INTERPOL led a cybercrime sweep across Africa. 574 arrests and $3M recovered after targeting BEC, extortion, and ransomware in 19 countries.
Separately, a Ukrainian Nefilim ransomware affiliate pleaded guilty in the U.S.
π Details from both cases β https://thehackernews.com/2025/12/interpol-arrests-574-in-africa.html
Separately, a Ukrainian Nefilim ransomware affiliate pleaded guilty in the U.S.
π Details from both cases β https://thehackernews.com/2025/12/interpol-arrests-574-in-africa.html
π5π€―5π€3π±2
What happens when your security vendor is too distracted by a merger to help you fix a vulnerability?
New insights from JFrog explore the risks of vendor instability in a consolidating market.
Don't let your AppSec stack become a liability. Read the analysis: https://thn.news/sec-vendor-risks-x
New insights from JFrog explore the risks of vendor instability in a consolidating market.
Don't let your AppSec stack become a liability. Read the analysis: https://thn.news/sec-vendor-risks-x
π9π5
Watch how Passwd handles shared passwords, API keys, and system access for Google Workspace teams.
Centralized admin control with audit trails replaces informal sharing without introducing a new login layer or tool sprawl.
π Learn more β https://thehackernews.com/2025/12/passwd-walkthrough-of-google-workspace.html
Centralized admin control with audit trails replaces informal sharing without introducing a new login layer or tool sprawl.
π Learn more β https://thehackernews.com/2025/12/passwd-walkthrough-of-google-workspace.html
π€12π3
π Two Chrome extensions were caught intercepting browser traffic and stealing credentials from 170+ sites.
They pose as VPN tools, charge subscriptions, then silently proxy traffic and exfiltrate credentials in plaintext.
One has been active since 2017, the other since 2023.
π Details β https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.html
They pose as VPN tools, charge subscriptions, then silently proxy traffic and exfiltrate credentials in plaintext.
One has been active since 2017, the other since 2023.
π Details β https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.html
π16π€―14π4π₯3
Italy fined Apple β¬98.6m over how App Tracking Transparency works in the App Store.
Regulators say third-party apps must show double consent prompts, while Appleβs own apps get one-tap approval.
π Read β https://thehackernews.com/2025/12/italy-fines-apple-986-million-over-att.html
Regulators say third-party apps must show double consent prompts, while Appleβs own apps get one-tap approval.
π Read β https://thehackernews.com/2025/12/italy-fines-apple-986-million-over-att.html
π₯17π6π€5
U.S. SEC has charged multiple companies over a crypto scam that took $14M from retail investors.
The scheme used WhatsApp investment clubs and fake AI trading signals to push victims onto non-existent crypto platforms.
No real trading ever happened.
π Read β https://thehackernews.com/2025/12/sec-files-charges-over-14-million.html
The scheme used WhatsApp investment clubs and fake AI trading signals to push victims onto non-existent crypto platforms.
No real trading ever happened.
π Read β https://thehackernews.com/2025/12/sec-files-charges-over-14-million.html
π6π±5π₯3
Cybercrime shifted in 2025. 70.5% of data breaches hit SMBs, not large enterprises.
Attackers moved to smaller firms after big companies hardened defenses and rejected ransoms. Volume replaced payout size.
π What the data shows from 2025 breaches β https://thehackernews.com/2025/12/attacks-are-evolving-3-ways-to-protect.html
Attackers moved to smaller firms after big companies hardened defenses and rejected ransoms. Volume replaced payout size.
π What the data shows from 2025 breaches β https://thehackernews.com/2025/12/attacks-are-evolving-3-ways-to-protect.html
π13π4π±3π€―2π₯1
Nomani investment scams rose 62% in 2025, ESET says.
Campaigns now run on YouTube as well as Facebook, pushing fake returns with AI-made videos.
64,000+ scam URLs were blocked this year.
π How the fraud chain works β https://thehackernews.com/2025/12/nomani-investment-scam-surges-62-using.html
Campaigns now run on YouTube as well as Facebook, pushing fake returns with AI-made videos.
64,000+ scam URLs were blocked this year.
π How the fraud chain works β https://thehackernews.com/2025/12/nomani-investment-scam-surges-62-using.html
β‘12π±7π4π3
A new MacSync malware variant hit macOS via a signed and notarized app, letting it bypass Apple Gatekeeper.
The fake messaging installer ran like a legitimate app until Apple revoked the certificate.
π Read β https://thehackernews.com/2025/12/new-macsync-macos-stealer-uses-signed.html
The fake messaging installer ran like a legitimate app until Apple revoked the certificate.
π Read β https://thehackernews.com/2025/12/new-macsync-macos-stealer-uses-signed.html
π9π€―8π6π±1
CISA added a Digiever NVR bug to its exploited list after confirmed attacks.
CVE-2023-52163 allows remote code execution through command injection once logged in.
Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched.
π Read β https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html
CVE-2023-52163 allows remote code execution through command injection once logged in.
Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched.
π Read β https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html
π8
Fortinet confirms active exploitation of a FortiOS SSL VPN flaw that bypasses 2FA.
CVE-2020-12812 lets attackers log in by changing the case of a username when LDAP is misconfigured.
The bug can allow admin or VPN access without second-factor checks.
π Read β https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html
CVE-2020-12812 lets attackers log in by changing the case of a username when LDAP is misconfigured.
The bug can allow admin or VPN access without second-factor checks.
π Read β https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html
π13π8π±4π₯2
Stolen vault backups from the 2022 LastPass breach are still paying out.
$35 Million+ traced as attackers crack weak master passwords years later, draining crypto through 2025.
TRM Labs links laundering to Russian exchanges and mixers, despite CoinJoin use.
π Read β https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html
$35 Million+ traced as attackers crack weak master passwords years later, draining crypto through 2025.
TRM Labs links laundering to Russian exchanges and mixers, despite CoinJoin use.
π Read β https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html
π₯16
ThreatsDayBulletin: Cyber threats are shifting tactics this week.
Stealthy loaders now hide in trusted tools, AI chatbot flaws and Docker prompt injection exploits can leak data, and commodity loaders deliver RATs to industry targets.
Android NFC malware and fake PoCs add to the risk.
π Read β https://thehackernews.com/2025/12/threatsday-bulletin-stealth-loaders-ai.html
Stealthy loaders now hide in trusted tools, AI chatbot flaws and Docker prompt injection exploits can leak data, and commodity loaders deliver RATs to industry targets.
Android NFC malware and fake PoCs add to the risk.
π Read β https://thehackernews.com/2025/12/threatsday-bulletin-stealth-loaders-ai.html
π9π₯2π€―1
China-linked Evasive Panda ran a targeted DNS poisoning campaign to silently push spyware through fake software updates, Kaspersky reports.
π Learn how poisoned DNS enabled stealth espionage β https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html
π Learn how poisoned DNS enabled stealth espionage β https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html
π15π3π€―3π±1
π Trust Wallet confirmed a security breach in its Chrome extension.
Malicious code was inserted into version 2.68, stealing wallet recovery phrases and draining about $7 million.
Users must update to v2.69.
π Read details here β https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html
Malicious code was inserted into version 2.68, stealing wallet recovery phrases and draining about $7 million.
Users must update to v2.69.
π Read details here β https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html
π21π₯12π8π€5π3π±1
β οΈ MongoDB fixed a server flaw that lets unauthenticated users read uninitialized heap memory.
The bug, CVE-2025-14847 (8.7), affects releases from 3.6 through 8.2 and is tied to zlib compression handling.
Patches are available now.
π Read β https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html
The bug, CVE-2025-14847 (8.7), affects releases from 3.6 through 8.2 and is tied to zlib compression handling.
Patches are available now.
π Read β https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html
π₯26π4
MongoDB servers are under active exploitation via CVE-2025-14847, a pre-auth memory leak.
Censys found 87,000 exposed instances. The default zlib compression flaw can leak passwords and API keys over time.
π Read β https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html
Censys found 87,000 exposed instances. The default zlib compression flaw can leak passwords and API keys over time.
π Read β https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html
π₯22π1
β οΈ Attackers turned npm into phishing infrastructure over five months.
27 npm packages were used as CDN-hosted lures mimicking document sharing and Microsoft sign-in pages, targeting sales staff at 25 industrial and healthcare firms.
π Read β https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html
27 npm packages were used as CDN-hosted lures mimicking document sharing and Microsoft sign-in pages, targeting sales staff at 25 industrial and healthcare firms.
π Read β https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html
π11π±9π₯5
β‘ Cyber attacks did not slow down at the end of 2025.
β οΈ Bugs were used fast
π Trusted software was misused
πΈ Old breaches caused new losses
π± Cloud, crypto, mobile, insiders all showed up
This weekly recap breaks down what mattered in the final week of 2025 and what carries into 2026.
Read: https://thehackernews.com/2025/12/weekly-recap-mongodb-attacks-wallet.html
β οΈ Bugs were used fast
π Trusted software was misused
πΈ Old breaches caused new losses
π± Cloud, crypto, mobile, insiders all showed up
This weekly recap breaks down what mattered in the final week of 2025 and what carries into 2026.
Read: https://thehackernews.com/2025/12/weekly-recap-mongodb-attacks-wallet.html
β‘12π6
π Mustang Panda is deploying TONESHELL via a kernel-mode rootkit driver.
The signed driver loads before antivirus tools, injects the backdoor into system processes, and blocks security visibility.
π Read β https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html
The signed driver loads before antivirus tools, injects the backdoor into system processes, and blocks security visibility.
π Read β https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html
π₯10
Silver Fox has shifted active phishing operations toward India, using income tax lures to deploy ValleyRAT.
The attack abuses legitimate Windows software and DLL sideloading to gain quiet, persistent access.
Researchers say the modular RAT enables role-based spying and credential theft.
π Read β https://thehackernews.com/2025/12/silver-fox-targets-indian-users-with.html
The attack abuses legitimate Windows software and DLL sideloading to gain quiet, persistent access.
Researchers say the modular RAT enables role-based spying and credential theft.
π Read β https://thehackernews.com/2025/12/silver-fox-targets-indian-users-with.html
π11π4π2