On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to…
Tag: December
Global Security News
7 Best DDoS Attack Simulation Service Providers & Testing Platforms for 2026
GUEST RESEARCH: In December 2025, a botnet unleashed a record-shattering 31.4 Tbps DDoS wave—proof that yesterday’s worst-case is today’s baseline.
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security
QualDerm Partners December 2025 data breach impacts over 3 Million people
Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data. Over 3.1 million people are affected by a December 2025 data breach at QualDerm Partners, where hackers stole personal, medical, and health insurance information from the company’s internal systems. QualDerm Partners is a U.S.-based healthcare management…
AI, Cybersecurity, Global Security News
Climb & Fortinet Execs on New US Partnership, 2026 Goals
Specialty distributor Climb and security vendor Fortinet announced their partnership in December 2025. The agreement brings Fortinet’s vast portfolio into the Climb vendor linecard and follows years-long demand globally for security solutions available through the channel. Channel Insider spoke with executives from both companies in early 2026 to learn more about how the two organizations…
AI, china, Global Security News
SerpApi fights back against Google lawsuit
The web scraping wars have just intensified. In December, Google announced that it was taking action against web scraping company SerpApi, whose API lets customers’ scrapers mimic human searching, claiming that the company’s tool was “circumventing security measures” that protect its search results to feed the voracious appetite for training data required by many…
Global Security News
What you need to know about hiring cycles – and why flexibility still wins
If you were looking for work in the IT or tech sector in December, you probably already know that it was a quiet time. The good news is that January and February are the best months for job activity, both for job seekers looking for roles and employers ready to hire.
AI, Global Security News, malware
npm’s Update to Harden Their Supply Chain, and Points to Consider
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer…
Cybersecurity, Global Security News
Urgent warnings from UK and US cyber agencies after Polish energy grid attack
A coordinated cyberattack that targeted Poland’s energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic. Read more in my article on the Fortra blog.
AI, APT, Data Breaches, Don't miss, Global Security News, News
Poland’s energy control systems were breached through exposed VPN access
On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively affect energy generation or distribution. Poland’s national computer emergency response team, CERT Polska, assessed that all…
Advanced (300), AI, Apps, Automation, Compliance, Cybersecurity, Data Breaches, Data Security, Global Security News, Network Security, Risk Management, Security, Security, Identity, & Compliance
How to get started with security response automation on AWS
December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…
AI, API security, Apps, Exploits, Global Security News, Risk Management
Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working PoC was released publicly, and Wallarm immediately began observing widespread exploitation attempts across customer environments. What is CVE-2025-55182? CVE-2025-55182 is an unauthenticated remote code execution (RCE) vulnerability, rated CVSS 10.0,…
AI, API security, Apps, Exploits, Global Security News, Risk Management
Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working PoC was released publicly, and Wallarm immediately began observing widespread exploitation attempts across customer environments. What is CVE-2025-55182? CVE-2025-55182 is an unauthenticated remote code execution (RCE) vulnerability, rated CVSS 10.0,…