Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata.

The UK Government has announced an investment of £210 million to bolster cybersecurity across its public services. This Government Cyber Action Plan aims to enhance the security of digital public services to the level of critical infrastructure.

A cybercriminal claims to have breached Pickett and Associates and is selling 139 GB of sensitive engineering data related to three major US utilities: Tampa Electric Company, Duke Energy Florida, and American Electric Power.

A ransomware attack has compromised approximately 1,000 systems within Romania's water management administration Romanian Waters. The attack began on December 20 and spread to ten of the country's 11 river basin management organizations.

Amazon has successfully blocked over 1,800 suspected North Korean scammers from securing remote jobs since April 2024. These scammers use fake identities, AI tools, and deepfakes to apply for jobs, funneling their wages to the North Korean regime.

A 0-day bug in Gogs, a self-hosted Git service, is being actively exploited. The vulnerability (CVE-2025-8110) affects Gogs servers with open-registration enabled. Over 700 instances have been compromised, with 1,400 exposed to the internet.

December's Patch Tuesday reveals several critical vulnerabilities, including a zero-day in Microsoft's Windows Cloud Files Mini Filter Driver, a critical Notepad++ bug, and vulnerabilities in Fortinet and Ivanti products.

The Europol's Operational Taskforce GRIMM has successfully dismantled a significant "violence-as-a-service" network, resulting in the arrest of 193 individuals. The operation involved law enforcement agencies from multiple European countries.

The cybersecurity landscape has witnessed a dramatic 700% increase in ransomware attacks targeting hypervisors, with their role in malicious encryption surging from 3% in the first half of the year to 25% in the second half.

Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics and Cascading Style Sheets. Rebane demonstrated the technique at BSides Tallinn and has now published a summary of her approach.