It's been a busy 24 hours in the cyber world with significant updates on AI-driven scams, a major phishing platform takedown, chatbot vulnerabilities, and big tech's strategic moves. Let's dive in:

AI-Driven Scams and Phishing Takedowns 🎣
- The SEC has charged multiple entities in a $14 million cryptocurrency scam where fraudsters used social media, fake financial professionals, and AI-generated investment tips to lure victims into fake trading platforms and steal their funds.
- The Nomani investment scam has surged by 62%, now leveraging highly realistic AI deepfake videos of public figures and bogus news articles across social media platforms like YouTube to promote non-existent investment products.
- US law enforcement successfully shut down web3adspanels.org, a platform facilitating SEO poisoning campaigns that stole bank account credentials, leading to $14.6 million in losses and highlighting the continued effectiveness of social engineering to bypass MFA.

📰 The Hacker News | https://thehackernews.com/2025/12/sec-files-charges-over-14-million-crypto-scam-using-fake-ai-themed-investment-tips.html
📰 The Hacker News | https://thehackernews.com/2025/12/nomani-investment-scam-surges-62-using-ai-deepfake-ads-on-social-media.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/24/us_shutters_phishermens_146m_passwordhording/

Chatbot Vulnerabilities & Disclosure Woes 🤖
- Researchers at Pen Test Partners uncovered four critical flaws in Eurostar's public AI chatbot, including prompt injection and HTML injection, which could lead to system prompt leakage and potential stored/shared XSS.
- The vulnerabilities stemmed from the chatbot's API design, which only performed guardrail checks on the latest message, allowing attackers to tamper with earlier messages in the chat history.
- The responsible disclosure process was fraught with issues, including Eurostar outsourcing its VDP and its head of security allegedly accusing the pen testers of "blackmail" for following up on their report.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/24/pentesters_reported_eurostar_chatbot_flaws/

Apple Fined Over ATT Rules ⚖️
- Italy's antitrust authority has fined Apple €98.6 million, asserting that its App Tracking Transparency (ATT) framework unfairly restricts competition in the App Store.
- The AGCM found that ATT imposes "disproportionate" and excessively burdensome double-consent requirements on third-party developers for personalised ads, while Apple's own apps can gain consent in a single tap.
- This ruling highlights ongoing regulatory scrutiny of Apple's privacy policies and their impact on market competition, with similar probes in other European countries.

📰 The Hacker News | https://thehackernews.com/2025/12/24/italy-fines-apple-986-million-over-att-rules-limiting-app-store-competition.html

Strategic Tech Shifts & Acquisitions 🚀
- ServiceNow is set to acquire cybersecurity firm Armis for $7.75 billion, aiming to integrate Armis' real-time security intelligence with its CMDB to enhance cyber exposure management and vulnerability response with AI.
- This acquisition is part of ServiceNow's broader strategy to expand its security and data management capabilities, following other recent buys like identity security platform Veza and data governance platform Data.World.
- Microsoft has announced an ambitious goal to eliminate all C and C++ code from its codebase by 2030, migrating to memory-safe Rust to significantly improve software security and reduce common vulnerabilities.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/23/servicenow_to_buy_armis_in/
🗞️ The Record | https://therecord.media/servicenow-cyber-armis-acquisition
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/24/microsoft_rust_codebase_migration/

#CyberSecurity #ThreatIntelligence #AIScams #Phishing #Deepfake #Vulnerability #PromptInjection #ResponsibleDisclosure #DataPrivacy #RegulatoryCompliance #Acquisition #ServiceNow #Armis #Microsoft #RustLang #InfoSec

If any of all y'all start tracking your vulns in Service now after they finish integrating, lemme know how it looks.

https://www.darkreading.com/cybersecurity-operations/servicenow-buys-armis-gets-ai-control-tower

#vulnerabilitymanagement #servicenow

ServiceNow to acquire cybersecurity startup Armis for $7.75B

https://fed.brid.gy/r/https://techcrunch.com/2025/12/23/servicenow-to-acquire-cybersecurity-startup-armis-for-7-75b/

ServiceNow acquiert Armis pour 7,75 Md$
https://www.lemondeinformatique.fr/actualites/lire-servicenow-acquiert-armis-pour-7-75-md$-98885.html

#Infosec #Security #Cybersecurity #CeptBiro #ServiceNow #Armis

Moguća kupovina Armisa za 7 milijardi dolara pokazuje koliko ServiceNow ozbiljno ulaže u AI i naprednu cyber sigurnost. #CyberBa #Vijesti #Biznis #Akvizicija #ServiceNow #AI #CyberSigurnost

Pročitaj više: https://cyber.ba/servicenow-sprema-najvecu-akviziciju-do-sada-armis-vrijedan-do-7-milijardi-dolara/

The #AI generated talking heads on all of the #ServiceNow training these days are just more AI slop.

Soulless boring drones. Used to be real people. Now is just more AI slop.

After two weeks, the request to add a new member to a mailinglist was rejected because.... It's was a form for a mailbox, not for a mailinglist.

All information was there, all approvals were there, just two weeks wasted.

Any helpdesk system which isn't able to convert one request-type to another request-type (i.e modify a mailbox to modify a mailinglist) should be burn in hell.

Yes, I'm looking at you #servicenow

ServiceNow’s potential acquisition of Boomi could reshape India’s integration market. Forrester flags a surge in AI‑driven iPaaS, tighter AI governance, and rising concerns over technical debt and cloud sovereignty. How will AI orchestration evolve? Dive into the analysis to see what’s next for enterprises. #ServiceNow #Boomi #iPaaS #AIOrchestration

🔗 https://aidailypost.com/news/servicenow-may-buy-boomi-forrester-sees-ai-driven-ipaas-shift-india