Cybersecurity News | Daily Recap [09 Dec 2025]

Daily Recap, AI and browser security dominate this edition as NCSC warns about prompt injection and Google layers defenses in Chrome/Gemini to curb indirect prompts and agentic browsing, while Zero Trust guidance promotes safer AI integrations via the Shared Signals Framework.
Meanwhile, the threat landscape features a high-severity XXE in Apache Tika raising CVE risk to 10.0, new CSS/SVG clickjacking bypass techniques, ValleyRAT deliveries by Silver Fox APT, JS#SMUGGLER-driven NetSupport RAT and malicious VSCode extensions, Shanya EXE packing for stealthy payloads, Broadside botnet activity, STAC6565 targeting Canada, a multi-billion ransomware extortion wave with billions paid and a US bounty on Iranian hackers, plus regulatory and industry shifts impacting AI, data sharing, and outsourced security.
#ValleyRAT #JS #Smuggler #NetSupportRAT #ShanyaEXE #BroadsideBotnet #STAC6565 #Canada #IranianHackers #Chrome #Gemini

NCSC warns prompt injection could spark a major AI security crisis as vendors race to add protections to agentic browsers and models – Prompt Injection, Chrome Defenses, AI Browsers
Google adds layered defenses to Chrome/Gemini to block indirect prompt-injection and agentic browsing threats – Chrome Defenses, Gemini Layer
Guidance published to streamline Zero Trust adoption using the Shared Signals Framework for safer AI integrations – Zero Trust

A maximum-severity XXE flaw raises Apache Tika CVE risk to 10.0, affecting multiple modules and demanding urgent patching – Apache Tika, Tika XXE
Researchers disclose a novel clickjacking technique abusing CSS and SVG to bypass UI defenses on web pages — patch and mitigations recommended – Clickjacking CSS

Silver Fox APT used a Cyrillic false flag in Teams SEO poisoning to deliver ValleyRAT, illustrating lures that evade detection – Silver Fox
Campaigns using compromised sites and JS#SMUGGLER drop NetSupport RAT, while malicious VSCode extensions deploy infostealers — developers urged to harden supply chains – JS#Smuggler, Malicious VSCode
Ransomware operators adopt the Shanya EXE packer to hide EDR-killing payloads, complicating detection and response – Shanya Packer
New Broadside botnet targets maritime and shipping firms, amplifying risk to logistics infrastructure – Broadside Botnet
STAC6565 is linked to attacks targeting Canada (~80% of observed hits) while the threat actor and partners deploy Gold Blade and QWCrypt ransomware families – STAC6565 Canada

FinCEN reports ransomware extortion of over $2.1B from 2022–2024 and Treasury filings show more than $2B paid across ~4,000 incidents, noting payments fell after law-enforcement actions but remain substantial – FinCEN Report, Ransomware Payments, Treasury Data

The US posts a $10 million reward for information on state-linked Iranian hackers amid heightened cyber tensions – US Bounty
Polish authorities detained three Ukrainian nationals found with advanced hacking and spy gear (multiple seizures reported) as investigations continue – Warsaw Arrests, Poland Arrests
Russia’s ban on apps like Roblox sparks youth backlash as choices for popular platforms are restricted — social impact noted – Russia App Ban

President Trump plans an executive order to limit state-level AI regulations, potentially centralizing US AI policy — states and industry stakeholders brace for change – AI Executive Order
The European Commission approves Meta’s proposal to reduce certain data-sharing practices, signaling regulatory movement on platform privacy – Meta Proposal

Proofpoint completes a $1.8 billion acquisition of Hornetsecurity, expanding email security and cloud offerings – Proofpoint Deal
Microsoft investigates a Copilot outage affecting European users, disrupting AI-assisted workflows for customers – Copilot Outage
ENISA says a persistent cyber talent shortage is driving EU firms toward tech investments and outsourced security models to close gaps — hiring pressure continues – Talent Shortage

SHARE THIS STORY