DataDog has launched pathfinding.cloud, a database of IAM permissions and permission sets that allow privilege escalation in AWS.

pathfinding.cloud - Understand, Detect & Demonstrate AWS IAM Privilege Escalation

Library of AWS IAM privilege escalation paths

The DomainTools security team looks at recent APT35 leaks showing how the group operates with extreme government oversight and bureaucracy, rather than a group of loose canon hackers

DomainTools Investigations | DTI

The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation - DomainTools Investigations | DTI

APT35/Charming Kitten's leaked documents expose the financial machinery behind state-sponsored hacking. Learn how bureaucracy, crypto micro-pa...

A Latvian crew member was detained for installing a RAT on an Italian ferry:

Bluesky Social

David Shipley (@davidshipley.bsky.social)

Don’t see this everyday. @patrick.risky.biz https://www.france24.com/en/live-news/20251217-france-probes-foreign-interference-after-malware-found...

Google's Wiz division has awarded $320,000 to security researchers for 11 exploits used during the ZeroDay Cloud hacking contest last week

wiz.io

Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra | Wiz Blog

ZDC awarded hackers $320,000 and uncovered a record‑breaking tally of critical CVEs for core cloud infrastructure, underscoring the scale and urg...

French authorities said they arrested the man who hacked their Ministry of Interior email servers. He's a known hacker who was already convicted this year. Anyone has any ideas who this could be?

RFI

French police arrest suspect over interior ministry cyber attack

French authorities have detained a 22-year-old man over a cyberattack on the email servers of the French interior ministry that compromised files...

Sweet... a SonicWall zero-day to go with that Cisco zero-day right before your Xmas holiday

Security Advisory

React2Shell used as initial access vector for Weaxor ransomware deployment

React2Shell used as initial access vector for Weaxor ransomware deployment

S-RM has responded to an incident where a threat actor used the recently disclosed critical vulnerability known as React2Shell (CVE-2025-55182) to ...

US seizes E-Note crypto exchange

 

A suspected Chinese APT is exploiting a new Cisco zero-day -impacts Cisco Secure Email Gateway And Cisco Secure Email and Web Manager -CVE-2025-20393 -CVSS score: 10 -APT is UAT-9686

Cisco Talos Blog

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appli...

-Most smart devices run outdated web browsers -Ukraine hacks major Russian defense contractor -Ransomware hits Venezuela's oil company -Hackers are trying to extort PornHub with stolen user data -SoundCloud has a data breach -Ribbon Finance hacked for $2.7m -Prosper data breach exposes 17.6m users -Iranian hackers put out bounties on Israelis -Russian hackers breach Dutch public fountain (yes, you read it right) Podcast:

Risky Bulletin: Most smart devices run outdated web browsers - Risky Business Media

Most smart devices run outdated web browsers, Ukrainian hacktivists breach a major Russian defense contractor, ransomware hits Venezuela

Newsletter:

Risky.Biz

Risky Bulletin: Most smart devices run outdated web browsers

In other news: Ukraine hacks major Russian defense contractor; ransomware hits Venezuela's oil company; hackers are trying to extort PornHub with s...