vastly preferable to the current processes which can only usually address harm once it occurs.” Looking at the global stage, Leaver sees Australia ban on social media as a potential learning opportunity for other nations: “There is clearly global appetite for better and more meaningful regulation of digital platforms. For countries considered their own bans, taking the time to really examine the rollout in Australia, to learn from our mistakes as much as our ambitions, would seem the most sensible path forward.” Other specialists continue to warn that the ban on social media could isolate vulnerable teenagers or push them toward more dangerous, unregulated corners of the internet. Legal Voices Raise Serious Constitutional Questions Senior Supreme Court Advocate Dr. K. P. Kylasanatha Pillay offered a thoughtful reflection: “Exposure of children to the vagaries of social media is a global concern… But is a total ban feasible? We must ask whether this is a reasonable restriction or if it crosses the limits of state action. Not all social media content is harmful. The best remedy is to teach children awareness.” His perspective reflects growing debate about rights, safety, and state control. LinkedIn, Reddit, and the Public Divide Social media itself has become the battleground for reactions. On Reddit, youngesters were particularly vocal about the ban on social media. One teen wrote: “Good intentions, bad execution. This will make our generation clueless about internet safety… Social media is how teenagers express themselves. This ban silences our voices.” Another pointed out the easy loophole: “Bypassing this ban is as easy as using a free VPN. Governments don’t care about safety — they want control.” But one adult user disagreed: “Everyone against the ban seems to be an actual child. I got my first smartphone at 20. My parents were right — early exposure isn’t always good.” This generational divide is at the heart of the debate. Brands, Marketers, and Schools Brace for Impact Bindu Sharma, Founder of World One Consulting, highlighted the global implications: “Ten of the biggest platforms were ordered to block children… The world is watching how this plays out.” If the ban succeeds, brands may rethink how they target younger audiences. If it fails, digital regulation worldwide may need reimagining. Where Does This Leave the World? Australia’s decision to ban social media for children under 16 is bold, controversial, and rooted in good intentions. It could reshape how societies view childhood, technology, and digital rights. But as critics note, ban on social media platforms can also create unintended consequences, from delinquency to digital illiteracy. What’s clear is this: Australia has started a global conversation that’s no longer avoidable. As one LinkedIn user concluded: “Safety of the child today is assurance of the safety of society tomorrow.”

image for A stealer hiding in ...

 Business

News outlets recently reported that a threat actor was spreading an infostealer through free 3D model files for the Blender software. This is troubling enough on its own, but it highlights an even more serious problem: the business threat posed by free open source programs, uncontrolled by corporate infosec teams. And   show more ...

the danger comes not from vulnerabilities in the software, but from its very own standard features. Why Blender and 3D model marketplaces pose a risk Blender is a 3D graphics and animation suite used by visualization professionals across various industries. The software is free and open-source, and offers extensive functionality. Among Blender’s capabilities is support for executing Python scripts, which are used to automate tasks and add new features. The package allows users to import external files from specialized marketplaces like CGTrader or Sketchfab. These platforms host both paid and free 3D models by artists and studios. Any of these model files potentially contain Python scripts. This creates a concerning scenario: marketplaces where files can be uploaded by any user and may not be scanned for malicious content, combined with software that has an Auto Run Python Scripts feature. It allows files to automatically execute embedded Python scripts immediately upon opening — essentially running arbitrary code on the user’s computer in unattended mode.   How the StealC V2 infostealer spread via Blender files The attackers posted free 3D models with the .blend file name extension on the popular CGTrader platform. These files contained a malicious Python script. If the user had the Auto Run Python Scripts feature enabled, downloading and opening the file in Blender triggered the script. It then established a connection to a remote server and downloaded a malware loader from the Cloudflare Workers domain. The loader executed a PowerShell script, which in turn downloaded additional malicious payloads from the attackers’ servers. Ultimately, the victim’s computer was infected with the StealC infostealer, enabling the attackers to: Extract data from over 23 browsers. Harvest information from more than 100 browser extensions and 15 crypto wallet applications. Steal data from Telegram, Discord, Tox, Pidgin, ProtonVPN, OpenVPN, and email clients like Thunderbird. Use a User Account Control (UAC) bypass. The danger of unmonitored work tools The problem isn’t Blender itself — threat actors will inevitably try to exploit automation features in any popular software. Most end-users don’t consider the risks of enabling common automation features, nor do they typically dive deep into how these features work or how they could be exploited. The core issue is that security teams aren’t always familiar with the capabilities of specialized tools used by various departments. They simply don’t account for this vector in their threat models. How to avoid becoming a victim If your company uses Blender, the first step is to disable the automatic execution of Python scripts (Auto Run Python Scripts feature). Here’s how to do it according to official documentation. How to disable the automatic execution of Python scripts in Blender. Source Furthermore, to prevent the sudden spread of threats via work tools, we recommend that corporate security teams: Prohibit the use of tools and extensions that haven’t been approved by the security team. Thoroughly vet permitted software, and assess risks before implementing any new services or platforms. Regularly train employees to recognize the risks associated with installing unknown software and using dangerous features. You can automate security awareness training with the Kaspersky Automated Security Awareness Platform. Enforce the use of secure configurations for all work tools. Protect all company-issued devices with modern security solutions.

image for Microsoft Patch Tues ...

 Latest Warnings

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a lower-than-normal number of   show more ...

security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024. According to Satnam Narang at Tenable, this year marks the second consecutive year that Microsoft patched over one thousand vulnerabilities, and the third time it has done so since its inception. The zero-day flaw patched today is CVE-2025-62221, a privilege escalation vulnerability affecting Windows 10 and later editions. The weakness resides in a component called the “Windows Cloud Files Mini Filter Driver” — a system driver that enables cloud applications to access file system functionalities. “This is particularly concerning, as the mini filter is integral to services like OneDrive, Google Drive, and iCloud, and remains a core Windows component, even if none of those apps were installed,” said Adam Barnett, lead software engineer at Rapid7. Only three of the flaws patched today earned Microsoft’s most-dire “critical” rating: Both CVE-2025-62554 and CVE-2025-62557 involve Microsoft Office, and both can exploited merely by viewing a booby-trapped email message in the Preview Pane. Another critical bug — CVE-2025-62562 — involves Microsoft Outlook, although Redmond says the Preview Pane is not an attack vector with this one. But according to Microsoft, the vulnerabilities most likely to be exploited from this month’s patch batch are other (non-critical) privilege escalation bugs, including: –CVE-2025-62458 — Win32k –CVE-2025-62470 — Windows Common Log File System Driver –CVE-2025-62472 — Windows Remote Access Connection Manager –CVE-2025-59516 — Windows Storage VSP Driver –CVE-2025-59517 — Windows Storage VSP Driver Kev Breen, senior director of threat research at Immersive, said privilege escalation flaws are observed in almost every incident involving host compromises. “We don’t know why Microsoft has marked these specifically as more likely, but the majority of these components have historically been exploited in the wild or have enough technical detail on previous CVEs that it would be easier for threat actors to weaponize these,” Breen said. “Either way, while not actively being exploited, these should be patched sooner rather than later.” One of the more interesting vulnerabilities patched this month is CVE-2025-64671, a remote code execution flaw in the Github Copilot Plugin for Jetbrains AI-based coding assistant that is used by Microsoft and GitHub. Breen said this flaw would allow attackers to execute arbitrary code by tricking the large language model (LLM) into running commands that bypass the guardrails and add malicious instructions in the user’s “auto-approve” settings. CVE-2025-64671 is part of a broader, more systemic security crisis that security researcher Ari Marzuk has branded IDEsaster (IDE  stands for “integrated development environment”), which encompasses more than 30 separate vulnerabilities reported in nearly a dozen market-leading AI coding platforms, including Cursor, Windsurf, Gemini CLI, and Claude Code. The other publicly-disclosed vulnerability patched today is CVE-2025-54100, a remote code execution bug in Windows Powershell on Windows Server 2008 and later that allows an unauthenticated attacker to run code in the security context of the user. For anyone seeking a more granular breakdown of the security updates Microsoft pushed today, check out the roundup at the SANS Internet Storm Center. As always, please leave a note in the comments if you experience problems applying any of this month’s Windows patches.

 Feed

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and

 Feed

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the release. These include 29 privilege escalation, 18 remote code

 Feed

Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker to serious risks. The flaws impact PCIe Base Specification Revision 5.0 and onwards in the protocol mechanism introduced by the IDE Engineering Change Notice (ECN), according to the PCI Special

 Feed

Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world. Next week, the Cortex Cloud team at Palo Alto Networks

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation

 Feed

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely to be

 Feed

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based

 Guest blog

A new report from the United States's Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware. The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion over the three-year period.   show more ...

Yes, that number is enormous - but it hides a more interesting story beneath it: that after peaking in 2023, ransomware payments actually started to decline. Read more in my article on the Fortra blog.

2025-12
Aggregator history
Wednesday, December 10
MON
TUE
WED
THU
FRI
SAT
SUN
DecemberJanuaryFebruary