Another week, another avalanche of zero-days, ransomware victims, and creative attack techniques that make you wonder if threat actors ever sleep (spoiler: they don’t).

From Chrome getting exploited in the wild to malware hiding in VS Code extensions—because apparently, even our dev tools need therapy now—this week had it all. We’ve got nation-state shenanigans, AI security guardrails, and someone at Accenture allegedly fudging DoD compliance (yikes).

Click through for the full breakdown before your CISO asks if you’ve seen the latest Chrome patch.

#CyberSecurity #ThreatIntelligence #InfoSec #FWU #fridaywrapup #Malware #DataBreach #Ransomware

Major Cyberattacks & Incidents

This week saw multiple significant data breaches and sophisticated attack campaigns targeting organizations worldwide.

• 🚨 Marquis Software Solutions suffered a firewall vulnerability breach exposing personal data of over 780,000 individuals across the United States. (Published on 8-Dec-2025, Infosecurity). Read More

• 📊 Fieldtex Products disclosed a data breach impacting 238,000 people after the Akira ransomware group claimed responsibility for stealing 14GB of company data. (Published on 12-Dec-2025, SecurityWeek). Read More

• 🏪 South Korean police raided Coupang’s offices following a major data breach, prompting the CEO’s resignation amid the investigation. (Published on 12-Dec-2025, Infosecurity). Read More

• 🎯 Storm-0249 initial access broker weaponized endpoint detection and response platforms and Windows utilities in highly targeted precision attacks against organizations. (Published on 10-Dec-2025, Dark Reading). Read More

Malware & Vulnerabilities

Critical flaws and new malware campaigns dominated security headlines with exploits targeting enterprise and consumer platforms alike.

• 🕸️ JS#SMUGGLER campaign leverages compromised websites to inject obfuscated JavaScript loaders distributing NetSupport RAT through encrypted HTML applications. (Published on 8-Dec-2025, The Hacker News). Read More

• 🔧 SAP released December security updates patching 14 vulnerabilities including three critical-severity flaws affecting Solution Manager, Commerce Cloud, and other products. (Published on 9-Dec-2025, BleepingComputer). Read More

• 🤖 Google patched a critical Gemini Enterprise vulnerability enabling attackers to inject malicious instructions into documents to exfiltrate sensitive corporate information. (Published on 9-Dec-2025, Dark Reading). Read More

• 📝 Adobe addressed nearly 140 vulnerabilities in its December update, including 116 cross-site scripting bugs in Experience Manager. (Published on 9-Dec-2025, SecurityWeek). Read More

• 🏰 CastleLoader malware used by four distinct threat clusters confirms GrayBravo’s malware-as-a-service business model expanding infrastructure. (Published on 9-Dec-2025, The Hacker News). Read More

• 📱 DroidLock Android malware locks device screens demanding ransom while accessing text messages, call logs, contacts, and audio data. (Published on 10-Dec-2025, BleepingComputer). Read More

• 🔑 Gladinet’s CentreStack and Triofox products contain hard-coded cryptographic keys enabling unauthorized access and remote code execution in active attacks. (Published on 10-Dec-2025, The Hacker News). Read More

• 💾 Three security vulnerabilities in PCIe 5.0+ Integrity and Data Encryption protocol expose systems to faulty data handling by local attackers. (Published on 10-Dec-2025, The Hacker News). Read More

• ☁️ ConsentFix attack variant exploits Azure CLI OAuth app to hijack Microsoft accounts without passwords or bypassing multi-factor authentication. (Published on 11-Dec-2025, BleepingComputer). Read More

• 💻 Nineteen malicious Visual Studio Code extensions embedded malware in dependency folders using legitimate npm packages to compromise developer environments. (Published on 11-Dec-2025, Infosecurity). Read More

• 🐍 PyStoreRAT JavaScript-based remote access trojan distributed through fake OSINT and GPT utility GitHub repositories targeting developers. (Published on 12-Dec-2025, The Hacker News). Read More

• 🍎 Apple issued emergency patches for two zero-day vulnerabilities exploited in extremely sophisticated attacks targeting specific individuals. (Published on 12-Dec-2025, BleepingComputer). Read More

• 🌐 Google Chrome faced active in-the-wild exploitation of an undisclosed high-severity vulnerability prompting emergency security updates. (Published on 11-Dec-2025, The Hacker News). Read More

Vulnerability Research & Exploitation

Rapid exploitation campaigns demonstrated how quickly threat actors weaponize newly disclosed vulnerabilities.

• ⚛️ React2Shell (CVE-2025-55182) exploitation activity intensified as more threat actors weaponized the flaw immediately following public disclosure. (Published on 8-Dec-2025, Dark Reading). Read More

• 🇰🇵 Sophisticated React2Shell exploitation campaigns delivering EtherRAT show indicators linking attacks to North Korean cyber intrusion tactics. (Published on 9-Dec-2025, Infosecurity). Read More

Espionage & Nation-State Activity

Pro-Russia hacktivist groups escalated targeting of critical infrastructure in coordinated campaigns.

• 🎯 Pro-Russia hacktivist groups exploited exposed virtual network computing connections to breach operational technology systems in US critical infrastructure. (Published on 10-Dec-2025, Infosecurity). Read More

AI & Policy

Developments in AI security, regulatory compliance, and industry guidance shaped conversations around emerging technologies.

• 🛡️ Google detailed security guardrails protecting Chrome’s upcoming agentic browsing features from indirect prompt injection and other AI-specific attacks. (Published on 8-Dec-2025, TechCrunch). Read More

• 🤖 Chrome’s agentic AI protections include user alignment critic, expanded origin-isolation capabilities, and mandatory user confirmations for sensitive actions. (Published on 8-Dec-2025, SecurityWeek). Read More

• 💰 Microsoft expanded its bug bounty program to reward security researchers for critical vulnerabilities in any online service regardless of code origin. (Published on 11-Dec-2025, BleepingComputer). Read More

• ⚖️ Former Accenture employee Danielle Hillmer faces cybersecurity fraud charges for allegedly concealing that cloud platforms failed DoD security requirements. (Published on 11-Dec-2025, SecurityWeek). Read More

• 🎭 UK’s National Cyber Security Centre released new cyber deception guidance and learnings from pilot programs advancing defensive capabilities. (Published on 12-Dec-2025, Infosecurity). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!