{"id":21236,"date":"2025-12-08T07:08:00","date_gmt":"2025-12-08T05:08:00","guid":{"rendered":"https:\/\/kordon.app\/?p=21236"},"modified":"2025-12-07T19:09:44","modified_gmt":"2025-12-07T17:09:44","slug":"interesting-cybersecurity-news-of-the-week-summarised-07-12-2025","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/interesting-cybersecurity-news-of-the-week-summarised-07-12-2025\/","title":{"rendered":"Interesting Cybersecurity News of the Week Summarised &#8211; 07-12-2025"},"content":{"rendered":"<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. \ud83d\ude31 <\/p>\n\n\n\n<p><strong>If you enjoy these, come back next Monday or scroll to the bottom to subscribe to the e-mail newsletter. <\/strong><\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">1. ShadyPanda weaponizes trusted Chrome and Edge extensions to spy on 4.3 million users<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">A China-based threat actor known as <strong>ShadyPanda has abused legitimate Chrome and Edge extensions\u2014some featuring Google \u201cVerified\u201d and Microsoft \u201cFeatured\u201d badges\u2014to implant spyware on over 4.3 million browsers.  <\/strong><br>By delivering poisoned updates through the auto-update mechanism, <strong>the group achieved remote code execution, exfiltrated browsing histories, search queries, cookies, and keystrokes in real time, and can push further payloads at will.  <\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Campaign spans seven years with 145 malicious extensions since 2018, four active phases<\/strong><\/li>\n\n\n\n<li>Mid-2024 updates converted five high-trust extensions into hourly RCE backdoors<\/li>\n\n\n\n<li><strong>Current Edge add-ons alone account for 4 million installs, including 3 million on \u201cWeTab\u201d<\/strong><\/li>\n\n\n\n<li>Exfiltration targets servers in China via unencrypted and encrypted channels<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Audit and remove unapproved or obsolete browser extensions<\/strong><\/li>\n\n\n\n<li><strong>Implement allow-lists\/blocked-lists<\/strong> and enforce via group policy<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong>\n<a href=\"https:\/\/www.darkreading.com\/endpoint-security\/shadypanda-hackers-weaponize-browsers\">Dark Reading<\/a>, \n<a href=\"https:\/\/hackread.com\/shadypanda-attack-spied-chrome-edge-users\/\">HackRead<\/a>, \n<a href=\"https:\/\/thehackernews.com\/2025\/12\/shadypanda-turns-popular-browser.html\">The Hacker News<\/a>, \n<a href=\"https:\/\/www.csoonline.com\/article\/4099446\/newly-discovered-malicious-extensions-could-be-lurking-in-enterprise-browsers.html\">CSO Online<\/a>, \n<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign\/\">Bleeping Computer<\/a>, \n<a href=\"https:\/\/www.theregister.com\/2025\/12\/02\/chrome_edge_malicious_browser_extensions\/\">The Register<\/a>\n<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. PromptPwnd AI Prompt Injection in GitHub Actions Exposes Secrets<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Aikido Security has uncovered \u201cPromptPwnd,\u201d a prompt injection vulnerability in AI-powered GitHub Actions and GitLab CI\/CD workflows that lets attackers embed malicious instructions in issue or pull request text to execute high-privilege commands,<\/strong> leaking secrets or altering repositories. <strong>The flaw impacts Gemini CLI, Claude Code, OpenAI Codex, and GitHub AI Inference<\/strong>, with <strong>at least five Fortune\n500 firms affected<\/strong> and Google patching its Gemini CLI workflow within four days.<\/pre>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/cybersecuritynews.com\/prompt-injection-github-actions\/\">Cybersecurity News<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4101751\/ai-in-ci-cd-pipelines-can-be-tricked-into-behaving-badly-2.html\">CSO Online<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/gemini-cli-prompt-injections-github\/\">Cybersecurity News<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/promptpwnd-vulnerabilit-ai-systems-data-theft\/\">Cybersecurity News<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/prompt-injection-github-actions\/\">Cybersecurity News<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4101751\/ai-in-ci-cd-pipelines-can-be-tricked-into-behaving-badly-2.html\">CSO Online<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/gemini-cli-prompt-injections-github\/\">Cybersecurity News<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Everest Ransomware Claims 1 TB Camera Source Code from ASUS Supplier Breach<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Everest ransomware group says it exfiltrated over 1 TB of proprietary ASUS camera firmware, AI models and debug tools <\/strong>by compromising a third-party supplier. <strong>ASUS confirms the supplier breach,<\/strong> insists no customer systems or data were affected, and is reinforcing its supply chain security. <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Leaked files include camera SDKs for ROG5\u20137 and ZF series, calibration logs, RAM dumps, AI weights and test APKs.<\/strong><\/li>\n\n\n\n<li>Everest published screenshots on its dark web site and gave ASUS 21 hours to respond via Qtox; no ransom amount disclosed.<\/li>\n\n\n\n<li>ASUS confirms breach occurred at an unnamed supplier and states there\u2019s no impact on its products, internal systems or user privacy.<\/li>\n\n\n\n<li>Incident highlights risk to proprietary IP and the importance of supply chain security governance.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Review use of ASUS cameras in critical areas and the risk of probable zero days now that their source code has breached.<\/strong><\/li>\n\n\n\n<li>Audit and validate all third-party access to critical source code repositories.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/hackread.com\/everest-ransomware-asus-breach-1tb-data\/\">HackRead.com<\/a>, <a href=\"https:\/\/www.theregister.com\/2025\/12\/05\/asus_supplier_hack\/\">The Register<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. India Reverses Mandate to Preinstall Government Cybersecurity App on Smartphones<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>India\u2019s Ministry of Communications has withdrawn its order requiring smartphone makers to preinstall the \u201cSanchar Saathi\u201d app on new devices and block its removal, following industry and privacy concerns.<\/strong> The voluntary app\u2014launched in January to help users block fraud, track lost or stolen handsets, and verify device identifiers\u2014remains available for download and can be uninstalled at will.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The \u201cSanchar Saathi\u201d app has over 14 million downloads since January.<\/li>\n\n\n\n<li>600,000 users registered in one day, cited by the government as growing acceptance.<\/li>\n\n\n\n<li>Order faced criticism from privacy advocates and conflicted with Apple\u2019s iOS policy.<\/li>\n\n\n\n<li>App functions include blocking fraudulent connections, tracking stolen phones, and device verification.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.securityweek.com\/india-rolls-back-order-to-preinstall-cybersecurity-app-on-smartphones\/\">SecurityWeek<\/a>, <a href=\"https:\/\/therecord.media\/india-drops-mandate-sanchar-saathi-app-privacy-surveillance\">The Record<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Marquis fintech firm data breach exposes personal and financial records of over 780,000 people<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Fintech vendor Marquis discovered on August 14 that attackers had exploited a SonicWall firewall vulnerability to<strong> steal names, addresses, SSNs, dates of birth, taxpayer IDs, bank account and card numbers for approximately 788,000 individuals.  <\/strong><br>Marquis has notified affected parties, filed state breach reports, and is offering free credit monitoring and identity protection.  <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Breach detected August 14;<\/strong> investigation completed end of October.<\/li>\n\n\n\n<li><strong>Compromised data spans personal identifiers and financial account\/card numbers.<\/strong><\/li>\n\n\n\n<li>Incident filings cover<strong> Iowa, Maine, Massachusetts, New Hampshire, South Carolina, Texas and Washington.<\/strong><\/li>\n\n\n\n<li><strong>Marquis serves over 700 U.S. banks and credit unions as a marketing and compliance platform.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.securityweek.com\/marquis-data-breach-impacts-over-780000-people\/\">SecurityWeek<\/a>, <a href=\"https:\/\/securityaffairs.com\/185320\/data-breach\/marquis-data-breach-impacted-more-than-780000-individuals.html\">Security Affairs<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Enterprises Face Shadow Identity Risk as AI Adoption Outpaces Governance<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>AI is now embedded in 83% of organizations, but only 13% report strong visibility into how these systems handle sensitive data. <\/strong>This disconnect has led to \u201cshadow identity\u201d risks\u2014two-thirds of companies have caught AI tools over-accessing critical information.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>76% of respondents say autonomous AI agents are hardest to secure.<\/li>\n\n\n\n<li>57% lack real-time controls to block risky AI actions.<\/li>\n\n\n\n<li>Only 7% have a dedicated AI governance team; 11% feel regulation-ready.<\/li>\n\n\n\n<li><strong>About half of enterprises have little to no visibility into AI usage.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Review the full report <a href=\"https:\/\/www.cybersecurity-insiders.com\/portfolio\/2025-state-of-ai-data-security-report-cyera\/\" title=\"\">here<\/a><\/li>\n\n\n\n<li>Map all AI deployments and their data access levels.<\/li>\n\n\n\n<li>Deploy continuous monitoring of AI prompts and outputs.<\/li>\n\n\n\n<li>Establish AI-specific identity policies with least-privilege.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/hackread.com\/ai-adoption-surges-while-governance-lags-report-warns-of-growing-shadow-identity-risk\/\">HackRead<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4099211\/ai-adoption-surges-while-governance-lags-report-warns-of-growing-shadow-identity-risk.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Coupang Data Breach Exposes Personal Information of 33.7 Million South Korean Accounts<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>E-commerce leader Coupang disclosed a five-month breach that exposed names, emails, phone numbers,<br>shipping addresses and order histories for 33.7 million South Korean users\u2014though no payment data or<br>login credentials were accessed.<\/strong> Initial access on June 24, 2025, exploited long-lived authentication token signing keys, with <strong>a former engineer now the prime suspect.<\/strong> Coupang has blocked the intrusion, notified regulators and rotated keys, but the incident underscores gaps in key management and insider threat controls.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Breach detected Nov. 18, 2025;<\/strong> unauthorized access traced to overseas servers.<\/li>\n\n\n\n<li><strong>Exposed data: customer names, emails, phone numbers, shipping addresses, order history.<\/strong><\/li>\n\n\n\n<li><strong>Root cause: authentication signing keys with 5\u201310-year validity left unmanaged.<\/strong><\/li>\n\n\n\n<li><strong>Potential fine up to 1.2 trillion won (US$814 million) under South Korea\u2019s data protection laws.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Rotate all token signing keys on a shortened schedule.<\/li>\n\n\n\n<li><strong>Make sure there&#8217;s a process to revoke credentials and keys tied to departed employees<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.securityweek.com\/personal-information-of-33-7-million-stolen-from-coupang\/\">SecurityWeek<\/a>, <a href=\"https:\/\/hackread.com\/coupang-data-breach-south-korean-accounts\/\">HackRead<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4101486\/coupang-leaks-personal-information-of-33-7-million-accounts-suspected-of-poor-authentication-key-management.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Subscribe<\/h2>\n\n\n\n<p>Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.<\/p>\n\n\n                <div class=\"ml-embedded\" data-form=\"pKq7EM\"><\/div>\n            \n<p><!-- \/wp:post-content --><\/p>","protected":false},"excerpt":{"rendered":"<p>I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. \ud83d\ude31 <\/p>\n<p>These are the latest interesting cybersecurity news in December 2025.<\/p>","protected":false},"author":1,"featured_media":21264,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-21236","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/21236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=21236"}],"version-history":[{"count":24,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/21236\/revisions"}],"predecessor-version":[{"id":21265,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/21236\/revisions\/21265"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/21264"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=21236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=21236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=21236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}