Ethical Hacking News
Cybersecurity experts are sounding the alarm as threats mount worldwide, from cryptocurrency heists to spyware attacks, and from social media vulnerabilities to malware exploits. With new warnings emerging every day, individuals and organizations must take proactive steps to secure themselves against these growing threats.
Cyber threats are on the rise, with individuals and organizations being targeted by various forms of cybercrime, including cryptocurrency heists, spyware attacks, and malware exploits.A California resident pleaded guilty to RICO conspiracy charges for his role in laundering $3.5 million in cryptocurrency using social engineering tactics.State-sponsored cyber espionage is becoming a growing concern, with Apple and Google sending alerts to users in nearly 80 countries about spyware attacks.The European Union has approved Meta's proposal to give Instagram and Facebook users more control over their personal data.A malicious software called Lumma Stealer has infected around 26,000 users in New Zealand, highlighting the threat of malware attacks.Notepad++ has fixed a critical flaw that allowed threat actors to hijack traffic and download malware.Telegram has tightened its cyber controls after a report showed an increase in malicious shadow channels.The UK government has imposed sanctions against several Russian and Chinese organizations accused of undermining the West through cyber attacks.A new analysis shows that 13% of Log4j downloads are susceptible to Log4Shell, highlighting the risk of supply chain attacks.India is reportedly reviewing a proposal to force smartphone firms to enable satellite location tracking without user option to disable it.More than 10,000 Docker Hub container images are exposing credentials to production systems, representing severe risks to cloud environments and infrastructure components.
In recent weeks, the world has witnessed a surge in cyber threats that have left individuals and organizations on high alert. From cryptocurrency heists to spyware attacks, from social media platform vulnerabilities to malware exploits, it seems that no one is immune to the ever-present threat of cybercrime.
One such case that highlights the growing concerns around cryptocurrency laundering is that of Evan Tangeman, a 22-year-old California resident who pleaded guilty to RICO conspiracy charges for his role in laundering $3.5 million on behalf of a criminal gang that stole cryptocurrency through social engineering schemes. The gang, which operated from multiple countries including California, Connecticut, New York, Florida, and abroad, used database hackers, organizers, target identifiers, callers, and residential burglars to carry out their operations.
According to the Justice Department, Tangeman's involvement began in October 2023 and continued through at least May 2025. His actions were part of a larger enterprise that was accused of stealing over $263 million worth of cryptocurrency from a victim in Washington, D.C. The case highlights the growing use of social engineering tactics by cybercriminals to steal large sums of cryptocurrency.
Another pressing concern that has emerged recently is the rise of spyware attacks. Apple and Google have sent new rounds of spyware alerts to users in nearly 80 countries, according to a report from Reuters. While neither company provided information on the number of users targeted or who they thought was behind the surveillance efforts, the move highlights the growing threat of state-sponsored cyber espionage.
In other news, the European Union has given its stamp of approval to Meta's proposal for giving Instagram and Facebook users an option to share less personal data and see fewer personalized ads. The new option, which goes into effect in January 2026, is part of a broader effort by social media giants to address concerns around privacy and data protection.
In related news, New Zealand's National Cyber Security Centre has notified around 26,000 users who have been infected with Lumma Stealer, a malicious software designed to steal sensitive information from devices for the purposes of fraud or identity theft. The use of Lumma Stealer is part of an ongoing international issue that highlights the growing threat of malware attacks.
In other cybersecurity news, Notepad++ has released version 8.8.9 to fix a critical flaw in the open-source text and source code editor for Windows. The bug, which was being abused by threat actors in China to hijack traffic from WinGUp (the Notepad++ updater), redirect it to malicious servers, and then trick people into downloading malware, has been addressed through a patch.
Meanwhile, Telegram has tightened its cyber controls after a report revealed that the "median lifespan of a shadow Telegram channel increased from five months in 2021-2022 to nine months in 2023-2024." The move highlights the growing threat of malicious activities on social media platforms.
In addition, the U.K. government has imposed new sanctions against several Russian and Chinese organizations accused of undermining the West through cyber attacks and influence operations. The actions target two Chinese entities, I-Soon and the Integrity Technology Group (aka Flax Typhoon), as well as a Telegram channel Ryber and its co-owner, Mikhail Zvinchuk.
Furthermore, a new analysis from Sonatype has revealed that about 13% of all Log4j downloads in 2025 are susceptible to Log4Shell. The vulnerability highlights the growing risk of supply chain attacks and the need for organizations to take proactive steps to secure their software dependencies.
In other cybersecurity news, India is reportedly reviewing a telecom industry proposal to force smartphone firms to enable satellite location tracking that is always activated for better surveillance, with no option for users to disable it. The move has been opposed by Apple, Google, and Samsung.
Finally, more than 10,000 Docker Hub container images are exposing credentials to production systems, CI/CD databases, or large language model (LLM) keys, according to a new study from Flare. The exposure represents severe risks, as it enables full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Warnings-Emerge-as-Threats-Mount-Worldwide-ehn.shtml
https://thehackernews.com/2025/12/threatsday-bulletin-spyware-alerts.html
https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://en.wikipedia.org/wiki/Advanced_persistent_threat
Published: Thu Dec 11 07:56:45 2025 by llama3.2 3B Q4_K_M
