This posting is here to collect cyber security news in December 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in December 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
82 Comments
Tomi Engdahl says:
How CISOs can prepare for the new era of short-lived TLS certificates
Feature
Dec 3, 2025
9 mins
TLS certificate lifespans are shrinking — first to 200 days, then to just 47. That means more frequent renewals, higher risk of outages, and tighter operational timelines.
https://www.csoonline.com/article/4097721/how-cisos-can-prepare-for-the-new-era-of-short-lived-tls-certificates.html
Tomi Engdahl says:
https://cybersecuritynews.com/threat-actors-leveraging-foxit-pdf-reader/
Tomi Engdahl says:
https://cybersecuritynews.com/ukraine-hackers-attacking-russian-aerospace-companies/
Tomi Engdahl says:
https://cybersecuritynews.com/hackers-can-hijack-your-dash-cams/
Tomi Engdahl says:
https://cybersecuritynews.com/splunk-enterprise-permission-vulnerabilities/
Tomi Engdahl says:
https://cybersecuritynews.com/android-0-day-vulnerability-exploited/
Tomi Engdahl says:
TLS 1.3 includes welcome improvements, but still allows long-lived secrets
Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear
https://www.theregister.com/2025/12/04/tls_13_includes_welcome_improvements/
Tomi Engdahl says:
New Scanner Tool for Detecting Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
https://cybersecuritynews.com/scanner-tool-reactjs-and-next-js/#google_vignette
Tomi Engdahl says:
https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html
Tomi Engdahl says:
https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html
Tomi Engdahl says:
https://www.malwarebytes.com/blog/news/2025/12/new-android-malware-lets-criminals-control-your-phone-and-drain-your-bank-account
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cloudflare-blames-todays-outage-on-emergency-react2shell-patch/
Tomi Engdahl says:
https://cybersecuritynews.com/china-nexus-hackers-exploiting-react2shell-flaw/
Tomi Engdahl says:
Threat Landscape Grows Increasingly Dangerous for Manufacturers
Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.
https://www.darkreading.com/cyberattacks-data-breaches/threat-landscape-increasingly-dangerous-manufacturers
Tomi Engdahl says:
https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html
Tomi Engdahl says:
https://cybersecuritynews.com/living-off-the-land-techniques/
Tomi Engdahl says:
https://cyberaudit.fi/ransomware-attack-toiminta-ja-varautuminen/
Tomi Engdahl says:
https://dawn.fi/uutiset/2025/11/24/yleisimmat-salananat-suomi-2025#google_vignette
Tomi Engdahl says:
New Unauthenticated DoS Vulnerability Crashes Next.js Servers with a Single Request
https://cybersecuritynews.com/next-js-servers-dos-vulnerability/
Tomi Engdahl says:
Cheap Hardware Module Bypasses AMD, Intel Memory Encryption
Researchers built an inexpensive device that circumvents chipmakers’ confidential computing protections and reveals weaknesses in scalable memory encryption.
https://www.darkreading.com/vulnerabilities-threats/cheap-hardware-module-amd-intel-memory-encryption
Tomi Engdahl says:
Ex-CISA officials, CISOs dispel ‘hacklore,’ spread cybersecurity truths
Don’t believe everything you read
https://www.theregister.com/2025/11/24/hacklore_launch/
Tomi Engdahl says:
Ohjelmistokehittäjiä piinaava Hiekkamato-haittaohjelma leviää nyt vauhdilla – Näin suojaudut
Suvi Korhonen27.11.202514:51HaittaohjelmatTietoturvaOhjelmistokehitys
Kyberturvallisuuskeskus kehottaa kaikkia NPM:ää käyttäviä organisaatioita sekä kehittäjiä tarkistamaan oman tilanteensa.
https://www.tivi.fi/uutiset/a/5156ecaf-060e-4c26-9c22-e0fd8c98b684
Tomi Engdahl says:
https://cybersecuritynews.com/vulnerable-codes-in-legacy-python-packages/
Tomi Engdahl says:
CodeRED emergency alert system CodeDEAD after INC ransomware attack
Regions across US affected, and one tore up its contract for the product
iconConnor Jones
Wed 26 Nov 2025 // 14:33 UTC
Towns and cities across the US are without access to their CodeRED emergency alert system following a cyberattack on vendor Crisis24.
https://www.theregister.com/2025/11/26/codered_emergency_alert_ransomware/
Tomi Engdahl says:
Hottest cybersecurity open-source tools of the month: November 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments.
https://www.helpnetsecurity.com/2025/11/27/hottest-cybersecurity-open-source-tools-of-the-month-november-2025/
Tomi Engdahl says:
https://www.darkreading.com/threat-intelligence/malware-authors-incorporate-llms-evade-detection
Tomi Engdahl says:
India demands smartphone makers install a government app on every handset
‘Sanchar Saathi’ shares data to help fight fraud and protect carrier security
https://www.theregister.com/2025/12/02/india_mandatory_sanchar_saathi_app/
India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days to get the job done – and to ensure users can’t remove the code.
The app is called “Sanchar Saathi” and is a product of India’s Department of Telecommunications (DoT).
On Google Play and Apple’s App Store, the Department describes the app as “a citizen centric initiative … to empower mobile subscribers, strengthen their security and increase awareness about citizen centric initiatives.”
Tomi Engdahl says:
https://cybersecuritynews.com/cisco-asyncos-0-day-vulnerability/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-teams-is-down-and-messages-are-delayed/?fbclid=IwdGRjcAOzryRjbGNrA7OvC2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHpOitiw5-VLSQLrjvV4IScLqFTW5K2wF0u-lbm8r5mDIhHhKo7r3bmwcUN7d_aem_8dwdUD3-AEB-dpLCvKnbTA
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/pornhub-extorted-after-hackers-steal-premium-member-activity-data/
Tomi Engdahl says:
https://www.reuters.com/world/americas/hacking-group-shinyhunters-claims-theft-data-users-leading-sex-site-pornhub-2025-12-16/
Tomi Engdahl says:
Porn Hack—Has Your Pornhub Search And View History Leaked?
https://www.forbes.com/sites/zakdoffman/2025/12/17/pornhub-confirms-breach-user-search-watch-and-download-activity-stolen/
There’s something particularly frightening about porn and similar data breaches — it’s an internet nightmare come true. No matter who you are, where you live or what you do, your adult content search history getting into the wrong hands is terrifying. Just look at the VPN surge as users avoid identity or age verification to access porn.
“We recently learned that an unauthorized party gained unauthorized access to analytics data stored with Mixpanel, a third-party data analytics service provider,” Pornhub confirmed in a Dec. 12 statement updated on Dec. 16. “The unauthorized party was able to use this unauthorized access to extract a limited set of analytics events for some users. This was not a breach of Pornhub Premium’s systems.”