Issues

Cloudflare Outage on December 5, 2025

,

Cloudflare experienced a service outage on December 5, 2025, from 08:47 to 09:12 UTC, affecting 28% of HTTP traffic due to internal changes while addressing a security vulnerability in React. The incident was not caused by a cyber attack. The issue arose from configuration changes that led to HTTP 500 errors, impacting customers using specific setups with the older FL1 proxy. Cloudflare is implementing measures to prevent future incidents, including enhanced rollout protocols and improved error handling. An apology was issued acknowledging the disruption caused.

https://blog.cloudflare.com/5-december-2025-outage/

Introducing Cybersecurity to the Most Connected Generation

, ,

MITRE introduces the ATT&CK framework to young audiences to raise cybersecurity awareness. Cyber experts emphasize the necessity for kids to understand online threats as they increasingly engage with digital platforms. Recent outreach includes presentations to students, illustrating the dangers posed by sophisticated adversaries. The aim is to spark interest in cybersecurity careers while equipping the next generation with knowledge to protect themselves. The ATT&CK framework serves as an accessible resource for understanding and discussing adversarial behaviors in cybersecurity.

https://www.mitre.org/news-insights/impact-story/introducing-cybersecurity-most-connected-generation

DDoS Attacks Are Massive and Here to Stay: Cloudflare

Cloudflare reports 8.3 million DDoS attacks in Q3 2025, a 40% YoY increase. The Aisuru botnet is highlighted as the main threat, causing record attacks, including a peak of 29.7 Tb/s. DDoS attacks are now frequent and sophisticated, challenging traditional defenses. Industries like telecom and AI are heavily targeted. China, Turkey, and Germany are the top affected countries, with rising attacks linked to geopolitical tensions.

https://www.sdxcentral.com/news/ddos-attacks-are-massive-and-here-to-stay-cloudflare/

Are Credit Cards Safe?

,

Credit cards provide protections such as limited liability for unauthorized charges, fraud monitoring, and dispute resolution for questionable transactions. Security features include alerts, encryption, virtual cards, two-factor authentication, and EMV chips. Some cards offer purchase protection and chargebacks for items that are damaged or not received. Overall, credit cards usually offer more safety features than debit cards, helping cardholders prevent fraud and protect their information.

https://www.chase.com/personal/credit-cards/education/basics/credit-card-safety-features

How Phishers Hide Banking Scams Behind Free Cloudflare Pages

,

Phishing scams are increasingly using free hosting services like Cloudflare Pages to create fake banking and insurance login portals, aiming to capture sensitive information such as usernames, passwords, and answers to security questions. These scams often redirect through compromised legitimate sites, utilizing Telegram for data exfiltration, making them difficult to detect and shut down. Victims encounter authentic-looking pages and are misled into providing personal data, while attackers benefit from rapid setup and evasion of traditional security measures. To avoid such attacks, users should scrutinize URLs, avoid clicking links from unexpected emails, and verify requests for sensitive information.

https://www.malwarebytes.com/blog/news/2025/12/how-phishers-hide-banking-scams-behind-free-cloudflare-pages

Google Chrome Adds New Security Layer for Gemini AI Agentic Browsing

, , ,

Google Chrome introduces ‘User Alignment Critic', a new security layer for Gemini AI agentic browsing, enhancing protection against unsafe actions and data exposure. This system uses an isolated LLM to vet agent actions, restricts access to trusted sites, prompts user confirmation for sensitive tasks, and detects prompt injection attempts, showcasing a robust defense compared to competitors.

https://www.bleepingcomputer.com/news/security/google-chrome-adds-new-security-layer-for-gemini-ai-agentic-browsing/

FinCEN Says Ransomware Gangs Extorted Over $2.1B From 2022 to 2024

,

FinCEN reports ransomware gangs extorted over $2.1 billion from 2022 to 2024, peaking in 2023 with 1,512 incidents and $1.1 billion in payments. A decline in 2024 saw 1,476 incidents and $734 million in payments, attributed to law enforcement actions against gangs like BlackCat and LockBit. The manufacturing, financial services, and healthcare sectors were most affected, with these industries suffering significant losses. Over 267 ransomware families were identified, with Akira being the most reported. Majority of payments were made in Bitcoin (97%).

https://www.bleepingcomputer.com/news/security/fincen-says-ransomware-gangs-extorted-over-21b-from-2022-to-2024/

UK Launches Hybrid Fighting Force to Secure Undersea Cables

,

UK enhances undersea cable defenses with autonomous vessels and warships due to rising Russian surveillance. The Atlantic Bastion program aims to secure vital underwater infrastructure against threats, utilizing AI and advanced technologies. The initiative, supported by major defense firms, may create thousands of jobs, addressing national connectivity vulnerabilities.

https://www.theregister.com/2025/12/08/uk_subsea_cables_defense/

Apple Sends New Round of Cyber Threat Notifications to Users in 84 Countries

Apple and Google issued cyber threat notifications to users across 84 countries, warning about potential spyware targeting. Apple noted over 150 countries informed in total, while Google highlighted specific threats from Intellexa spyware affecting hundreds of accounts in nations like Pakistan and Egypt. This move seeks to enhance user protection and may prompt investigations into spyware activities.

https://www.reuters.com/technology/apple-sent-new-round-cyber-threat-notifications-users-84-countries-2025-12-05/

Cybersecurity Moves From “Perimeter Defence” to “AI-Era Resilience Engineering”

Cybersecurity has shifted from perimeter defense to resilience engineering due to AI-driven attacks and new threats like deepfakes. Firewalls alone are insufficient as average data breach costs rise to £2.9 million. 43% of UK businesses faced cyber breaches recently, highlighting the urgency for companies to invest in advanced threat detection systems to counter AI-enabled cybercrime.

https://www.techerati.com/features-hub/cybersecurity-moves-from-perimeter-defence-to-ai-era-resilience-engineering/

Novel Clickjacking Attack Relies on CSS and SVG

,

Security researcher Lyra Rebane has developed a novel clickjacking attack utilizing CSS and SVG, which poses risks by bypassing the web's same-origin policy. This attack enables manipulation of user interface elements without JavaScript. Rebane's technique was explored in her BSides presentation and is based on SVG filters, allowing for complex attack chains. While it hasn't been fixed, defenders may use the Intersection Observer API to detect such vulnerabilities. The attack exemplifies the evolving nature of web security threats.

https://www.theregister.com/2025/12/05/css_svg_clickjacking/

New Prompt Injection Attack Vectors Through MCP Sampling

, ,

Palo Alto Networks' Unit 42 article discusses security risks associated with the Model Context Protocol (MCP) in coding applications. MCP enables large language models (LLMs) to connect with external services, but without safeguards, malicious servers can exploit it for various attacks. Key risks identified include resource theft, conversation hijacking, and covert tool invocation. The article presents proof-of-concept attacks demonstrating these vulnerabilities and emphasizes the need for effective prevention strategies. Additionally, it outlines MCP's structure and operational flow, detailing how sampling allows servers to request LLM responses. Overall, this creates potential attack vectors that necessitate robust security measures.

https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/

UK Cops to Scale Facial Recognition Despite Privacy Backlash

,

UK plans to expand police facial recognition despite civil rights concerns, proposing a legal framework for broader biometric use. Critics warn of increased surveillance and loss of privacy, citing concerns over how many innocent people were scanned. Home Office argues for clearer lawful deployment guidelines, while opposition groups fear this initiates a path towards authoritarian surveillance.

https://www.theregister.com/2025/12/05/uk_cops_facial_recognition/

The Hidden Cascade: Why Law Firm Breaches Destroy More Than Data

,

Law firms face significant cyberattack risks, with 20% targeted in the past year and average breach costs exceeding $5 million. Attackers are increasingly sophisticated, using tactics that can undermine client privilege and expose sensitive data, especially relating to M&A deals. Current security assessments overlook law firms, leaving businesses vulnerable. The article advocates treating these firms like high-risk technology vendors, proposing specific security measures to mitigate risks associated with data breaches in professional services.

https://www.recordedfuture.com/blog/the-hidden-cascade

Scroll to Top