Sysdig discovered North Korea-linked EtherRAT, a stealthy new backdoor using Ethereum smart contracts for C2 after exploiting the critical React2Shell vulnerability (CVE-2025-55182).

Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty.

Portugal updates its cybercrime law (Decree Law 125/2025) to grant ethical hackers a 'safe harbour' from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to the CNCS, and how other nations are following this trend.

Varonis threat analysts warn about Spiderman, a dangerous new kit that automates attacks against European banks and crypto customers, stealing a victim’s full identity profile.

Ad fraud networks use bots, deepfakes and spoofed traffic to drain PPC budgets. This report shows how fake clicks distort performance data.

Europol and Eurojust led a massive international police operation that successfully dismantled a crypto fraud network that laundered over €700M using deepfake ads.

Google AI systems (Gemini Enterprise) had a critical 'GeminiJack' security flaw allowing attackers to steal Gmail, Docs, and Calendar data with no clicks.

SimpleX Chat’s X account hacked to promote fake crypto site urging users to connect wallets. Site mimicked official design to steal funds.

ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings.

Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access.

Cary, North Carolina, USA, 8th December 2025, CyberNewsWire

Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.

Infoblox Threat Intel reports a campaign that used the Evilginx phishing kit to bypass Multi-Factor Authentication (MFA) and steal credentials from 18 US universities between April and November 2025.

Barts Health NHS confirms Cl0p ransomware breach via Oracle flaw. Invoice data exposed. Patient records and clinical systems remain unaffected.

CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks.

AI is transforming the video-making process of creators. Learn how WondershareFilmora V15 helps individual creators edit smarter using powerful AI.

Madison, United States, 5th December 2025, CyberNewsWire

The dangerous ClayRat Android spyware has evolved, gaining the ability to steal PINs, record screens, and disable security by abusing Accessibility Services. Users must beware of fake apps spreading through phishing sites and Dropbox.

Torrance, California, USA, 5th December 2025, CyberNewsWire

Aikido Security exposes a new AI prompt injection flaw in GitHub/GitLab pipelines, letting attackers steal secrets. Major companies affected.