Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet With up to 4 Million Infected Hosts

TLDR: Cloudflare reports a record 29.7 Tbps DDoS attack from the AISURU botnet, lasting 69 seconds and involving 1-4 million infected hosts. The botnet targets telecoms, gaming, and financial sectors. In 2025, Cloudflare mitigated 36.2 million DDoS attacks, indicating a surge in size and complexity of attacks, especially against AI companies and the automotive industry.

https://thehackernews.com/2025/12/record-297-tbps-ddos-attack-linked-to.html

Silver Fox’s Russian Ruse: ValleyRAT Hits China Via Fake Microsoft Teams Attack

Silver Fox, a Chinese APT group, is misrepresenting itself as a Russian threat actor through a fake Microsoft Teams SEO poisoning campaign targeting organizations in China. Utilizing “ValleyRAT” malware, it conducts state-sponsored espionage and financial fraud. The attack employs false flags, like Cyrillic characters, to mislead attribution, while aiming for sensitive intelligence and financial gains. Organizations, especially those with Chinese operations, need to fortify their defenses by enabling logging and monitoring to counter these evolving threats.

https://reliaquest.com/blog/threat-spotlight-silver-foxs-russian-ruse-fake-microsoft-teams-attack

French NGO Reporters Without Borders Targeted by Calisto in Recent Campaign

Sekoia’s TDR team uncovered spear-phishing campaigns by the Russian-linked group Calisto in May-June 2025, targeting Reporters Without Borders and others. Calisto, associated with Russian intelligence, focused on organizations linked to Ukraine and the West. Their phishing tactics involved fake trusted contacts, missing attachments, or non-working files to trick victims into requesting follow-up documents containing malicious links or decoy PDFs. The phishing kits employed advanced techniques like Adversary-in-the-Middle, intercepting credentials, and 2FA. Calisto’s campaigns make extensive use of compromised websites, redirectors, and numerous custom domains for phishing and credential harvesting. NGOs aiding Ukraine and associated researchers remain high-risk targets.

https://blog.sekoia.io/ngo-reporters-without-borders-targeted-by-calisto-in-recent-campaign/

Amid Rising Threats, NATO Holds Its Largest-ever Cyberdefense Exercise

NATO conducted its largest cyberdefense exercise, Cyber Coalition, in Estonia, involving 1,300 participants from 29 allies and 7 partner nations. The exercise aimed to simulate responses to multi-faceted cyber threats against critical infrastructure and emphasized cooperation over competition. Participants addressed complex scenarios, verifying threats and collaborating on intelligence sharing. A new space-based scenario was introduced, reflecting real-world incidents. The exercise highlighted the necessity of sharing information to tackle modern cyber challenges effectively.

https://therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

Critical security flaw in React Server Components (CVE-2025-55182) allows unauthenticated remote code execution, affecting multiple React versions. Exploitable due to unsafe deserialization, attackers can craft HTTP requests to execute arbitrary JavaScript. This impacts versions of React libraries and Next.js. Patches are available; users advised to update and monitor for suspicious traffic until then. Various cloud providers have implemented protective measures.

https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

Microsoft “mitigates” Windows LNK Flaw Exploited as Zero-day

,

Microsoft mitigated a severe Windows LNK vulnerability exploited by state and cybercrime groups (CVE-2025-9491), allowing attackers to conceal malicious operations in LNK files, requiring user interaction to execute. Despite initial inaction, Microsoft silently adjusted LNK file visibility in June 2025, while unofficial patches have been offered to limit risks until a thorough fix is provided.

https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/

How Attackers Use Real IT Tools to Take Over Your Computer

Attackers are exploiting legitimate Remote Monitoring and Management (RMM) tools, like LogMeIn Resolve, to gain remote access to victims' computers without traditional malware. By disguising these tools as common software, they evade security measures. Users are advised to download software from official sources, verify file signatures, and stay informed about social engineering tactics.

https://www.malwarebytes.com/blog/news/2025/12/how-attackers-use-real-it-tools-to-take-over-your-computer

India Backs Off Mandatory ‘cyber Safety’ App After Surveillance Backlash

,

India cancels mandatory “cyber safety” app installation for new smartphones after privacy concerns arose. The government initially required device makers to preload the app, but backlash led to its reversal. Officials claimed the app aimed to combat fraud and theft, emphasizing user security and the ability to uninstall it. Digital rights advocates welcomed the decision but remained cautious until formal legal confirmation.

https://therecord.media/india-drops-mandate-sanchar-saathi-app-privacy-surveillance

Critical Vulnerability in React and Next.js (CVE-2025-55182)

TLDR: On December 3, 2025, React disclosed CVE-2025-55182, a critical remote code execution vulnerability (CVSS 10) in React Server Components due to unsafe deserialization. Affects React versions 19.0-19.2.0; fixed in 19.0.1, 19.1.2, 19.2.1. Next.js versions 15.0.5-15.5.7 and 16.0.7 also need updates. Vulnerability allows remote exploitation without authentication.

https://www.vulncheck.com/blog/cve-2025-55182-react-nextjs

AI Malware: Hype Vs. Reality

,

AI Malware currently operates at low maturity levels (AIM3 Levels 1-3), mainly assisting existing attack methods rather than enabling fully autonomous threats. Claims of advanced AI malware often stem from limited research demos with unclear impacts. No confirmed instances of fully embedded AI malware exist; most rely on external models. Defenders should focus on monitoring legitimate AI service abuse and strengthening existing controls, rather than reacting to exaggerated scenarios of AI threats.

https://www.recordedfuture.com/blog/ai-malware-hype-vs-reality

India Demands Smartphone Makers Install Government App

,

India mandates all smartphone makers to pre-install the “Sanchar Saathi” app on devices within 90 days to combat fraud and enhance telecom security. The app allows users to report suspected fraud, block stolen devices, and verify IMEI numbers. Critics raise concerns about privacy, as the app accesses call logs and messages, while some users welcome it as a fraud-fighting tool.

https://www.theregister.com/2025/12/02/india_mandatory_sanchar_saathi_app/

Google Fixes Two Android Zero Days Exploited in Attacks, 107 Flaws

, ,

Google's December 2025 Android security update fixes 107 vulnerabilities, including two exploited in attacks. Major issues address information disclosure and elevation of privileges. Critical flaws also include a denial-of-service vulnerability in the Android Framework and several severe vulnerabilities in the Kernel affecting Qualcomm devices. Users should update to newer Android versions or use third-party distributions for security.

https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/

Scroll to Top