⚠️ CERT/CC disclosed a UEFI flaw affecting motherboards from ASRock, ASUS, GIGABYTE, and MSI.

The flaw allows early-boot DMA attacks, letting malicious PCIe devices read or modify memory before kernel security starts.

🔗 Read details → https://thehackernews.com/2025/12/new-uefi-flaw-enables-early-boot-dma.html

Nigeria police arrested three suspects linked to global phishing. The main suspect is the alleged developer of the RaccoonO365 phishing-as-a-service kit.

Microsoft ties the tool to 5,000+ stolen credentials across 94 countries and to domain seizures in 2025, showing rising pressure on PhaaS operators.

🔗 Read → https://thehackernews.com/2025/12/nigeria-arrests-raccoono365-phishing.html

⚠️ ALERT: WatchGuard confirmed active exploitation of CVE-2025-14733 in Fireware OS.

The bug (CVSS 9.3) allows unauthenticated attackers to execute code via IKEv2 VPN paths. WatchGuard released patches and published indicators of compromise and attacker IPs.

🔗 Read details → https://thehackernews.com/2025/12/watchguard-warns-of-active-exploitation.html

Researchers uncovered GhostPairing, a social engineering attack that links a malicious device to a WhatsApp account by abusing the official pairing flow.

The attacker gets full linked-device access—messages, media, and groups—while the victim’s phone keeps working as normal.

🔗 How the GhostPairing WhatsApp exploit works → https://thehackernews.com/2025/12/threatsday-bulletin-whatsapp-hijacks.html#whatsapp-hijack-campaign

🛑 Researchers uncovered a new malware campaign abusing cracked software sites to spread CountLoader.

The loader uses fake ZIP files and trusted Windows tools to stay hidden, then deploys ACR Stealer to steal sensitive data.

🔗 Campaign details → https://thehackernews.com/2025/12/cracked-software-and-youtube-videos.html

🛑 A Russia-aligned threat group is abusing Microsoft’s device code login to hijack M365 accounts, targeting U.S. and European institutions.

Experts say attackers use compromised state emails and Cloudflare links to drive victims into legitimate Microsoft logins.

🔗 Read → https://thehackernews.com/2025/12/russia-linked-hackers-use-microsoft-365.html

Bitsight TRACE found ~1,000 MCP servers exposed online with no authorization in place, revealing new AI-related security gaps.

These Model Context Protocol instances can expose tools, data, or even allow remote execution if reached by attackers, expanding the risk surface for AI systems built on MCP.

🔗 Read about exposed MCP servers → https://thehackernews.com/2025/12/threatsday-bulletin-whatsapp-hijacks.html#exposed-ai-servers-risk

The U.S. DOJ indicted 54 people over a nationwide ATM jackpotting scheme tied to the Venezuelan gang Tren de Aragua.

Prosecutors say the group used malware to force cash withdrawals and link 1,529 jackpotting incidents to the operation.

🔗 Read → https://thehackernews.com/2025/12/us-doj-charges-54-in-atm-jackpotting.html

Iran-linked APT Infy, also called Prince of Persia, is active again after years of silence.

New research shows operations never stopped, and the toolset quietly evolved.

Updated malware, stronger C2 defenses, and fresh global victims point to a long-term espionage program.

🔗 Here's what changed under the radar → https://thehackernews.com/2025/12/iranian-infy-apt-resurfaces-with-new.html

Android mobile malware campaigns are converging on the same playbook.

Wonderland in Uzbekistan, plus Cellik, Frogblight, and NexusRoute elsewhere, all use fake legit apps, droppers, and phishing to steal OTPs, bank data, and accounts.

This marks a shift to scalable, MaaS-style fraud, not isolated scams.

🔗 Read details here → https://thehackernews.com/2025/12/android-malware-operations-merge.html

🔥 Read this week’s The Hacker News Cybersecurity Recap for the latest exploits, attack campaigns, new tactics, and zero-days shaping the threat landscape — before they shape your defenses.

https://thehackernews.com/2025/12/weekly-recap-firewall-exploits-ai-data.html

🛑 WARNING - A malicious WhatsApp API package on npm quietly hands attackers full account access.

56,000+ downloads later, “lotusbail” is intercepting every message and secretly linking attacker devices during login.

🔗 Read → https://thehackernews.com/2025/12/fake-whatsapp-api-package-on-npm-steals.html

Most people don’t link web browsing to energy use. But browsers run all day, loading ads, trackers, and background tasks that quietly add to infrastructure demand.

Wave Browser focuses on cutting unnecessary digital load without changing how you browse.

🔗 Learn what eco-friendly browsing actually means → https://thehackernews.com/2025/12/how-to-browse-sustainably-with-a-green-browser.html

FCC added foreign-made drones and critical components to its Covered List, blocking new U.S. approvals and imports under a national-security finding.

New DJI, Autel and other foreign models won’t enter the market unless DoD or DHS approves.

🔗 Read → https://thehackernews.com/2025/12/fcc-bans-foreign-made-drones-and-key.html

⚠️ ALERT — A critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform.

CVE-2025-68613 lets authenticated users execute arbitrary code, enabling full instance takeover, data access, and system-level actions.

More than 103k exposed instances are observed globally.

🔗 Details → https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html

💪 The U.S. Justice Department seized fraud infrastructure used to steal bank logins at scale.

Criminals ran fake bank ads on Google and Bing, captured credentials, and drained real accounts.

$14.6M in confirmed losses so far.

🔗 Read details here → https://thehackernews.com/2025/12/us-doj-seizes-fraud-domain-behind-146.html

Purdue University tested deepfake detectors where they actually break: real, compressed social media video.

Not clean demos. Not lab data.

The benchmark shows why false-acceptance rate matters more than accuracy when camera feeds drive access and trust.

🔗 What the benchmark reveals → https://thehackernews.com/expert-insights/2025/12/purdue-universitys-real-world-deepfake.html

INTERPOL led a cybercrime sweep across Africa. 574 arrests and $3M recovered after targeting BEC, extortion, and ransomware in 19 countries.

Separately, a Ukrainian Nefilim ransomware affiliate pleaded guilty in the U.S.

🔗 Details from both cases → https://thehackernews.com/2025/12/interpol-arrests-574-in-africa.html

What happens when your security vendor is too distracted by a merger to help you fix a vulnerability?

New insights from JFrog explore the risks of vendor instability in a consolidating market.

Don't let your AppSec stack become a liability. Read the analysis: https://thn.news/sec-vendor-risks-x

Watch how Passwd handles shared passwords, API keys, and system access for Google Workspace teams.

Centralized admin control with audit trails replaces informal sharing without introducing a new login layer or tool sprawl.

🔗 Learn more → https://thehackernews.com/2025/12/passwd-walkthrough-of-google-workspace.html

🛑 Two Chrome extensions were caught intercepting browser traffic and stealing credentials from 170+ sites.

They pose as VPN tools, charge subscriptions, then silently proxy traffic and exfiltrate credentials in plaintext.

One has been active since 2017, the other since 2023.

🔗 Details → https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.html