Risk
-
ServiceNow to buy Armis for $7.75 billion to expand device-focused security
ServiceNow agreed to buy Armis for $7.75 billion to expand its security offerings into device and cyber-physical exposure management, combining Armis’ asset discovery with ServiceNow’s workflow and risk products and citing AI-driven automation as a core rationale.
-
Two Chrome extensions intercepted traffic and exfiltrated credentials, researchers say
Researchers reported two Chrome extensions named Phantom Shuttle that posed as VPN/speed-test tools but injected hard-coded proxy credentials, routed traffic through attacker-controlled proxies and exfiltrated user credentials and other sensitive data to a command-and-control server.
-
La Poste hit by major network incident, digital services disrupted
La Poste said a “major network incident” knocked its information systems offline, disrupting websites and mobile banking for millions while core banking and in-person services remained available; French outlets reported the outage was caused by a DDoS attack.
-
Critical vulnerability in n8n workflow platform could allow code execution (CVE-2025-68613)
A critical vulnerability in the n8n workflow automation platform (CVE-2025-68613) with a CVSS score of 9.9 could allow authenticated users to trigger arbitrary code execution; patches are available and Censys reports over 103,000 potentially vulnerable instances.
-
MacSync Stealer shifts to signed Swift dropper, removing need for terminal commands
MacSync Stealer operators now distribute a code-signed, notarized Swift dropper inside a disk image, removing the need for terminal interaction. The change has enabled rapid infections of macOS systems since mid-2025.
-
Interpol-led Operation Sentinel results in 574 arrests, $3 million recovered and six ransomware strains decrypted
Interpol said Operation Sentinel, conducted across 19 countries between Oct. 27 and Nov. 27, resulted in 574 arrests, about $3 million recovered, more than 6,000 malicious links removed and the decryption of six ransomware variants, with cases linked to over $21 million in losses.
-
Malicious npm WhatsApp API ‘lotusbail’ found stealing tokens and linking attacker devices
A malicious npm package named lotusbail, downloaded more than 56,000 times, masquerades as a WhatsApp API while capturing authentication tokens, messages and contacts and linking an attacker device to victims’ WhatsApp accounts, Koi Security researchers said; ReversingLabs also disclosed related NuGet supply-chain malware.
-
Around 1,000 systems hit in ransomware attack on Romania’s water agency
Romanian Waters said a ransomware attack that began on December 20 has affected around 1,000 systems across its IT network and spread to most river basin organisations; hydrotechnical operations continued to run locally while authorities investigate and work to restore services.
-
South Korea to require facial scans for new mobile accounts to curb scams
The South Korean government will require facial recognition scans for new mobile accounts to curb scams, using biometric data stored in carriers’ PASS apps, after major data breaches and a large compensation order for SK Telecom customers.
-
Denmark blames Russia for destructive cyberattack on water utility, names hacker groups
Denmark’s Defence Intelligence Service accused Russia of directing cyberattacks against Danish critical infrastructure, naming Z-Pentest and NoName057(16), and said the activity formed part of a Russian hybrid campaign that has used elections to attract attention.
