FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Today β€” December 19th 2025Your RSS feeds

Faith in the internet is fading among young Brits

Ofcom survey finds 18-34s increasingly see life online as bad for society and their mental health

Young Brits are souring on the internet, with increasing numbers seeing it as damaging to society and their mental health, according to latest research published by Ofcom.…

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Authorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme. The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) said investigations conducted in collaboration with

How to get that hybrid or remote job you want: 6 expert tips

Here's how to convince managers that it's in their best interests to facilitate more flexible working arrangements.

AI and cybersecurity: Two sides of the same coin

Practical lessons on securing AI and using AI to strengthen defence

Sponsored Post AI is moving from experimentation to everyday use inside the enterprise. That shift brings new opportunities, but it also changes the security equation. Attacks are becoming faster and more convincing, while organizations are simultaneously trying to protect new assets like models, prompts, agent workflows, and the sensitive data those systems can access.…

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input–output memory management unit (IOMMU). UEFI and IOMMU are designed to enforce a security

Here's every AI subscription I paid for in 2025 - and which ones I'm taking into 2026

Are AI tools worth the money? After reviewing my 2025 spending, I've made one big change.

China turns on a vast experimental network it says is an heir to ARPANET

Beijing wants to 'seize the initiative in the international competition in cyberspace'

Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking research.…

[Research] Geometric analysis of SHA-256: Finding 68% bit-match pairs through dimensional transformation

New preprint exploring unconventional cryptanalysis:

β€’ Framework: β€œInverse Dimensionalization”
β€’ Target: SHA-256 structural analysis
β€’ Result: 174/256 matching bits (M₁ = 88514, Mβ‚‚ = 88551)
β€’ Time: 3.8 seconds
β€’ NOT a collision β€” but statistically anomalous

Paper + reproducible code: https://doi.org/10.17605/OSF.IO/6YRW8
Full paper with math and code: https://doi.org/10.17605/OSF.IO/6YRW8
Paper: https://osf.io/6yrw8/files/wj9ze
Code: https://osf.io/6yrw8/files/zy8ck
Verification code: https://osf.io/6yrw8/files/pqne7

Device specifications used to find the 174/256-bit match in 3.8 seconds:
β€’ Google Colab Free CPU
β€’ Intel Xeon
β€’ Clock speed: between 2.20 GHz and 2.30 GHz
β€’ Cores (vCPUs): 2 virtual cores
β€’ RAM: 12 GB

Security implications discussion welcome.

submitted by /u/No_Arachnid_5563
[link] [comments]

How to use Canva in ChatGPT to build a stunning presentation in minutes - for free

This is by far the fastest way I've ever made a presentation - and it might even help me win Christmas this year.

Selling or trading in your iPhone? 5 things you must do first

Have you backed up yet? Erased your personal data? Turned off 'Find My'? There's more! We review every step you need to take before selling, trading, or giving away your old device.

Remote Desktop access and IP address

I’m traveling next week and will need to access a website that is IP address -sensitive. My work computer’s IP address is approved for the site. If I access my work desktop remotely using something like LogMeIn or Team Viewer, will I be able to get onto the website I need to use? Or will my public IP address show up as the one I’m using from far?

submitted by /u/Mission_Protection40
[link] [comments]

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions

Amazon blocked 1,800 suspected North Korean scammers seeking jobs

Plus: Lazarus Group has a brand new BeaverTail

Even Amazon isn't immune to North Korean scammers who try to score remote jobs at tech companies so they can funnel their wages to Kim Jong Un's coffers.…

Yesterday β€” December 18th 2025Your RSS feeds

This simple monitor trick improved my productivity tenfold - and it's free to do

Vertical monitors can streamline workflows in certain situations. Here's how to set one up in Windows 11 using built-in and third-party tools.

I've used Linux for decades, but I'd switch to FreeBSD for this one feature

FreeBSD isn't Linux, but if you didn't know any better, you'd swear it was.

I ran a battery test between the best Samsung, Google, and OnePlus phones - here's the surprise winner

Among the year's best Android phones, here's the one that lasted the longest in our endurance tests.

Your car’s web browser may be on the road to cyber ruin

Study finds built-in browsers across gadgets often ship years out of date

Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn't the case for those that reside within game consoles, televisions, e-readers, cars, and other devices. These outdated, embedded browsers can leave you open to phishing and other security vulnerabilities.…

ICE Seeks Cyber Upgrade to Better Surveil and Investigate Its Employees

The agency plans to renew a sweeping cybersecurity contract that includes expanded employee monitoring as the government escalates leak investigations and casts internal dissent as a threat.

Crypto crooks co-opt stolen AWS creds to mine coins

'Within 10 minutes of gaining initial access, crypto miners were operational'

Your AWS account could be quietly running someone else's cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute Cloud (EC2) resources, in an ongoing operation that started on November 2.…

Free STIX 2.1 Threat Intel Feed

Built a threat intel platform that runs on $75/month infrastructure. Decided to give the STIX feed away for free instead of charging enterprise prices for it.

What's in it:
- 59K IOCs (IPs, domains, hashes, URLs)
- ThreatFox, OTX, honeypot captures, and original discoveries
- STIX 2.1 compliant (works with Sentinel, TAXII consumers, etc.)
- Updated continuously

Feed URL: https://analytics.dugganusa.com/api/v1/stix-feed

Search API (if you want to query it): https://analytics.dugganusa.com/api/v1/search?q=cobalt+strike

We've been running this for a few months. Microsoft Sentinel and AT&T are already polling it. Found 244 things before CrowdStrike/Palo Alto had signatures for them (timestamped, documented).

Not trying to sell anything - genuinely curious if it's useful and what we're missing. Built it to scratch our own itch.

Tear it apart.

submitted by /u/IwantAMD
[link] [comments]

LG G5 vs. LG G4: I spent hours testing both OLED TVs, and this model was the surprise winner

ZDNET experts tested and compared both versions of LG's flagship OLED TV to help you decide which is the best fit for you.

Google will turn the news into a custom podcast for you - free

You can now get your daily news from an AI-generated podcast roundup.

Kim's crypto thieving reached a record $2B in 2025

ByBit attack doing some seriously heavy lifting

North Korea's yearly cryptocurrency thefts have accelerated, with Kim's state-backed cybercriminals plundering just over $2 billion worth of tokens in 2025.…

The Ultra-Realistic AI Face Swapping Platform Driving Romance Scams

Capable of creating β€œnearly perfect” face swaps during live video chats, Haotian has made millions, mainly via Telegram. But its main channel vanished after WIRED's inquiry into scammers using the app.

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at least September 2023. "

AI could spell the final end of Firefox - unless Mozilla does this

Mozilla's new CEO declares that AI is the future of the Firefox browser. Can you find a Linux user who welcomes the news?

Claude's Skills just got easier to manage and share - here's how

The Skills feature allows Claude to do repetitive tasks, and it's now easier for organizations to use.

I built a mitmproxy AI agent using 4000 paid security disclosures

tl;dr: Ask Claude Code to tee mitmdump to a log file (with request and response). Create skills based on hackerone public reports (download from hf), let Claude Code figure out if it can find anything in the log file.

submitted by /u/badhiyahai
[link] [comments]

The best MacBooks of 2025: Expert tested and reviewed

The differences between MacBooks aren't as hard to break down as you might expect. Here are the five best for most people.

I didn't expect a gaming laptop to replace my work PC, but this Lenovo model did

Lenovo's LOQ 15AHP10 is a modest gaming laptop that offers reliable performance at an affordable price.

I found a worthy Chrome alternative for Android and Mac - and it has a built-in VPN

Want to ditch Chrome? The Aloha browser actually takes your privacy and security seriously. Here's how.

5 AirPods Pro features that made me ditch my old AirPods - and how to use them

I own several AirPods, but I grab my newer AirPods Pro the most. And these features are why.

5 ways you can copy Lenovo's AI strategy to actually get real results

Art Hu, Lenovo's global CIO, explains how the tech giant exploits AI effectively. And you can do it, too.

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a

Another bad week for SonicWall as SMA 1000 zero-day under active exploit

Flaw in remote-access appliance lets attackers chain bugs for root-level takeover

SonicWall has warned customers of a zero-day flaw in its SMA 1000 remote-access appliance that's being actively exploited, potentially allowing attackers to escalate privileges and take over boxes.…

Your Oura Ring data just got the Spotify Wrapped treatment - here's how to find it

How stressed were you in 2025? Your Oura Year in Review breaks it down.

FBI dismantles alleged $70M crypto laundering operation

Justice Department claims unlicensed exchange funneled ransomware profits

US feds have dismantled a crypto laundering service that they say helped cybercrooks wash tens of millions of dollars in dirty digital cash, seizing its servers and unsealing charges against an alleged Russian operator.…

Got an old Starlink router? SpaceX will upgrade it today for free - here's how

The company is ending support for its oldest Gen 1 router - and it 'strongly recommends' upgrading ASAP.

Active HubSpot Phishing Campaign

An active phishing campaign has been detection by Evalian SOC targeting HubSpot customers.

submitted by /u/Deciqher_
[link] [comments]

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become. Here’s the full rundown of what

Did maintainers abandon your critical open-source tool? This rescue plan offers a lifeline

Your open-source stack doesn't have to fall apart. Chainguard EmeritOSS will patch dying tools - and prevent them from becoming security risks.

NHS tech supplier probes cyberattack on internal systems

Around 2,000 GP practices use its products

Updated An NHS tech supplier is investigating a cyberattack that affected its systems in the early hours of Sunday.…

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stole

LG's new home theater systems may be the ultimate Dolby Atmos flex at CES 2026

LG has announced a series of new speakers and soundbars, all of which support the brand's new Sound Suite tech.

React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines

Security boffins warn flaw is now being used for ransomware attacks against live networks

Microsoft says attackers have already compromised "several hundred machines across a diverse set of organizations" via the React2Shell flaw, using the access to execute code, deploy malware, and, in some cases, deliver ransomware.…

The Case for Dynamic AI-SaaS Security as Copilots Scale

By: Unknown
Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings. The result is an explosion of AI capabilities across

Battery problems on your Windows laptop? I always check this hidden setting first

Windows 11 has a built-in report that provides insight into your laptop's battery health (and whether a replacement is actually needed).

DVSA's clapped-out booking system gets bot slapped as new boss rides in

18-year-old platform crumbles under 94M daily requests while resellers flog Β£62 tests for Β£500

The UK's Driver and Vehicle Standards Agency (DVSA) has appointed a new chief exec to tackle spiraling waits for practical driving tests with bots overrunning its aging booking system.…

UK surveillance law still full of holes, watchdog warns

Investigatory Powers Commissioner says reforms have failed to close oversight gaps

The UK's Investigatory Powers Act 2016 (IPA) has several regulatory gaps that must be plugged in future legislative reforms, according to Investigatory Powers Commissioner (IPC) Sir Brian Leveson.…

Are these the best-sounding $50 earbuds I've tried? My answer was clear within minutes

These budget-friendly earbuds sound way better than their price would suggest.

The internet in 2025: Bigger, more fragile than ever - and 'fundamentally rewired' by AI

Cloudflare's annual review describes a busier, more brittle, more hostile network. Frankly, I'm worried

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express). "The threat actor leveraged QR codes and notification pop-ups to lure victims into installing and executing the malware on their mobile

CyberDanube Security Research 20251215-0 | Multiple Vulnerabilities in Phoenix Contact FL Switch Series

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 17

CyberDanube Security Research 20251215-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| FL Switch
vulnerable version| 3.40
fixed version| TODO
CVE number| CVE-2025-41692, CVE-2025-41693, CVE-2025-41694,
| CVE-2025-41695, CVE-2025-41696, CVE-2025-41697,
| CVE-2025-41745,...

[KIS-2025-09] Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection Vulnerability

Posted by Egidio Romano on Dec 17

------------------------------------------------------------------------------------
Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection
Vulnerability
------------------------------------------------------------------------------------

[-] Software Link:

https://control-webpanel.com

[-] Affected Versions:

Version 0.9.8.1208 and prior versions.

[-] Vulnerability Description:

User input passed via the "key" GET...

Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking

Posted by LRKTBEYK LRKTBEYK on Dec 17

I tried to report these vulnerabilities to ImmuneFi, but they closed it
(report 62070) as "out of scope." I believe them when they tell me
something is out of scope, so now it's public.

https://github.com/raydium-io/raydium-cp-swap/pull/62

These vulnerabilities collectively enable fee theft, creator fee hijacking,
and potential user exploitation through uncapped fee rates. Issue #3 allows
attackers to steal all creator fees from...

[CFP] Security BSidesLjubljana 0x7EA | March 13, 2026

Posted by Andraz Sraka on Dec 17

MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM
MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...
❌