The RansomHouse ransomware group is now using two keys to encrypt files

Unit 42

From Linear to Complex: An Upgrade in RansomHouse Encryption

Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered.

DataDog has launched pathfinding.cloud, a database of IAM permissions and permission sets that allow privilege escalation in AWS.

pathfinding.cloud - Understand, Detect & Demonstrate AWS IAM Privilege Escalation

Library of AWS IAM privilege escalation paths

The DomainTools security team looks at recent APT35 leaks showing how the group operates with extreme government oversight and bureaucracy, rather than a group of loose canon hackers

DomainTools Investigations | DTI

The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation - DomainTools Investigations | DTI

APT35/Charming Kitten's leaked documents expose the financial machinery behind state-sponsored hacking. Learn how bureaucracy, crypto micro-pa...

A Latvian crew member was detained for installing a RAT on an Italian ferry:

Bluesky Social

David Shipley (@davidshipley.bsky.social)

Don’t see this everyday. @patrick.risky.biz https://www.france24.com/en/live-news/20251217-france-probes-foreign-interference-after-malware-found...

Google's Wiz division has awarded $320,000 to security researchers for 11 exploits used during the ZeroDay Cloud hacking contest last week

wiz.io

Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra | Wiz Blog

ZDC awarded hackers $320,000 and uncovered a record‑breaking tally of critical CVEs for core cloud infrastructure, underscoring the scale and urg...

French authorities said they arrested the man who hacked their Ministry of Interior email servers. He's a known hacker who was already convicted this year. Anyone has any ideas who this could be?

RFI

French police arrest suspect over interior ministry cyber attack

French authorities have detained a 22-year-old man over a cyberattack on the email servers of the French interior ministry that compromised files...

Sweet... a SonicWall zero-day to go with that Cisco zero-day right before your Xmas holiday

Security Advisory

React2Shell used as initial access vector for Weaxor ransomware deployment

React2Shell used as initial access vector for Weaxor ransomware deployment

S-RM has responded to an incident where a threat actor used the recently disclosed critical vulnerability known as React2Shell (CVE-2025-55182) to ...

US seizes E-Note crypto exchange

 

A suspected Chinese APT is exploiting a new Cisco zero-day -impacts Cisco Secure Email Gateway And Cisco Secure Email and Web Manager -CVE-2025-20393 -CVSS score: 10 -APT is UAT-9686

Cisco Talos Blog

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appli...