Issues

Yep, Passkeys Still Have Problems

,

Passkeys still face significant issues in 2025, including vendor lock-in and usability challenges across different ecosystems. Users should engage with Credential Managers like Bitwarden, avoid relying solely on platform managers (Apple, Google, Microsoft), and consider Yubikeys for important accounts. The introduction of the FIDO Credential Exchange Specification offers some hope for transitioning between providers, but day-to-day usability remains problematic. Active user education on how Passkeys work and the benefits of robust Credential Managers is crucial to overcoming barriers to adoption. Miscommunication and forced options by service providers exacerbate user confusion and trust issues. Ultimately, a focus on user control and education is imperative to safely navigate the evolving landscape of digital security.

https://fy.blackhats.net.au/blog/2025-12-17-yep-passkeys-still-have-problems/

8 Million Users’ AI Conversations Sold for Profit by “Privacy” Extensions

, , ,

TLDR: Over 8 million users' AI conversations have been harvested and sold for profit by the Urban VPN Proxy extension, which secretly captures data from platforms like ChatGPT and Claude. Despite claiming privacy, the extension transmits sensitive information to servers without user consent. It has passed Google’s reviews, misleading users about its data practices. Users are advised to uninstall it immediately to protect their private conversations.

https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection

Microsoft 365 Users Targeted in Device Code Phishing Attacks

, ,

Microsoft 365 users are targeted by phishing attacks exploiting OAuth 2.0 device authorization. Attackers trick users into granting access tokens via emails with misleading content. Tools like Squarephish and Graphish facilitate these campaigns, allowing low-skilled actors to launch sophisticated attacks. Mitigation strategies include implementing Conditional Access policies to block or restrict device code flows.

https://www.helpnetsecurity.com/2025/12/18/microsoft-365-device-code-phishing/

Future of Quantum-Safe Networks Rests on Interoperable Standards

, ,

The article emphasizes cybersecurity advancements, particularly quantum key distribution (QKD), which is vital for secure, future-proof communications as quantum computing evolves. Establishing interoperable standards is essential for QKD's successful deployment, ensuring security across various industries and maintaining trust in digital infrastructure.

https://www.darkreading.com/endpoint-security/securing-future-building-quantum-safe-networks-today

Price of a ‘bot Army’ Revealed Across Hundreds of Online Platforms Worldwide

, , ,

Cambridge's COTSI reveals global bot prices: A new index tracks fake account verification costs on 500+ platforms. Verifying fake accounts is notably cheap in the US (0.26), UK (0.10), and Russia (0.08), while pricier in Japan (4.93) and Australia (3.24). Prices surge for bots on Telegram and WhatsApp before elections, indicating manipulation intentions. The study emphasizes sim card regulation to curb bots and suggests transparency measures are often circumvented. It exposes a burgeoning underground market reliant on SIM products for orchestrating misinformation and influence campaigns globally.

https://www.cam.ac.uk/stories/price-bot-army-global-index

The Rise of Precision Botnets in DDoS

,

Precision botnets are emerging threats in DDoS attacks, focusing on targeted disruption rather than overwhelming traffic. Unlike traditional attacks, they exploit specific system vulnerabilities while blending in with normal traffic. Effective defense requires a shift from volumetric detection to behavior analytics and adaptive rate limiting, emphasizing intent over volume for identifying malicious activity.

https://securityboulevard.com/2025/12/the-rise-of-precision-botnets-in-ddos/

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Kimwolf Botnet hijacks 1.8 million Android devices for DDoS attacks. Originating from the NDK, it targets Android TVs and set-top boxes, demonstrating advanced capabilities like proxy forwarding and use of Ethereum Name Service for resiliency. Linked to the AISURU botnet, Kimwolf has executed 1.7 billion DDoS commands recently and evolved to enhance its infrastructure against take-down efforts, affecting users in Brazil, India, and the U.S. Attack patterns focus on leveraging compromised devices for proxy services.

https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html

Does OpenAI Expect Upcoming AI Models to Present a High Cybersecurity Risk?

,

OpenAI acknowledges that its upcoming AI models will heighten cybersecurity risks, as more capable tools enable easier attacks for even those with basic knowledge. The release of GPT-5.2 introduces enhanced capabilities for professional use and better coding assistance. To combat potential misuse, OpenAI plans to establish the Frontier Risk Council and has launched the beta tool Aardvark to help organizations identify vulnerabilities. Overall, OpenAI aims to ensure its technologies are used safely while addressing both defense and offense in cybersecurity.

https://www.pandasecurity.com/en/mediacenter/does-openai-expect-upcoming-ai-models-to-present-a-high-cybersecurity-risk/

From Linear to Complex: An Upgrade in RansomHouse Encryption

,

RansomHouse, a ransomware-as-a-service (RaaS) by Jolly Scorpius, has upgraded its encryption methods from simple to complex strategies, affecting at least 123 victims across critical sectors. The operation employs a double extortion tactic, combining data theft with ransom demands. Its attack chain involves four key phases: Develop, Infiltrate, Exfiltrate & Deploy, and Extort. Tools used include MrAgent, for managing systems, and Mario, the encryptor, which targets VMware environments. The upgraded Mario encryption method is significantly more sophisticated, enhancing operational disruption for victims.

https://unit42.paloaltonetworks.com/ransomhouse-encryption-upgrade/

Two Chrome Flaws Could Be Triggered by Simply Browsing the Web: Update Now

, ,

Google has issued an unscheduled Chrome update to fix two serious vulnerabilities, CVE-2025-14765 in WebGPU and CVE-2025-14766 in the V8 JavaScript engine, that can be triggered remotely when users load maliciously crafted web pages. Because Chrome has billions of users, these flaws are high-value targets for attackers, and users are strongly urged to update immediately to version 143.0.7499.146/.147 on Windows and macOS or 143.0.7499.146 on Linux. The piece provides simple update instructions (using Chrome’s About page or automatic updates) and briefly explains that one bug is a use-after-free in WebGPU, leading to potential heap corruption, while the other is an out-of-bounds read/write in V8 that can allow attackers to access or modify memory and potentially run code with elevated permissions. The core message is that users should not delay restarting and updating Chrome, since merely browsing the web could expose them to attacks until the patch is applied.

https://www.malwarebytes.com/blog/news/2025/12/two-chrome-flaws-could-be-triggered-by-simply-browsing-the-web-update-now

Defensible by Design: Ransomware and Cybersecurity in 2026

,

Ransomware is now a major concern for organizations, affecting strategy and leadership. CISOs face increasing pressure as ransomware evolves, requiring adaptability and focus on defensible, resilient systems over security illusions. Leadership development should involve real incident experiences and business-focused training. Traditional security budgets are insufficient, pushing for a shift towards recoverability and flexible response strategies. Investors now consider cybersecurity a key factor in funding decisions, linking security posture directly to organizational value. In 2026, success for CISOs will hinge on their ability to withstand and quickly recover from ransomware incidents.

https://www.halcyon.ai/blog/defensible-by-design-ransomware-and-cybersecurity-in-2026

Scroll to Top