Security News

Dismantling Defenses: Trump 2.0 Cyber Year in Review

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.

Identity Fraud Among Home-Care Workers Puts Patients at Risk

Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication.

A Good Year for North Korean Cybercriminals

North Korea shifted its strategy to patiently target "bigger fish" for larger payouts, using sophisticated methods to execute attacks at opportune times.

A Cybersecurity Playbook for AI Adoption

AI adds real value to cybersecurity today, but it cannot yet serve as a single security guardian. Here's how organizations can safely combine AI-driven analysis with deterministic rules and proven security practices.


DLLs & TLS Callbacks, (Fri, Dec 19th)

Xavier&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s diary entry "Abusing DLLs EntryPoint for the Fun" inspired me to do some tests with TLS Callbacks and DLLs.

ISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746, (Fri, Dec 19th)

SonicWall Edge Access Devices Hit by Zero-Day Attacks

In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year.

Dark Reading Confidential: Stop Secrets Creep Across Developer Platforms

Dark Reading Confidential Episode 13: Developers are exposing their organizations' most sensitive information; our guests explain why it's happening and how to stop it.

Dormant Iran APT is Still Alive, Spying on Dissidents

"Prince of Persia" has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-control server.

Positive trends related to public IP ranges from the year 2025, (Thu, Dec 18th)

Since the end of the year is quickly approaching, it is undoubtedly a good time to look back at what the past twelve months have brought to us… And given that the entire cyber security profession is about protecting various systems from “bad things” (and we&#x27ve all correspondingly seen more than our share of the “bad”), I thought that it might be pleasant to look at a few positive background trends that have accompanied us throughout the year, without us necessarily noticing…

ISC Stormcast For Thursday, December 18th, 2025 https://isc.sans.edu/podcastdetail/9744, (Thu, Dec 18th)

Critical Fortinet Flaws Under Active Attack

Attackers are targeting admin accounts, and once authenticated, exporting device configurations including hashed credentials and other sensitive information.

In Cybersecurity, Claude Leaves Other LLMs in the Dust

Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.

'Cellik' Android RAT Leverages Google Play Store

The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.

Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity

The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. (First in a three-part series.)

Maybe a Little Bit More Interesting React2Shell Exploit, (Wed, Dec 17th)

I have already talked about various React2Shell exploit attempts we have observed in the last weeks. But new varieties of the exploit are popping up, and the most recent one is using this particular version of the exploit:

ISC Stormcast For Wednesday, December 17th, 2025 https://isc.sans.edu/podcastdetail/9742, (Wed, Dec 17th)

Most Parked Domains Now Serving Malicious Content

Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware.

ISC Stormcast For Tuesday, December 16th, 2025 https://isc.sans.edu/podcastdetail/9740, (Tue, Dec 16th)

More React2Shell Exploits CVE-2025-55182, (Mon, Dec 15th)

Exploits for React2Shell (CVE-2025-55182) remain active. However, at this point, I would think that any servers vulnerable to the "plain" exploit attempts have already been exploited several times. Here is today&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s most popular exploit payload: