Lt. Gen. Joshua Rudd is set for promotion despite not having a military cybersecurity background. His nomination for NSA and Cyber Command director comes as the agency battles leadership gaps and low morale. Rudd’s Indo-Pacific experience aligns with U.S. goals countering Chinese cyber threats.

Russian threat actors are shifting gears, targeting misconfigured network edge devices instead of exploiting vulnerabilities. Amazon Threat Intelligence highlights how these cyber-sneakers are sneaking around, reducing their risk and resource use, but not their mischief. Organizations should focus on securing these devices to fend off this evolving Russian threat.

The Amazon Threat Intelligence team has thwarted Russian GRU hackers targeting customers’ cloud infrastructure. The hackers pivoted from exploiting vulnerabilities to targeting misconfigured edge devices. Their focus? Western critical infrastructure, particularly the energy sector. It’s like a cyber-spy thriller, but with fewer explosions and more misconfigured routers.

House Homeland Security Chairman Andrew Garbarino is “disappointed” the Senate hasn’t confirmed Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency. As procedural hurdles pile up, Garbarino urges quick confirmation, fearing a lapse in cybersecurity efforts. Meanwhile, CISA’s future hangs on reauthorizing a key law before time runs out.

SantaStealer, the modular infostealer making waves on the naughty list, is offered on Telegram for $175 monthly. Promising undetectable mischief, it’s more of a lump of coal for cybercriminals. Rapid7 researchers reveal it’s as stealthy as a reindeer on roller skates. Cybersecurity’s holiday advice: avoid suspicious links and attachments.

Russian state-sponsored threat actors linked to the GRU are skipping complex exploits and going straight for the low-hanging fruit by targeting misconfigured network edge devices. So, remember: when it comes to cybersecurity, it’s not just the flashy threats you should worry about; sometimes the real danger is just a misconfigured router away.

Texas Attorney General Ken Paxton has accused TV giants, including Sony, Samsung, and LG, of channel surfing through your privacy with Automated Content Recognition technology. In Texas, your TV may know more about you than your nosy neighbor. Looks like the smart TV might need a lesson in minding its own business!

AWS customers beware! A sneaky campaign is using compromised IAM credentials to mine cryptocurrency. These crafty attackers quickly set up crypto miners, exploit EC2 quotas, and even employ persistence techniques to avoid detection. Amazon urges users to enforce strong identity controls and monitor unusual activities. Crypto miners are not welcome here!

Urban VPN Proxy, a Chrome extension with over 6 million users, has been allegedly collecting users’ AI chat conversations. Marketed as a privacy tool, it reportedly transmits private chats, including medical and financial discussions, to company servers. The only way to stop this is by uninstalling the extension. Who knew privacy came with a catch?

Urban VPN Proxy, a popular browser extension, is ironically harvesting data from AI chatbot conversations while posing as a privacy protector. This dubious data collection affects interactions with ChatGPT and other chatbots, revealing a comedy of errors in security expectations. Remember, nothing says privacy like your private chats being sold to the highest bidder!

JumpCloud Remote Assist for Windows has a security flaw that could let low-level users crash systems or seize control. The issue, found by XM Cyber, involves unsafe file operations during uninstallation. While JumpCloud has patched it, make sure you update to version 0.317.0 or later to avoid a tech catastrophe.

Hackers have found a new hobby: exploiting vulnerabilities in Fortinet products to crash admin parties and swipe system configuration files. These exploits, CVE-2025-59718 and CVE-2025-59719, turn FortiCloud SSO into a not-so-secure sign-on, with attackers getting unauthorized access and making off with valuable data. Fortinet urges disabling FortiCloud SSO until safer versions are installed.

Beware of the sneaky NuGet package, Tracer.Fody.NLog, lurking in the shadows, waiting to pilfer your cryptocurrency wallet! This devious imposter masquerades as a legitimate .NET tracing library, but it’s really a wallet-stealing menace. Remember, the only thing scarier than typos is a typosquatting package with your digital gold in its sights.

Hackers have wasted no time exploiting critical Fortinet flaws, identified as CVE-2025-59718 and CVE-2025-59719, just days after patches were released. While Fortinet addressed these vulnerabilities, threat actors have already begun their mischievous antics, targeting multiple Fortinet products. Users are advised to disable FortiCloud SSO admin login and upgrade to safer versions.

Hypervisors are the unsung heroes of virtualized environments, but they’re also prime targets for cybercriminals looking to deploy hypervisor ransomware. As endpoint defenses tighten, attackers are zeroing in on these foundational layers. It’s time to treat your hypervisor like a VIP at a high-security gala—no unauthorized access, and definitely no crashes.

Petróleos de Venezuela (PDVSA) was hit by a cyberattack that allegedly didn’t affect operations—except for the part where systems went offline, and staff were told to shut down their computers. PDVSA blamed the U.S. and local conspirators for attempting to undermine national stability, adding a dramatic twist to Venezuela’s ongoing oil saga.

Askul, the Japanese e-commerce titan, faced a cyber calamity as hackers made off with over 700,000 records in a ransomware attack. The RansomHouse group claimed responsibility, leaking data after Askul refused to pay up. With logistics in disarray, it seems like Askul’s office supplies weren’t the only things on backorder!

Echo, a Tel Aviv-based startup, has raised $35 million in a Series A funding round, bringing its total to $50 million. The company uses AI agents to create CVE-free Docker images by stripping non-essential components, reducing vulnerabilities at their source. Echo promises instant value, with a vulnerability count dropping to zero.

JumpCloud Remote Assist vulnerability CVE-2025-34352 is like leaving the vault door open while juggling chainsaws. This flaw turns a security tool into a hacker’s dream, letting regular users gain SYSTEM level access. With over 180,000 victims possible, it’s time to update that software before chaos reigns supreme!

Russian state-sponsored threat actors, like Sandworm, are ditching vulnerabilities for misconfigurations to access critical infrastructure systems, says Amazon. This approach not only keeps their work stealthy but also budget-friendly. So, the next time your router acts up, maybe it’s not just the Wi-Fi gremlins.