IT Security Weekend Catch Up – December 13, 2025

Comments
close searching

13.12.2025 | 23:15

IT Security Weekend Catch Up – December 13, 2025
avatar

badcyber

comments

IT Security Weekend Catch Up – December 13, 2025

Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Commission fines X €120 million under the Digital Services Act
  2. Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK
  3. Ransomware trends in Bank Secrecy Act data between 2022 and 2024
  4. Apple, Google send new round of cyber threat notifications to users around world
  5. 10 years of Let's Encrypt certificates

For the more technical

  1. December 2025 Patch Tuesday: One critical zero-day, two publicly disclosed vulnerabilities aAmong 57 CVEs
  2. CVE-2025-55182 (React2Shell) opportunistic exploitation in the wild: What the GreyNoise observation grid is seeing so far
  3. China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
  4. EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks
  5. Fantastic OWASP: 80 minutes of a security journey
  6. Security-reviewing AI generated code
  7. PromptPwnd: Prompt injection vulnerabilities in GitHub Actions using AI agents
  8. Attacking browser extensions
  9. RolyPoly VPN: The malicious “free” VPN extension that keeps coming back
  10. Gogs 0-day exploited in the wild
  11. How I discovered a hidden microphone on a Chinese NanoKVM
  12. JS#SMUGGLER: Multi-stage – hidden iframes, obfuscated JavaScript, silent redirectors & NetSupport RAT delivery
  13. New BYOVD loader behind DeadLock ransomware attack
  14. Total takeover: DroidLock hijacks your device
  15. Spiderman phishing kit mimics top European banks with a few clicks
  16. Introducing GhostFrame, a new super stealthy phishing kit
  17. ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants
  18. No Name Podcast: From reactive cybersecurity to proactive threat hunting
  19. To catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware
  20. Exclusive look inside a compromised North Korean APT machine linked to the biggest heist in history
  21. Trouble in the air: A spree of campaigns targeting the aerospace industry in Russia
  22. Malicious apprentice: How two hackers went from Cisco Academy to Cisco CVEs
  23. UDPGangster campaigns target multiple countries

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.


Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy! For the less technical Commission fines X €120 million under the Digital Services Act Password manager provider fined £1 2025-12-13T23:15:56+01:00

Comments