Interesting Cybersecurity News of the Week Summarised – 01/12/2025

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

If you enjoy these, come back next Monday or scroll to the bottom to subscribe to the e-mail newsletter.

This week a lot happened, but most importantly:

If you or your organisation works with Javascript then you definitely need to check out the first news of this week and take some action to see if you’ve been impacted. Because, the bad worm has impacted more than 25 000 Git repositories to exfiltrate a huge amount of secrets. We already know a few big names that have been impacted – Zapier, Postman, Posthog …

1. Shai-Hulud v2 Supply Chain Worm Expands from npm to Maven, Leaks Thousands of Secrets

The evolved Shai-Hulud v2 worm has trojanized over 830 npm packages and now surfaced 
in Maven Central, exploiting automated npm-to-Maven rebundling. Its Bun-based loader 
and stealthier payload have infected tens of thousands of repositories and exfiltrated 
developer and cloud credentials into random GitHub repositories.

Key Details

• Maven Central package org.mvnpm:posthog-node:4.18.1 embeds setup_bun.js and bun_environment.js.
• Over 350 npm packages and 830+ mirrored artifacts compromised; 25,000+ GitHub repos affected.
• 11,858 unique secrets harvested; 2,298 remain active as of Nov 24, 2025.
• Attack exploits CI misconfigurations (pull_request_target, workflow_run) to self-host runners and exfiltrate via randomized repos.

Next Steps

• Immediate rotation of npm, GitHub, and cloud credentials.
• Audit and pin dependencies to known clean versions.
• Disable or restrict lifecycle scripts in CI/CD pipelines.

Read more at The Hacker News, CSO Online, CyberScoop, GitLab

2. House Energy and Commerce Committee Unveils Revised Kids Online Safety Act Without Duty of Care

The House Energy and Commerce Committee introduced a new draft of the Kids Online Safety Act (KOSA), removing the previously proposed “duty of care” that would legally bind tech platforms to social harms. The bill instead mandates that platforms implement “reasonable policies, practices and procedures” to address threats like sexual exploitation, violence and drug sales, scaled by platform size and technical feasibility.

Key Details

• Draft KOSA requires adaptable harm-mitigation policies based on platform complexity.
• Additional proposals include the App Store Accountability Act and COPPA 2.0 for under-17 privacy.
• The committee will review this and 18 other children’s online safety bills at an upcoming hearing.

Read more at The Record

3. New Bipartisan Bill Enhances Penalties for AI-Assisted Fraud and Impersonation

House lawmakers introduced the AI Fraud Deterrence Act to raise fines and prison terms for fraud schemes using AI-generated audio, video or text, targeting both consumer and government-official impersonations.
Penalties for AI-aided mail, wire, bank fraud and money laundering would jump to $1–2 million fines and 20–30 years’ imprisonment, with up to $1 million fine and 3 years for official impersonation.

Key Details

• Fraud penalties raised to $1–2 million fines and 20–30 years’ prison.
• Impersonating U.S. officials via AI carries up to $1 million fine, 3 years’ jail.
• Spurred by deepfake calls and messages targeting White House Chief of Staff and Secretary of State.
• Also addresses schemes against senators, governors and private-sector leaders.

Read more at CyberScoop

4. Russian-linked Hackers Exploit Blender Files to Deploy StealC V2 Infostealer

Attackers are embedding malicious Python scripts in .blend project files distributed on marketplaces like CGTrader, automatically executing when opened in Blender to install the StealC V2 information stealer. By targeting animators, game developers and VFX studios, the campaign harvests browser credentials, crypto-wallet data and messaging/VPN tokens, while evading detection on systems using Cyrillic locales. 

Key Details

• Malicious .blend files auto-execute embedded Python when Blender’s Auto Run is enabled.
• Infection chain retrieves a PowerShell loader via Cloudflare Workers, unpacks archives, and drops LNK files for persistence.
• StealC V2 targets 23+ browsers, 100+ wallet extensions, 15+ wallet apps, messaging apps and VPN clients.
• Malware skips systems with Russian, Ukrainian, Belarusian or Kazakh language settings.

Next Steps

• Disable “Auto Run Python Scripts” in Blender Preferences.
• Sandbox-test all third-party 3D assets before use.

Read more at The Record, Cybersecurity News, Bleeping Computer

5. HashJack Exploit Hides in URL Fragments to Manipulate AI Browser Assistants

Researchers at Cato Networks describe “HashJack,” a newly discovered indirect prompt injection technique that conceals malicious instructions after the # in legitimate URLs to AI assistants in Comet, Copilot for Edge, and Gemini for Chrome. The flaw lets attackers embed malicious instructions undetected by networks, leading to phishing, data theft, and unauthorized actions.

Key Details

• URL fragments aren’t logged by servers, creating a blind spot for #-based prompts.
• HashJack enables six attack scenarios: phishing, exfiltration, misinformation, malware guidance, medical harm, credential theft.
• Perplexity’s Comet fixed the vulnerability in November;
• Microsoft’s Copilot patched in October;
• Google’s Gemini remains unpatched.
• Cato CTRL tried the same prompts on Claude for Chrome (Google) and Atlas (OpenAI), but HashJack didn’t work.

Next Steps

• Strip URL fragments before passing context to AI models.

Read more at SiliconANGLE, Cato Networks

6. Emergency Alert Service OnSolve CodeRED Offline After Ransomware Data Breach

Hackers breached Crisis24’s OnSolve CodeRED mass notification system in early November,
stealing user data and forcing the platform offline for dozens of U.S. municipalities.
Affected jurisdictions have decommissioned the legacy environment, advised password resets,
and are relying on IPAWS or social media for emergency alerts until a new platform is live.

Key Details

• The INC Ransomware group claimed responsibility after gaining access on Nov. 1 and encrypting files on Nov. 10.
• Stolen data include names, addresses, email addresses, phone numbers and user profile passwords.
• Backups used to rebuild the service date only through March 31, 2025—any later signups must re-register.
• Some counties have terminated their CodeRED contracts and switched to FEMA’s IPAWS or social channels.

Next Steps

• Reset any reused CodeRED passwords immediately.
• Assess and activate alternative alert channels (e.g., IPAWS, social media).

Read more at The Record, SecurityWeek

7. Malware Authors Integrate LLMs at Runtime to Evade Detection

Attackers are embedding prompts that call out to services like Google Gemini and Hugging Face during malware execution to rewrite code on the fly, creating polymorphic payloads that slip past traditional signature-based defenses. Although most samples remain experimental with detectable artifacts, the trend signals a shift toward AI-driven, adaptive malware that requires stronger egress controls and behavior-based detection. 

Key Details

• Google’s Threat Intelligence Group identified five LLM-powered malware variants, including PROMPTFLUX (VBScript) and PROMPTSTEAL (Python).
• Operational samples like FRUITSHELL and QUIETVAULT embed hard-coded AI prompts to generate evasive shell commands and data-exfiltration routines.
• Attackers bypass LLM safety guardrails by feigning “capture-the-flag” exercises, tricking models into providing offensive code.
• Most AI-augmented samples still exhibit network calls to external AI services, making them detectable via strong egress monitoring.

Next Steps

• Implement strict egress filtering for AI service endpoints.
• Update threat hunting playbooks to include LLM-related artifacts.

Read more at DarkReading, Google Threat Intelligence Group

8. Survey Finds Majority of Enterprises Lack Confidence in Securing Non-Human Identities

A recent Omdia-backed survey reveals that over half of organizations aren’t confident they can secure non-human identities—such as service accounts, application credentials, and IoT device identities—and many lack visibility into their lifecycles. This gap leaves a critical attack surface for automated credential theft and lateral movement in both on-prem and cloud environments. 

Key Details

• 52% of respondents expressed low confidence in their ability to secure NHIs.
• Only 14% rate their non-human identity security posture as “good.”
• 63% lack tools for end-to-end lifecycle management of service and machine accounts.
• 40% plan to invest in NHI security solutions over the next 12 months.

Next Steps

• Inventory and classify all non-human identities across environments.
• Enforce least-privilege access and automate credential rotation for NHIs.
• Evaluate specialized machine-identity management or PAM solutions.

Read more at Dark Reading

9. Low-Cost Hardware Interposer Bypasses AMD and Intel Memory Encryption

Researchers have built a sub-$50 interposer that sits between CPU and DRAM 
to bypass AMD SEV and Intel SGX/TDX memory-encryption protections. Dubbed “Battering RAM,” the attack dynamically aliases physical addresses at runtime, exposing confidential computing workloads to data exfiltration  if an attacker gains motherboard access.

Key Details

• The interposer uses simple analog switches to trick the CPU into sending encrypted data to attacker-controlled addresses.
• Build cost is under $50, compared to commercial DRAM interposers priced over $150,000.
• Modern memory-encryption schemes dropped cryptographic integrity and freshness checks to scale to full DRAM.
• Attack requires physical access but leaves no software or firmware trace, making detection unlikely without hardware inspection.

Next Steps

• Audit and strengthen physical security in data centers and server rooms

Read more at Dark Reading

10. Chinese APT31 Conducts Prolonged Espionage Against Russian IT Sector via Cloud Service Abuse

Chinese state-aligned APT31 has been targeting Russia’s IT contractors and government integrators since late 2022, using phishing and DLL sideloading to deploy custom backdoors that abuse OneDrive, Dropbox, Yandex Cloud, and even VirusTotal for command-and-control.  The campaign highlights the difficulty of detecting malicious traffic hidden within legitimate cloud services.

Key Details

• Observed activity spans end of 2022 through 2025, with peak operations in 2024.
• Initial access via targeted phishing emails containing archive files that trigger DLL sideloading.
• Custom tools include OneDriveDoor, CloudSorcerer, YaLeak, and VtChatter for stealthy C2.
• Primary victims are Russian IT vendors and government contractors; similar tactics spotted in a Peru campaign.

Next Steps

• Inspect cloud service logs for anomalous API calls or geo-location mismatches.

Read more at Dark Reading

11. ShadowRay 2.0 Exploits Ray Framework RCE to Hijack AI Clusters for Cryptojacking

A threat actor is actively exploiting a critical (CVSS 9.8) RCE flaw (CVE-2023-48022) in the open-source Ray distributed computing framework to compromise Internet-exposed AI clusters, turning them into a self-propagating cryptomining and data-theft botnet. Dubbed ShadowRay 2.0, the campaign has spread across two waves—first via GitLab CI/CD, then GitHub—impacting thousands of clusters and underscoring the risk of misconfigured AI orchestration tools.

Key Details

• Oligo Security’s scans show ~230,000 Ray dashboards exposed online, many vulnerable to CVE-2023-48022.
• Attackers operate as “IronErn440,” limiting cryptomining to ≤60% CPU to stay stealthy.
• They exfiltrate MySQL credentials, cloud tokens, proprietary AI models, and source code.
• After GitLab takedowns, the group shifted operations to GitHub, then spun up replacement repos within hours.

Next Steps

• Audit Ray dashboards to block Internet exposure immediately
• Implement Ray security best practices and network isolation
• Add strong authentication or reverse-proxy in front of Ray Dashboard port

Read more at Dark Reading, Oligo Security

12. Qilin Ransomware Exploits South Korean MSP Breach to Hit 28 Financial Firms

Qilin’s Ransomware-as-a-Service group, likely with North Korean affiliate Moonstone Sleet, compromised MSP GJTec to deploy ransomware across 28 South Korean financial firms. The “Korean Leaks” campaign exfiltrated over 1 million files (2 TB) in three waves and combined political propaganda with traditional extortion. 

Key Details

• Single MSP (GJTec) breach reported Sep 23, 2025 enabled clustered infections
• Three publication waves (Sep 14–Oct 4) stole 2 TB of data from 28 financial entities
• Attackers framed leaks as “public service” to expose corruption, then reverted to extortion
• Four victim listings removed from leak site, indicating possible post-negotiation takedowns

Next Steps

• Enforce MFA and strong authentication for all MSP and vendor accounts

Read more at The Hacker News

13. Ransomware Alliances Propel 41% Attack Spike Ahead of Holidays

New partnerships among RaaS operators—LockBit, DragonForce, Qilin—and the rise of upstart groups like The Gentlemen drove a 41% increase in ransomware incidents from September to October 2025, totaling 594 attacks. Shared tooling, infrastructure, and recruitment across alliances complicate attribution and defense as organizations enter the fourth-quarter “golden” threat season.

Key Details

• Qilin led October with 170 attacks (29% of 594 total incidents)
• Industrials (28%), consumer discretionary (21%), and healthcare (11%) most targeted
• North America bore 62% of attacks; Europe 17%, Asia 9%
• Active ransomware groups rose to 88 in Q3 2025, up from 65 in Q2

Next Steps

• Ensure immutable backups and network segmentation for critical systems

Read more at CSO Online

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.