Iran-linked APT Infy, also called Prince of Persia, is active again after years of silence.
New research shows operations never stopped, and the toolset quietly evolved.
Updated malware, stronger C2 defenses, and fresh global victims point to a long-term espionage program.
π Here's what changed under the radar β https://thehackernews.com/2025/12/iranian-infy-apt-resurfaces-with-new.html
New research shows operations never stopped, and the toolset quietly evolved.
Updated malware, stronger C2 defenses, and fresh global victims point to a long-term espionage program.
π Here's what changed under the radar β https://thehackernews.com/2025/12/iranian-infy-apt-resurfaces-with-new.html
π₯26π11π2π2
Android mobile malware campaigns are converging on the same playbook.
Wonderland in Uzbekistan, plus Cellik, Frogblight, and NexusRoute elsewhere, all use fake legit apps, droppers, and phishing to steal OTPs, bank data, and accounts.
This marks a shift to scalable, MaaS-style fraud, not isolated scams.
π Read details here β https://thehackernews.com/2025/12/android-malware-operations-merge.html
Wonderland in Uzbekistan, plus Cellik, Frogblight, and NexusRoute elsewhere, all use fake legit apps, droppers, and phishing to steal OTPs, bank data, and accounts.
This marks a shift to scalable, MaaS-style fraud, not isolated scams.
π Read details here β https://thehackernews.com/2025/12/android-malware-operations-merge.html
π15π6π€6
π₯ Read this weekβs The Hacker News Cybersecurity Recap for the latest exploits, attack campaigns, new tactics, and zero-days shaping the threat landscape β before they shape your defenses.
https://thehackernews.com/2025/12/weekly-recap-firewall-exploits-ai-data.html
https://thehackernews.com/2025/12/weekly-recap-firewall-exploits-ai-data.html
π10
π WARNING - A malicious WhatsApp API package on npm quietly hands attackers full account access.
56,000+ downloads later, βlotusbailβ is intercepting every message and secretly linking attacker devices during login.
π Read β https://thehackernews.com/2025/12/fake-whatsapp-api-package-on-npm-steals.html
56,000+ downloads later, βlotusbailβ is intercepting every message and secretly linking attacker devices during login.
π Read β https://thehackernews.com/2025/12/fake-whatsapp-api-package-on-npm-steals.html
π₯14π€―8π4π3
Most people donβt link web browsing to energy use. But browsers run all day, loading ads, trackers, and background tasks that quietly add to infrastructure demand.
Wave Browser focuses on cutting unnecessary digital load without changing how you browse.
π Learn what eco-friendly browsing actually means β https://thehackernews.com/2025/12/how-to-browse-sustainably-with-a-green-browser.html
Wave Browser focuses on cutting unnecessary digital load without changing how you browse.
π Learn what eco-friendly browsing actually means β https://thehackernews.com/2025/12/how-to-browse-sustainably-with-a-green-browser.html
π€14π10π7β‘5
FCC added foreign-made drones and critical components to its Covered List, blocking new U.S. approvals and imports under a national-security finding.
New DJI, Autel and other foreign models wonβt enter the market unless DoD or DHS approves.
π Read β https://thehackernews.com/2025/12/fcc-bans-foreign-made-drones-and-key.html
New DJI, Autel and other foreign models wonβt enter the market unless DoD or DHS approves.
π Read β https://thehackernews.com/2025/12/fcc-bans-foreign-made-drones-and-key.html
π7β‘3π₯2π€―2
β οΈ ALERT β A critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform.
CVE-2025-68613 lets authenticated users execute arbitrary code, enabling full instance takeover, data access, and system-level actions.
More than 103k exposed instances are observed globally.
π Details β https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html
CVE-2025-68613 lets authenticated users execute arbitrary code, enabling full instance takeover, data access, and system-level actions.
More than 103k exposed instances are observed globally.
π Details β https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html
β‘12π±11π₯4π3π2
πͺ The U.S. Justice Department seized fraud infrastructure used to steal bank logins at scale.
Criminals ran fake bank ads on Google and Bing, captured credentials, and drained real accounts.
$14.6M in confirmed losses so far.
π Read details here β https://thehackernews.com/2025/12/us-doj-seizes-fraud-domain-behind-146.html
Criminals ran fake bank ads on Google and Bing, captured credentials, and drained real accounts.
$14.6M in confirmed losses so far.
π Read details here β https://thehackernews.com/2025/12/us-doj-seizes-fraud-domain-behind-146.html
π±10π₯9
Purdue University tested deepfake detectors where they actually break: real, compressed social media video.
Not clean demos. Not lab data.
The benchmark shows why false-acceptance rate matters more than accuracy when camera feeds drive access and trust.
π What the benchmark reveals β https://thehackernews.com/expert-insights/2025/12/purdue-universitys-real-world-deepfake.html
Not clean demos. Not lab data.
The benchmark shows why false-acceptance rate matters more than accuracy when camera feeds drive access and trust.
π What the benchmark reveals β https://thehackernews.com/expert-insights/2025/12/purdue-universitys-real-world-deepfake.html
π€―9π5π3
INTERPOL led a cybercrime sweep across Africa. 574 arrests and $3M recovered after targeting BEC, extortion, and ransomware in 19 countries.
Separately, a Ukrainian Nefilim ransomware affiliate pleaded guilty in the U.S.
π Details from both cases β https://thehackernews.com/2025/12/interpol-arrests-574-in-africa.html
Separately, a Ukrainian Nefilim ransomware affiliate pleaded guilty in the U.S.
π Details from both cases β https://thehackernews.com/2025/12/interpol-arrests-574-in-africa.html
π5π€―5π€3π±2
What happens when your security vendor is too distracted by a merger to help you fix a vulnerability?
New insights from JFrog explore the risks of vendor instability in a consolidating market.
Don't let your AppSec stack become a liability. Read the analysis: https://thn.news/sec-vendor-risks-x
New insights from JFrog explore the risks of vendor instability in a consolidating market.
Don't let your AppSec stack become a liability. Read the analysis: https://thn.news/sec-vendor-risks-x
π9π5
Watch how Passwd handles shared passwords, API keys, and system access for Google Workspace teams.
Centralized admin control with audit trails replaces informal sharing without introducing a new login layer or tool sprawl.
π Learn more β https://thehackernews.com/2025/12/passwd-walkthrough-of-google-workspace.html
Centralized admin control with audit trails replaces informal sharing without introducing a new login layer or tool sprawl.
π Learn more β https://thehackernews.com/2025/12/passwd-walkthrough-of-google-workspace.html
π€12π3
π Two Chrome extensions were caught intercepting browser traffic and stealing credentials from 170+ sites.
They pose as VPN tools, charge subscriptions, then silently proxy traffic and exfiltrate credentials in plaintext.
One has been active since 2017, the other since 2023.
π Details β https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.html
They pose as VPN tools, charge subscriptions, then silently proxy traffic and exfiltrate credentials in plaintext.
One has been active since 2017, the other since 2023.
π Details β https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.html
π16π€―14π4π₯3
Italy fined Apple β¬98.6m over how App Tracking Transparency works in the App Store.
Regulators say third-party apps must show double consent prompts, while Appleβs own apps get one-tap approval.
π Read β https://thehackernews.com/2025/12/italy-fines-apple-986-million-over-att.html
Regulators say third-party apps must show double consent prompts, while Appleβs own apps get one-tap approval.
π Read β https://thehackernews.com/2025/12/italy-fines-apple-986-million-over-att.html
π₯17π6π€5
U.S. SEC has charged multiple companies over a crypto scam that took $14M from retail investors.
The scheme used WhatsApp investment clubs and fake AI trading signals to push victims onto non-existent crypto platforms.
No real trading ever happened.
π Read β https://thehackernews.com/2025/12/sec-files-charges-over-14-million.html
The scheme used WhatsApp investment clubs and fake AI trading signals to push victims onto non-existent crypto platforms.
No real trading ever happened.
π Read β https://thehackernews.com/2025/12/sec-files-charges-over-14-million.html
π6π±5π₯3
Cybercrime shifted in 2025. 70.5% of data breaches hit SMBs, not large enterprises.
Attackers moved to smaller firms after big companies hardened defenses and rejected ransoms. Volume replaced payout size.
π What the data shows from 2025 breaches β https://thehackernews.com/2025/12/attacks-are-evolving-3-ways-to-protect.html
Attackers moved to smaller firms after big companies hardened defenses and rejected ransoms. Volume replaced payout size.
π What the data shows from 2025 breaches β https://thehackernews.com/2025/12/attacks-are-evolving-3-ways-to-protect.html
π13π4π±3π€―2π₯1
Nomani investment scams rose 62% in 2025, ESET says.
Campaigns now run on YouTube as well as Facebook, pushing fake returns with AI-made videos.
64,000+ scam URLs were blocked this year.
π How the fraud chain works β https://thehackernews.com/2025/12/nomani-investment-scam-surges-62-using.html
Campaigns now run on YouTube as well as Facebook, pushing fake returns with AI-made videos.
64,000+ scam URLs were blocked this year.
π How the fraud chain works β https://thehackernews.com/2025/12/nomani-investment-scam-surges-62-using.html
β‘12π±7π4π3
A new MacSync malware variant hit macOS via a signed and notarized app, letting it bypass Apple Gatekeeper.
The fake messaging installer ran like a legitimate app until Apple revoked the certificate.
π Read β https://thehackernews.com/2025/12/new-macsync-macos-stealer-uses-signed.html
The fake messaging installer ran like a legitimate app until Apple revoked the certificate.
π Read β https://thehackernews.com/2025/12/new-macsync-macos-stealer-uses-signed.html
π9π€―8π6π±1
CISA added a Digiever NVR bug to its exploited list after confirmed attacks.
CVE-2023-52163 allows remote code execution through command injection once logged in.
Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched.
π Read β https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html
CVE-2023-52163 allows remote code execution through command injection once logged in.
Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched.
π Read β https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html
π8
Fortinet confirms active exploitation of a FortiOS SSL VPN flaw that bypasses 2FA.
CVE-2020-12812 lets attackers log in by changing the case of a username when LDAP is misconfigured.
The bug can allow admin or VPN access without second-factor checks.
π Read β https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html
CVE-2020-12812 lets attackers log in by changing the case of a username when LDAP is misconfigured.
The bug can allow admin or VPN access without second-factor checks.
π Read β https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html
π13π8π±4π₯2
Stolen vault backups from the 2022 LastPass breach are still paying out.
$35 Million+ traced as attackers crack weak master passwords years later, draining crypto through 2025.
TRM Labs links laundering to Russian exchanges and mixers, despite CoinJoin use.
π Read β https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html
$35 Million+ traced as attackers crack weak master passwords years later, draining crypto through 2025.
TRM Labs links laundering to Russian exchanges and mixers, despite CoinJoin use.
π Read β https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html
π₯16