4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign
https://cybersecuritynews.com/4-3-million-chrome-and-edge-users-hacked/
North Korea lures engineers to rent identities in fake IT worker scheme
https://www.bleepingcomputer.com/news/security/north-korea-lures-engineers-to-rent-identities-in-fake-it-worker-scheme/
Hackers Actively Exploiting 7-Zip RCE Vulnerability in the Wild
https://cybersecuritynews.com/7-zip-rce-vulnerability-exploited/
Diffing 7-Zip for CVE-2025-11001 | pacbypass blog
https://pacbypass.github.io/2025/10/16/diffing-7zip-for-cve-2025-11001.html
MuddyWater: Snakes by the riverbank
https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/
ハッカーを目指す私が、自分の成長のために決めた “やらないこと” - Findy Media | IT/Webエンジニアの転職・求人サイトFindy – GitHubからスキル偏差値を算出
https://findy-code.io/media/articles/list-AsuNa_jp
Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi
https://cybersecuritynews.com/charging-cable-that-hacks-your-device/
Fake Calendly invites spoof top brands to hijack ad manager accounts
https://www.bleepingcomputer.com/news/security/fake-calendly-invites-spoof-top-brands-to-hijack-ad-manager-accounts/
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets
https://www.bleepingcomputer.com/news/security/shai-hulud-20-npm-malware-attack-exposed-up-to-400-000-dev-secrets/
Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp | Trend Micro (US)
https://www.trendmicro.com/en_us/research/25/l/water-saci.html
Writing Sync, Popping Cron: DEVCORE’s Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631) | blog
https://kiddo-pwn.github.io/blog/2025-11-30/writing-sync-popping-cron
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
https://thehackernews.com/2025/12/malicious-npm-package-uses-hidden.html
DNS Uncovers Infrastructure Used in SSO Attacks
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
Threat Intelligence - ANY.RUN
https://intelligence.any.run/analysis/lookup?utm_content=linktoti&utm_term=021225#%7B%2522query%2522:%2522threatName:%255C%2522%5Ephishing$%255C%2522%2522,%2522dateRange%2522:180%7D
Law Enforcement shuts down Cryptomixer in major crypto crime takedown
https://securityaffairs.com/185217/cyber-crime/law-enforcement-shuts-down-cryptomixer-in-major-crypto-crime-takedown.html
University of Pennsylvania confirms new data breach after Oracle hack
https://www.bleepingcomputer.com/news/security/university-of-pennsylvania-confirms-data-theft-after-oracle-ebs-hack/
Android Security Bulletin—December 2025 | Android Open Source Project
https://source.android.com/docs/security/bulletin/2025-12-01
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
https://thehackernews.com/2025/12/google-patches-107-android-flaws.html
ChatGPT is down worldwide, conversations disappeared for users
https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-is-down-worldwide-conversations-dissapeared-for-users/
GitHub - Scoubi/BloodSOCer
https://github.com/Scoubi/BloodSOCer/
Microsoft Defender portal outage disrupts threat hunting alerts
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-portal-outage-blocks-access-to-security-alerts/
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
https://thehackernews.com/2025/12/researchers-capture-lazarus-apts-remote.html
Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
https://thehackernews.com/2025/12/iran-linked-hackers-hits-israeli_2.html