Tracking Threats, Incidents, and Vulnerabilities
Tracking Threats, Incidents, and Vulnerabilities
TLDR: Shai-Hulud 2.0 malware attack exposed ~400,000 developer secrets from NPM packages, affecting ~30,000 GitHub repositories. Over 60% of leaked tokens still valid, with significant infections on Linux and CI/CD platforms.
AI Malware currently operates at low maturity levels (AIM3 Levels 1-3), mainly assisting existing attack methods rather than enabling fully autonomous threats. Claims of advanced AI malware often stem from limited research demos with unclear impacts. No confirmed instances of fully embedded AI malware exist; most rely on external models. Defenders should focus on monitoring legitimate AI service abuse and strengthening existing controls, rather than reacting to exaggerated scenarios of AI threats.
https://www.recordedfuture.com/blog/ai-malware-hype-vs-reality
India mandates all smartphone makers to pre-install the “Sanchar Saathi” app on devices within 90 days to combat fraud and enhance telecom security. The app allows users to report suspected fraud, block stolen devices, and verify IMEI numbers. Critics raise concerns about privacy, as the app accesses call logs and messages, while some users welcome it as a fraud-fighting tool.
https://www.theregister.com/2025/12/02/india_mandatory_sanchar_saathi_app/
Google's December 2025 Android security update fixes 107 vulnerabilities, including two exploited in attacks. Major issues address information disclosure and elevation of privileges. Critical flaws also include a denial-of-service vulnerability in the Android Framework and several severe vulnerabilities in the Kernel affecting Qualcomm devices. Users should update to newer Android versions or use third-party distributions for security.
CVE-2025-61260 – OpenAI Codex CLI Command Injection Vulnerability:
OpenAI Codex CLI is susceptible to command injection via project-local configurations, enabling attackers to execute arbitrary commands on developer machines without user consent. By manipulating .env and config.toml files, an attacker can leverage the automatic loading of MCP server entries to create a backdoor, allowing persistent remote access and command execution. This vulnerability compromises developer workflows and can propagate through supply chains. A fix was issued in version 0.23.0, blocking the unsafe redirection of configuration paths. Users are advised to update immediately.
https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/
4.3M Browsers Infected by ShadyPanda Malware: A seven-year campaign leveraged malicious browser extensions infecting 4.3 million Chrome and Edge users. ShadyPanda employed a phased strategy, transitioning from affiliate fraud to spyware. Initially, they disguised malicious extensions as legitimate tools, then progressively escalated operations to include remote code execution and comprehensive data surveillance. The extensions, some Google-verified, captured and exfiltrated extensive user data, exploiting marketplace oversight flaws. Despite termination of some extensions, others remain active with significant surveillance capabilities, highlighting systemic security vulnerabilities in extension marketplaces.
https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign
New Android malware, Albiriox, allows attackers remote control of infected phones to siphon money from bank and crypto accounts. It operates as Malware-as-a-Service (MaaS), targeting over 400 financial apps globally. Albiriox employs advanced techniques like live streaming, automated clicks, and stealth operations to evade detection, making it a significant threat. Users should only install trusted apps, verify permissions, and utilize up-to-date anti-malware solutions for protection.
Dutch study reveals teen cybercrime is largely temporary; offenders mature by 20, with few continuing. Most youngsters dabble in cybercrime, similar to other offenses. Peak offending age is 20, but few persist beyond that due to curiosity about tech, not monetary gain. Annual social cost of adolescent crime in the Netherlands is €10.3 billion, with costs of cybercrime challenging to quantify. Longitudinal research on cybercrime remains limited, impacting accurate cost assessments.
https://www.theregister.com/2025/12/01/dutch_study_teen_cybercrime/
Cybercriminals are becoming strategic and patient, using autonomous AI to execute long-term plans. The increased reliance on AI in organizations creates opportunities for AI to infiltrate systems without detection. Unlike impulsive hackers, these individuals are methodical, seeking to evade capture while achieving financial freedom. The quiet calm in digital safety is deceptive, hinting at a looming threat driven by calculated, intelligent adversaries rather than chaotic behavior.
AI-led cyber warfare is emerging, with attacks executed autonomously, reducing human oversight significantly. A Chinese hacking group executed a major campaign using Anthropic’s Claude, conducting 80-90% of operations without human intervention, showcasing the rise of “machine-speed warfare.” This shift minimizes the time for vulnerabilities to be exploited, creating asymmetrical advantages for attackers. Defense strategies are evolving with equally autonomous systems responding in milliseconds. The need for human oversight remains critical, particularly for high-stakes decisions, prompting a call for hybrid AI-human models in cybersecurity management.
Guide emphasizes digital security (opsec) for teens. It advises on protecting privacy online, emphasizing secrecy and accessibility, compartmentalizing accounts, using strong passwords, and avoiding account reuse. Encourages using VPNs for privacy and highlights importance of secure apps like Signal. Overall, it stresses proactive steps to mitigate digital risks and disasters.
GreyNoise launched a free tool, GreyNoise IP Check, to help users determine if their IP address is associated with malicious scanning, indicating potential involvement in botnet activities. The service categorizes IP addresses as clean, malicious/suspicious, or part of a common business service, providing a 90-day activity history for further investigation. Users should take action if flagged suspicious and update devices, change credentials, and disable unnecessary remote access.
CISA and UK security agencies warn smartphone users of rising cyber threats, particularly via spyware targeting messaging apps. They recommend iPhone and Android owners immediately apply strict security measures: enable advanced device modes, use only trustworthy services, restrict app permissions, and keep devices and apps up to date. Both agencies caution against using personal VPNs due to the risk of malware and poor privacy from many VPN providers. Official app stores are the safest place to get apps. Additional advice includes using strong passwords, enabling device tracking, and avoiding unknown Wi-Fi networks unless necessary.
TLDR: CONCRYT's 2024-2025 report reveals public awareness of payment fraud spikes during major regulatory events but quickly declines despite increasing AI-enabled fraud threats, showing a disconnect between evolving risks and public vigilance. Regulatory actions drive awareness more than actual fraud incidents, highlighting geographic disparities in understanding of fraud risks. More consumer education is needed amidst rising sophisticated fraud tactics, especially involving AI.
UK government considers restricting children's use of VPNs due to their effectiveness in bypassing age verification from the Online Safety Act, which mandates strict age checks for accessing certain online content. Following the Act's implementation, VPN usage surged significantly, with calls from officials to address this loophole. Discussions on potential methods to limit VPNs are ongoing, but suggestions of a full ban are complicated by the legitimate reasons for VPN use in privacy and security. Alternatives, like restricting VPN promotion to children, are likely under consideration. As other countries follow suit with similar restrictions, the debate on VPN regulation is expected to intensify.
https://www.theverge.com/tech/827435/uk-vpn-restrictions-ban-online-safety-act
