🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

If you're managing hybrid infrastructure, IPFire can simplify your life.
Use the same firewall in the cloud and on-prem — no need to learn different tools.
#CloudSecurity #AWS #Networking #OpenSource https://www.ipfire.org/downloads/cloud

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

Latest cyber & hacking videos compiled for you twice a day. Watch now & stay ahead of threats. 🔒 https://www.youtube.com/playlist?list=PLXqx05yil_mci-KTJVPJ_vqt8eehJ5YYc
#CyberSecurity #InfoSec #CloudSecurity #Phishing #EthicalHacking

Không nên hardcode secret trong Google Apps Script. Dùng **Properties Service** để lưu cấu hình, biến môi trường. Với secret quan trọng (mật khẩu, khóa API), dùng **Google Cloud Secret Manager** kết hợp `UrlFetchApp` và caching để bảo mật và hiệu suất. Tận dụng **Service Account Impersonation** để tránh dùng khóa. Luôn phân quyền đúng và bật audit logging.

#GoogleAppsScript #SecretManagement #Security #CloudSecurity #GoogleCloud #ScriptProperties #SecretManager #BảoMật #GoogleAppsScriptTiếngV

Tham gia hackathon tại Westlake Brewery cùng đội ninja Microsoft: từ lo lắng đến chiến thắng! 🥇 Cùng Ugur Koc, đội xây ứng dụng T3 kết hợp AI chatbot (OpenAI), Supabase, PostgreSQL và Entra ID. Bảo mật RLS, frontend hiện đại, và giành giải nhất – mang về “golden clippy”! 🎉 Học được về Intune, Copilot, Graph API, PowerShell, MTO, và cảm hứng từ diễn giả neurodivergent. Cảm ơn Workplace Ninjas US! 🙌 #Microsoft #Hackathon #AI #CloudSecurity #Neurodiversity #TechConference #DevSecOps #PowerShell

The Gaia-X program welcomes users and providers to participate in building a European secure cloud. If you're curious about what their process looks like, here's how you can contribute.

#gaiaX #EU #Europe #cloudSecurity #cloud

https://negativepid.blog/how-to-become-gaia-x-compliant/
https://negativepid.blog/how-to-become-gaia-x-compliant/

🚨 New MEDIUM CVE detected in AWS Lambda 🚨
CVE-2025-14762 impacts aws-sdk-s3 in 4 Lambda base images.

Details: https://github.com/aws/aws-lambda-base-images/issues/362
More: https://lambdawatchdog.com/

#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 New MEDIUM CVE detected in AWS Lambda 🚨
CVE-2025-14762 impacts aws-sdk-s3 in 4 Lambda base images.

Details: https://github.com/aws/aws-lambda-base-images/issues/362
More: https://lambdawatchdog.com/

#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 New MEDIUM CVE detected in AWS Lambda 🚨
CVE-2025-14762 impacts aws-sdk-s3 in 4 Lambda base images.

Details: https://github.com/aws/aws-lambda-base-images/issues/362
More: https://lambdawatchdog.com/

#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 17 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 7
• 🟡 Medium: 9
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🛑 CRITICAL: CVE-2025-64663 (SSRF) in Azure Cognitive Service for Language—Custom Question Answering feature is at risk. Elevation of privilege possible; apply strict egress filtering & monitor now. Patch pending. https://radar.offseq.com/threat/cve-2025-64663-cwe-918-server-side-request-forgery-4a0523d4 #OffSeq #Azure #SSRF #CloudSecurity

🚨 CRITICAL vuln: CVE-2025-65041 in Microsoft Partner Center enables unauthenticated remote privilege escalation (CVSS 10). No patch yet—segment networks, enforce MFA, and monitor for abuse. Stay updated! https://radar.offseq.com/threat/cve-2025-65041-cwe-285-improper-authorization-in-m-738f9e8a #OffSeq #Microsoft #CloudSecurity #CVE2025_65041

Alright team, it's been a packed 24 hours in the cyber world! We've got a flurry of actively exploited zero-days and critical vulnerabilities to cover, alongside some significant breaches, new threat actor insights, and a few noteworthy law enforcement actions. Let's dive in:

Actively Exploited Zero-Days and Critical Vulnerabilities ⚠️

- Cisco is battling a maximum-severity zero-day (CVE-2025-20393) in its AsyncOS software for Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. Suspected Chinese-government-linked threat actors (UAT-9686) have been exploiting this flaw since late November, deploying persistent Python-based backdoors like AquaShell, along with tunneling tools. There's no patch yet, so Cisco advises customers to assess exposure, limit internet access to the Spam Quarantine feature, and rebuild compromised appliances.
- The React2Shell vulnerability (CVE-2025-55182) in React Server Components continues to spread, with Microsoft confirming hundreds of compromised machines across diverse organisations. Attackers are leveraging this RCE flaw for reverse shells, lateral movement, data theft, and even ransomware deployment (Weaxor ransomware). This critical bug now holds the highest verified public exploit count of any CVE, with new related defects (CVE-2025-55183, CVE-2025-67779, CVE-2025-55184) also emerging. Patching is crucial, but won't evict existing attackers.
- HPE has patched a maximum-severity RCE flaw (CVE-2025-37164) in its OneView infrastructure management software, affecting all versions prior to v11.00. This vulnerability allows unauthenticated attackers to execute arbitrary code with low complexity. Admins should update immediately as no workarounds exist.
- SonicWall is warning customers about an actively exploited zero-day (CVE-2025-40602) in its SMA 1000 remote-access appliance. This bug, stemming from insufficient authorisation checks, can be chained with a previously patched flaw (CVE-2025-23006) to achieve unauthenticated root-level RCE. Immediate updates and restricting console access to trusted networks are advised.
- CISA has added CVE-2025-59374, a critical supply chain compromise impacting ASUS Live Update, to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, linked to 2019's Operation ShadowHammer, allowed attackers to distribute trojanised software to specific targets. ASUS Live Update has reached end-of-support, so federal agencies are urged to discontinue its use.
- The Zeroday Cloud hacking competition in London saw researchers demonstrate 11 zero-day vulnerabilities in critical cloud infrastructure components like Redis, PostgreSQL, Grafana, MariaDB, and the Linux kernel. This highlights significant security gaps in widely used cloud systems, including a container escape flaw in the Linux kernel that could break isolation between cloud tenants.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/17/attacks_pummeling_cisco_0day/
📰 The Hacker News | https://thehackernews.com/2025/12/cisco-warns-of-active-attacks-exploiting-unpatched-0-day-in-asyncos-email-security-appliances.html
🗞️ The Record | https://therecord.media/chinese-attackers-zero-day
🤫 CyberScoop | https://cyberscoop.com/react2shell-vulnerability-fallout-spreads/
📰 The Hacker News | https://thehackernews.com/2025/12/threatsday-bulletin-whatsapp-hijacks.html (React2Shell Exploited in Ransomware Attacks)
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/18/react2shell_exploitation_spreads_as_microsoft/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hpe-warns-of-maximum-severity-rce-flaw-in-oneview-software/
📰 The Hacker News | https://thehackernews.com/2025/12/hpe-oneview-flaw-rated-cvss-100-allows-unauthenticated-remote-code-execution.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/18/sonicwall_sma_1000_0day/
📰 The Hacker News | https://thehackernews.com/2025/12/cisa-flags-critical-asus-live-update-flaw-after-evidence-of-active-exploitation.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/zeroday-cloud-hacking-event-awards-320-0000-for-11-zero-days/

Recent Cyber Attacks and Breaches 🔒

- Amazon's AWS GuardDuty team has warned of an ongoing cryptomining campaign leveraging compromised IAM credentials to exploit Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) instances. Attackers establish persistence by disabling API termination, hindering incident response.
- France's Ministry of the Interior confirmed a cyberattack on its internal email servers, compromising document files. A 22-year-old suspect, previously convicted for similar offences, has been arrested. The notorious BreachForums claimed responsibility, citing revenge for prior arrests, and alleged the theft of 16 million police records, though French authorities have not confirmed this.
- PornHub and SoundCloud have both disclosed data breaches stemming from a compromise at their data analytics service provider, Mixpanel. PornHub stated limited analytics events were extracted, while SoundCloud reported email addresses and public profile information for approximately 20% of its 200 million users were accessed. The ShinyHunters group has allegedly taken credit for the Mixpanel attacks.
- DXS International, a tech supplier for the NHS, is investigating a cyberattack on its internal office servers. While the company claims minimal impact on frontline clinical services, the incident highlights the ongoing risk to critical infrastructure via third-party suppliers.
- The University of Sydney suffered a data breach after hackers accessed an online coding repository, stealing personal information of over 27,000 current and former staff, affiliates, students, and alumni. The stolen data includes names, dates of birth, phone numbers, home addresses, and job details, though no evidence of online publication or misuse has been found yet.
- French authorities arrested a Latvian crew member of an Italian passenger ferry, suspected of installing malware that could allow remote control of the vessel. The incident is being investigated as suspected foreign interference.
- The Clop ransomware gang is actively targeting internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. It's currently unclear if Clop is exploiting a new zero-day or an unpatched N-day vulnerability, but over 200 CentreStack servers are potentially vulnerable.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/amazon-ongoing-cryptomining-campaign-uses-hacked-aws-accounts/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/18/crypto_crooks_use_stolen_aws/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/france-arrests-suspect-tied-to-cyberattack-on-interior-ministry/
🗞️ The Record | https://therecord.media/france-interior-ministry-hack-arrest
🗞️ The Record | https://therecord.media/millions-impacted-pornhub-soundcloud-breaches
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/18/nhs_tech_supplier_cyberattack/
🗞️ The Record | https://therecord.media/uk-nhs-tech-provider-dxs-discloses-hack
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/university-of-sydney-suffers-data-breach-exposing-student-and-staff-info/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/france-arrests-latvian-for-installing-malware-on-italian-ferry/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/

New Threat Research on Threat Actors, Malware, and Techniques 🛡️

- North Korea's state-backed cybercriminals plundered over $2 billion in cryptocurrency in 2025, a 51% increase year-on-year, accounting for 76% of all crypto service compromises. This surge is largely attributed to a $1.5 billion theft from Bybit and an increased focus on personal wallets, often facilitated by social engineering tactics like posing as IT workers or recruiters.
- The Kimsuky threat actor is distributing a new DocSwap Android malware variant via QR codes on phishing sites mimicking CJ Logistics. The malware uses social engineering to bypass security warnings and provides extensive RAT capabilities, including keystroke logging, audio capture, and file operations.
- GreyNoise observed an automated password spraying campaign targeting Palo Alto Networks GlobalProtect and Cisco SSL VPN gateways. Originating from over 10,000 unique IPs, the attacks use common username/password combinations, indicating scripted credential probing rather than vulnerability exploitation.
- A new modular information stealer, SantaStealer, is being advertised on underground forums, designed to operate in-memory and exfiltrate sensitive documents, credentials, and wallets from a wide range of applications.
- Threat actors are using a new "GhostPairing" social engineering technique to hijack WhatsApp accounts by luring victims to scan QR codes or enter phone numbers on fake Facebook viewer pages, abusing the legitimate device-linking feature.
- Bad actors are observed hosting videos on RuTube, advertising Roblox cheats that lead to Trojan and stealer malware like Salat Stealer, mirroring tactics seen on YouTube.
- An analysis of DDoSia's multi-layered command-and-control (C2) infrastructure reveals an average of 6 control servers active at any given time, with short lifespans, used by pro-Russian hacktivist group NoName057(16) to target Ukraine, European allies, and NATO states.
- A phishing campaign, attributed to Russian APT actors, is targeting entities in the Baltics and Balkans, spoofing government bodies with credential phishing emails that use blurred decoy documents and pop-ups to harvest credentials.
- New "ClickFix" attacks are leveraging fake CAPTCHA checks to trick users into running the `finger.exe` tool to retrieve malicious PowerShell code, attributed to clusters KongTuke and SmartApeSG.
- Threat actors are abusing Google's Application Integration service to send highly convincing phishing emails from authentic @google.com addresses, bypassing SPF, DKIM, and DMARC checks to steal Microsoft 365 credentials.
- Cato Networks observed large-scale reconnaissance and exploitation attempts targeting Modbus devices, including those controlling solar panel output. The rise of agentic AI tools is accelerating these attacks, reducing execution time from days to minutes.
- Bitsight research found approximately 1,000 Model Context Protocol (MCP) servers exposed on the internet without authorisation, leaking sensitive data and potentially allowing RCE or Kubernetes cluster management.
- A phishing campaign impersonating India's Income Tax Department is deploying legitimate remote access tools like LogMeIn Resolve, using tax irregularity themes to create urgency and bypass traditional Secure Email Gateway defenses.
- A previously unknown, China-aligned hacker group, LongNosedGoblin, is targeting government institutions across Southeast Asia and Japan. The group abuses Windows Group Policy to deploy malware like NosyHistorian (browser history collector) and NosyDoor (backdoor), with NosyDoor potentially offered as a commercial service.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/18/north_korea_stole_2b_crypto_2025/
🗞️ The Record | https://therecord.media/over-3-billion-crypto-stolen-2025-north-korea
📰 The Hacker News | https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware-via-qr-phishing-posing-as-delivery-app.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-password-spraying-attacks-target-cisco-pan-vpn-gateways/
📰 The Hacker News | https://thehackernews.com/2025/12/threatsday-bulletin-whatsapp-hijacks.html (SantaStealer, GhostPairing, RuTube, DDoSia, APT phishing, ClickFix, Google service abused, AI-driven ICS scans, Exposed MCP servers, Fake tax scam)
🗞️ The Record | https://therecord.media/new-china-linked-hacker-group-spies-on-governments-in-southeast-asia-japan

#CyberSecurity #ThreatIntelligence #ZeroDay #RCE #Vulnerability #Ransomware #APT #CyberAttack #DataBreach #InfoSec #IncidentResponse #CloudSecurity #SupplyChainSecurity #CryptoCrime