This posting is here to collect cyber security news in December 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in December 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
117 Comments
Tomi Engdahl says:
How CISOs can prepare for the new era of short-lived TLS certificates
Feature
Dec 3, 2025
9 mins
TLS certificate lifespans are shrinking — first to 200 days, then to just 47. That means more frequent renewals, higher risk of outages, and tighter operational timelines.
https://www.csoonline.com/article/4097721/how-cisos-can-prepare-for-the-new-era-of-short-lived-tls-certificates.html
Tomi Engdahl says:
https://cybersecuritynews.com/threat-actors-leveraging-foxit-pdf-reader/
Tomi Engdahl says:
https://cybersecuritynews.com/ukraine-hackers-attacking-russian-aerospace-companies/
Tomi Engdahl says:
https://cybersecuritynews.com/hackers-can-hijack-your-dash-cams/
Tomi Engdahl says:
https://cybersecuritynews.com/splunk-enterprise-permission-vulnerabilities/
Tomi Engdahl says:
https://cybersecuritynews.com/android-0-day-vulnerability-exploited/
Tomi Engdahl says:
TLS 1.3 includes welcome improvements, but still allows long-lived secrets
Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear
https://www.theregister.com/2025/12/04/tls_13_includes_welcome_improvements/
Tomi Engdahl says:
New Scanner Tool for Detecting Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
https://cybersecuritynews.com/scanner-tool-reactjs-and-next-js/#google_vignette
Tomi Engdahl says:
https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html
Tomi Engdahl says:
https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html
Tomi Engdahl says:
https://www.malwarebytes.com/blog/news/2025/12/new-android-malware-lets-criminals-control-your-phone-and-drain-your-bank-account
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cloudflare-blames-todays-outage-on-emergency-react2shell-patch/
Tomi Engdahl says:
https://cybersecuritynews.com/china-nexus-hackers-exploiting-react2shell-flaw/
Tomi Engdahl says:
Threat Landscape Grows Increasingly Dangerous for Manufacturers
Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.
https://www.darkreading.com/cyberattacks-data-breaches/threat-landscape-increasingly-dangerous-manufacturers
Tomi Engdahl says:
https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html
Tomi Engdahl says:
https://cybersecuritynews.com/living-off-the-land-techniques/
Tomi Engdahl says:
https://cyberaudit.fi/ransomware-attack-toiminta-ja-varautuminen/
Tomi Engdahl says:
https://dawn.fi/uutiset/2025/11/24/yleisimmat-salananat-suomi-2025#google_vignette
Tomi Engdahl says:
New Unauthenticated DoS Vulnerability Crashes Next.js Servers with a Single Request
https://cybersecuritynews.com/next-js-servers-dos-vulnerability/
Tomi Engdahl says:
Cheap Hardware Module Bypasses AMD, Intel Memory Encryption
Researchers built an inexpensive device that circumvents chipmakers’ confidential computing protections and reveals weaknesses in scalable memory encryption.
https://www.darkreading.com/vulnerabilities-threats/cheap-hardware-module-amd-intel-memory-encryption
Tomi Engdahl says:
Ex-CISA officials, CISOs dispel ‘hacklore,’ spread cybersecurity truths
Don’t believe everything you read
https://www.theregister.com/2025/11/24/hacklore_launch/
Tomi Engdahl says:
Ohjelmistokehittäjiä piinaava Hiekkamato-haittaohjelma leviää nyt vauhdilla – Näin suojaudut
Suvi Korhonen27.11.202514:51HaittaohjelmatTietoturvaOhjelmistokehitys
Kyberturvallisuuskeskus kehottaa kaikkia NPM:ää käyttäviä organisaatioita sekä kehittäjiä tarkistamaan oman tilanteensa.
https://www.tivi.fi/uutiset/a/5156ecaf-060e-4c26-9c22-e0fd8c98b684
Tomi Engdahl says:
https://cybersecuritynews.com/vulnerable-codes-in-legacy-python-packages/
Tomi Engdahl says:
CodeRED emergency alert system CodeDEAD after INC ransomware attack
Regions across US affected, and one tore up its contract for the product
iconConnor Jones
Wed 26 Nov 2025 // 14:33 UTC
Towns and cities across the US are without access to their CodeRED emergency alert system following a cyberattack on vendor Crisis24.
https://www.theregister.com/2025/11/26/codered_emergency_alert_ransomware/
Tomi Engdahl says:
Hottest cybersecurity open-source tools of the month: November 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments.
https://www.helpnetsecurity.com/2025/11/27/hottest-cybersecurity-open-source-tools-of-the-month-november-2025/
Tomi Engdahl says:
https://www.darkreading.com/threat-intelligence/malware-authors-incorporate-llms-evade-detection
Tomi Engdahl says:
India demands smartphone makers install a government app on every handset
‘Sanchar Saathi’ shares data to help fight fraud and protect carrier security
https://www.theregister.com/2025/12/02/india_mandatory_sanchar_saathi_app/
India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days to get the job done – and to ensure users can’t remove the code.
The app is called “Sanchar Saathi” and is a product of India’s Department of Telecommunications (DoT).
On Google Play and Apple’s App Store, the Department describes the app as “a citizen centric initiative … to empower mobile subscribers, strengthen their security and increase awareness about citizen centric initiatives.”
Tomi Engdahl says:
https://cybersecuritynews.com/cisco-asyncos-0-day-vulnerability/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-teams-is-down-and-messages-are-delayed/?fbclid=IwdGRjcAOzryRjbGNrA7OvC2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHpOitiw5-VLSQLrjvV4IScLqFTW5K2wF0u-lbm8r5mDIhHhKo7r3bmwcUN7d_aem_8dwdUD3-AEB-dpLCvKnbTA
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/pornhub-extorted-after-hackers-steal-premium-member-activity-data/
Tomi Engdahl says:
https://www.reuters.com/world/americas/hacking-group-shinyhunters-claims-theft-data-users-leading-sex-site-pornhub-2025-12-16/
Tomi Engdahl says:
Porn Hack—Has Your Pornhub Search And View History Leaked?
https://www.forbes.com/sites/zakdoffman/2025/12/17/pornhub-confirms-breach-user-search-watch-and-download-activity-stolen/
There’s something particularly frightening about porn and similar data breaches — it’s an internet nightmare come true. No matter who you are, where you live or what you do, your adult content search history getting into the wrong hands is terrifying. Just look at the VPN surge as users avoid identity or age verification to access porn.
“We recently learned that an unauthorized party gained unauthorized access to analytics data stored with Mixpanel, a third-party data analytics service provider,” Pornhub confirmed in a Dec. 12 statement updated on Dec. 16. “The unauthorized party was able to use this unauthorized access to extract a limited set of analytics events for some users. This was not a breach of Pornhub Premium’s systems.”
Tomi Engdahl says:
Chinese-made drones have dominated the skies in the United States for years, with private owners, police departments, and firefighters deploying them nationwide. But a new rule by the Federal Communications Commission will make it impossible for US consumers to buy the next generation of these drones. https://cnn.it/3MIujwm
Tomi Engdahl says:
https://nypost.com/2025/12/23/us-news/tech-savvy-users-discover-a-way-around-redacted-parts-of-jeffrey-epstein-files/?utm_medium=social&utm_social_post_id=632191480&utm_social_handle_id=191800200860241&utm_campaign=nypost&sr_share=facebook&utm_source=facebook&fbclid=IwdGRjcAO6JBtjbGNrA7oj-GV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHrJrQS5SispeRGezpd1ji3QLrXwJ7rxo7l6G6OPRzU8z5TNFTxJrpmo8T1hE_aem_tBrIG0DnHYANWw6mKX7Jyw
Tech-savvy users discover a way around redacted parts of Jeffrey Epstein files
Tech-savvy sleuths have discovered a way to uncensor the heavily redacted files on notorious pedophile Jeffrey Epstein, as the Department of Justice continues to release the documents.
Some portions of the documents, initially blacked out in Adobe Acrobat, pop up when copied and pasted into Google Docs or Microsoft programs like Word, The Post confirmed during a test run.
“Anyone can read redactions of the Epstein Files by just copying and pasting them into a word doc,” social media influencer Jake Broe wrote on X Tuesday, along with a video showing the apparent federal faux pas.
Tomi Engdahl says:
Acting CISA director failed a polygraph. Career staff are now under investigation. – POLITICO https://share.google/KEJWpNhpyrRAplFu0
Acting CISA director failed a polygraph. Career staff are now under investigation.
At least six career staff were placed on leave after DHS opened an investigation into whether they misled the agency’s acting director, Madhu Gottumukkala, into taking the test.
https://www.politico.com/news/2025/12/21/cisa-acting-director-madhu-gottumukkala-polygraph-investigation-00701996
The incident this July and the subsequent fallout — which has not been reported before — have angered career staff, alarmed fellow Trump administration appointees and raised questions about Gottumukkala’s leadership of the nearly $3 billion cyber defense agency.
“Instead of taking ownership and saying, ‘Hey, I screwed up,’ he gets other people blamed and potentially ruins their careers,” said a current official, who described Gottumukkala’s tenure at CISA so far as “a nightmare” for the agency.
Tomi Engdahl says:
Yhdysvaltain sisäisen turvallisuuden ministeriö rankaisi kyberturvallisuusviraston (CISA) työntekijöitä, koska viraston johtaja epäonnistui valheenpaljastuskokeessa. Aiheesta kertoo Politico.
Kyberjohtaja reputti valheenpaljastimessa Yhdysvalloissa – Työntekijät saivat rangaistuksen | Mikrobitti https://share.google/ydWMPVythWmFb6ZCS
Tomi Engdahl says:
https://cybersecuritynews.com/poc-exploit-hpe-oneview-vulnerability/
Tomi Engdahl says:
Russia
‘All brakes are off’: Russia’s attempt to rein in illicit market for leaked data backfires
Russian state has tolerated parallel probiv market for its convenience but now Ukrainian spies are exploiting it
https://www.theguardian.com/world/2025/dec/26/russia-selling-personal-data-leaks-probiv-ukraine-spies
Tomi Engdahl says:
https://cybersecuritynews.com/fortigate-firewall-vulnerability/
Tomi Engdahl says:
Justice Department Humiliated as People Find the Epstein Files Can Easily Be Un-Redacted
If you know how to copy-paste, congratulations: you have the tools to topple the Deep State.
https://futurism.com/future-society/eptein-files-easily-unredacted
Tomi Engdahl says:
Is Cloudflare adding outage-as-a-service to their offering lineup?
Tomi Engdahl says:
Kyberisku lamautti Ranskan postin verkkopalvelut viikoksi – Venäjän hakkerit myönsivät iskun
Anna Helakallio29.12.202509:46|päivitetty29.12.202509:46TietoturvaKyber
Venäläismielinen Noname057-hakkeriryhmä on väittänyt olevansa hyökkäyksen takana. Sama ryhmä on hyökännyt myös suomalaisiin verkkosivustoihin.
https://www.tivi.fi/uutiset/a/3529c9b9-a8cb-4f2a-b473-ff095322042d
Ranskan postilaitos joutui viime viikolla kyberhyökkäyksen kohteeksi. Hyökkäys lamaannutti postin verkkopalvelut lähes viikon ajaksi.
Palvelunestohyökkäys alkoi viime maanantaina. Hyökkäys häiritsi pakettien ja postin toimituksia, mutta asiakastietoja ei vuotanut. Postilaitoksen toiminta palasi normaaliksi tapaninpäivänä.
Venäläismielinen Noname057-hakkeriryhmä on väittänyt olevansa kyberhyökkäyksen takana. Ryhmä on aiemmin tehnyt kyberhyökkäyksiä useisiin eurooppalaisiin maihin. Noname057:n hyökkäykset ovat kohdistuneet myös Suomeen: ryhmä teki tänä syksynä kyberhyökkäyksen puolustusministeriön ja useiden suomalaisorganisaatioiden verkkosivuille.
Ranskan tiedusteluvirasto DGSI johtaa nyt hyökkäyksestä tehtävää tutkintaa.
Tomi Engdahl says:
https://gbhackers.com/critical-zero-day-rce-flaw-in-networking-devices/
Tomi Engdahl says:
https://cybersecuritynews.com/windows-imaging-component-vulnerability
Tomi Engdahl says:
GitHub Takes Down Rockchip MPP Repository After FFmpeg Copyright Claim
GitHub disabled the Rockchip Linux MPP repository after a DMCA notice from an FFmpeg developer alleging violations of the LGPL license.
https://linuxiac.com/github-takes-down-rockchip-mpp-repository-after-ffmpeg-copyright-claim/
Tomi Engdahl says:
https://muropaketti.com/tietotekniikka/tietotekniikkauutiset/openai-joutuu-panostamaan-turvallisuusstrategiaan-chatgptn-vaitetaan-myotavaikuttaneen-kuolemantapauksiin/
Tomi Engdahl says:
Forget OpenVPN, WireGuard: This is the VPN protocol of the future
Features
By Chiara Castro published December 27, 2025
NordWhisper is moving towards metadata encryption and a TLS-based future
https://www.techradar.com/vpn/vpn-privacy-security/forget-openvpn-wireguard-this-is-the-vpn-protocol-of-the-future
Tomi Engdahl says:
https://www.episodi.fi/uutiset/south-park-kasikirjoittaja-osti-trump-kennedy-centerin-domainin-ennen-keskuksen-uudelleennimeamista/#utm_term=Autofeed&utm_medium=Social&utm_source=Facebook&Echobox=1766855227
Tomi Engdahl says:
Cloudflare Open Sources tokio‑quiche, Promising Easier QUIC and HTTP/3 in Rust
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-reportedly-testing-claude-like-skills-for-chatgpt/