Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [04 Dec 2025]

admin
Cybersecurity News | Daily Recap [04 Dec 2025]

Daily Recap, regulatory moves span India withdrawing the Sanchar Saathi mandate and the UK’s cookie-enforcement push, with broader state activity highlighting Russia’s connected-car vulnerabilities and sanctions related to cyber espionage. The week also features critical RSC bugs in React/Next.js, LNK flaws, Elementor/King Addons WordPress exploits, a record AISURU DDoS with up to 4 million bots, Predator spyware activity, and data breaches at Freedom Mobile and Marquis alongside Rhysida ransomware pressure on local governments. #SancharSaathi #PredatorSpyware #AISURU #Rhysida #KingAddons #LNK #FreedomMobile #Marquis

News:

Privacy & Regulation

  • India withdraws a mandate to pre-install the Sanchar Saathi cyber‑safety app after surveillance backlash, reversing a controversial phone‑policy — Sanchar Saathi, India Drops
  • The UK ICO’s cookie enforcement campaign brings ~95% of top sites into compliance, leaving just 21 non‑compliant sites and strengthening user tracking controls — UK Cookies

Nation‑State Activity

  • Connected‑car failures in Russia raise fears about automotive tracking vulnerabilities after unexplained Porsche shutdowns, highlighting risks to IoT vehicles — Porsche Shutdown
  • Russian actors target Reporters Without Borders while the UK sanctions the GRU and linked cyber spies over a nerve‑agent attack, underscoring escalating state cyber and diplomatic actions — Reporters Targeted, UK Sanctions
  • Researchers report continued use of Predator spyware across countries including Iraq, and an exclusive analysis exposes a compromised North Korean APT machine tied to a major heist, showing persistent state‑grade surveillance tooling — Predator Spyware, North Korea APT
  • Russia blocks Roblox over alleged LGBT “propaganda”, illustrating censorship and platform control as part of broader state online measures — Roblox Block

Vulnerabilities & Patching

  • Critical RSC bugs in React and Next.js allow unauthenticated remote code execution, posing severe risks to modern web apps — RSC Bugs
  • Microsoft quietly patches a long‑exploited Windows LNK flaw after years of active abuse, closing an often weaponized attack path — LNK Patch
  • A Microsoft 365 license‑check bug blocks desktop app downloads for affected users, disrupting productivity and licensing workflows — M365 Bug
  • Critical WordPress plugin flaws—including an exploited Elementor add‑on and active attacks exploiting King Addons—are being used to create admin accounts and take over sites, urging immediate patching — Elementor Flaw, King Addons, King Addons

Malware & Botnets

  • A record 29.7 Tbps DDoS attack was linked to the AISURU botnet with up to 4 Million infected hosts, marking a new volumetric high in internet disruption — Record DDoS
  • New stealthy Linux malware combines Mirai‑style DDoS capabilities with a cryptominer, expanding multifunction botnet threats on IoT and Linux hosts — Linux Malware
  • Brazil is hit by a banking Trojan spread via a WhatsApp worm and RelayNFC relay fraud, demonstrating mobile‑centric banking malware evolution — Brazil Banking Trojan
  • The social‑engineering ClickFix campaign uses a fake ChatGPT “Atlas” browser to trick users into installing tools and executing commands to steal passwords and gain system control — ClickFix Attack

Data Breaches & Exposures

  • Freedom Mobile discloses a data breach exposing customer personal information, with reporting across multiple outlets urging impacted user mitigation — Freedom Mobile, Freedom Mobile
  • The Marquis breach affects over 74 US banks and credit unions, expanding the impact radius of third‑party data compromises in financial services — Marquis Breach
  • French DIY giant Leroy Merlin and the University of Phoenix report data breaches tied to vendor/Oracle EBS issues, continuing the trend of supply‑chain and third‑party exposures — Leroy Merlin, UoP Breach

Ransomware & Supply Chain

  • The Rhysida ransomware gang demanded ~9 bitcoin (almost $800,000) from the Cleveland County, OK sheriff’s office after compromising systems, reflecting rising pressure on local governments — Rhysida Ransom
  • Analysts warn that ransomware and supply‑chain attacks are increasingly converging, amplifying downstream risk for organizations and partners — Ransom‑Supply Chain

Industry Trends & Guidance

  • Global cyber agencies issue AI security guidance for protecting critical infrastructure OT, emphasizing secure AI deployment in industrial environments — AI OT Guidance
  • Threat roundups highlight a surge in Wi‑Fi hacks, npm worms, DeFi thefts and phishing blasts, while a year‑in‑review summarizes the 5 threats that reshaped web security in 2025 — ThreatsDay, Web Security

Surveillance & Policing

  • A Canadian police department becomes the first to trial body cameras with embedded facial recognition, raising privacy and civil‑liberty questions around law enforcement tech — Facial Cameras

Funding & Research

  • Niobium raises $23 Million to accelerate hardware for fully homomorphic encryption, advancing practical privacy‑preserving computation capabilities — Niobium Funding

Privacy & Regulation

  • India withdraws a mandate to pre-install the Sanchar Saathi cyber‑safety app after surveillance backlash, reversing a controversial phone‑policy — Sanchar Saathi, India Drops
  • The UK ICO’s cookie enforcement campaign brings ~95% of top sites into compliance, leaving just 21 non‑compliant sites and strengthening user tracking controls — UK Cookies

Nation‑State Activity

  • Connected‑car failures in Russia raise fears about automotive tracking vulnerabilities after unexplained Porsche shutdowns, highlighting risks to IoT vehicles — Porsche Shutdown
  • Russian actors target Reporters Without Borders while the UK sanctions the GRU and linked cyber spies over a nerve‑agent attack, underscoring escalating state cyber and diplomatic actions — Reporters Targeted, UK Sanctions
  • Researchers report continued use of Predator spyware across countries including Iraq, and an exclusive analysis exposes a compromised North Korean APT machine tied to a major heist, showing persistent state‑grade surveillance tooling — Predator Spyware, North Korea APT
  • Russia blocks Roblox over alleged LGBT “propaganda”, illustrating censorship and platform control as part of broader state online measures — Roblox Block

Vulnerabilities & Patching

  • Critical RSC bugs in React and Next.js allow unauthenticated remote code execution, posing severe risks to modern web apps — RSC Bugs
  • Microsoft quietly patches a long‑exploited Windows LNK flaw after years of active abuse, closing an often weaponized attack path — LNK Patch
  • A Microsoft 365 license‑check bug blocks desktop app downloads for affected users, disrupting productivity and licensing workflows — M365 Bug
  • Critical WordPress plugin flaws—including an exploited Elementor add‑on and active attacks exploiting King Addons—are being used to create admin accounts and take over sites, urging immediate patching — Elementor Flaw, King Addons, King Addons

Malware & Botnets

  • A record 29.7 Tbps DDoS attack was linked to the AISURU botnet with up to 4 Million infected hosts, marking a new volumetric high in internet disruption — Record DDoS
  • New stealthy Linux malware combines Mirai‑style DDoS capabilities with a cryptominer, expanding multifunction botnet threats on IoT and Linux hosts — Linux Malware
  • Brazil is hit by a banking Trojan spread via a WhatsApp worm and RelayNFC relay fraud, demonstrating mobile‑centric banking malware evolution — Brazil Banking Trojan
  • The social‑engineering ClickFix campaign uses a fake ChatGPT “Atlas” browser to trick users into installing tools and executing commands to steal passwords and gain system control — ClickFix Attack

Data Breaches & Exposures

  • Freedom Mobile discloses a data breach exposing customer personal information, with reporting across multiple outlets urging impacted user mitigation — Freedom Mobile, Freedom Mobile
  • The Marquis breach affects over 74 US banks and credit unions, expanding the impact radius of third‑party data compromises in financial services — Marquis Breach
  • French DIY giant Leroy Merlin and the University of Phoenix report data breaches tied to vendor/Oracle EBS issues, continuing the trend of supply‑chain and third‑party exposures — Leroy Merlin, UoP Breach

Ransomware & Supply Chain

  • The Rhysida ransomware gang demanded ~9 bitcoin (almost $800,000) from the Cleveland County, OK sheriff’s office after compromising systems, reflecting rising pressure on local governments — Rhysida Ransom
  • Analysts warn that ransomware and supply‑chain attacks are increasingly converging, amplifying downstream risk for organizations and partners — Ransom‑Supply Chain

Industry Trends & Guidance

  • Global cyber agencies issue AI security guidance for protecting critical infrastructure OT, emphasizing secure AI deployment in industrial environments — AI OT Guidance
  • Threat roundups highlight a surge in Wi‑Fi hacks, npm worms, DeFi thefts and phishing blasts, while a year‑in‑review summarizes the 5 threats that reshaped web security in 2025 — ThreatsDay, Web Security

Surveillance & Policing

  • A Canadian police department becomes the first to trial body cameras with embedded facial recognition, raising privacy and civil‑liberty questions around law enforcement tech — Facial Cameras

Funding & Research

  • Niobium raises $23 Million to accelerate hardware for fully homomorphic encryption, advancing practical privacy‑preserving computation capabilities — Niobium Funding

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint