Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [13 Dec 2025]

admin
Cybersecurity News | Daily Recap [13 Dec 2025]

Daily Recap, the security landscape today spans zero-day exploits patched in Apple WebKit and active Gogs exploitation affecting hundreds of self-hosted instances, along with critical flaws in Varex Imaging, GDCM, and Johnson Controls iSTAR Ultra impacting medical and industrial systems. The report also highlights Lazarus Group and Ashen Lepus espionage campaigns, major data breaches at Coupang and Pierce County Library, and a surge of malware kits and phishing tools including PyStoreRAT, Agent Tesla, BlackForce, GhostFrame, InboxPrime AI, and DroidLock. #LazarusGroup #AshenLepus #Coupang #PierceCountyLibrary #PyStoreRAT #AgentTesla #BlackForce #GhostFrame #InboxPrimeAI #DroidLock #AppleWebKit #Gogs #VarexImaging #GDCM #JohnsonControls #AshTag

News:

Exploited Zero-days

  • Apple issued emergency patches for two critical WebKit zero-days (CVE-2025-43529, CVE-2025-14174) exploited in targeted spyware campaigns and coordinated with Google Chrome – Apple Fixes, Apple Patches
  • Active exploitation of a CVE-2025-8110 zero-day in Gogs has led to infections across 700+ self-hosted Git instances, prompting urgent mitigations – Gogs 0day
  • Attackers are exploiting a cryptography flaw in Gladinet CentreStack to retrieve keys and trigger remote code execution via unsafe deserialization—organizations should update and check IOCs – Gladinet Flaw

Industrial & Medical

  • CISA alerts warn of critical flaws across medical and access-control systems: a DLL-hijack in Varex Imaging allowing SYSTEM escalation, an out-of-bounds write (CVE-2025-11266) in GDCM causing DoS, and OS command injection in Johnson Controls iSTAR Ultra enabling full device takeover – Varex DLL, GDCM DoS, Johnson Controls

APTs & Espionage

  • Research links North Korea’s Lazarus Group to a 2020 compromise that hijacked a Yemen disinformation network using infostealers to repurpose trusted news domains for espionage – Lazarus Hijack
  • Hamas-affiliated Ashen Lepus continues targeting Middle Eastern government and diplomatic entities with the AshTag malware to steal sensitive documents post-ceasefire – Ashen Lepus

Breaches & Ransomware

  • An INC ransomware incident at Pierce County Library exposed the personal information of over 340,000 patrons, underscoring growing risks to public institutions – Library Hack
  • A Coupang data breach traced to an ex-employee who retained system access exposed 33.7 million customers, prompting police probes, a CEO resignation, and increased phishing targeting victims – Coupang Breach

Malware Delivery & Kits

  • Researchers uncovered campaigns using fake GitHub repos to push modular RATs like PyStoreRAT, abusing legitimate-looking dev tools to deliver system profiling and data-theft payloads – PyStoreRAT Campaign
  • A malicious torrent for ‘One Battle After Another’ hid PowerShell loaders in subtitle files to install Agent Tesla, highlighting risks from pirated media as a malware vector – AgentTesla Torrent
  • New phishing kits (e.g., BlackForce, GhostFrame, InboxPrime AI) use AI and MFA-bypass tactics for widescale credential theft, while Android DroidLock overlays lock screens, wipes data, and steals sensitive info via phishing chains – Phishing Kits, DroidLock Malware

Tools & Releases

  • Kali Linux 2025.4 launches with 3 new tools, desktop and Wayland enhancements, NetHunter upgrades, and a preview of Wifipumpkin3 for network testing – Kali 2025.4

Privacy & Data Governance

  • Canada’s privacy commissioner opened a probe into Toronto billboards using facial detection to infer age/gender for targeted ads, raising legal and ethical questions about biometric profiling – Toronto Billboards
  • Organizations are warned about risks from “shadow spreadsheets” where oversharing and version sprawl expose sensitive data, with alternatives like Grist suggested for structured access controls – Shadow Spreadsheets

Roundups & Misc

  • This week’s roundup flags the PromptPwnd AI-model exploit, US Pentagon moves toward post‑quantum crypto, GPU smuggling countermeasures, macOS bounty disputes, and emerging Android malware trends – Weekly Roundup

Exploited Zero-days

  • Apple issued emergency patches for two critical WebKit zero-days (CVE-2025-43529, CVE-2025-14174) exploited in targeted spyware campaigns and coordinated with Google Chrome – Apple Fixes, Apple Patches
  • Active exploitation of a CVE-2025-8110 zero-day in Gogs has led to infections across 700+ self-hosted Git instances, prompting urgent mitigations – Gogs 0day
  • Attackers are exploiting a cryptography flaw in Gladinet CentreStack to retrieve keys and trigger remote code execution via unsafe deserialization—organizations should update and check IOCs – Gladinet Flaw

Industrial & Medical

  • CISA alerts warn of critical flaws across medical and access-control systems: a DLL-hijack in Varex Imaging allowing SYSTEM escalation, an out-of-bounds write (CVE-2025-11266) in GDCM causing DoS, and OS command injection in Johnson Controls iSTAR Ultra enabling full device takeover – Varex DLL, GDCM DoS, Johnson Controls

APTs & Espionage

  • Research links North Korea’s Lazarus Group to a 2020 compromise that hijacked a Yemen disinformation network using infostealers to repurpose trusted news domains for espionage – Lazarus Hijack
  • Hamas-affiliated Ashen Lepus continues targeting Middle Eastern government and diplomatic entities with the AshTag malware to steal sensitive documents post-ceasefire – Ashen Lepus

Breaches & Ransomware

  • An INC ransomware incident at Pierce County Library exposed the personal information of over 340,000 patrons, underscoring growing risks to public institutions – Library Hack
  • A Coupang data breach traced to an ex-employee who retained system access exposed 33.7 million customers, prompting police probes, a CEO resignation, and increased phishing targeting victims – Coupang Breach

Malware Delivery & Kits

  • Researchers uncovered campaigns using fake GitHub repos to push modular RATs like PyStoreRAT, abusing legitimate-looking dev tools to deliver system profiling and data-theft payloads – PyStoreRAT Campaign
  • A malicious torrent for ‘One Battle After Another’ hid PowerShell loaders in subtitle files to install Agent Tesla, highlighting risks from pirated media as a malware vector – AgentTesla Torrent
  • New phishing kits (e.g., BlackForce, GhostFrame, InboxPrime AI) use AI and MFA-bypass tactics for widescale credential theft, while Android DroidLock overlays lock screens, wipes data, and steals sensitive info via phishing chains – Phishing Kits, DroidLock Malware

Tools & Releases

  • Kali Linux 2025.4 launches with 3 new tools, desktop and Wayland enhancements, NetHunter upgrades, and a preview of Wifipumpkin3 for network testing – Kali 2025.4

Privacy & Data Governance

  • Canada’s privacy commissioner opened a probe into Toronto billboards using facial detection to infer age/gender for targeted ads, raising legal and ethical questions about biometric profiling – Toronto Billboards
  • Organizations are warned about risks from “shadow spreadsheets” where oversharing and version sprawl expose sensitive data, with alternatives like Grist suggested for structured access controls – Shadow Spreadsheets

Roundups & Misc

  • This week’s roundup flags the PromptPwnd AI-model exploit, US Pentagon moves toward post‑quantum crypto, GPU smuggling countermeasures, macOS bounty disputes, and emerging Android malware trends – Weekly Roundup

Cybersecurity News | Daily Recap – hendryadrian.com