🚨 Thousands hacked after downloading what looked like “official” government apps.

They were fake versions of real banking apps, modified by hackers from GoldFactory to include malware.

So far, over 11,000 phones in Southeast Asia have been infected.

🔗 Details ↓ https://thehackernews.com/2025/12/goldfactory-hits-southeast-asia-with.html

🤖💥 AI-built code just broke web security in 2025.

One bug in a “vibe coding” platform let anyone access private apps — no login needed.

⚠️ 45% of AI-written code had exploitable flaws.
🏢 Even big firms like Wix had to patch fast.

The fix? Treat all AI code as untrusted.

🔗 Read here → https://thehackernews.com/2025/12/5-threats-that-reshaped-web-security.html

✈️ Hackers faking airport Wi-Fi.
💻 Malware hiding inside coding tools.
🤖 AI rewriting security playbooks.

That’s just the start — and 15+ more stories inside.

📰 This week’s ThreatsDay Bulletin uncovers the sneakiest hacks, scams, and “too-smart” malware out there.

🔗 Catch up before they catch you → https://thehackernews.com/2025/12/threatsday-bulletin-wi-fi-hack-npm-worm.html

🚨 AI tools are now running inside your browser — reading data, following hidden prompts, and moving info across tabs.

IT can’t see it. Security can’t stop it.

Seraphic Security’s Suresh Batchu calls this the next big blind spot: Shadow AI in the enterprise browser.

🔗 Read ↓ https://thehackernews.com/expert-insights/2025/12/shadow-ai-in-browser-next-enterprise.html

🚨 A fake Microsoft Teams installer is spreading malware in China.

Hackers called "Silver Fox" made it look like a Russian attack to hide their tracks.

It installs ValleyRAT, giving full remote access to victims.

🔗 Read: https://thehackernews.com/2025/12/silver-fox-uses-fake-microsoft-teams.html

⚠️ Hackers are exploiting a command injection bug in Array Networks AG Series gateways — active since August 2025.

It lets attackers run any command on systems using “DesktopDirect” remote access.

🔗 Details → https://thehackernews.com/2025/12/jpcert-confirms-active-command.html

🚨 CISA just warned about a new Chinese state-backed hack tool called BRICKSTORM — a backdoor found in VMware and Windows systems used by U.S. government and tech networks.

It can reinstall itself if removed, hide in normal traffic, and give hackers full remote control.

🔗Read → https://thehackernews.com/2025/12/cisa-reports-prc-hackers-using.html

🚨 A lawyer in Pakistan was hacked with Predator — the first known spyware attack on a civil society member.

It started with a link on WhatsApp, but new leaks show Predator can also spread through ads — no click needed.

It can read chats, record audio, take photos — and Intellexa may still access customer systems remotely.

🔗 Read → https://thehackernews.com/2025/12/intellexa-leaks-reveal-zero-days-and.html

⚠️ Within HOURS of disclosure, two China-linked hacking groups weaponized a critical React flaw (CVE-2025-55182).

They’re already scanning the web for unpatched apps.

Update to React 19.0.1+ now.

🔗 Read ↓ https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html

🚨 Critical Apache Tika flaw (CVE-2025-66516) just dropped — CVSS 10.0.

A single fake PDF can trigger an XXE attack, letting hackers read server files or run code.

🔗 Read ↓ https://thehackernews.com/2025/12/critical-xxe-bug-cve-2025-66516-cvss.html

Update to v3.2.2 now.

🧩 57% of SMBs say cybersecurity is a top priority — yet they still turn down MSPs.

➡ The issue isn’t interest. It’s confusion.
➡ They’re tired of jargon, fear, and hard selling.

“Getting to Yes” helps MSPs explain security in plain business terms — and win trust.

👉 See how it’s done → https://thehackernews.com/2025/12/getting-to-yes-anti-sales-guide-for-msps.html

🚨 WARNING: A new attack can trick Perplexity’s Comet browser into deleting your Google Drive.

Just one normal-looking email with hidden cleanup instructions can make the AI agent erase real files — no exploit, no warning.

🔗 Details here → https://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.html