{"id":21366,"date":"2025-12-29T19:06:08","date_gmt":"2025-12-29T17:06:08","guid":{"rendered":"https:\/\/kordon.app\/?p=21366"},"modified":"2025-12-29T19:06:09","modified_gmt":"2025-12-29T17:06:09","slug":"latest-interesting-cybersecurity-news-of-the-week-summarised-29-12-2025","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/latest-interesting-cybersecurity-news-of-the-week-summarised-29-12-2025\/","title":{"rendered":"Latest Interesting Cybersecurity News of the Week Summarised &#8211; 29-12-2025"},"content":{"rendered":"<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. \ud83d\ude31 My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story. <\/p>\n\n\n\n<p><strong>If you enjoy these, come back next Monday <\/strong><\/p>\n\n\n\n\n<p><strong>scroll to the bottom to subscribe to the e-mail newsletter. <\/strong><\/p>\n<\/blockquote>\n\n\n<h2 class=\"wp-block-heading\">1. Darknet AI \u2018DIG AI\u2019 Automates Sophisticated Cyberattacks and Illicit Content<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Resecurity researchers have uncovered <strong>DIG AI, an uncensored AI platform on the Tor network that lets threat actors anonymously generate obfuscated malware, deepfakes, and child sexual abuse material. <\/strong>Its suite of jailbroken models\u2014DIG-Uncensored, DIG-GPT, and DIG-Vision\u2014lowers the barrier to complex attacks ahead of major 2026 events. <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First detected Sept. 29, 2025, with Q4 adoption surge during holiday season<\/li>\n\n\n\n<li><strong>Models include unrestricted text\/code (DIG-Uncensored), jailbroken ChatGPT (DIG-GPT), Stable Diffusion deepfakes (DIG-Vision)<\/strong><\/li>\n\n\n\n<li>Generates obfuscated JavaScript backdoors, web shells, illicit drug\/explosive instructions, hyperrealistic CSAM<\/li>\n\n\n\n<li><strong>Operated by \u201cPitch,\u201d promoted on darknet markets alongside narcotics and stolen data<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/cybersecuritynews.com\/dig-ai-darknet-ai-tool\/\">Cybersecurity News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. Spotify&#8217;s 300TB Data Leak &#8211; The Next Big AI Training Dataset? <\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Pirate activist group Anna's Archive scraped Spotify's entire music catalog<\/strong> (86 million audio files and 256 million metadata tracks) totaling about 300 terabytes, <strong>making it a massive unauthorized data leak with potential implications for AI training and copyright enforcement.<\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scrape spans 2007\u2013July 2025, covering 99.6% of Spotify\u2019s streams by listen count<\/strong><\/li>\n\n\n\n<li>Metadata covers 256 million tracks; audio files total ~300 TB in OGG formats<\/li>\n\n\n\n<li>Files prioritized by popularity: high-stream songs in 160 kbit\/s, obscure tracks at lower bitrates<\/li>\n\n\n\n<li>Anna\u2019s Archive is banned in multiple countries for repeated copyright violations<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enable alerts for bulk download and scraping patterns <\/strong>for your digital assets.<\/li>\n\n\n\n<li><strong>Strengthen API rate limits and request throttling<\/strong> for your digital asset downloads.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/therecord.media\/spotify-disables-scraping-annas\">The Record<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/spotify-music-library-scraped\/\">Cybersecurity News<\/a>, <a href=\"https:\/\/www.theregister.com\/2025\/12\/22\/hacktivists_scrape_songs_spotify\/\">The Register<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Criminals Recruit Company Insiders for $3,000\u2013$15,000 Network Access<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Criminals are increasingly offering $3,000 to $15,000 on darknet forums and Telegram to insiders at banks, telecoms, and tech firms for network or data access.<\/strong>  This trend elevates insider risk, as hired employees can disable security controls, exfiltrate sensitive records, and facilitate SIM-swap and ransomware operations.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Payouts range from $3K for one-off access to $15K for telecom SIM-swap support.<\/strong><\/li>\n\n\n\n<li>Targets include banks, crypto exchanges (Coinbase, Binance, Kraken), Apple, Samsung, Xiaomi and even U.S. Federal Reserve partners.<\/li>\n\n\n\n<li>Recruiters advertise on Russian-language darknet forums and encrypted Telegram channels with emotional appeals.<\/li>\n\n\n\n<li><strong>Some offers propose ongoing schemes (e.g., $1,000\/week) for long-term insider cooperation.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Monitor darknet and Telegram for ads mentioning your brand or systems.<\/strong><\/li>\n\n\n\n<li><strong>Review and tighten privileged access controls<\/strong> and session recording.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/cybersecuritynews.com\/threat-actors-are-hiring-insiders-in-banks-telecoms\/\">Cybersecurity News<\/a>, <a href=\"https:\/\/hackread.com\/insider-threat-hackers-paying-insiders-bypass-security\/\">Hackread<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Threat Actors Exploit Microsoft OAuth Device Code Flow for M365 Account Takeovers<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>The attacks exploit OAuth\u2019s device authorization mechanism, a feature intended to support sign-ins on devices with limited input capabilities, such as smart TVs and IoT hardware.<\/strong> <strong>Attackers start a legitimate Microsoft device authorization request and then deceive victims into entering the resulting device code, presenting it as a one-time passcode, on Microsoft\u2019s official verification page.<\/strong>\n\n\u201cThe lures typically claim that the device code is an OTP and direct the user to input the code at Microsoft\u2019s verification URL,\u201d the researchers wrote. \u201cOnce the user inputs the code, the original token is validated, giving the threat actor access to the targeted M365 account.\u201d<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Phishing lures impersonate salary\/bonus notifications or security alerts via email, <\/strong>QR codes, and links.<\/li>\n\n\n\n<li>SquarePhish2 automates the OAuth device grant flow; Graphish uses Azure App Registrations for MitM attacks.<\/li>\n\n\n\n<li>High-volume group TA2723 and Russia-aligned UNK_AcademicFlare among key threat actors.<\/li>\n\n\n\n<li>Successful exploits bypass MFA, enable lateral movement, data exfiltration, and potential extortion.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Create Conditional Access policies to block or restrict device code flows.<\/strong><\/li>\n\n\n\n<li><strong>Allow only compliant or registered devices for device code authentication.<\/strong><\/li>\n\n\n\n<li>Train users to verify code prompts and avoid entering codes from unsolicited requests.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/cybersecuritynews.com\/hackers-using-phishing-tools\/\">Cybersecurity News<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4110419\/hackers-exploit-microsoft-oauth-device-codes-to-hijack-enterprise-accounts.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Waymo Robotaxis Freeze During San Francisco Power Outage, Exposing Infrastructure Dependency<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>A widespread blackout in San Francisco knocked out traffic lights and left Waymo\u2019s autonomous taxis stalled at intersections, prompting a temporary service suspension. <\/strong> The incident highlighted a critical weakness: the vehicles\u2019 reliance on live signal data and mapped scenarios, which failed during the outage.  <strong>Waymo has since pushed a software update to teach its fleet to recognize dark signals as four-way stops and safely pull over.<\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Outage affected over 130,000 homes and disabled major traffic signals on Dec. 20\u201321.<\/li>\n\n\n\n<li><strong>Waymo cars halted when unable to detect traffic lights, adding to citywide gridlock.<\/strong><\/li>\n\n\n\n<li>Update trains vehicles to treat blank lights as four-way stops and request remote backup only when needed.<\/li>\n\n\n\n<li><strong>Service in San Francisco resumed by Dec. 21 evening; expansion ambitions now face scrutiny.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Define clear fallback behaviors for AI when some signals like infrastructure data is missing<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/siliconangle.com\/2025\/12\/21\/waymos-robotaxis-lose-way-san-francisco-traffic-lights-go-blank\/\">SiliconANGLE<\/a>, <a href=\"https:\/\/siliconangle.com\/2025\/12\/24\/waymo-updates-fleet-driverless-robotaxis-prevent-future-power-outage-chaos\/\">SiliconANGLE<\/a>, <a href=\"https:\/\/securityaffairs.com\/185956\/security\/waymo-suspends-service-after-power-outage-hit-san-francisco.html\">Security Affairs<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. RansomHouse Upgrades to Multi-layer Dual-key Encryption<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>RansomHouse<\/strong>, previously focused mainly on data extortion, <strong>has expanded into full ransomware attacks that combine data theft with system encryption<\/strong>. <strong>The group now uses a two-key encryption model,<\/strong> making decryption significantly harder without attacker cooperation. <strong>This enables classic double extortion: victims are pressured both to restore encrypted systems and to prevent stolen data from being leaked. <\/strong>The updated encryption approach marks a shift toward more technically sophisticated ransomware operations. <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multi-layer model employs a 32-byte primary and 8-byte secondary key<\/li>\n\n\n\n<li><strong>Specifically targets ESXi files and backups, appending \u201c.e.mario\u201d<\/strong><\/li>\n\n\n\n<li>Double-extortion RaaS has listed at least 123 victims across sectors<\/li>\n\n\n\n<li>Modular attack chain uses MrAgent for deployment, persistence and leaks<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scan for \u201c.e.mario\u201d files on all VMware ESXi hosts<\/strong><\/li>\n\n\n\n<li><strong>Make sure your security controls address both data encryption and data leak risks.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4110472\/think-you-can-beat-ransomware-ransomhouse-just-made-it-a-lot-harder.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7. ServiceNow to Acquire Armis for $7.75 Billion, Expanding Cyber-Exposure Management<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>ServiceNow has agreed to buy Armis for $7.75 billion in cash to integrate agentless discovery and continuous risk management for IT, OT, medical, and IoT assets into its Now Platform and AI Control Tower. <\/strong>The deal, expected to close in H2 2026, will more than triple ServiceNow\u2019s security and risk market opportunity by enabling real-time vulnerability prioritization and automated remediation within existing workflows.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Armis generates over $340 million in ARR with >50% year-over-year growth.<\/strong><\/li>\n\n\n\n<li>Agentless \u201cCentrix\u201d platform discovers unmanaged devices in IT\/OT\/IoT\/medical environments.<\/li>\n\n\n\n<li>ServiceNow passed $1 billion in security ARR in Q3 2025 and expects to triple its market scope.<\/li>\n\n\n\n<li><strong>Transaction subject to regulatory approval, closing targeted for second half of 2026.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.securityweek.com\/servicenow-to-acquire-armis-for-7-75-billion-in-cash\/\">SecurityWeek<\/a>, <a href=\"https:\/\/cyberscoop.com\/servicenow-armis-acquisition-ai-cybersecurity\/\">CyberScoop<\/a>, <a href=\"https:\/\/siliconangle.com\/2025\/12\/23\/servicenow-acquire-connected-device-security-startup-armis-7-75b\/\">SiliconANGLE<\/a>, <a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/servicenow-buys-armis-gets-ai-control-tower\">Dark Reading<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4111449\/servicenows-7-75-billion-cash-deal-for-armis-illustrates-shifting-strategies-2.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8. University of Phoenix Data Breach Exposes Sensitive Records of 3.5M Individuals<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">In December, the University of Phoenix disclosed that a zero-day exploit in its Oracle E-Business Suite by the Clop ransomware gang resulted <strong>in the theft of personal and financial records belonging to 3,489,274 students, staff and suppliers. <\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Clop exploited CVE-2025-61882 to breach UoPX systems between Aug. 13\u201322, 2025, detected Nov. 21.<\/li>\n\n\n\n<li><strong>Exfiltrated data: <\/strong>full names, contact details, dates of birth, Social Security numbers, bank account and routing numbers.<\/li>\n\n\n\n<li><strong>UoPX is offering 12 months of credit monitoring, dark-web surveillance and a $1 million fraud reimbursement policy.<\/strong><\/li>\n\n\n\n<li><strong>Other victims of the same Oracle EBS campaign include Harvard, UPenn, Dartmouth and several enterprises.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/university-of-phoenix-data-breach-impacts-nearly-35-million-individuals\/\">BleepingComputer<\/a>, <a href=\"https:\/\/siliconangle.com\/2025\/12\/22\/nearly-3-5m-affected-university-phoenix-breach-tied-clop-linked-oracle-ebs-zero-day-exploit\/\">SiliconANGLE<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/university-of-phoenix-data-breach\/\">CybersecurityNews.com<\/a>, <a href=\"https:\/\/www.securityweek.com\/3-5-million-affected-by-university-of-phoenix-data-breach\/\">SecurityWeek<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9. MacSync Stealer Uses Signed Swift App to Evade macOS Gatekeeper<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">A new variant of <strong>MacSync Stealer delivers its payload via a notarized, code-signed Swift application <\/strong> disguised as a messaging installer, <strong>allowing it to bypass Gatekeeper without direct terminal interaction and silently harvest enterprise credentials<\/strong>.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The dropper is packaged as a signed Swift app inside a DMG named \u201czk-call-messenger-installer-3.9.2-lts.dmg.\u201d<\/strong><\/li>\n\n\n\n<li>It performs environment checks, Gatekeeper evasion, and retrieves an encoded script via curl using \u2013fL and \u2013sS flags.<\/li>\n\n\n\n<li><strong>MacSync Stealer combines data-stealing and Go-based backdoor features, targeting credentials, API keys, and wallets.<\/strong><\/li>\n\n\n\n<li>Operators inflated the DMG to 25.5 MB by embedding unrelated PDFs to mask malicious content.<\/li>\n<\/ul>\n\n\n\n<p>Next Steps<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduce reliance on Gatekeeper alone by enforcing additional controls <\/strong>(e.g., allowlisting\/managed app catalogs) for Macs, since notarization can be abused until detections and revocations occur .<\/li>\n\n\n\n<li><strong>Tighten policies around first-run applications and limit installation paths to approved mechanisms <\/strong>(MDM\/self-service portals) to prevent \u201cordinary-looking utility URL\u201d installs from becoming routine .<\/li>\n\n\n\n<li><strong>Ensure security tooling\/MDM can alert on newly observed developer certificates and newly notarized binaries seen in the environment, then fast-track review\/containment .<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.securityweek.com\/macsync-macos-malware-distributed-via-signed-swift-application\/\">SecurityWeek<\/a>, <a href=\"https:\/\/thehackernews.com\/2025\/12\/new-macsync-macos-stealer-uses-signed.html\">The Hacker News<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4111179\/macsync-stealer-malware-bypasses-macos-gatekeeper-security-warnings.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Operation Sentinel: 574 Arrested, $3M Recovered, Six Ransomware Strains Decrypted Across Africa<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Interpol\u2019s Operation Sentinel, conducted from October 27 to November 27, involved 19 African countries in a coordinated effort against business email compromise, digital extortion, and ransomware.\n<strong>The initiative led to 574 arrests, the seizure of $3 million, the takedown of over 6,000 malicious links, and the decryption of six distinct ransomware variants tied to more than $21 million in losses.<\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Senegal: <\/strong>Blocked a $7.9 million BEC transfer targeting a petroleum company by freezing destination accounts.<\/li>\n\n\n\n<li><strong>Ghana<\/strong>: Developed a decryption tool to recover 30 TB of 100 TB encrypted, arrested multiple suspects after a $120,000 loss.<\/li>\n\n\n\n<li><strong>Ghana\/Nigeria: <\/strong>Dismantled a fast-food brand spoofing scam that defrauded 200+ victims of over $400,000; 10 suspects arrested.<\/li>\n\n\n\n<li><strong>Benin:<\/strong> Arrested 106 individuals, removed 43 malicious domains, and shut down 4,318 scam-linked social media accounts.<\/li>\n\n\n\n<li><strong>Cameroon: <\/strong>Traced a phishing-compromised vehicle sales server and executed an emergency bank freeze within hours.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/interpol-led-action-decrypts-6-ransomware-strains-arrests-hundreds\/\">Bleeping Computer<\/a>, <a href=\"https:\/\/www.securityweek.com\/574-arrested-3-million-seized-in-crackdown-on-african-cybercrime-rings\/\">SecurityWeek<\/a>, <a href=\"https:\/\/thehackernews.com\/2025\/12\/interpol-arrests-574-in-africa.html\">The Hacker News<\/a>, <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/operation-sentinel-african-cybercrime-syndicates\">Dark Reading<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Italy Fines Apple \u20ac98.6M Over Double-Consent Requirement in iOS ATT Framework<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Italy\u2019s competition authority has fined Apple about \u20ac98.6 million <\/strong> over how Apple\u2019s App Tracking Transparency (ATT) regime is applied on iOS and in the App Store.<strong> The core complaint is not that ATT exists, but that its design and Apple\u2019s related rules allegedly create an uneven playing field: many third\u2011party apps end up showing Apple\u2019s ATT prompt and then also needing an additional GDPR-style advertising consent flow<\/strong> (a \u201csecond banner\/prompt\u201d), while Apple\u2019s own services are viewed as facing less friction or different treatment for comparable advertising\/tracking outcomes.\n\n<strong>What Italy appears to be looking for is a remedy that preserves meaningful user privacy but removes this alleged asymmetry and \u201cdouble consent\u201d burden on rivals.<\/strong> One plausible direction is a more unified consent setup where developers must declare (in a standardized, enforceable way) their tracking\/ads purposes and partners, the user makes the choice once, and that choice becomes a reusable consent\/permission signal the app can honor\u2014reducing repeat prompts without requiring Apple to share Apple-held user data with developers.\n<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The AGCM investigation began in May 2023 and involved EU competition and privacy regulators.<\/li>\n\n\n\n<li>Apple\u2019s own apps bypass the double-consent requirement, while third-party developers must display both ATT and GDPR-compliant banners.<\/li>\n\n\n\n<li>Regulators noted ATT could boost Apple\u2019s App Store commissions and advertising revenue at competitors\u2019 expense.<\/li>\n\n\n\n<li><strong>Apple has appealed the ruling <\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/siliconangle.com\/2025\/12\/22\/apple-fined-116m-italy-att-privacy-feature-ios\/\">SiliconANGLE<\/a>, <a href=\"https:\/\/www.securityweek.com\/italy-antitrust-agency-fines-apple-116-million-over-privacy-feature-apple-announces-appeal\/\">SecurityWeek<\/a>, <a href=\"https:\/\/thehackernews.com\/2025\/12\/italy-fines-apple-986-million-over-att.html\">The Hacker News<\/a>, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices\/\">Bleeping Computer<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Subscribe<\/h2>\n\n\n\n<p>Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.<\/p>\n\n\n                <div class=\"ml-embedded\" data-form=\"pKq7EM\"><\/div>\n            \n<p><!-- \/wp:post-content --><\/p>\n<p><!-- \/wp:post-content --><\/p>\n<p><!-- \/wp:post-content --><\/p>","protected":false},"excerpt":{"rendered":"<p>Latest Cybersecurity news from December 2025. <\/p>\n<p>I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. \ud83d\ude31 My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story. <\/p>","protected":false},"author":1,"featured_media":21380,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-21366","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/21366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=21366"}],"version-history":[{"count":12,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/21366\/revisions"}],"predecessor-version":[{"id":21379,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/21366\/revisions\/21379"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/21380"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=21366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=21366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=21366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}