IT Security News

OpenAI has unveiled GPT-5.2-Codex, a cutting-edge model optimized for agentic coding and enhanced cybersecurity tasks. The release highlights breakthroughs in handling complex software engineering and vulnerability detection. GPT-5.2-Codex tops SWE-Bench Pro with 56.4% accuracy, outperforming GPT-5.2 at 55.6% and GPT-5.1… Read more → The post OpenAI GPT-5.2-Codex Supercharges Agentic Coding and Cyber Vulnerability Detection appeared first on IT Security News.

Beijing wants to ‘seize the initiative in the international competition in cyberspace’ Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking… Read more → The post China turns on a vast experimental network it says is an heir to ARPANET appeared first on IT Security News.

Key Takeaways Risk management in banking depends on how effectively information moves through established structures. A persistent challenge is how early emerging signals are recognized, how consistently they’re interpreted across teams, and how directly they inform decisions. AI and advanced… Read more → The post Risk Management in Banking: Leveraging AI and Advanced Analytics appeared first on IT Security News.

Cisco disclosed that a China-linked hacking group exploited a previously unknown vulnerability in its email security products, allowing attackers to compromise systems that sit at the center of enterprise email traffic. The flaw affected Cisco Secure Email Gateway and Secure… Read more → The post Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems appeared first on IT Security News.

1 posts were published in the last hour 2:2 : ISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746, (Fri, Dec 19th) Read more → The post IT Security News Hourly Summary 2025-12-19 03h : 1 posts appeared first on IT Security News.

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, December 19th, 2025… Read more → The post ISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746, (Fri, Dec 19th) appeared first on IT Security News.

Plus: Lazarus Group has a brand new BeaverTail Even Amazon isn’t immune to North Korean scammers who try to score remote jobs at tech companies so they can funnel their wages to Kim Jong Un’s coffers.… This article has been… Read more → The post Amazon blocked 1,800 suspected North Korean scammers seeking jobs appeared first on IT Security News.

Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a… Read more → The post Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season appeared first on IT Security News.

2 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-12-18 22:32 : RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption Read more → The post IT Security News Hourly Summary 2025-12-19 00h : 2 posts appeared first on IT Security News.

169 posts were published in the last hour 22:32 : RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption 22:2 : Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw 21:2 : HPE OneView Vulnerability Allows Remote Code Execution Attacks… Read more → The post IT Security News Daily Summary 2025-12-18 appeared first on IT Security News.

RegScale this week added an open source hub through which organizations can collect and organize compliance data based on the Open Security Controls Assessment Language (OSCAL) framework. Announced at the OSCAL Plugfest conference, the OSCAL Hub provides a central repository… Read more → The post RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption appeared first on IT Security News.

Hewlett Packard Enterprise (HPE) fixed a critical OneView flaw that could allow attackers to achieve remote code execution. Hewlett Packard Enterprise (HPE) addressed a maximum-severity security vulnerability, tracked as CVE-2025-37164 (CVSS score of 10.0), in OneView Software. An attacker can… Read more → The post Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw appeared first on IT Security News.

A severe security vulnerability has been discovered in Hewlett Packard Enterprise OneView software, threatening enterprise infrastructure across data centers and hybrid cloud environments. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS 3.1 severity score of 10.0, indicating critical risk… Read more → The post HPE OneView Vulnerability Allows Remote Code Execution Attacks appeared first on IT Security News.

Iranian cyber unit Charming Kitten, officially designated APT35, has long been dismissed as a noisy but relatively unsophisticated threat actor a politically motivated collective known for recycled phishing templates and credential-harvesting pages. Episode 4, the latest intelligence dump, fundamentally rewrites… Read more → The post APT35 Leak Reveals Spreadsheets Containing Domains, Payments, and Server Information appeared first on IT Security News.

A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate cloud infrastructure and encrypted messaging apps to steal corporate credentials. The attack vector was brought to light after security researchers… Read more → The post Beware of Malicious Scripts in Weaponized PDF Purchase Orders appeared first on IT Security News.

Security researchers from Hunt.io and Acronis Threat Research Unit have uncovered a sophisticated network of operational infrastructure controlled by North Korean state-sponsored threat actors Lazarus and Kimsuky. The collaborative investigation revealed previously undocumented connections between these groups’ campaigns, exposing active… Read more → The post New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes appeared first on IT Security News.

RansomHouse, a ransomware-as-a-service (RaaS) operation managed by the threat group Jolly Scorpius, has significantly enhanced its encryption capabilities, marking a critical escalation in the threat landscape. Recent analysis of RansomHouse binaries reveals a sophisticated upgrade from basic linear encryption to… Read more → The post RansomHouse RaaS Enhances Double Extortion with Data Theft and Encryption appeared first on IT Security News.

Cary, North Carolina, USA, 18th December 2025, CyberNewsWire INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been indexed from… Read more → The post INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling appeared first on IT Security News.

Study finds built-in browsers across gadgets often ship years out of date Web browsers for desktop and mobile devices tend to receive regular security updates, but that often isn’t the case for those that reside within game consoles, televisions, e-readers,… Read more → The post Your car’s web browser may be on the road to cyber ruin appeared first on IT Security News.

Struggling with MCP authentication? The November 2025 spec just changed everything. CIMD replaces DCR’s complexity with a simple URL-based approach—no registration endpoints, no client ID sprawl, built-in identity verification. Here’s your complete implementation guide with production code. The post Client… Read more → The post Client ID Metadata Documents (CIMD): The Future of MCP Authentication appeared first on IT Security News.