Cyber Security Week in Review: December 5, 2025
In brief: Critical React2Shell exploited by Chinese hackers, Microsoft silently patches Windows LNK flaw, and more.
Cybersecurity News - Page 38
Star Blizzard’s new spear-phishing wave targeting Western NGOs supporting Ukraine
The latest activity targeted at least two organizations, including Reporters Without Borders (RSF).
Iran-linked hackers target Israeli, Egyptian critical infrastructure in stealthy phishing campaign
The campaign relied on spearphishing emails that delivered PDFs containing links to malicious installers hosted on free file-sharing services.
Silver Fox APT deploys malware via repackaged Telegram, Chrome, and MS Teams installers
The campaign ultimately deploys the ValleyRat remote-access tool onto the compromised systems.
Researchers expose North Korean scheme to “rent” developer identities
Threat actor recruits real engineers willing to act as a figurehead for remote work, offering 20–35% of the salary while DPRK agents secretly perform the job.
Glassworm malware reinfects VS Code extension marketplaces
The extensions attempt to steal GitHub, npm, and OpenVSX credentials, as well as cryptocurrency wallet data.
Russia-linked Gamaredon targets Ukraine with new GamaWiper malware
This is the first time when Gamaredon was observed conducting destructive attacks rather than traditional espionage operations.
SmartTube Android TV app compromised after developer’s signing keys stolen
The issue came to light when numerous users reported that Google Play Protect abruptly began blocking SmartTube and flagging it as unsafe.
ShadyPanda malware operation infects millions through browser extensions
The operation run in four phases that gradually transformed benign add-ons into powerful spyware.
New Albiriox Android MaaS targets more than 400 apps
The malware is delivered via dropper apps spread through social engineering lures.
Showing elements 371 - 380