A big finish to 2025 in December’s Patch Tuesday

Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It’s rooted in Array’s DesktopDirect, a remote…

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. “The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk,” Expel said in a report shared with The Hacker News. “This removes…

From “eCrime” actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations.

Threat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF

Even as the rule book changes, the profession of the CISO remains unchanged: protecting the organization in a world of constant, continually evolving threats.