A major security problem has been found in the JumpCloud Remote Assist for Windows agent, a tool used by over 180,000 organisations across 160 countries to manage their computers. This issue could allow a regular user on a company machine to take full, persistent control of that device. The critical vulnerability, tracked as CVE-2025-34352 , was found by security researcher Hillel Pinto at the fi

European law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more than 10 million euros. Authorities from the Czech Republic, Latvia, Lithuania, and Ukraine (supported by Eurojust) arrested 12 suspects out of 45 identified during the investigation. They also seized 21 vehicles, weapons, a polygraph machine, computers,

Chinese Surveillance and AI New report: “ The Party’s AI: How China’s New AI Systems are Reshaping Human Rights .” From a summary article : China is already the world’s largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there. By exposing the full scope of China’s AI driven control apparatus, th

Amazon’s threat intelligence team has disclosed details of a “years-long” Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has

Ever looked at the search filters on Amazon or Airbnb and wished you could make the content on your own website just as easily discoverable? Imagine if your visitors could simply click a few options in the search filter, like “Price: Low to High,” “Rating: 4 Stars,” or “Color: Blue”… and instantly, the perfect results appear. Sadly, most filtering tools on the market are either frustratingly comp

AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as the surface area they must cover is expanding quickly while their staffing levels remain largely

A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. According to security researchers at Rapid7, the operation is a rebranding of a project called BluelineStealer, and the developer is ramping up the operation ahead of a planned launch before the end of the year. SantaSteal

Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. Askul is a large business-to-business and business-to-consumer office supplies and logistics e-commerce company owned by Yahoo! Japan Corporation. The ransomware incident in October caused an IT system failure, forcing the compan

? Dec 16, 2025 ? Ravie Lakshmanan Dark Web / Online Safety Google has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for new dark web breaches will be stopped on January 15, 2026, and the feature will cease to exist effect

Pierluigi Paganini December 16, 2025 The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat actors compromised email servers at the Ministry of the Interior. The attack was detected overnight between December 11 and 12, and according to the French interior

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719

Welcome to DEV, your fortnightly battle report from the frontlines of WordPress. We’ve scouted the newest tools, executed clever dev maneuvers, and flagged the freshest features and community victories. Arm yourself with this intelligence so you can advance your mission with precision and honor. Stick around to the end to see a behind-the-scenes tech get his moment in the spotlight. In today’s ed

Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. Last week, PornHub disclosed that it was impacted by a recent breach at analytics vendor Mixpanel . Mixpanel suffered a breach on November 8th, 2025, after an SMS phishing (smishing) attack enabled threa

A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity. The extension in question is Urban VPN Proxy , which has a 4.7 rating on the Google Chrome

A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity. The extension in question is Urban VPN Proxy, which has a 4.7 rating on the Google Chrome

AI-powered email content suggestions are changing how marketing teams write, test, and scale email campaigns. Instead of guessing what message will resonate, marketers can now use AI to analyze data, predict engagement, and generate personalized content that converts. But there’s a huge difference between emails that sound good and emails that perform . In this guide, we’ll cover how to use AI em

I spent the last week asking HubSpot marketers to get really honest about what actually worked for them in 2025 — and what they let go of. Six HubSpotters share some of their “why didn’t I do this sooner?” moments from the past 12 months, from rethinking how they use AI to backing unmeasurable bets. If you could go back to January 2025, what would you tell yourself to stop overthinking? Adam Bidd

In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into

Cart abandonment is one of the most frustrating challenges for any online store owner. You’ve done the hard work to attract shoppers, but many still leave before completing their purchases. One common reason? Shoppers get annoyed when they have to leave the product page just to check what’s in their cart. That’s where sliding side carts come in. They let customers easily review and manage their p

Search is shifting from pages of blue links to short, confident answers from AI. People ask ChatGPT, Google’s AI Overviews, Perplexity, Gemini, and Claude things like “What’s the best [service] near me?” or “Which [tool] is most reliable for [use case]?”—and those systems answer with a small set of brands. […] The post appeared first on .

Frozen pizza changed the game for many pizzerias. If you couldn’t offer something better than what I had in my freezer, what do I need you for? If the wedding photographer can’t deliver more magic than the phone in my guest’s pocket, no thanks. Does working with your non-profit make me feel better than putting a dollar in the violin case of the busker down the street? And if the local print shop

Cybersecurity researchers have disclosed details of an active phishing campaign that’s targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payroll

The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. According to SentinelOne, VolkLocker (aka CyberVolk 2.x) emerged in August 2025 and is capable of targeting both Windows

An email scam is abusing abusing PayPal’s “Subscriptions” billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. Over the past couple of months, people have reported [ 1 , 2 ] receiving emails from PayPal stating, “Your automatic payment is no longer active.” The email includes a customer service URL field that was som

Pierluigi Paganini December 14, 2025 An open 16TB database exposed 4.3B professional records. It was unsecured and only closed after researchers alerted the owner. A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data, enabling large-scale AI-driven social-engineering attacks. The researcher Bob Diachenko and nexos.ai discovered the unsecure

It’s an odd term, worth a look. We don’t notice that the tree we planted a few years ago thrives just a bit more each day. We don’t notice that the mail shows up when it’s supposed to, that our civilization persists in the face of chaos, and that the lights (usually) go on when we flip a switch. Granted? What would happen if we paid as much attention to these persistent delights as we pay to the

Pierluigi Paganini December 13, 2025 Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accusing Moscow of cyber attacks against its air traffic control authority and running a disinformation campaign ahead of February’s election. The German government announce

And shiitake mushrooms, spaghetti squash, ginger and even packaged tofu? In the 1960s, the culture changed, and so did the supermarket. Small markets with fifty or sixty kinds of fruits and vegetables transformed into supermarkets carrying hundreds of varieties. Cooking shows and cookbooks raced to teach home cooks about the new, interesting and exotic. And Frieda Caplan showed up to orchestrate

If you run a website, manage a business inbox, or even just use online banking, you’ve already lived in the phishing era for a long time. The only thing that’s changed is the polish. Phishing scams have moved past those obviously fake “please verify” requests to include convincing login pages, realistic invoices, and even bogus delivery updates. Some are mass-sent and easy to spot, others are cus

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below – CVE-2025-43529 (CVSS score: N/A) – A use-after-free vulnerability in WebKit

Cybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. “These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing

A coordinated and new malware campaign is exploiting the popular developer platform, GitHub . The target? Professionals in IT administration, cybersecurity, and open-source intelligence ( OSINT ). This is according to a detailed research report by Morphisec Threat Labs on a previously unknown threat, dubbed PyStoreRAT. For your information, PyStoreRAT is a Remote Access Trojan, which is a type of

Say hello to Kali Linux 2025.4! Expect updated tools, performance tweaks, and improved support – no fluff, just the essentials. The summary of the changelog since the 2025.3 release from September is: Desktop Environments GNOME 49 As with previous GNOME updates in Kali, we’ve given all our themes a fresh coat of paint – everything has been tuned to look sharp and feel smooth. The Totem video play

Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. RasMan is a critical Windows system service that starts automatically, runs in the background with SYSTEM-level privileges, and manages VPN, Point-to-Point Protocol over Ethernet (PPoE), and other remote network connections. ACROS Sec

www.bleepingcomputer.com Verifying you are human. This may take a few seconds. www.bleepingcomputer.com needs to review the security of your connection before proceeding. Verification successful Waiting for www.bleepingcomputer.com to respond… Enable JavaScript and cookies to continue

www.bleepingcomputer.com Verifying you are human. This may take a few seconds. www.bleepingcomputer.com needs to review the security of your connection before proceeding. Verification successful Waiting for www.bleepingcomputer.com to respond… Enable JavaScript and cookies to continue

The UK Information Commissioner’s Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. According to the ICO, the incident stemmed from two interconnected breaches starting in August 2022. The firs

AI Overviews and chat assistants are quickly turning into full-blown discovery engines. Someone asks ChatGPT, Perplexity, or Google AI: “What’s the best [product] for [use case]?” and those systems answer with a short list of brands—and often just one recommended option. If your brand makes that list, you’re already halfway […] The post appeared first on .

You shouldn’t have to lose control of your donor data and rely on a third-party platform just to create a fundraising campaign. But that’s exactly what happens when you hit ‘launch’ on GoFundMe. Thankfully, there are plenty of GoFundMe alternatives out there. Some let you maintain 100% control over your donor relationships, others offer a more professional experience, and many provide features th

The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI?powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often by copying/pasting sensitive information directly into prompts or uploading files. Traditional

There’s a face on Mars. Ever since Viking took this photo fifty years ago, some people have been sure–certain–that it clearly shows a face on the planet’s surface. Of course, once we had a high resolution image from a later mission, all resemblance to a face went away. Human beings need a story, especially when we’re trying to understand something we haven’t already classified. And so we see face

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects the React Server Components (RSC) Flight protocol. The underlying cause of the issue is an unsafe deserialization

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability