⚠️ Iran’s MuddyWater hackers are using a new backdoor called "UDPGangster" that hides in fake “election seminar” Word files.

It only runs after checking if your computer is real — not a sandbox — then steals data over UDP to dodge detection.

🔗 Read → https://thehackernews.com/2025/12/muddywater-deploys-udpgangster-backdoor.html

⚠️ Hackers are exploiting a bug in the Sneeit Framework plugin (CVE-2025-6389) to run code on servers and create admin accounts on WordPress sites.

⚠️ Separately, a flaw in ICTBroadcast (CVE-2025-2611) lets attackers use the BROADCAST cookie for unauthenticated remote shell access on exposed hosts.

🔗 Read ↓ https://thehackernews.com/2025/12/sneeit-wordpress-rce-exploited-in-wild.html

⚠️ Three new Android threats just dropped:

• FvncBot – fake “mBank” app that logs keys, streams screens, and steals banking data.
• SeedSnatcher – spreads via Telegram to steal crypto seed phrases and 2FA codes.
• ClayRat – upgraded spyware faking YouTube & taxi apps for full device control.

All abuse Android’s accessibility features.

🔗 Read here ↓ https://thehackernews.com/2025/12/android-malware-fvncbot-seedsnatcher.html

⚠️ Holiday shopping means hacker season.

Bots hit hardest around Black Friday & Christmas.

Reused passwords = easy targets.

Block breached logins + secure vendor accounts now.

🔗 Read ↓ https://thehackernews.com/2025/12/how-can-retailers-cyber-prepare-for.html

Catch the the latest CybersecurityRecap for:

💥 USB drives spreading crypto miners.
💰 Fake investment sites busted.
🐀 CastleRAT creeping through networks.
⚖️ Portugal shields ethical hackers.
💸 Ransomware payouts falling fast.

👉 Get the full stories, latest tools, and expert webinars in the latest recap: https://thehackernews.com/2025/12/weekly-recap-usb-malware-react2shell.html

⚠️ Hackers are hiding malware in normal websites.

A new attack called JS#SMUGGLER plants code that quietly runs PowerShell through mshta.exe to install NetSupport RAT — giving attackers full control of your computer.

It even checks your device type to avoid being caught.

🔗 Read ↓ https://thehackernews.com/2025/12/experts-confirm-jssmuggler-uses.html

⚠️ Researchers found malicious packages in VS Code, Go, npm, and Rust stealing developer data.

They mimicked themes, AI tools, and libraries to grab screenshots, Wi-Fi passwords, and browser cookies.

🔗 Find details here ↓ https://thehackernews.com/2025/12/researchers-find-malicious-vs-code-go.html

🚨 Hackers are uploading fake resumes on Indeed and JazzHR to breach Canadian companies.

80% of attacks in this campaign hit Canada.

The “PDFs” actually launch QWCrypt ransomware through a tool called RedLoader.

🔗 Read: https://thehackernews.com/2025/12/stac6565-targets-canada-in-80-of.html

🔥 You can win $20K for breaking Google’s new Chrome security feature.

Google just added the “User Alignment Critic,” a safeguard that uses a second model to double-check Chrome’s AI agent and block prompt attacks or data leaks.

🔗 Read: https://thehackernews.com/2025/12/google-adds-layered-defenses-to-chrome.html

💡 Most Zero Trust tools still don’t talk to each other — so access decisions lag behind real risks.

A MongoDB engineer built a workflow using Tines that lets Kolide send real-time device alerts to Okta through the Shared Signals Framework.

Finally, Zero Trust that actually works in sync.

🔗 Read: https://thehackernews.com/2025/12/how-to-streamline-zero-trust-using.html

🚨 Storm-0249 just changed tactics.

The hacker group Microsoft flagged in 2024 is now faking Microsoft domains and abusing real security tools like SentinelOne to sneak in ransomware.

They’re using PowerShell commands that never drop files—making them almost invisible.

🔗 Read ↓ https://thehackernews.com/2025/12/storm-0249-escalates-ransomware-attacks.html

GTG-1002 changed the rules.

An AI-driven attack hit dozens of companies—80% run autonomously, at machine speed.

The real threat? SaaS tokens that stay trusted forever after one approval.

Static trust can’t defend against dynamic attackers.

🔗 Learn more: https://thehackernews.com/expert-insights/2025/12/what-gtg-1002-and-claude-style-attacks.html

⚠️ 4 hacker groups are now using the same malware tool — CastleLoader.

It’s sold as malware-for-hire by a group called GrayBravo. They’re hitting targets from logistics to IT using fake online Booking pages and software updates.

Each attack links back to the same control servers — built to spread fast.

🔗 Read ↓ https://thehackernews.com/2025/12/four-threat-clusters-using-castleloader.html

🚨 North Korean hackers are exploiting the new React2Shell bug (10.0-severity) to drop EtherRAT — malware that hides its commands inside Ethereum smart contracts.

It even makes 9 blockchain nodes “vote” to pick its server, so takedowns fail.

🔗 Read now ↓ https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html

⚠️ Fortinet, Ivanti & SAP just fixed critical bugs that let attackers break in or run code remotely.

➜ Fortinet: auth bypass via fake SAML login.
➜ Ivanti: admin takeover through poisoned dashboards.
➜ SAP: code injection in Solution Manager (CVSS 9.9).

🔗Patch Now: https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html

⚠️ Microsoft just fixed 56 Windows bugs — one’s already being exploited.

It hides in the Cloud Files driver used by OneDrive, Google Drive, and iCloud — even if those apps aren’t installed. Hackers can chain it with phishing to gain SYSTEM access.

Plus: 2 zero-days in PowerShell and GitHub Copilot for JetBrains.

🔗 Details ↓ https://thehackernews.com/2025/12/microsoft-issues-security-fixes-for-56.html

⚡WEBINAR ⤑ Hackers are finding new ways into the cloud and most tools can’t spot them.

Next week, the #PaloAltoNetworks team will show real examples of how attacks happen and how to block them.

🔗 Join the live session to learn how to protect your setup: https://thehackernews.com/2025/12/webinar-how-attackers-exploit-cloud.html

⚠️ WinRAR just made CISA’s “actively exploited” list.

Russian, South Asian, and Ukrainian-targeting hacker groups are using the flaw to hijack Windows — by planting code that runs every time Word opens.

🔗 Patch WinRAR now ↓ https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html

⚠️ Three new PCIe security flaws found — they let hackers change or fake data moving between computer parts.

They affect some Intel Xeon and AMD EPYC chips.

The problem? It’s in the encryption that was supposed to keep data safe.

🔗 Read → https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html

⚠️ Attackers don't care about your model's safety scores.

They care about what it connects to - and what they can reach from a single prompt.

Even if you tested before deployment, in production your agent connects to tools, APIs, databases - an attack surface nobody validated.

Pillar Security launches today RedGraph - the world-first attack surface mapping & testing for AI agents.

Check it out: https://thn.news/redgraph-insights

🚨 A .NET flaw called “SOAPwn” lets hackers run code on enterprise apps — no patch from Microsoft.

Researchers at Black Hat Europe showed how SOAP clients can be tricked into writing files or web shells, hitting tools like Barracuda RMM and Ivanti EPM.

🔗 Full details here ↓ https://thehackernews.com/2025/12/net-soapwn-flaw-opens-door-for-file.html