Amazon: Russian threat actors focus more on targeting cloud misconfigurations

Steve ZurierDecember 16, 2025

Threat actors reduce exposure and save money by targeting cloud misconfigurations instead of software zero-days.

RESOURCES

Government security
ICIT 2025 Gala: CISA director-nominee Sean Plankey receives Pinnacle Award for legacy of national leadership
Government security
Ron Gula to receive Pioneer Award at ICIT 2025 Gala for a legacy of cybersecurity innovation
Phishing
Preparing users for the newest wave of AI-powered phishing
Identity
Securing the AI-first enterprise: Access controls for AI agents and non-human identities
Email security
Beyond the inbox: Defending against sophisticated email threats in the era of cloud and AI

PODCASTS

Application security
Developing Open Source Skills for Maintaining Projects – Kat Cosgrove – ASW #361
Data Security
Illuminating Data Blind Spots, Topic, Enterprise News – Tony Kelly – ESW #437
Vulnerability Management
Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet… – SWN #537
Network Security
Tech Segment: MITM Automation + Security News – Josh Bressers – PSW #904
Cloud Security
Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks – Justin Hazard – BSW #425

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Rapid7 details SantaStealer malware-as-a-service

Laura FrenchDecember 16, 2025

The forthcoming infostealer advertised on Telegram offers 14 custom modules.

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

Vulnerability Management

More China-linked groups exploit React2Shell CVE-2025-55182 zero-day

Steve ZurierDecember 15, 2025

Five new China-linked groups join rapid React2Shell exploitation, raising urgency to patch now.

Abstract of world network

Vulnerability Management

CISA orders federal agencies to patch GeoServer flaw

Steve ZurierDecember 12, 2025

Experts point out that our adversaries now use GeoServer to collect intelligence data.

(Credit: daily_creativity – stock.adobe.com)

OpenAI lays out its plan for major advances in AI cybersecurity features

Laura FrenchDecember 12, 2025

The ChatGPT maker says it’s using a combination of training, detection and red teaming to prevent misuse.

Gogs Git service zero-day exploited since Dec. 1

Steve ZurierDecember 11, 2025

A patch hasn’t been released yet – here are five tips for security pros.

North Korea digital technology flag cyber background. North Korean banner cyberattack and espionage concept illustration.

Vulnerability Management

North Korea-linked ‘EtherRAT’ backdoor used in React2Shell attacks

Laura FrenchDecember 11, 2025

The malware retrieves C2 addresses from Ethereum smart contracts to avoid takedowns.

A colorful keyboard and handcuffs.

Critical Infrastructure Security

US charges Ukrainian for pro-Russia critical infrastructure attacks

Steve ZurierDecember 10, 2025

In a rare case, the FBI aims to bring a nation-state-backed cybercriminal to justice.

(Credit: Koshiro K – stock.adobe.com)

Google addresses ‘GeminiJack’ exploit affecting Gemini Enterprise

Laura FrenchDecember 10, 2025

An indirect prompt injection could have exfiltrated data from emails, documents or calendars.

EVENTS