Latest news as of 12/29/2025, 7:15:53 PM
The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise
Have I Been Pwned
In August 2012, the forum for making money with botting "The Botting Network" . The now defunct vBulletin forum leaked 96k email addresses, usernames, dates of birth and salted MD5 password hashes. suffered a data breach that exposed 96k user records
The Hacker News
Cisco has alerted users of a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The networking equipment major said it became aware of the intrusion campaign on December 10, 2025, and that it
Graham Cluley
Think your Kindle is harmless? Think again! In this episode, we unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account and seize control of your credit card. Plus a blast from 2021's "summer of ransomware" returns to haunt Ireland's Health Service Executive, as victims are offered €750 each. And because it's the last show before the Christmas break, there's also a Pick of the Week that veers from cosy rom-com comfort to pointy-polygon nostalgia. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast with computer security veteran Graham Cluley, joined this week by special guest Danny Palmer.
Have I Been Pwned
In July 2016, . The breach of the vBulletin based forum exposed 515k user records including usernames, email addresses, IP addresses and salted MD5 password hashes. the Web Hosting Talk forum suffered a data breach that was subsequently listed for sale
Bleeping Computer
The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. [...]
Dark Reading
Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and other sensitive information.
The Register
No timeline for a patch Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there's no timeline for a fix.…
The Register
Plus: automated SBOMs, $250,000 bounties ahead No good idea - like rewarding open source software developers and maintainers for their contributions - goes unabused by cybercriminals, and this was the case with the Tea Protocol and two token farming campaigns.… interview
Dark Reading
Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.