"This week's cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open. The new Threatsday Bulletin brings it all together-big hacks, quiet exploits, bold arrests, and smart discoveries that explain where cyber threats are headed next. It's your quick, plain-spoken look at the week's biggest security moves before they become tomorrow's headlines."
"The recently disclosed React security flaw ( React2Shell, aka CVE-2025-55182) has come under widespread exploitation, including targeting smart home devices, according to Bitdefender. These include smart plugs, smartphones, NAS devices, surveillance systems, routers, development boards, and smart TVs. These attacks have been found to deliver Mirai and RondoDox botnet payloads. Significant probing activity has been detected from Poland, the U.S., the Netherlands, Ireland, France, Hong Kong, Singapore, China, and Panama. This indicates "broad global participation in opportunistic exploitation," the company said. Threat intelligence firm GreyNoise said it observed 362 unique IP addresses across ~80 countries attempting exploitation as of December 8, 2025. "Observed payloads fall into distinct groups: miners, dual-platform botnets, OPSEC-masked VPN actors, and recon-only clusters," it added."
"Cybersecurity researchers have discovered a previously undocumented Linux backdoor named GhostPenguin. A multi-thread backdoor written in C++, it can collect system information, including IP address, gateway, OS version, hostname, and username, and send it to a command-and-control (C&C) server during a registration phase. "It then receives and executes commands"
Malware is being embedded in movie downloads, browser add-ons, and trusted software updates, increasing consumer risk. The React2Shell vulnerability (CVE-2025-55182) is being widely exploited to target smart plugs, smartphones, NAS devices, surveillance systems, routers, development boards, and smart TVs, delivering Mirai and RondoDox botnet payloads. Probing activity has been observed globally, with 362 unique IPs across ~80 countries seen by GreyNoise as of December 8, 2025. Observed payloads include miners, dual-platform botnets, OPSEC-masked VPN actors, and recon-only clusters. A new Linux backdoor named GhostPenguin, written in C++, collects system information and registers with a C&C server to receive commands.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]