SoundCloud breached, hit by DoS attacks
Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed on Monday. In the days leading up to the confirmation, users accessing SoundCloud through VPNs reported connection failures and error messages. It has now been revealed that these connectivity issues were due to configuration changes made by SoundCloud in the wake of the attacks, and that the company is working on resolving them. READ MORE...
700Credit data breach impacts 5.8 million vehicle dealership customers
700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. The cyberattack occurred after a threat actor had breached one of 700Credit's integration partners in July and discovered an API for obtaining customer information. However, the partner did not inform 700Credit of the compromise. READ MORE...
Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks
Russian state-sponsored threat actors appear to be favoring misconfigurations over the exploitation of vulnerabilities for gaining access to the systems of targeted critical infrastructure organizations, according to Amazon's threat intelligence team. The malicious activity has been linked to the widely known Russian threat actor named Sandworm, which has led Amazon's experts to conclude that the attacks are likely conducted by hackers associated with Russia's GRU military intelligence agency. READ MORE...
Apple Patches More Zero-Days Used in 'Sophisticated' Attack
Apple recently patched two zero-days, one of which shares a CVE with a mysterious Google vulnerability disclosed last week. The two flaws were in WebKit, Apple's open source Web browser engine. According to patch notes, CVE-2025-43529 is a flaw in which processing maliciously crafted Web content may lead to arbitrary code execution. It is described as a use-after-free issue and was fixed with improved memory management. READ MORE...
New SantaStealer malware steals data from browsers, crypto wallets
A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. According to security researchers at Rapid7, the operation is a rebranding of a project called BluelineStealer, and the developer is ramping up the operation ahead of a planned launch before the end of the year. SantaStealer appears to be the project of a Russian-speaking developer. READ MORE...
Schneier on Security: Chinese Surveillance and AI
China is already the world's largest exporter of AI powered surveillance technology, new surveillance technologies and platforms developed in China are also not likely to simply stay there. By exposing the full scope of China's AI driven control apparatus, this report presents clear, evidence based insights for policymakers, civil society, the media and technology companies seeking to counter the rise of AI enabled repression and human rights violations. READ MORE...
Google is discontinuing its dark web report: why it matters
Google has announced that early next year they are discontinuing the dark web report, which was meant to monitor breach data that's circulating on the dark web. The news raised some eyebrows, but Google says it's ending the feature because feedback showed the reports didn't provide "helpful next steps." New scans will stop on January 15, 2026, and on February 16, the entire tool will disappear along with all associated monitoring data. READ MORE...
China, Iran are having a field day with React2Shell, Google warns
At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, a maximum-severity flaw in the widely used React JavaScript library, according to Google. Unauthenticated attackers can abuse the flaw, tracked as CVE-2025-55182, to remotely execute code, and the Chocolate Factory's threat hunters said multiple groups are using this vulnerability to deploy backdoors, tunnelers, and cryptocurrency miners. READ MORE...
Merriam-Webster's word of the year delivers a dismissive verdict on junk AI content
Like most tools, generative AI models can be misused. And when the misuse gets bad enough that a major dictionary notices, you know it has become a cultural phenomenon. On Sunday, Merriam-Webster announced that "slop" is its 2025 Word of the Year, reflecting how the term has become shorthand for the flood of low-quality AI-generated content that has spread across social media, search results, and the web at large. READ MORE...
- ...in 1770, classical composer and pianist Ludwig van Beethoven is born in Bonn, Germany.
- ...in 1773, the Sons of Liberty stage the "Boston Tea Party", a protest against British taxation of the American colonies without representation in Parliament.
- ...in 1775, English novelist Jane Austen ("Sense and Sensibility", "Pride and Prejudice") is born in Hampshire, England.
- ...in 1949, Swedish aerospace company Saab builds its first automobile at its production facility in Trollhattan.
