Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations.

The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek.

The US health secretary, Robert F. Kennedy Jr, believes that aluminum in vaccines can cause health issues, such as neurological disorders, allergies and autoimmune diseases. This contradicts scientific evidence from many studies that have confirmed the safety of vaccines and aluminum “adjuvants” – substances that boost vaccines’ effectiveness.

read more

On Friday morning, after contentious discussion, the Advisory Committee on Immunization Practices (ACIP) voted 8-3 to drop the recommendation for a universal birth hepatitis B vaccine dose and 6-4 to suggest that parents use serologic testing—which detects antibodies in the blood—to determine whether more than one dose of the three-dose series are needed.

Under the first recommendation, only infants born to mothers who test positive for hepatitis B would receive a birth dose, while parents of other babies would be advised to postpone the first dose for at least two months.

read more

Bala Consulting Engineers is the 2025 recipient of the Elliot A. Boxerbaum award.

From a basement computer lab to the C-Suite: How Keith McCammon built his career and Red Canary with zero formal training.

The post CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary appeared first on SecurityWeek.

The cybersecurity startup will use the investment to accelerate product development and fuel global expansion.

The post Resemble AI Raises $13 Million for AI Threat Detection appeared first on SecurityWeek.

Cary, North Carolina, USA, 8th December 2025, CyberNewsWire

The post INE Earns G2 Winter 2026 Badges Across Global Markets appeared first on The Security Ledger with Paul F. Roberts.

Cary, North Carolina, USA, 8th December 2025, CyberNewsWire

The post INE Earns G2 Winter 2026 Badges Across Global Markets appeared first on Security Boulevard.

A vulnerability in the React Server Components (RSC) implementation has been discovered that could allow for remote code execution. Specifically, it could allow for unauthenticated remote code execution on affected servers. The issue stems from unsafe deserialization of RSC “Flight” protocol payloads, enabling an attacker to send a crafted request that triggers execution of code on the server. This is now being called, “React2Shell” by security researchers.

Tri-Century Eye Care was targeted recently by the Pear ransomware group, which claimed to have stolen over 3 Tb of data. 

The post Tri-Century Eye Care Data Breach Impacts 200,000 Individuals appeared first on SecurityWeek.

Ransomware payments reached the highest level in 2023, at $1.1 billion paid in 1,512 reported incidents.

The post Ransomware Payments Surpassed $4.5 Billion: US Treasury appeared first on SecurityWeek.

"Broadside" is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.

The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files.

The post Critical Apache Tika Vulnerability Leads to XXE Injection appeared first on SecurityWeek.

A critical React2Shell (CVE-2025-55182) RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations.

The post Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell  appeared first on Security Boulevard.

State-sponsored cyber actors with the People’s Republic of China (PRC) are leveraging a sophisticated backdoor malware.

An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks.

The post Exploitation of React2Shell Surges appeared first on SecurityWeek.

CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety.

The post CISA Releases New AI-in-OT Security Guidance: Key Principles & Risks appeared first on Security Boulevard.

In this blog entry, Trend™ Research provides a comprehensive breakdown of GhostPenguin, a previously undocumented Linux backdoor with low detection rates that was discovered through AI-powered threat hunting and in-depth malware analysis.

The Washington Post last month reported it was among a list of data breach victims of the Oracle EBS-related vulnerabilities, with a threat actor compromising the data of more than 9,700 former and current employees and contractors. Now, a former worker is launching a class-action lawsuit against the Post, claiming inadequate security.

The post Ex-Employee Sues Washington Post Over Oracle EBS-Related Data Breach appeared first on Security Boulevard.

THE LONG VIEW

Trump Is Taking 3 Steps Backward in the AI Race  (Arati Prabhakar and Asad Ramzanali, Politico)
The administration needs to shift focus away from providing chips and datacenters to the world’s richest companies.

read more