Cybersecurity News | Daily Recap [03 Dec 2025]

hendryadrian.com

hendryadrian.com

Regulation & Legal

• Arizona Attorney General sues Chinese retailer Temu over alleged customer data theft and misuse – Temu Suit
• EU top court rules online marketplaces responsible for processing data in ads, expanding platform liability for ad data use – Marketplaces Ruling
• The FTC forces Illuminate to delete unnecessary student data following a massive student-data breach and enforcement action – Illuminate Order, Illuminate FTC
• India orders messaging apps to require active SIMs to curb fraud while facing backlash over a mandatory cyber-safety app mandate – SIM Mandate, App Backlash

Policy & AI Safety

• EU and Singapore deepen tech ties, prioritizing AI safety and cybersecurity cooperation across frontier tech governance – EU–Singapore Pact
• Australia establishes a national AI Safety Institute to address risks from frontier AI systems as part of its national AI plan – Australia AI Institute

Incidents & Breaches

• Penn and Phoenix universities disclose a data breach after an Oracle hack that exposed student and staff information – University Breach
• Shai-Hulud 2.0 NPM malware campaign exposed up to 400,000 developer secrets via malicious packages – Shai-Hulud
• Browser extensions for Chrome and Edge were found tracking users and creating persistent backdoors, raising privacy and supply-chain concerns – Extensions Backdoor
• Exploitative IP-camera networks lead to arrests in South Korea for selling intimate videos and prompt scrutiny of vulnerable CCTV ecosystems – IP Camera Scandal, IP Camera Arrests

Vulnerabilities & Advisories

• Google patched 107 Android flaws including two zero-days in its December update while CISA warns two Android vulnerabilities are actively exploited – Android Patch, CISA Warning
• Qualcomm issued a critical alert over a Secure Boot vulnerability affecting device trust chains and requiring urgent vendor mitigation – Qualcomm Alert
• Full disclosure published for a Revive Adserver vulnerability that could enable remote compromise of ad-serving infrastructure – Revive Adserver

Nation-State Activity

• Iran-linked hackers launched phishing campaigns targeting Israel and Egypt critical infrastructure, while the US offers a $10M reward for operatives tied to election interference and infrastructure attacks – Iran Campaign, $10M Bounty

AI & ML Threats

• Picklescan bugs let malicious PyTorch models evade scans and execute arbitrary code, highlighting ML-supply-chain risks for model deployment – Picklescan Flaw
• New resources and discussions outline how AI tools are fueling cybercrime and how to strategically harness or constrain AI, featuring a webinar and a strategic guide – AI Tools Webinar, Chopping AI

Crime & Takedowns

• The DOJ seized a Myanmar-based scam site spoofing the TickMill trading platform as part of international fraud disruption efforts – Myanmar Takedown

Deals & Funding

• ServiceNow is reported to acquire identity-security firm Veza in a deal valued at about $1 billion to expand identity governance capabilities – Veza Deal
• Zafran Security raises $60 million in Series C funding to scale cloud and cyber capabilities – Zafran Raise
• Saporo secures $8 million to advance its identity-security platform and product development – Saporo Raise

Opinion & Analysis

• Industry commentary exposes a growing “great disconnect” between technical and business conversations in security, urging alignment across stakeholders – Great Disconnect

Cybersecurity News | Daily Recap – hendryadrian.com