Tomiris Unleashes 'Havoc' With New Tools, Tactics
The Russian-speaking Tomiris cyber-espionage group is wielding new attack tools and techniques in an ongoing campaign targeted at foreign ministries, intergovernmental organizations and government entities across the Commonwealth of Independent States (CIS). Kaspersky researchers, who have been tracking the threat actor's activities since 2021, identified the new malicious operations beginning in early 2025 and described them as impacting high-value diplomatic and political infrastructure. READ MORE...
Personal Information of 33.7 Million Stolen From Coupang
US-listed ecommerce giant Coupang (NYSE: CPNG), one of South Korea's largest online retailers, has disclosed a five-month-long data breach involving the personal information of 33.7 million customers in Korea. The incident, the company says, came to light on November 18, when it "became aware of unauthorized personal data access" to roughly 4,500 customer accounts. Subsequent investigation has revealed that the extent of customer account exposure is about 33.7 million accounts. READ MORE...
University of Pennsylvania confirms new data breach after Oracle hack
?The University of Pennsylvania (Penn) has announced a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. The private Ivy League research university was founded in 1740 and has 5,827 faculty members and 29,109 students, with an 8:1 student-to-faculty ratio. It also has an academic operating budget of $4.7 billion and an endowment of $24.8 billion as of June 30, 2025. READ MORE...
Fake Calendly invites spoof top brands to hijack ad manager accounts
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. Although threat actors targeting business ad manager accounts isn't new, the campaign discovered by Push Security is highly targeted, with professionally crafted lures that create conditions for high success rates. READ MORE...
Hackers ready threat campaign aimed at Zendesk environments
Hackers affiliated with the Scattered Lapsus$ Hunters might be preparing a threat campaign against Zendesk environments, according to Reliaquest researchers. About 40 typoquatting and impersonating domains have been created over the past six months that mimic Zendesk environments, according to a blog published Wednesday by Reliaquest. Zendesk is a company that provides cloud-based customer service and sales software. READ MORE...
Google patches 107 Android flaws, including two being actively exploited
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month before publication, but that doesn't always mean the patches reach every device right away. You can check your device's Android version, security update level, and Google Play system update in Settings. READ MORE...
New Android malware lets criminals control your phone and drain your bank account
Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions. Researchers have analyzed a new Android malware family called Albiriox which is showing signs of developing rapidly and already has strong capabilities. Albiriox is sold as Malware-as-a-Service (MaaS), meaning entry-level cybercriminals can simply rent access and launch their own fraud campaigns. READ MORE...
Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers
OpenAI recently patched a Codex CLI vulnerability that can be exploited in attacks aimed at software developers, Check Point revealed on Monday. Codex CLI is an open source coding agent that developers can run locally from their terminal. The AI agent can read, change, and run code on the machine, enabling users to improve documentation, write unit tests, generate architecture diagrams, propose PRs, and look for vulnerabilities using natural language commands. READ MORE...
Attackers keep finding new ways to fool AI
AI development keeps accelerating while the safeguards around it move on uneven ground, according to The International AI Safety Report. Security leaders are being asked to judge exposure without dependable benchmarks. Across the AI ecosystem, developers are adopting layered controls throughout the lifecycle. They combine training safeguards, deployment filters, and post release tracking tools. READ MORE...
Schneier on Security: Like Social Media, AI Requires Difficult Choices
In his 2020 book, "Future Politics," British barrister Jamie Susskind wrote that the dominant question of the 20th century was "How much of our collective life should be determined by the state, and what should be left to the market and civil society?" But in the early decades of this century, Susskind suggested that we face a different question: "To what extent should our lives be directed and controlled by powerful digital systems-and on what terms?" READ MORE...
- ...in 1823, President James Monroe proclaims American neutrality in future European conflicts, and warns Europe not to interfere in American affairs.
- ...in 1902, The first working V-8 engine is patented in France by engineer Leon Levavasseur.
- ...in 1942, physicist Enrico Fermi directs and controls the first nuclear chain reaction in his laboratory at the University of Chicago.
- ...in 1968, actress and producer Lucy Liu ("Ally McBeal", "Kill Bill") is born in Queens, NY.
