infosecintel – Curated Information Security Articles and Threat Intelligence News

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

December 13, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploitedRead More »CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

December 13, 2025

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. TheRead More »Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Friday Squid Blogging: Giant Squid Eating a Diamondback Squid

December 12, 2025

I have no context for this video—it’s from Reddit—but one of the commenters adds some context: Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting. With so many people carrying around cameras, we’re getting more videos of giant squid at the surface than in previousRead More »Friday Squid Blogging: Giant Squid Eating a Diamondback Squid

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

December 12, 2025

Cybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. “These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTARead More »Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

In Other News: PromptPwnd Attack, macOS Bounty Complaints, Chinese Hackers Trained in Cisco Academy

December 12, 2025

Other noteworthy stories that might have slipped under the radar: Pentagon orders accelerated move to PQC, US shuts down scheme to smuggle GPUs to China, DroidLock Android ransomware. The post In Other News: PromptPwnd Attack, macOS Bounty Complaints, Chinese Hackers Trained in Cisco Academy appeared first on SecurityWeek.

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

December 12, 2025

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA).Read More »New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Gladinet CentreStack Flaw Exploited to Hack Organizations

December 12, 2025

Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw. The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek.

Fieldtex Data Breach Impacts 238,000

December 12, 2025

The Akira ransomware group took credit for the Fieldtex Products hack in November, claiming to have stolen 14 Gb of data. The post Fieldtex Data Breach Impacts 238,000 appeared first on SecurityWeek.

Recent GeoServer Vulnerability Exploited in Attacks

December 12, 2025

Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek.

Building Trustworthy AI Agents

December 12, 2025

The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are orRead More »Building Trustworthy AI Agents