A big finish to 2025 in December’s Patch Tuesday

Most ransomware attacks are opportunistic, not targeted at a specific sector or region Categories: Threat Research Tags: Ransomware, cybercrime, state-sponsored ransomware, victimization

Fortinet warns of a phishing campaign that uses legitimate links to take over the victims’ PayPal accounts. The post PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts appeared first on SecurityWeek.

Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0. “This

Aman Shukla reports: Niva Bupa Health Insurance Company Ltd has recently informed exchanges that the company received an email from an anonymous sender claiming a potential customer data breach. The company is actively investigating the matter and implementing preventive measures to mitigate risks. …  In the exchange filing, the company shared, “We have received communication(s)…

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. “This vulnerability is remotely exploitable without authentication,” Oracle said in an…

Mayura Kathir reports: A sophisticated cyber-sabotage group known as Predatory Sparrow has emerged as one of the most destructive threat actors targeting Iranian critical infrastructure over the past several years. Unlike traditional cybercriminal operations focused on financial gain, this group executes highly disruptive campaigns designed to cripple essential services, destroy sensitive data, and send provocative……