🚨 AI tools are now running inside your browser — reading data, following hidden prompts, and moving info across tabs.

IT can’t see it. Security can’t stop it.

Seraphic Security’s Suresh Batchu calls this the next big blind spot: Shadow AI in the enterprise browser.

🔗 Read ↓ https://thehackernews.com/expert-insights/2025/12/shadow-ai-in-browser-next-enterprise.html

🚨 A fake Microsoft Teams installer is spreading malware in China.

Hackers called "Silver Fox" made it look like a Russian attack to hide their tracks.

It installs ValleyRAT, giving full remote access to victims.

🔗 Read: https://thehackernews.com/2025/12/silver-fox-uses-fake-microsoft-teams.html

⚠️ Hackers are exploiting a command injection bug in Array Networks AG Series gateways — active since August 2025.

It lets attackers run any command on systems using “DesktopDirect” remote access.

🔗 Details → https://thehackernews.com/2025/12/jpcert-confirms-active-command.html

🚨 CISA just warned about a new Chinese state-backed hack tool called BRICKSTORM — a backdoor found in VMware and Windows systems used by U.S. government and tech networks.

It can reinstall itself if removed, hide in normal traffic, and give hackers full remote control.

🔗Read → https://thehackernews.com/2025/12/cisa-reports-prc-hackers-using.html

🚨 A lawyer in Pakistan was hacked with Predator — the first known spyware attack on a civil society member.

It started with a link on WhatsApp, but new leaks show Predator can also spread through ads — no click needed.

It can read chats, record audio, take photos — and Intellexa may still access customer systems remotely.

🔗 Read → https://thehackernews.com/2025/12/intellexa-leaks-reveal-zero-days-and.html

⚠️ Within HOURS of disclosure, two China-linked hacking groups weaponized a critical React flaw (CVE-2025-55182).

They’re already scanning the web for unpatched apps.

Update to React 19.0.1+ now.

🔗 Read ↓ https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html

🚨 Critical Apache Tika flaw (CVE-2025-66516) just dropped — CVSS 10.0.

A single fake PDF can trigger an XXE attack, letting hackers read server files or run code.

🔗 Read ↓ https://thehackernews.com/2025/12/critical-xxe-bug-cve-2025-66516-cvss.html

Update to v3.2.2 now.

🧩 57% of SMBs say cybersecurity is a top priority — yet they still turn down MSPs.

➡ The issue isn’t interest. It’s confusion.
➡ They’re tired of jargon, fear, and hard selling.

“Getting to Yes” helps MSPs explain security in plain business terms — and win trust.

👉 See how it’s done → https://thehackernews.com/2025/12/getting-to-yes-anti-sales-guide-for-msps.html

🚨 WARNING: A new attack can trick Perplexity’s Comet browser into deleting your Google Drive.

Just one normal-looking email with hidden cleanup instructions can make the AI agent erase real files — no exploit, no warning.

🔗 Details here → https://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.html

CISA added the new 10.0-rated React RCE flaw (CVE-2025-55182) to its exploited list.

🕒 Exploited within hours by Chinese hackers.
💥 Affects Next.js, React Router, Vite, Waku & more.
💰 Some attacks dropped crypto-miners & stole AWS creds.

🔗 Read: https://thehackernews.com/2025/12/critical-react2shell-flaw-added-to-cisa.html

🛑 Over 30 security flaws found in AI-powered coding tools like Copilot, Cursor, and Zed — letting hackers steal data or run malicious code without you doing a thing.

Researchers are calling it “IDEsaster.”

🔗 Details here → https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.html

⚠️ Iran’s MuddyWater hackers are using a new backdoor called "UDPGangster" that hides in fake “election seminar” Word files.

It only runs after checking if your computer is real — not a sandbox — then steals data over UDP to dodge detection.

🔗 Read → https://thehackernews.com/2025/12/muddywater-deploys-udpgangster-backdoor.html

⚠️ Hackers are exploiting a bug in the Sneeit Framework plugin (CVE-2025-6389) to run code on servers and create admin accounts on WordPress sites.

⚠️ Separately, a flaw in ICTBroadcast (CVE-2025-2611) lets attackers use the BROADCAST cookie for unauthenticated remote shell access on exposed hosts.

🔗 Read ↓ https://thehackernews.com/2025/12/sneeit-wordpress-rce-exploited-in-wild.html

⚠️ Three new Android threats just dropped:

• FvncBot – fake “mBank” app that logs keys, streams screens, and steals banking data.
• SeedSnatcher – spreads via Telegram to steal crypto seed phrases and 2FA codes.
• ClayRat – upgraded spyware faking YouTube & taxi apps for full device control.

All abuse Android’s accessibility features.

🔗 Read here ↓ https://thehackernews.com/2025/12/android-malware-fvncbot-seedsnatcher.html

⚠️ Holiday shopping means hacker season.

Bots hit hardest around Black Friday & Christmas.

Reused passwords = easy targets.

Block breached logins + secure vendor accounts now.

🔗 Read ↓ https://thehackernews.com/2025/12/how-can-retailers-cyber-prepare-for.html

Catch the the latest CybersecurityRecap for:

💥 USB drives spreading crypto miners.
💰 Fake investment sites busted.
🐀 CastleRAT creeping through networks.
⚖️ Portugal shields ethical hackers.
💸 Ransomware payouts falling fast.

👉 Get the full stories, latest tools, and expert webinars in the latest recap: https://thehackernews.com/2025/12/weekly-recap-usb-malware-react2shell.html

⚠️ Hackers are hiding malware in normal websites.

A new attack called JS#SMUGGLER plants code that quietly runs PowerShell through mshta.exe to install NetSupport RAT — giving attackers full control of your computer.

It even checks your device type to avoid being caught.

🔗 Read ↓ https://thehackernews.com/2025/12/experts-confirm-jssmuggler-uses.html

⚠️ Researchers found malicious packages in VS Code, Go, npm, and Rust stealing developer data.

They mimicked themes, AI tools, and libraries to grab screenshots, Wi-Fi passwords, and browser cookies.

🔗 Find details here ↓ https://thehackernews.com/2025/12/researchers-find-malicious-vs-code-go.html

🚨 Hackers are uploading fake resumes on Indeed and JazzHR to breach Canadian companies.

80% of attacks in this campaign hit Canada.

The “PDFs” actually launch QWCrypt ransomware through a tool called RedLoader.

🔗 Read: https://thehackernews.com/2025/12/stac6565-targets-canada-in-80-of.html

🔥 You can win $20K for breaking Google’s new Chrome security feature.

Google just added the “User Alignment Critic,” a safeguard that uses a second model to double-check Chrome’s AI agent and block prompt attacks or data leaks.

🔗 Read: https://thehackernews.com/2025/12/google-adds-layered-defenses-to-chrome.html

💡 Most Zero Trust tools still don’t talk to each other — so access decisions lag behind real risks.

A MongoDB engineer built a workflow using Tines that lets Kolide send real-time device alerts to Okta through the Shared Signals Framework.

Finally, Zero Trust that actually works in sync.

🔗 Read: https://thehackernews.com/2025/12/how-to-streamline-zero-trust-using.html