Interesting Cybersecurity News of the Week Summarised – 07-12-2025

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

If you enjoy these, come back next Monday or scroll to the bottom to subscribe to the e-mail newsletter.

1. ShadyPanda weaponizes trusted Chrome and Edge extensions to spy on 4.3 million users

A China-based threat actor known as ShadyPanda has abused legitimate Chrome and Edge extensions—some featuring Google “Verified” and Microsoft “Featured” badges—to implant spyware on over 4.3 million browsers.  
By delivering poisoned updates through the auto-update mechanism, the group achieved remote code execution, exfiltrated browsing histories, search queries, cookies, and keystrokes in real time, and can push further payloads at will.  

Key Details

• Campaign spans seven years with 145 malicious extensions since 2018, four active phases
• Mid-2024 updates converted five high-trust extensions into hourly RCE backdoors
• Current Edge add-ons alone account for 4 million installs, including 3 million on “WeTab”
• Exfiltration targets servers in China via unencrypted and encrypted channels

Next Steps

• Audit and remove unapproved or obsolete browser extensions
• Implement allow-lists/blocked-lists and enforce via group policy

Read more at Dark Reading, HackRead, The Hacker News, CSO Online, Bleeping Computer, The Register

2. PromptPwnd AI Prompt Injection in GitHub Actions Exposes Secrets

Aikido Security has uncovered “PromptPwnd,” a prompt injection vulnerability in AI-powered GitHub Actions and GitLab CI/CD workflows that lets attackers embed malicious instructions in issue or pull request text to execute high-privilege commands, leaking secrets or altering repositories. The flaw impacts Gemini CLI, Claude Code, OpenAI Codex, and GitHub AI Inference, with at least five Fortune
500 firms affected and Google patching its Gemini CLI workflow within four days.

Read more at Cybersecurity News, CSO Online, Cybersecurity News, Cybersecurity News, Cybersecurity News, CSO Online, Cybersecurity News

3. Everest Ransomware Claims 1 TB Camera Source Code from ASUS Supplier Breach

Everest ransomware group says it exfiltrated over 1 TB of proprietary ASUS camera firmware, AI models and debug tools by compromising a third-party supplier. ASUS confirms the supplier breach, insists no customer systems or data were affected, and is reinforcing its supply chain security. 

Key Details

• Leaked files include camera SDKs for ROG5–7 and ZF series, calibration logs, RAM dumps, AI weights and test APKs.
• Everest published screenshots on its dark web site and gave ASUS 21 hours to respond via Qtox; no ransom amount disclosed.
• ASUS confirms breach occurred at an unnamed supplier and states there’s no impact on its products, internal systems or user privacy.
• Incident highlights risk to proprietary IP and the importance of supply chain security governance.

Next Steps

• Review use of ASUS cameras in critical areas and the risk of probable zero days now that their source code has breached.
• Audit and validate all third-party access to critical source code repositories.

Read more at HackRead.com, The Register

4. India Reverses Mandate to Preinstall Government Cybersecurity App on Smartphones

India’s Ministry of Communications has withdrawn its order requiring smartphone makers to preinstall the “Sanchar Saathi” app on new devices and block its removal, following industry and privacy concerns. The voluntary app—launched in January to help users block fraud, track lost or stolen handsets, and verify device identifiers—remains available for download and can be uninstalled at will.

Key Details

• The “Sanchar Saathi” app has over 14 million downloads since January.
• 600,000 users registered in one day, cited by the government as growing acceptance.
• Order faced criticism from privacy advocates and conflicted with Apple’s iOS policy.
• App functions include blocking fraudulent connections, tracking stolen phones, and device verification.

Read more at SecurityWeek, The Record

5. Marquis fintech firm data breach exposes personal and financial records of over 780,000 people

Fintech vendor Marquis discovered on August 14 that attackers had exploited a SonicWall firewall vulnerability to steal names, addresses, SSNs, dates of birth, taxpayer IDs, bank account and card numbers for approximately 788,000 individuals.  
Marquis has notified affected parties, filed state breach reports, and is offering free credit monitoring and identity protection.  

Key Details

• Breach detected August 14; investigation completed end of October.
• Compromised data spans personal identifiers and financial account/card numbers.
• Incident filings cover Iowa, Maine, Massachusetts, New Hampshire, South Carolina, Texas and Washington.
• Marquis serves over 700 U.S. banks and credit unions as a marketing and compliance platform.

Read more at SecurityWeek, Security Affairs

6. Enterprises Face Shadow Identity Risk as AI Adoption Outpaces Governance

AI is now embedded in 83% of organizations, but only 13% report strong visibility into how these systems handle sensitive data. This disconnect has led to “shadow identity” risks—two-thirds of companies have caught AI tools over-accessing critical information.

Key Details

• 76% of respondents say autonomous AI agents are hardest to secure.
• 57% lack real-time controls to block risky AI actions.
• Only 7% have a dedicated AI governance team; 11% feel regulation-ready.
• About half of enterprises have little to no visibility into AI usage.

Next Steps

• Review the full report here
• Map all AI deployments and their data access levels.
• Deploy continuous monitoring of AI prompts and outputs.
• Establish AI-specific identity policies with least-privilege.

Read more at HackRead, CSO Online

7. Coupang Data Breach Exposes Personal Information of 33.7 Million South Korean Accounts

E-commerce leader Coupang disclosed a five-month breach that exposed names, emails, phone numbers,
shipping addresses and order histories for 33.7 million South Korean users—though no payment data or
login credentials were accessed. Initial access on June 24, 2025, exploited long-lived authentication token signing keys, with a former engineer now the prime suspect. Coupang has blocked the intrusion, notified regulators and rotated keys, but the incident underscores gaps in key management and insider threat controls.

Key Details

• Breach detected Nov. 18, 2025; unauthorized access traced to overseas servers.
• Exposed data: customer names, emails, phone numbers, shipping addresses, order history.
• Root cause: authentication signing keys with 5–10-year validity left unmanaged.
• Potential fine up to 1.2 trillion won (US$814 million) under South Korea’s data protection laws.

Next Steps

• Rotate all token signing keys on a shortened schedule.
• Make sure there’s a process to revoke credentials and keys tied to departed employees.

Read more at SecurityWeek, HackRead, CSO Online

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.