Daily Security Feed - 2025-12-26

Security Feed Digest (2025-12-26)

Hacker News: Best

• Rob Pike Goes Nuclear over GenAI — Fri, 26 Dec 2025 05:27:05 +0000
• Seven Diabetes Patients Die Due to Undisclosed Bug in Abbott’s Glucose Monitors — Fri, 26 Dec 2025 00:29:40 +0000
• Maybe the default settings are too high — Thu, 25 Dec 2025 23:13:21 +0000
• Google is ‘gradually rolling out’ option to change your gmail.com address — Thu, 25 Dec 2025 21:36:48 +0000
• Fahrplan – 39C3 — Thu, 25 Dec 2025 18:40:14 +0000
• I sell onions on the Internet (2019) — Thu, 25 Dec 2025 16:24:45 +0000
• Alzheimer’s disease can be reversed in animal models? Study — Thu, 25 Dec 2025 15:22:36 +0000
• Salesforce regrets firing 4000 experienced staff and replacing them with AI — Thu, 25 Dec 2025 14:58:29 +0000
• Asahi Linux with Sway on the MacBook Air M2 (2024) — Thu, 25 Dec 2025 14:20:29 +0000
• Python 3.15’s interpreter for Windows x86-64 should hopefully be 15% faster — Thu, 25 Dec 2025 13:02:46 +0000
• Mattermost restricted access to old messages after 10000 limit is reached — Thu, 25 Dec 2025 11:03:59 +0000
• We invited a man into our home at Christmas and he stayed with us for 45 years — Thu, 25 Dec 2025 10:35:34 +0000
• Free Software Foundation receives historic private donations — Thu, 25 Dec 2025 04:47:38 +0000
• Ruby 4.0.0 — Thu, 25 Dec 2025 04:13:00 +0000
• Who Watches the Waymos? I do [video] — Thu, 25 Dec 2025 00:10:12 +0000
• Microsoft please get your tab to autocomplete shit together — Wed, 24 Dec 2025 23:33:15 +0000
• Asterisk AI Voice Agent — Wed, 24 Dec 2025 23:25:37 +0000
• Tell HN: Merry Christmas — Wed, 24 Dec 2025 22:56:00 +0000
• Phoenix: A modern X server written from scratch in Zig — Wed, 24 Dec 2025 22:43:53 +0000
• How I Left YouTube — Wed, 24 Dec 2025 21:54:48 +0000
• Nvidia to buy assets from Groq for $20B cash — Wed, 24 Dec 2025 21:02:15 +0000
• Show HN: Minimalist editor that lives in browser, stores everything in the URL — Wed, 24 Dec 2025 19:42:25 +0000
• Fabrice Bellard: Biography (2009) [pdf] — Wed, 24 Dec 2025 18:17:47 +0000
• Show HN: Vibium – Browser automation for AI and humans, by Selenium’s creator — Wed, 24 Dec 2025 17:49:02 +0000
• Why We Abandoned Matrix (2024) — Wed, 24 Dec 2025 15:06:26 +0000
• AMD entered the CPU market with reverse-engineered Intel 8080 clone 50 years ago — Wed, 24 Dec 2025 14:28:35 +0000
• Games’ affordance of childlike wonder and reduced burnout risk in young adults — Wed, 24 Dec 2025 13:43:46 +0000
• When compilers surprise you — Wed, 24 Dec 2025 13:27:50 +0000
• I’m returning my Framework 16 — Wed, 24 Dec 2025 12:55:19 +0000
• Avoid Mini-Frameworks — Wed, 24 Dec 2025 12:04:02 +0000

Krebs on Security

• Dismantling Defenses: Trump 2.0 Cyber Year in Review — Fri, 19 Dec 2025 15:14:55 +0000
• Most Parked Domains Now Serving Malicious Content — Tue, 16 Dec 2025 14:14:48 +0000
• Microsoft Patch Tuesday, December 2025 Edition — Tue, 09 Dec 2025 23:18:29 +0000
• Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill — Sat, 06 Dec 2025 14:45:03 +0000
• SMS Phishers Pivot to Points, Taxes, Fake Retailers — Thu, 04 Dec 2025 23:02:34 +0000
• Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ — Wed, 26 Nov 2025 17:22:36 +0000
• Is Your Android TV Streaming Box Part of a Botnet? — Mon, 24 Nov 2025 18:44:52 +0000
• Mozilla Says It’s Finally Done With Two-Faced Onerep — Thu, 20 Nov 2025 19:06:51 +0000
• The Cloudflare Outage May Be a Security Roadmap — Wed, 19 Nov 2025 14:07:03 +0000
• Microsoft Patch Tuesday, November 2025 Edition — Sun, 16 Nov 2025 21:47:14 +0000

CISA Alerts

• Publicly Available Tools Seen in Cyber Incidents Worldwide — Thu, 17 Nov 2022 15:57:05 EST
• SamSam Ransomware — Thu, 17 Nov 2022 15:57:05 EST
• DNS Infrastructure Hijacking Campaign — Thu, 17 Nov 2022 15:57:05 EST
• New Exploits for Unsecure SAP Systems — Thu, 17 Nov 2022 15:57:05 EST
• Microsoft Operating Systems BlueKeep Vulnerability — Thu, 17 Nov 2022 15:57:05 EST
• Microsoft Ending Support for Windows 7 and Windows Server 2008 R2 — Thu, 17 Nov 2022 15:57:05 EST
• Dridex Malware — Thu, 17 Nov 2022 15:57:05 EST
• Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad — Thu, 17 Nov 2022 15:57:05 EST
• Continued Exploitation of Pulse Secure VPN Vulnerability — Thu, 17 Nov 2022 15:57:05 EST
• Critical Vulnerabilities in Microsoft Windows Operating Systems — Thu, 17 Nov 2022 15:57:05 EST

BleepingComputer

• Trust Wallet Chrome extension hack tied to millions in losses — Fri, 26 Dec 2025 04:47:08 -0500
• ChatGPT’s new formatting blocks make its UI look more like a task tool — Thu, 25 Dec 2025 17:39:19 -0500
• Google will finally allow you to change your @gmail.com address — Thu, 25 Dec 2025 09:30:58 -0500
• OpenAI is reportedly testing Claude-like Skills for ChatGPT — Wed, 24 Dec 2025 17:31:28 -0500
• Fake MAS Windows activation domain used to spread PowerShell malware — Wed, 24 Dec 2025 12:44:46 -0500
• Microsoft Teams to let admins block external users via Defender portal — Wed, 24 Dec 2025 11:22:44 -0500
• MongoDB warns admins to patch severe RCE flaw immediately — Wed, 24 Dec 2025 09:18:36 -0500
• FBI seizes domain storing bank credentials stolen from U.S. victims — Wed, 24 Dec 2025 08:17:32 -0500
• Microsoft rolls out hardware-accelerated BitLocker in Windows 11 — Tue, 23 Dec 2025 15:03:34 -0500
• WebRAT malware spread via fake vulnerability exploits on GitHub — Tue, 23 Dec 2025 14:31:53 -0500
• Malicious extensions in Chrome Web store steal user credentials — Tue, 23 Dec 2025 08:31:55 -0500

Darkreading

• Dark Reading Opens The State of Application Security Survey — Fri, 26 Dec 2025 12:00:48 GMT
• Industry Continues to Push Back on HIPAA Security Rule Overhaul — Tue, 23 Dec 2025 20:22:19 GMT
• ServiceNow Buys Armis for $7.75B, Boosts ‘AI Control Tower’ — Tue, 23 Dec 2025 20:03:15 GMT
• Amazon Fends Off 1,800 Suspected DPRK IT Job Scammers — Tue, 23 Dec 2025 17:42:50 GMT
• Sprawling ‘Operation Sentinel’ Neutralizes African Cybercrime Syndicates — Tue, 23 Dec 2025 17:16:35 GMT
• Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices — Mon, 22 Dec 2025 20:29:34 GMT
• Uzbek Users Under Attack by Android SMS-Stealers — Mon, 22 Dec 2025 17:07:10 GMT
• Cisco VPNs, Email Services Hit in Separate Threat Campaigns — Fri, 19 Dec 2025 20:05:38 GMT
• LongNosedGoblin Caught Snooping on Asian Governments — Fri, 19 Dec 2025 16:38:48 GMT
• Identity Fraud Among Home-Care Workers Puts Patients at Risk — Fri, 19 Dec 2025 15:04:50 GMT
• A Cybersecurity Playbook for AI Adoption — Fri, 19 Dec 2025 14:00:00 GMT
• A Good Year for North Korean Cybercriminals — Fri, 19 Dec 2025 14:00:00 GMT
• SonicWall Edge Access Devices Hit by Zero-Day Attacks — Thu, 18 Dec 2025 22:25:46 GMT
• Dormant Iran APT is Still Alive, Spying on Dissidents — Thu, 18 Dec 2025 13:00:00 GMT
• Critical Fortinet Flaws Under Active Attack — Wed, 17 Dec 2025 22:44:38 GMT
• In Cybersecurity, Claude Leaves Other LLMs in the Dust — Wed, 17 Dec 2025 22:01:58 GMT
• ‘Cellik’ Android RAT Leverages Google Play Store — Wed, 17 Dec 2025 21:38:50 GMT
• Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity — Wed, 17 Dec 2025 21:14:12 GMT
• ‘Fake Proof’ and AI Slop Hobble Defenders — Wed, 17 Dec 2025 20:58:31 GMT
• The Future of Quantum-Safe Networks Depends on Interoperable Standards — Wed, 17 Dec 2025 20:46:43 GMT
• Attackers Use Stolen AWS Credentials in Cryptomining Campaign — Wed, 17 Dec 2025 16:33:22 GMT
• Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation — Wed, 17 Dec 2025 07:00:00 GMT
• Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps — Tue, 16 Dec 2025 22:53:00 GMT
• Why You Should Train Your SOC Like a Triathlete — Tue, 16 Dec 2025 22:20:33 GMT
• Venezuelan Oil Company Downplays Alleged US Cyberattack — Tue, 16 Dec 2025 20:33:16 GMT
• Russia Hits Critical Orgs Via Misconfigured Edge Devices — Tue, 16 Dec 2025 20:03:15 GMT
• Browser Extension Harvests 8M Users’ AI Chatbot Data — Tue, 16 Dec 2025 16:14:01 GMT
• Enterprises Gear Up Ahead of 2026’s IT Transformation Shift — Tue, 16 Dec 2025 15:08:23 GMT
• How Cyber Insurance MGAs Shape Policies for Evolving Cyber-Risks — Mon, 15 Dec 2025 22:28:47 GMT
• Apple Patches More Zero-Days Used in ‘Sophisticated’ Attack — Mon, 15 Dec 2025 21:25:20 GMT

The Hacker News

• Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection — Fri, 26 Dec 2025 14:57:00 +0530
• ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories — Thu, 25 Dec 2025 19:31:00 +0530
• LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds — Thu, 25 Dec 2025 18:16:00 +0530
• Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability — Thu, 25 Dec 2025 13:52:00 +0530
• CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — Thu, 25 Dec 2025 13:37:00 +0530
• New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper — Wed, 24 Dec 2025 21:53:00 +0530
• Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media — Wed, 24 Dec 2025 18:38:00 +0530
• Attacks are Evolving: 3 Ways to Protect Your Business in 2026 — Wed, 24 Dec 2025 17:00:00 +0530
• SEC Files Charges Over $14 Million Crypto Scam Using Fake AI-Themed Investment Tips — Wed, 24 Dec 2025 14:49:00 +0530
• Italy Fines Apple €98.6 Million Over ATT Rules Limiting App Store Competition — Wed, 24 Dec 2025 11:45:00 +0530
• Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites — Tue, 23 Dec 2025 20:12:00 +0530
• INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty — Tue, 23 Dec 2025 17:05:00 +0530
• Passwd: A walkthrough of the Google Workspace Password Manager — Tue, 23 Dec 2025 17:00:00 +0530
• U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme — Tue, 23 Dec 2025 13:45:00 +0530
• Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances — Tue, 23 Dec 2025 13:04:00 +0530
• FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks — Tue, 23 Dec 2025 12:28:00 +0530
• Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens — Mon, 22 Dec 2025 21:58:00 +0530
• ⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More — Mon, 22 Dec 2025 17:30:00 +0530
• How to Browse the Web More Sustainably With a Green Browser — Mon, 22 Dec 2025 17:25:00 +0530
• Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale — Mon, 22 Dec 2025 11:41:00 +0530
• Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence — Sun, 21 Dec 2025 09:52:00 +0530
• U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware — Sat, 20 Dec 2025 19:18:00 +0530
• Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers — Fri, 19 Dec 2025 23:24:00 +0530
• Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware — Fri, 19 Dec 2025 21:04:00 +0530
• WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability — Fri, 19 Dec 2025 16:53:00 +0530
• Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks — Fri, 19 Dec 2025 15:56:00 +0530
• New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards — Fri, 19 Dec 2025 13:55:00 +0530
• China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware — Thu, 18 Dec 2025 23:04:00 +0530
• HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution — Thu, 18 Dec 2025 20:09:00 +0530
• ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — Thu, 18 Dec 2025 18:40:00 +0530

데일리시큐 - 최근인기기사

• Net-SNMP 치명적 취약점 발견…원격 코드 실행 가능성까지 제기 — 2025-12-26 08:52:14
• 포티넷 “포티게이트 SSL VPN 5년전 취약점, 최근 공격에 활용 정황”…패치 적용 필수 — 2025-12-26 00:52:04
• 애플 보안 절차 통과한 악성 앱…맥OS 사용자 노린 ‘맥싱크’ 등장 — 2025-12-26 01:15:16
• 아시아나항공 인트라넷 해킹…임직원·협력사 1만여 명 개인정보 유출 — 2025-12-26 08:32:44
• 몽고DB, CVE-2025-14847 긴급 패치 권고…zlib 압축 처리 결함으로 “사전 인증” 메모리 유출 위험 — 2025-12-26 13:10:36
• [보안칼럼] 보이지 않는 인터넷의 절반, 그리고 우리가 놓치고 있는 공격 측면 — 2025-12-26 12:23:09
• GDG 대구, ‘2025 데브페스트(DevFest)’ 성료 — 2025-12-26 09:03:11
• 블로세이프, ‘세계 3위 해커’ 보안력 앞세워 글로벌 스테이블코인 제왕 ‘서클(Circle)’과 전략적 동맹 — 2025-12-26 12:49:40
• 쿠팡 사태 대응 점검한 관계장관회의…플랫폼 정보유출 재발 방지 제도개선 착수 — 2025-12-26 12:38:49
• ㈜구일팔, KOSID 한국실내건축가협회 후원 및 CAD 공동구매 진행 — 2025-12-26 09:03:04

보안뉴스 > SECURITY

• [쿠팡 해킹] 쿠팡, 유출자 접촉과 기기 회수는 “정부 지시 따른 것” — Fri, 26 Dec 2025 17:22:00 +0900
• 블로세이프, 세계 최대 스테이블코인사 ‘서클’과 맞손 — Fri, 26 Dec 2025 15:57:00 +0900
• 박동균 대구한의대 교수 ‘대한민국 치안리포트’ 북 콘서트 성료 — Fri, 26 Dec 2025 14:03:00 +0900
• [쿠팡 해킹] 경찰, 쿠팡 ‘셀프 조사’ 재검증… “살인사건 시체 옮긴거나 마찬가지” — Fri, 26 Dec 2025 13:34:00 +0900
• 케이사인, 국내 최초 OCPP 기반 프로토콜 퍼저 개발… 전기차 충전 인프라 취약점 사전 점검 — Fri, 26 Dec 2025 13:14:00 +0900
• “문서 포맷 그대로 비식별”… 이지서티, AI 시대 개인정보 비식별 솔루션 제시 — Fri, 26 Dec 2025 13:12:00 +0900
• [시큐리티 머니 인덱스] AI·클라우드 보안 향한 글로벌 자본…서비스나우, 아미스 11조 인수 — Fri, 26 Dec 2025 11:17:00 +0900
• 중국 ‘콰이쇼우’, AI 기반 사이버 공격으로 라이브 스트리밍 마비… 서구권 배후설 제기 — Fri, 26 Dec 2025 10:54:00 +0900
• 상반기 수사기관 통신이용자정보 요청, 전년 대비 10% 늘어 — Fri, 26 Dec 2025 10:49:00 +0900
• [양자와 보안] “단 4개 큐비트로 해킹 잡는다” 美 존스홉킨스 연구진, 소형 양자 칩 보안 시스템 개발 — Fri, 26 Dec 2025 10:23:00 +0900

Security Feed Digest (2025-12-26)

Hacker News: Best

• My insulin pump controller uses the Linux kernel. It also violates the GPL — Fri, 26 Dec 2025 19:13:22 +0000
• Rob Pike got spammed with an AI slop “act of kindness” — Fri, 26 Dec 2025 18:42:13 +0000
• FFmpeg has issued a DMCA takedown on GitHub — Fri, 26 Dec 2025 17:48:25 +0000
• How uv got so fast — Fri, 26 Dec 2025 17:13:07 +0000
• Experts explore new mushroom which causes fairytale-like hallucinations — Fri, 26 Dec 2025 17:07:53 +0000
• Rob Pike goes nuclear over GenAI — Fri, 26 Dec 2025 14:08:47 +0000
• Package managers keep using Git as a database, it never works out — Fri, 26 Dec 2025 12:46:36 +0000
• ChatGPT conversations still lack timestamps after years of requests — Fri, 26 Dec 2025 12:39:32 +0000
• I’m a laptop weirdo and that’s why I like my new Framework 13 — Fri, 26 Dec 2025 12:27:19 +0000
• TurboDiffusion: 100–200× Acceleration for Video Diffusion Models — Fri, 26 Dec 2025 03:19:49 +0000
• MiniMax M2.1: Built for Real-World Complex Tasks, Multi-Language Programming — Fri, 26 Dec 2025 01:02:53 +0000
• Ask HN: What skills do you want to develop or improve in 2026? — Thu, 25 Dec 2025 16:08:57 +0000

BleepingComputer

• Fake GrubHub emails promise tenfold return on sent cryptocurrency — Fri, 26 Dec 2025 15:22:28 -0500
• Trust Wallet confirms extension hack led to $7 million crypto theft — Fri, 26 Dec 2025 04:47:08 -0500
• MongoDB warns admins to patch severe vulnerability immediately — Wed, 24 Dec 2025 09:18:36 -0500

Darkreading

• Mentorship and Diversity: Shaping the Next Generation of Cyber Experts — Fri, 26 Dec 2025 15:15:00 GMT
• As More Coders Adopt AI Agents, Security Pitfalls Lurk in 2026 — Fri, 26 Dec 2025 13:04:07 GMT

The Hacker News

• Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code — Fri, 26 Dec 2025 21:01:00 +0530
• China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware — Fri, 26 Dec 2025 20:14:00 +0530

데일리시큐 - 최근인기기사

• 오픈AI “프롬프트 인젝션, 장기 보안 과제…완전한 해결책 보장 어렵다” — 2025-12-26 16:13:37
• 아마존, ‘북한 IT 원격취업 사기’ 의심 지원자 1,800명 차단…“올해 분기별 지원 27% 증가” — 2025-12-26 15:29:19
• 조사 중 사안 일방적 공개한 쿠팡, 퇴직자 일탈로 좁히려는가…쿠팡 유출 사태, 내부통제 허점이 본질 — 2025-12-26 16:37:48