CyberSecurity Updates

13 Dec

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Information

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025  •  , 3 min. read “A City of a Thousand Zero Days” is the partial title of a talk at Black Hat Europe 2025. I am sure you will appreciate why these few words sparked my interest enough to dedicate time to the presentation; especially given that back in 2019 I…

Read More
12 Dec

Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity

Information

I recently had, what I thought, was a unique brainwave. (Spoiler alert: it wasn’t, but please read on!) As a marketing leader at ESET UK, part of my role is to communicate how our powerful and comprehensive solutions can be implemented to protect organisations, in a way that helps clarify the case for upgrading to higher levels of cybersecurity. And that need for clarity is now more urgent than ever. Cybersecurity leaders and agencies, including…

Read More
12 Dec

Black Hat Europe 2025: Reputation matters – even in the ransomware economy

Information

Business Security Being seen as reliable is good for ‘business’ and ransomware groups care about ‘brand reputation’ just as much as their victims Tony Anscombe 11 Dec 2025  •  , 4 min. read Black Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘Inside the Ransomware Machine’. The talk focused on the LockBit ransomware-as-a-service (RaaS) gang and Max’s research into their practices and operations. At their height, between 2022-2024, the…

Read More
12 Dec

In Other News: PromptPwnd Attack, macOS Bounty Complaints, Chinese Hackers Trained in Cisco Academy

Information, News

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Read More
11 Dec

Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece

Information

Business Security Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. 10 Dec 2025  •  , 7 min. read Skip to the next paragraph if your eyes glaze over at the long, long titles of industry reports: the AV-Comparatives Endpoint Prevention and Response Comparative Report 2025, MITRE ATT&CK Evaluations Enterprise 2025, or the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Despite their wordy…

Read More
11 Dec

2025 CWE Top 25 Most Dangerous Software Weaknesses

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by the MITRE Corporation, has released the 2025 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical weaknesses adversaries exploit to compromise systems, steal data, or disrupt services.  Prioritizing the weaknesses outlined in the Top 25 is integral to CISA’s Secure by Design and Secure by Demand…

Read More
11 Dec

CISA Releases 12 Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released 12 Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactory ICSA-25-345-04 Siemens IAM Client ICSA-25-345-05 Siemens Advanced Licensing (SALT) Toolkit ICSA-25-345-06 Siemens SINEMA Remote Connect Server ICSA-25-345-07 Siemens Building X – Security Manager Edge Controller ICSA-25-345-08 Siemens Energy Services ICSA-25-345-09 Siemens Gridscale X Prepay ICSA-25-345-10 OpenPLC_V3 ICSMA-25-345-01 Grassroots DICOM (GDCM) ICSMA-25-345-02…

Read More
10 Dec

The big catch: How whaling attacks target top executives

Information

Business Security Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe. Phil Muncaster 09 Dec 2025  •  , 5 min. read When a hedge fund manager opened up an innocuous Zoom meeting invite, he had little idea of the corporate carnage that was to follow. That invite was booby-trapped with malware, enabling threat actors to hijack his email account. From there they moved swiftly, authorizing money transfers on Fagan’s…

Read More
09 Dec

Microsoft Patch Tuesday, December 2025 Edition

Information, Insights

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024. According to Satnam Narang at Tenable, this year marks…

Read More
09 Dec

Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure

Attacks, Insights, Malware

CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create Opportunistic Attacks Against US and Global Critical Infrastructure. This advisory, published as an addition to the joint fact sheet on Primary Mitigations to Reduce Cyber Threats to Operational Technology (OT) released in May 2025, details that pro-Russia hacktivist groups are…

Read More