New Dark Web Findings: Credit Cards & Weapon Bot Malware 

Posted in Commentary with tags on December 9, 2025 by itnerd

In a fresh dark web sweep, SOCRadar researchers have discovered three new issues worth immediate attention:

First, there’s a major auction of roughly 413,000 stolen credit cards, mainly from the U.S. and Canada. The seller is bundling cards from multiple leaks and offering a validity-checking service, indicating an organized marketplace rather than a simple dump.

Second, analysts identified a new malware framework called Weapon Bot. It’s delivered via MSI installers, built on Node.js/Rust/PowerShell, and designed to evade detection. It steals browser data, wallet seeds and session tokens, while also functioning as a botnet platform.

Lastly, threat actors are actively seeking a working exploit for CVE-2024-38077 (“MadLicense”), a critical remote code execution vulnerability in Windows Remote Desktop Licensing Service. The demand suggests potential weaponization and real-world attacks.

For full details, the analysis can be found here: https://socradar.io/blog/weapon-bot-toolkit-madlicense-413k-credit-cards/

Leave a comment »

December Patch Tuesday Commentary From Fortra

Posted in Commentary with tags on December 9, 2025 by itnerd

Tyler Reguly, Associate Director, Security R&D, Fortra

Let’s end the year with a statistic that I find somewhat interesting. In 2025, Microsoft patched 1275 vulnerabilities. Which should mean roughly 106 vulnerabilities each month, yet December only saw 70 vulnerabilities when you include the third-party CNA vulnerabilities. If all things were equal, December should account for 8.3% of all CVEs fixed by Microsoft, instead December only contains 5.5% of this year’s total CVEs. I suppose we can thank Microsoft for an early Christmas gift.

We’re ending the year with a vulnerability that is seeing active exploitation, the use-after-free vulnerability in the Windows Cloud Files Mini Filter (CVE-2025-62221). Given that this vulnerability is seeing active exploitation and could lead to SYSTEM level access, this should be the priority for patching this month.

There are two vulnerabilities that Microsoft has rated as Critical this month and it is probably more important that we discuss these than the two publicly disclosed vulnerabilities. For that reason, I would prioritize CVE-2025-62557 and CVE-2025-62554, a pair of use-after-free vulnerabilities in Office, over CVE-2025-54100 and CVE-2025-64671, command injection vulnerabilities in PowerShell and GitHub CoPilot for JetBrains. All 4 vulnerabilities are listed as exploitation less likely, but the Office vulnerabilities list the Preview Pane as an attack vector, and I always find that one of the scariest attack vectors that can be listed. Vulnerabilities that don’t rely on user interaction, are vulnerabilities that we want to pay attention to.

CISO’s this month should remember that their admins have remediated (or at least reviewed) 1275 vulnerabilities from just Microsoft alone this year. It’s been a long, vulnerability filled year for our security teams and I’d imagine they’re tired. Thankfully, Microsoft provided this gift of a smaller Patch Tuesday without too many high-profile items… let your teams relax a little as we wrap up the year, there’s enough other items to keep them busy without stressing over this Patch Tuesday release.

If I were in charge of all aspects of security for an enterprise as we wrap up the year and think about 2026 budgets, I’d probably be thinking about the two critical Office vulnerabilities that impact the Preview Pane and consider the email protections that I have in place and where I can make investments in 2026 to further improve the email security of my organization. Between “silent attacks” that utilize the preview pane, phishing, and all the other risks that come to us via email, it is one of the places where organizations can still do more to shore up their security posture and put themselves in a good place.

Leave a comment »

Introducing HyperDrive NEXT USB4 V2 M.2 PCIe Enclosure

Posted in Commentary with tags on December 9, 2025 by itnerd

 Hyper® today announced the launch of the HyperDrive® Next USB4 V2 M.2 PCIe Enclosure. A CES® Innovation Awards 2026 Honoree, this next-generation expansion solution delivers 80Gbps USB4 V2 connection for high-speed storage and modular PCIe expansion. 

Designed for creators, engineers, and professionals who require fast and reliable data transfer, the enclosure enables full PCIe Gen4 NVMe performance, supports AI-focused PCIe M.2 modules, and features tool-free installation with IP55 dust and water resistance for demanding field or travel environments. 

Engineered for Speed, Expansion, and Durability 

The HyperDrive Next USB4 V2 M.2 PCIe Enclosure delivers true PCIe Gen4 x4 performance via an 80Gbps USB4 V2 connection, enabling faster workflows for content creation, data science, AI development, and high-volume file transfers. 

Its modular design supports PCIe M.2 components such as AI accelerators, allowing users to augment system performance without upgrading their entire laptop or workstation. 

A precision-machined aluminum body provides passive thermal cooling, while the included silicone sleeve delivers IP55-rated dust and water protection—ideal for studio, office, or field applications. And with its tool-free snap-in installation, users can swap SSDs or PCIe modules in seconds. 

Features 

  • 80Gbps USB4 V2 Performance: Experience next-generation bandwidth with true PCIe Gen4/3 NVMe speed for demanding workflows including 4K/8K editing, AI model inference, and rapid data transfer. 
  • Full PCIe Gen4/3 NVMe Compatibility: Unlock the full potential of PCIe Gen4 and Gen3 NVMe SSDs for maximum throughput and workstation-level responsiveness. 
  • Modular PCIe Expansion: Supports PCIe M.2 cards such as AI accelerators for enhanced local computer performance without upgrading your laptop or desktop system. 
  • External Power Support: Provides up to 18W of optional external USB-C power-in to support high-performance NVMe SSDs. When combined with up to 7.5W supplied by the host USB-C port, the enclosure delivers a total of up to 25W of power, suitable for high-draw NVMe devices as recommended by our supplier. 
  • Tool-Free Installation: Open, insert, and close—no screws required, this enclosure is ideal for dynamic workflows with multiple SSDs or PCIe modules. 
  • Premium Thermal Design: Aluminum body with an integrated thermal pad keeps drives running at peak speed under heavy load. 
  • IP55 Protection: The included silicone sleeve shields the enclosure from dust and water spray—built for use in studios, labs, and field environments. 

Availability and Pricing 

The HyperDrive Next USB4 V2 M.2 PCIe Enclosure (HD2500GL) is available starting today for $199.99 SRP throughout the United States, Europe, and other key global regions. 

Leave a comment »

New National Industry Coalition Forms to Propel Canada’s Digital Infrastructure and Drive Global Competitiveness

Posted in Commentary on December 9, 2025 by itnerd

Today marks the official launch of the Canadian Coalition for Digital Infrastructure (CCDI), a national industry-led initiative aimed at promoting the growth and sustainability of Canada’s digital infrastructure. The CCDI brings together cloud providers, data centre developers, co-location operators, equipment suppliers and key partners across the digital ecosystem to create a unified voice for Canada’s rapidly expanding digital infrastructure sector.

With billions planned in private-sector investments over the next five years, Canada stands at an inflection point. The data centre industry already supports tens of thousands of Canadian jobs, a number poised to grow substantially as organizations across every sector accelerate their cloud, AI, and digital transformation strategies.

The Coalition’s mission is to foster a thriving, sustainable, and innovative digital infrastructure industry in Canada while addressing critical challenges that will shape our digital economy. These include ensuring digital sovereignty, advancing environmental sustainability, securing energy capacity for future growth, and developing a skilled workforce capable of powering Canada’s increasingly digital future. As new players enter the Canadian market and federal and provincial governments implement strategic frameworks to attract investment, the CCDI will play a crucial role in coordinating industry-wide efforts to maximize these opportunities.

The CCDI members collectively emphasize that Canada’s future hinges on establishing world-class digital infrastructure as we enter a new era of AI-driven technology. Data centres are as fundamental today to national prosperity as railways and ports have been to Canada’s development. They power the cloud services, AI applications, financial systems, and many more digital tools that Canadians rely on every day. From hospitals and research institutions to small businesses and public agencies, the reliability and resilience of digital infrastructure directly impacts Canada’s economic strength and quality of life.

Through united efforts, coalition members are committed to strengthening these critical digital foundations, positioning Canada to fully leverage AI-driven economic opportunities while maintaining its competitive edge in the global digital economy.

Through comprehensive education and awareness initiatives, the coalition will work to inform the public, policy makers, and stakeholders about the importance of digital infrastructure and its impact on the daily lives of Canadians. By advocating for forward-thinking policies, the CCDI aims to create an environment that nurtures digital infrastructure, including data centre growth across the country.

The coalition is committed to positioning Canada as a prime destination for global data centre investments, leveraging our nation’s unique advantages. Moreover, it aims to bridge gaps between private industry, governments, utilities, academia, and the broader innovation ecosystem, accelerating Canada’s ability to scale digital capacity while ensuring alignment with national priorities.

The launch has been welcomed by stakeholders nationwide.

For more information about the Canadian Coalition for Digital Infrastructure, please visit digitalinfrastructure.ca

Leave a comment »

The Old Brewery Mission and TELUS Health for Good launch second mobile clinic to expand support on the streets of Montreal

Posted in Commentary with tags on December 9, 2025 by itnerd

The Old Brewery Mission and TELUS are proud to announce the launch of their second Health for Good™ mobile clinic, an initiative that marks an important step in expanding community services. The demand for support services on Montreal’s streets is at an all-time high: nearly 10,000 people are experiencing homelessness in Quebec, up 15 per cent in the last year and a half. This second Old Brewery Mission Mobile Health Clinic, powered by TELUS Health, reaffirms both organizations’ commitment to providing immediate and high quality care for people experiencing homelessness, many of whom are grappling with mental health and addiction challenges.

Since launching the first Old Brewery Mission Mobile Health Clinic, powered by TELUS Health, in April 2023, the mobile team has delivered an astounding 20,000 patient visits. Thanks to the second clinic, the team will be able to double the number of sites visited on a weekly basis, driving greater impact and providing even more individuals with  access to essential healthcare services, as well as administrative and housing support. 

The new, custom-built Old Brewery Mission Mobile Health Clinic, powered by TELUS Health, was designed by ékm Architecture and is equipped with TELUS Wi-Fi network connectivity and TELUS Health electronic medical record (EMR) solutions. 

The mobile clinic staff will provide services tailored to the needs of people experiencing homelessness, including healthcare, harm reduction and addiction services. In collaboration with the province’s health network and community organizations, the team will also offer services to help these individuals overcome various socioeconomic barriers, such as administrative, housing and legal support. 

This initiative is made possible thanks to the generous contribution of TELUS Health and relies on close collaboration with key partners such as the CIUSSS Centre-Sud, the STM, the SPVM, the CHUM and local outreach workers.

Leave a comment »

Team Cymru and The Vertex Project Partner to Enable Real-Time Threat Visibility with Synapse

Posted in Commentary on December 9, 2025 by itnerd

Team Cymru today announced a new integration with The Vertex Project to bring Team Cymru’s Pure Signal Data Ocean directly into Synapse Enterprise, Vertex’s Central Intelligence System, designed to help security and intelligence teams unify data, accelerate investigations, and improve response times. The new Synapse Power-Up for Team Cymru enables analysts to access near-real-time global threat visibility directly within Synapse Enterprise, giving organizations a faster and more efficient way to understand risk, enrich investigations, and respond to active threats.

For years, Team Cymru’s Pure Signal intelligence has helped organizations identify malicious infrastructure, accelerate investigations, and monitor external risks before they become business-impacting incidents. By integrating Pure Signal directly into Synapse Enterprise, analysts can now access this high-fidelity intelligence without switching tools, connecting data manually, or managing fragmented workflows. The result is quicker threat recognition, smoother investigations, and a more complete view of the risk landscape.

The Vertex Project’s Synapse Enterprise platform enhances the value of Pure Signal by centralizing internal telemetry, investigations, and intelligence workflows into one place. With Pure Signal modeled directly into this ecosystem, teams benefit from a seamless analytic experience in which global network insight is automatically connected to their existing data and processes. This makes it easier to prioritize threats, collaborate across teams, and turn intelligence into action at enterprise scale.

By combining Team Cymru’s global visibility with Synapse Enterprise’s analytical capabilities, organizations gain a unified, streamlined approach to threat detection and response. The integration reduces manual effort, eliminates blind spots, and empowers teams to identify threats earlier and respond more effectively.

For more information, customers can access The Vertex Project’s Synapse Enterprise by visiting: team-cymru.com/vertex

Leave a comment »

Hisense Tops Global 100-Inch and Laser TV Markets in Q3 2025

Posted in Commentary with tags on December 9, 2025 by itnerd

Hisense has once again ranked No.1 globally in the 100-inch and over TV segment with a 56.6 per cent shipment share, and in the Laser TV segment with a 68.9 per cent shipment share in Q3 2025, according to the latest data released by Omdia. The result reaffirms Hisense’s industry leadership driven by continuous innovation and a deep understanding of consumer needs.

As the originator of RGB Mini-LED technology, Hisense continues to set new standards in large-screen display technology. Backed by strong independent R&D, Hisense’s RGB Mini-LED technology delivers authentic, vivid colour like never before — powered by extraordinary brightness and precision that brings every scene to life with stunning realism and emotional depth. These innovations go beyond colour and picture quality — making technology more human, turning every moment of watching, sharing and relaxing into a richer, more emotionally connected experience for families around the world.

Hisense continues to lead the Laser TV market — as proven by the latest 2025 UST Projector Showdown results. The Hisense L9Q took the top spot across Mixed Room Use, Dedicated Theatre, and Overall Picture Quality, while the PX3-PRO was awarded No. 1 Best Value Pick and also ranked highly in picture performance.

With a collaboration with Devialet, the L9Q offers a deluxe home cinema experience with up to a 200-inch projection, 5,000 ANSI lumens, a 5,000:1 contrast ratio and IMAX Enhanced and Dolby Vision certifications — truly bringing the theatre home.

From technology to market, Hisense continues to lead the industry’s evolution toward higher quality and greater innovation. By mastering core technologies and transforming them into products that elevate global home entertainment standards, Hisense is not only shaping what people watch — but also how the world envisions the future of display.

For more information, please visit hisense-canada.com.

Leave a comment »

Guest Post – Betrayal by employees: Dark web cybercriminals selling services built on insider data

Posted in Commentary with tags on December 9, 2025 by itnerd

New findings from the dark web reveal that cybercriminals are selling insider data-backed services

Malicious employees, also known as insider threats, can cause significant harm to businesses by leaking or selling sensitive data, altering systems, or collaborating with cybercriminals to launch large-scale cyberattacks. New findings from NordStellar, a threat exposure management platform, reveal that bad actors are now advertising and selling insider data-backed services on the dark web — profiting from employees of industry giants who have decided to go rogue.

The team at NordStellar has found 35 dark web posts claiming to sell services based on insider data so far this year. Some of the services for sale on the dark web claim to have direct connections to insiders from such well-known companies as Facebook, Instagram, and Amazon.

“The majority of the posts discovered by NordStellar’s team offer various look-up services, exposing sensitive user information, such as IP addresses,  full names, email addresses, phone numbers, and even physical addresses,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “Aside from violating the user’s privacy, this information can be used to launch highly targeted phishing scams or to commit fraud — or even identity theft.”

The posts reveal that look-up services can start at $500, offering the user’s phone number and linked email address. Advanced packages, which contain even more sensitive user information, such as IP addresses, physical addresses, date of birth, and other confidential details, can be purchased for $1,000 or more.

“Other popular services include account recovery and unbanning. The former can be especially damaging to the brand because users are often banned for violating the company’s policies or engaging in fraudulent activity,” says Noreika. “As a result, individuals who have been using the company’s services for scams can continue to do so, acquiring more victims and damaging the brand’s reputation in the process.”

Spotting and stopping insider threats

Noreika explains that insider threats are complex, and to safeguard against malicious employees, companies must have a comprehensive cybersecurity strategy in place. He emphasizes high observability and behavioural analysis as the two main pillars for resilience.

“The first key step is to ensure high observability into user actions — once security teams achieve visibility, they can look for anomalies in employee behavior, triggering the first alarms about potential malicious activity,” Noreika says. “Security teams should assess whether there’s any potentially dangerous patterns in activity, for example, if a user is accessing sensitive information without justification or if there are any signs of them exfiltrating that information to external sources, like their own personal devices, accounts, or third parties.”

He underscores the importance of proper network segmentation and the principle of least privilege in general to prevent users from accessing sensitive information that isn’t necessary for their work. According to Noreika, to prevent employees from sharing and downloading unauthorized files, data loss prevention tools are also required.

“Consistent monitoring is another key asset — if prior security measures failed to stop the user from retrieving and exfiltrating the data, it’s crucial to mitigate the threat before it can escalate further,” says Noreika. “Monitoring the dark web for posts mentioning the company, especially those claiming to sell services fueled by insider data, should be prioritized. Once the potential threat is spotted, security teams can inspect its validity and, if the claims turn out to be legitimate, stop the employee from doing further damage and inform affected users to be on high alert before cybercriminals can deploy their attacks.”

To effectively mitigate the damage inflicted by malicious insiders, Noreika advises companies to prepare an incident response plan in advance. The plan should outline the detection and investigation process, as well as the steps for containing the threat, eradicating the user’s access to company data and recovering systems if attackers compromise them in the process.

ABOUT NORDSTELLAR

NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. It includes solutions like dark web and data breach monitoring, helping to prevent account takeovers, session hijacking, and other threats. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com

Leave a comment »

New research breaks down where the OWASP LLM Top Ten Risks actually shows up in real architectures

Posted in Commentary with tags on December 9, 2025 by itnerd

As we’re seeing, security leaders are rapidly embedding LLMs into core product paths that read customer data, execute tools, write code, trigger workflows, and work inside real environments. But it’s becoming clear that the industry is still relying on outdated security measures to protect against a whole new set of risks. 

DryRun Security analyzed where each OWASP LLM Top Ten risk shows up in real applications, not just conceptually. The findings revealed a critical blind spot: traditional AppSec scanners fail to detect more than 80% of LLM-specific vulnerabilities. 

DryRun has released additional insights from this analysis, along with a strategic framework that maps the OWASP LLM Top Ten into real-world engineering guidance, showing: 

  • Where each risk shows up in modern LLM apps
  • Who owns each control (AppSec, platform, ML, SRE, FinOps)
  • What “good” looks like in design and SDLC
  • How AI-native, context-aware code analysis finds issues before runtime

You can find the details on this here.

Leave a comment »

Outpost24 Acquires Infinipoint

Posted in Commentary with tags on December 9, 2025 by itnerd

Outpost24 today announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access. The acquisition marks Outpost24’s entry into the Zero Trust Workforce Access market and enhances its identity security division, Specops, by laying the foundation for a unified approach that evaluates both the user and the device before access is granted.

As organizations advance their Zero Trust strategies, authentication alone is no longer enough. MFA and SSO confirm who the user is, but they do not validate the security of the device being used. In hybrid environments where employees, contractors, and partners rely on a mix of corporate and unmanaged devices, this gap has become a significant source of risk. Ensuring that only secure, compliant devices can access critical systems is now essential to reducing credential misuse, preventing lateral movement, and maintaining regulatory assurance.

Organizations will benefit from the combined strengths of Specops’ unrivalled authentication and Infinipoint’s device identity and posture expertise, gaining a unified, context-aware approach to workforce access. This will allow organizations to evaluate both user and device trust at the moment of access, strengthening Zero Trust adoption while improving compliance and operational efficiencies by leveraging Infinipoint’s unique self-service and auto remediation capabilities – across any device and any identity provider.

The acquisition underscores the Outpost24’s commitment to advancing its exposure management and identity security capabilities and strengthens its role in delivering end-to-end visibility and control across identities, devices, and the external attack surface.

Leave a comment »

« Older Entries
Newer Entries »