⚠️ Most privacy risks aren't malicious.
It’s accidental.

A log statement. A helper function. An AI SDK someone added on Friday.

If you only look in production, you’re blind by design.

Read more → https://thehackernews.com/2025/12/why-data-security-and-privacy-need-to.html

⚡ Amazon confirms a Russian GRU unit hacked Western energy and infrastructure networks for years.

The threat wasn’t malware, it was silent credential theft from live traffic.

From 2021–2025, APT44 relied less on zero-days and more on exposed routers and VPN gateways.

🔗 Read → https://thehackernews.com/2025/12/amazon-exposes-years-long-gru-cyber.html

💰 A fake NuGet package stole crypto wallets for more than five years.

It copied a popular .NET tracing library and hid as a normal dependency. One extra letter in the author name led to about 2,000 downloads since 2020.

It exfiltrated Stratis wallet JSON files and passwords to a Russian IP.

🔗 Read: https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html

🛑 Amazon flagged a new AWS crypto-mining campaign using custom persistence techniques.

Attackers validate permissions with DryRun, deploy miners across ECS and EC2, then enable instance termination protection to block cleanup.

🔗 Learn more: https://thehackernews.com/2025/12/compromised-iam-credentials-power-large.html

Researchers uncover GhostPoster malware hidden in 17 Firefox add-ons with 50,000+ downloads.

Disguised as VPNs, translators, and ad blockers. 50k+ installs.

JavaScript was hidden inside logo images, activated after days, then hijacked links, tracked browsing, and ran ad fraud.

🔗 Read here → https://thehackernews.com/2025/12/ghostposter-malware-found-in-17-firefox.html

🛡️ Ink Dragon, a China-aligned hacking group, is focusing on European government targets while staying active in Asia and South America.

It exploits SharePoint and IIS flaws to drop web shells and maintain long-term access using ShadowPad and FINALDRAFT malware.

🔗 Learn more → https://thehackernews.com/2025/12/china-linked-ink-dragon-hacks.html

Most SOCs still respond after attackers move. That delay costs time and raises breach risk.

ANYRUN says proactive teams use live threat intelligence to see campaigns forming, not just alerts firing. Industry and geo context helps analysts focus on threats that actually matter.

🔗 How SOCs move from reactive to proactive → https://thehackernews.com/2025/12/fix-soc-blind-spots-see-threats-to-your.html

Kaspersky linked a new phishing wave to Operation ForumTroll.

The Russia-focused APT shifted from organizations to individual academics, using fake eLibrary emails and personalized downloads to deploy a remote-access framework on Windows systems.

🔗 Find how the attack chain worked → https://thehackernews.com/2025/12/new-forumtroll-phishing-attacks-target.html

⚠️ State-linked APT28 targeted UKR-net with sustained credential harvesting from mid-2024 to 2025.

🕵️‍♂️ Fake UKR-net login pages hosted on Mocky and relayed via ngrok and Serveo captured credentials and 2FA codes. Phishing PDFs and URL shorteners helped evade filters, showing infrastructure adapted to resist disruption.

🔗 Read campaign details here → https://thehackernews.com/2025/12/apt28-targets-ukrainian-ukr-net-users.html

🌐 Kimwolf is a new botnet that has infected over 1.8 million Android devices, mainly smart TVs and set-top boxes on home networks.

XLab says it has issued billions of DDoS commands, runs proxy and remote access functions, and uses blockchain-based ENS domains to resist takedowns.

🔗 Read → https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html

🛑 SonicWall patched an actively exploited flaw in SMA 100 series appliances.

CVE-2025-40602 lets attackers escalate privileges via the management console and was chained with a prior bug for root access.

Patches are now out for affected versions.

🔗 Read → https://thehackernews.com/2025/12/sonicwall-fixes-actively-exploited-cve.html

🛑 WARNING: CVE-2025-20393 is rated 10.0, with no patch available.

Cisco confirmed active exploitation of an AsyncOS zero-day by a China-linked APT.

The flaw allows root-level command execution on affected email security appliances and enables attackers to establish persistence.

🔗 Details and mitigations → https://thehackernews.com/2025/12/cisco-warns-of-active-attacks.html

A critical ASUS Live Update vulnerability is now on CISA’s exploited list.

CVSS 9.3, supply chain–based, and tied to ShadowHammer, it embedded malicious code in signed updates for carefully chosen devices.

🔗 Read → https://thehackernews.com/2025/12/cisa-flags-critical-asus-live-update.html

North Korea–linked Kimsuky has been tied to a new Android malware campaign.

The group is spreading a fresh DocSwap variant through QR codes on fake CJ Logistics sites. Once installed, the app deploys a full RAT with access to messages, calls, files, audio, and camera.

🔗 Read analysis here → https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html

🤖 AI copilots are now built into everyday SaaS tools. They move fast and quietly create new data paths across apps.

Static SaaS security can’t see AI activity in real time, so risk hides in normal logs—driving the shift to dynamic AI-SaaS security.

👉 Understand the risk before it hits → https://thehackernews.com/2025/12/the-case-for-dynamic-ai-saas-security.html

⚡ React2Shell. Weaxor. GhostPairing. ClickFix. RC4. RuTube. MCP leaks. DDoSia. Modbus. Google Phish. DarkGate. Token spills.

Dozens of stories from one chaotic week. Read the latest ThreatsDay Bulletin — what security teams are tracking now.

🔗 Read 15+ new stories → https://thehackernews.com/2025/12/threatsday-bulletin-whatsapp-hijacks.html

The State of Cybersecurity in 2025

Cybersecurity is entering a new phase of evolution. What was once centered on perimeter defenses and isolated tools is now defined by integration, verification, and execution speed.

This report by Papryon brings together perspectives across authentication, endpoint security, software supply chain protection, network visibility, and human risk, examining how organizations are adapting to increasingly sophisticated threats and operational complexity.

Download Full Report Here: https://thn.news/cyber-guide

Featuring:
Yubico
Metomic
usecure
Corelight
Axiado
ShadowDragon
SecureCo
Unknown Cyber
CrowdStrike
SentinelOne

💰 North Korea–linked hackers dominated crypto crime in 2025.

They stole $2.02B, more than half of all crypto taken worldwide, per Chainalysis. One breach at Bybit alone accounted for $1.5B, making this the worst year on record for DPRK theft.

🔗 Here's what the data exposes → https://thehackernews.com/2025/12/north-korea-linked-hackers-steal-202.html

⚠️ HPE patched a CRITICAL CVSS 10.0 flaw in OneView that allows unauthenticated remote code execution.

All versions before 11.00 are affected, with hotfixes for 5.20–10.20.

No active exploits reported, but patching is urgent.

🔗 Details here → https://thehackernews.com/2025/12/hpe-oneview-flaw-rated-cvss-100-allows.html

🛑 ESET has identified a China-aligned cyber espionage group, LongNosedGoblin, active since 2023 and targeting government networks in Southeast Asia and Japan.

It spreads malware via Windows Group Policy and uses OneDrive and Google Drive as C2, with full backdoors deployed only on select targets.

🔗 Read: https://thehackernews.com/2025/12/china-aligned-threat-group-uses-windows.html