Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [17 Dec 2025]

admin
Cybersecurity News | Daily Recap [17 Dec 2025]

Daily Recap, state-sponsored GRU-linked groups such as Sandworm and APT44 have pivoted from zero-days to weaponizing misconfigured edge devices, persistently targeting energy, telecom and cloud infrastructure across 2021–2025, with some operations disrupted by private defenders. The recap also highlights a range of threats, from Android RaaS Cellik and GhostPoster campaigns to credential phishing by APT28 and ForumTroll, notable incidents at PDVSA, KT, Askul and Hama Film, and ongoing supply-chain and vulnerability activities involving Fortinet flaws and AWS IAM abuse. #GRU #Sandworm #APT44 #APT28 #ForumTroll #GhostPoster #Cellik #TracerFody #PDVSA #KT #Askul #HamaFilm

State-sponsored Threats

  • Russian GRU-linked groups like Sandworm/APT44 have pivoted from zero-days to weaponizing misconfigured edge devices, persistently targeting energy, telecom and cloud infrastructure across 2021–2025, with some operations disrupted by private defenders – GRU Edge, Sandworm Pivot, Amazon Disrupts, GRU Exposed

Malware & Extensions

  • New Android RaaS Cellik (sold for $150/month) offers screen streaming, keylogging and trojanizes Google Play apps to deliver persistent surveillance – Cellik RAT, Cellik Build
  • The GhostPoster campaign hid malicious JavaScript in Firefox add-on assets to hijack affiliate links, perform ad fraud and open backdoors in extensions with 50,000+ downloads – GhostPoster, GhostPoster BC
  • A rogue NuGet package posing as Tracer.Fody has been stealing cryptocurrency wallet data for years via a typosquatting supply‑chain backdoor – Tracer.Fody

Phishing & Scams

  • APT28 ran a long-running credential phishing campaign targeting Ukrainian UKR-net users to harvest logins and maintain access — APT28 Phish
  • New ForumTroll phishing lures impersonating eLibrary emails targeted Russian scholars to deliver credential-stealing payloads – ForumTroll Phish
  • European police dismantled a Ukraine-based call center network behind roughly $11 million in fraud, showing continued organized call-center scams across borders – Call Center Bust

Vulnerabilities & Patches

  • CISA warned of a plaintext-credentials issue in Mitsubishi Electric GT Designer3 that can expose project credentials for GOT2000/GOT1000 devices – Mitsubishi GT
  • Critical RADIUS-related flaws in Hitachi Energy AFS/AFR/AFF series can allow forgery attacks impacting data integrity and operations – Hitachi Flaw
  • CISA’s Known Exploited Vulnerabilities catalog and recent reports highlight multiple affected vendors (including Fortinet) and urge remediation – CISA Catalog
  • Attackers are actively exploiting recently patched Fortinet auth bypass flaws (CVE-2025-59718, CVE-2025-59719) to steal configs and bypass cloud SSO, and Microsoft urged admins to contact support over an MSMQ/IIS update that breaks apps – Fortinet Exploits, MS IIS Fix

Incidents & Breaches

  • A cyberattack on Venezuela’s state oil firm PDVSA disrupted administrative systems and suspended some cargo deliveries amid mutual accusations with the U.S. — investigations ongoing – PDVSA Hit, PDVSA Blame
  • South Korea’s KT suffered a suspected state-level espionage breach targeting femtocells and telecom data, raising systemic-security concerns – KT Breach
  • France’s Interior Ministry is probing an email compromise that exposed confidential files, prompting judicial and technical investigations – France Email
  • Japanese firm Askul saw a ransomware attack leak over 700,000 records after refusal to pay the RansomHouse extortionists – Askul Ransom
  • A flaw at photo-kiosk vendor Hama Film exposed hundreds of customer photos online, underscoring basic data‑protection failures – Photo Kiosk

Cloud & Supply‑Chain Risk

  • Compromised AWS IAM credentials are being used to deploy large-scale cloud crypto‑mining operations, highlighting poor identity hygiene risks in cloud environments – IAM Crypto
  • The evolution of third‑party risk from open‑source to AI stresses the need for SBOMs, SAST/DAST and manual reviews to mitigate supply‑chain threats like slopsquatting – Third-Party Risk
  • Startup Dux launched with $9 million to use AI agents for exposure management and exploitability analysis to reduce enterprise attack surface – Dux Launch

Policy & Predictions

  • Five cybersecurity predictions for 2026 forecast a shift from perimeter defenses to identity‑centric security and emphasize rising AI/deepfake threats that force new trust models – 2026 Predictions
  • India’s DPDP rules are quietly reducing risks from deepfakes and synthetic identities by enforcing consent and provenance requirements that improve data governance – DPDP Impact
  • U.S. House Homeland Security leadership is keeping cyber legislation and offensive cyber capabilities on the agenda while tracking Chinese threat actors and AI risks – Legislative Focus
  • Texas sued major TV makers over surreptitious Automated Content Recognition (ACR) data collection, alleging privacy invasions and potential exposure to foreign access—targets include Sony, Samsung, LG and others – TV Lawsuit

Security Operations & Community

  • SOCs are urged to move from reactive firefighting to proactive, contextual threat intelligence—tools like ANY.RUN’s Threat Intelligence Lookup help prioritize industry‑ and country‑specific threats – Fix SOC Blind Spots
  • Growing CISO communities provide trusted peer sharing, threat intel exchange and mental‑health support, becoming a force multiplier for enterprise security teams – CISO Communities

Fraud & Social Engineering

  • Former fraudster‑turned‑defender Alex Hall details how personal trauma and neurodiversity shaped his fraud tactics and now informs his work improving account‑takeover detection and trust/safety architectures – Alex Hall

Cybersecurity News | Daily Recap – hendryadrian.com