France no longer seeks full suspension of Shein over childlike sex dolls  - France is no longer seeking a looming three-month full suspension of Shein over its sale of childlike sex dolls and banned weapons.

+1 from  cybernews

 Predator spyware uses new infection vector for zero-click attacks  - The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement.

+4 from  bleepingcomputer

 Smashing Security podcast #446: A hacker doxxes himself, and social engineering-as-a-service  - A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier...

 中方关于深化中国—东盟数字治理合作的倡议

+1 from  cac.cn

 Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems  - The rapid adoption of AI has introduced a new, semantic attack vector that many organizations are ill-prepared to defend against: prompt injection. While many security teams understand the threat of d[…]

+1 from  crowdstrike

 EU fines X $140 million over deceptive blue checkmarks  - The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA).

+3 from  bleepingcomputer

 Why the record-breaking 30 Tbps DDoS attack should concern every business  - A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. Read more in my article on the Fortra blog.

 CISA Releases Nine Industrial Control Systems Advisories

+2 from  cisa

 NEW TECH Q&A: Start-up Indentient debuts reimagined AI copilots trained on experts’ insights  - Cybersecurity has always been a moving target. But AI has shifted the center of gravity.

 5 Threats That Reshaped Web Security This Year [2025]  - As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink...

+4 from  thehackernews

 Cloudflare blames today's outage on React2Shell mitigations  - Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks.

+3 from  bleepingcomputer

 Critical React, Next.js flaw lets hackers execute code on servers  - A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.

+3 from  bleepingcomputer

 CISA Adds One Known Exploited Vulnerability to Catalog

 News alert: SpyCloud study — Phishing attacks surge 400% as corporate identities become top target  - AUSTIN, Texas, Dec. 4, 2025, CyberNewswire — SpyCloud , the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users.

+1 from  lastwatchdog

 CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems  - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems. "BRICKSTORM is a sophisticated...

+6 from  thehackernews