![Cybersecurity News | Daily Recap [02 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [02 Dec 2025]")
Daily Recap, researchers warn of a third GlassWorm wave arriving through malicious VS Code packages and a ShadyPanda browser extension campaign, with the Contagious Interview expansion introducing OtterCookie to the attack surface. The roundup also highlights North Korea’s Lazarus operations, high-profile breaches at Coupang and Brsk, the BOSS/APT36 Linux espionage pivot, and enforcement actions such as Cryptomixer takedowns and Sanchar Saathi regulatory measures. #GlassWorm #ShadyPanda #OtterCookie #Lazarus #Coupang #Brsk #APT36 #ShaiHulud #Cryptomixer #SancharSaathi #IlluminateEducation #EvilTwin
Extensions & IDE Malware
- Researchers warn a third wave of GlassWorm activity has returned via malicious VS Code packages and 24 fake extensions impersonating developer tools that siphon credentials and install backdoors – GlassWorm Return, GlassWorm Return
- A cluster of browser extensions tied to ShadyPanda amassed 4.3M installs before turning spyware to harvest user data and credentials – ShadyPanda Campaign, ShadyPanda Campaign
Dev-Tool & Package Supply Chain
- A malicious npm package hides prompts and scripts to evade AI security tools and exfiltrate secrets, part of a broader campaign targeting developer workflows – Malicious npm
- The “Contagious Interview” campaign expanded with 197 compromised npm packages distributing the new OtterCookie malware, signaling a large-scale OSS supply-chain compromise – OtterCookie Spread
- PostHog admits the Shai‑Hulud 2.0 incident was its biggest security scare, underscoring risks in telemetry/analytics tooling, and the SmartTube Android TV app was breached to push a malicious update — both highlight app/toolchain compromise risks – Shai‑Hulud, SmartTube Breach
North Korea & Lazarus
- Security teams captured the Lazarus APT’s remote-worker recruitment scheme on camera as the group allegedly uses fake IT identities to infiltrate firms and is accused of stealing $30M from a crypto exchange – Lazarus Scheme, Lazarus Theft
- Authorities report North Korea lures engineers to “rent” their identities in fake IT-worker schemes to support broader nation-state operations and access leasing for attacks – Fake IT IDs
Crypto Takedowns
- European law enforcement raided the Cryptomixer/mixing platform, seizing roughly $29M in Bitcoin as part of a crackdown on laundering services tied to cybercrime – Cryptomixer Takedown, Crypto Seizure, Cryptomixer Takedown
Vulnerabilities & Platform Issues
- Google patched 2 Android zero‑day exploits and addressed a total of 107 vulnerabilities across Android, urging immediate updates – Android Patch
- A critical SQL injection in Devolutions Server could expose sensitive data, prompting emergency mitigations for affected deployments – Devolutions SQLi
- Microsoft Defender portal outage disrupted threat-hunting and blocked access to security alerts, impacting incident response workflows – Defender Outage
- Microsoft warns the new Outlook cannot open some Excel attachments, creating a compatibility gap that may affect mail-based workflows and forensic access to attachments – Outlook Attachment Bug
Breaches, Incidents & Sentencing
- Retailer Coupang disclosed a data breach affecting about 33.7M customers, exposing personal data at scale and triggering investigations – Coupang Breach
- Brsk confirmed a breach with bidding beginning for over 230K+ records, signaling another consumer data leak on underground markets – Brsk Breach
- The BOSS breach shows APT36 pivoting to Linux espionage with “silent” shortcut implants, expanding its targeting beyond Windows environments – BOSS Breach
- Edtech firm Illuminate Education settled with the FTC after a data breach, highlighting regulatory consequences for education-sector incidents – Edtech Settlement
- An Australian man received a 7 years sentence for ‘evil twin’ Wi‑Fi attacks used to intercept victims’ traffic and steal credentials—an example of criminal accountability for network deception – Evil Twin Sentence
Trends, Policy & Identity Threats
- Reports highlight cybercrime’s shift to a SaaS model—renting tools, access, and infrastructure to lower the barrier for attackers and accelerate operations – Crime SaaS
- Organizations are warned about sophisticated insider threats as attackers impersonate cybersecurity professionals and use deepfakes to infiltrate teams, stressing identity verification and technical controls – Insider Impersonation
- India ordered phone makers to pre-install the Sanchar Saathi app to tackle telecom fraud, a significant regulatory step linking device provisioning and national fraud prevention – Sanchar Saathi
- Analysts examine the trust problem in facial recognition, highlighting accuracy, bias, and governance issues that undermine adoption and legal compliance for biometric systems – Facial Recognition