Today’s threat landscape is dominated by two actively exploited zero-day vulnerabilities in the Android Framework, prompting immediate action from Google and a new CISA directive. This summary also covers a massive NPM supply chain attack that exposed 400,000 developer secrets, critical vulnerabilities in industrial control systems (ICS), and a sophisticated North Korean campaign targeting IT workers. These incidents highlight the urgent need for robust vulnerability management and supply chain security.
Top 5 Critical Security Alerts
- Google fixes two Android zero days exploited in attacks, 107 flaws : Google’s December security update patches two actively exploited zero-day vulnerabilities in the Android Framework, alongside 105 other flaws. Immediate patching is advised. Read more
- CISA Adds Two Known Exploited Vulnerabilities to Catalog : CISA has added two Android Framework vulnerabilities (CVE-2025-48572 and CVE-2025-48633) to its KEV catalog, confirming they are under active exploitation. Read more
- Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets : A massive supply chain attack infected hundreds of NPM packages, leading to the exposure of approximately 400,000 developer secrets published across 30,000 GitHub repositories. Read more
- Industrial Video & Control Longwatch Vulnerability : A critical code injection vulnerability (CVSS 9.8) in Longwatch video surveillance systems allows unauthenticated remote code execution with SYSTEM-level privileges. Read more
- Iskra iHUB and iHUB Lite Vulnerability : A critical flaw (CVSS 9.3) in Iskra smart metering gateways exposes the web management interface without authentication, allowing attackers to reconfigure devices and manipulate connected systems. Read more
Threat Intelligence
- Iran-linked hackers target Israeli, Egyptian critical infrastructure through phishing campaign : An Iranian-backed threat actor conducted a prolonged phishing campaign targeting critical infrastructure and government sectors in Israel and Egypt. Read more
- North Korea lures engineers to rent identities in fake IT worker scheme : Researchers have uncovered a sophisticated North Korean operation where developers are tricked into ‘renting’ out their identities, enabling state-sponsored actors to secure remote IT jobs for illicit fundraising. Read more
- Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure : The cybercrime economy has fully adopted a subscription model, offering everything from phishing kits and OTP bots to infostealers as a service, lowering the barrier for entry for attackers. Read more
- Fake Calendly invites spoof top brands to hijack ad manager accounts : A phishing campaign is using fake Calendly invitations impersonating major brands like Disney and Uber to steal Google Workspace and Facebook business credentials. Read more
- Mirion Medical EC2 Software NMIS BioDose Vulnerabilities : Multiple vulnerabilities, including hard-coded credentials and improper permissions, have been found in Mirion Medical software, potentially allowing for RCE and unauthorized access. Read more
Security Breaches & Incidents
- University of Pennsylvania confirms new data breach after Oracle hack : The University of Pennsylvania has disclosed a data breach resulting from an attack on its Oracle E-Business Suite servers, leading to the theft of personal information. Read more
- A data breach at analytics giant Mixpanel leaves a lot of open questions : Analytics firm Mixpanel has suffered a data breach, but key details about the scope, impact, and timeline of the incident remain unanswered by the company. Read more
- Microsoft Defender portal outage disrupts threat hunting alerts : An ongoing outage in the Microsoft Defender XDR portal is preventing security teams from accessing critical capabilities, including alerts and threat hunting data. Read more
- Korea arrests suspects selling intimate videos from hacked IP cameras : South Korean police have arrested four individuals for allegedly hacking over 120,000 IP cameras and selling the private footage to an adult website. Read more
Security Tools & Best Practices
- FTC settlement requires Illuminate to delete unnecessary student data : Following a breach affecting 10 million students, the FTC is requiring ed-tech provider Illuminate Education to delete unnecessary student data and improve its security practices. Read more
- India plans to verify and record every smartphone in circulation : The Indian government is mandating the preinstallation of its Sanchar Saathi app on all new smartphones, raising significant privacy and surveillance concerns. Read more
Security Standards & Frameworks
- CISA Releases Five Industrial Control Systems Advisories : CISA has published five new advisories detailing vulnerabilities in ICS products from vendors including Mirion Medical, Industrial Video & Control, and Iskra. Read more
Emerging Security Technologies
- Leaked “Soul Doc” reveals how Anthropic programs Claude’s character : An internal document leaked from Anthropic shows the unique methodology the company uses to define the personality and ethical guidelines for its AI model, Claude. Read more
- Critical PickleScan Vulnerabilities Expose AI Model Supply Chains : Researchers have discovered three critical zero-day vulnerabilities in PickleScan, a tool for scanning AI models, which could allow attackers to bypass security checks. Read more
