Latest news as of 12/30/2025, 4:19:23 PM
The Register
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.…
Dark Reading
Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISO and COO.
Dark Reading
As exploitation activity against CVE-2025-55182, researchers are finding some proof-of-concept exploits contain bypasses for Web application firewall (WAF) rules.
Dark Reading
Unmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers, Constantine warns.
Dark Reading
The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.
The Hacker News
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing
Dark Reading
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
Bleeping Computer
A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. [...]
The Register
And the earlier React2Shell patch is vulnerable If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.…
Bleeping Computer
A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. [...]