A 17-year-old from Osaka used ChatGPT to hack a local internet cafe and gym chain and steal the data of 7.3 million customers https://www3.nhk.or.jp/nhkworld/en/news/20251205_11/

According to Sky News, children as small as seven years have been referred to the UK police's cybercrime intervention program

Sky News

Ex-teen hackers warn parents are clueless as children steal

The Money team reveals children as young as seven are being referred to Britain's national cybercrime intervention programme. Former hackers j...

Catching up with 3 weeks of infosec news is quite the struggle... you people have been busy

The Knownsec leak from last month originates back to a 2023 security breach (believed to have been carried out using three suspected zero-days)

Knownsec: The King of Vulnerability Missed Three Vulnerabilities of Its Own

The leak incident involving Chinese cybersecurity firm Knownsec shows the company’s seemingly transparent crisis management strategy and undersco...

Sean Plankey's nomination for CISA Director stalled and delayed again

The National CIO Review

CISA Left Leaderless as Plankey’s Nomination Stalls in Senate - The National CIO Review

Leadership loading...

A student from Bangladesh is behind a new botnet targeting WordPress and cPanel servers Websites are infected with the Beima PHP web shell and then rented to other threat actors for up to $200

The Webshell Underground: Student Hacker Selling PHP Backdoors To Asia-Based Threat Actors To Pay for School

Howler Cell uncovers a student-run PHP backdoor operation, selling website access to fund education. Further investigation exposes an underground m...

Following criticism, the Indian government says citizens can uninstall the app any time they want It will still remain mandatory on new devices... but will not be unremovable like that Facebook crap https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&reg=3&lang=1 View quoted note →

Congressman August Pfluger, R-Texas, introduced a bill this week named the Cyber Deterrence and Response Act that creates a unified federal process to identify, attribute, and sanction state-sponsored cyber actors

Congressman August Pfluger

Rep. Pfluger Introduces Bill to Protect America's Critical Infrastructure

ClearSky has spotted the Gamaredon APT deploying the GamaWiper in data-wiping attacks at Ukrainian organizations. The attacks leveraged a WinRAR vulnerability tracked as CVE-2025-80880.

Making sure you're not a bot!

ANY.RUN says activity from the Salty2FA phishing service collapsed in October and payloads now seem to overlap with the IOCs of another service named Tycoon2FA.

Salty2FA & Tycoon2FA: Hybrid Phishing Threat

A Salty2FA–Tycoon2FA hybrid is hitting inboxes worldwide. See how it formed, why attribution is breaking, and the updates SOC teams need now.