Daily Security Briefing #090

December 1, 2025 | Read Online

VPN bans debated, Qualcomm boot flaws exposed, Glassworm malware resurfaces

Executive Summary

Today’s cybersecurity landscape highlights escalating government efforts to regulate privacy tools, with multiple U.S. states considering VPN bans targeting age-restricted content. Meanwhile, critical vulnerabilities in Qualcomm’s secure boot process threaten millions of devices worldwide, prompting urgent security updates. The resurgence of Glassworm malware through malicious Visual Studio Code packages underscores continuing risks in software supply chains. Additional threats include sophisticated spear-phishing campaigns targeting IT professionals, stealth spyware in browser extensions, and large-scale apps mandated by governments to combat telecom fraud. These evolving challenges emphasize the need for vigilance across multiple vectors.

Top Articles

Banning VPNs: U.S. States Consider Restricting Privacy Tools Over Child Protection Claims
Several U.S. states, notably Wisconsin, are advancing legislation aimed at banning VPN usage to enforce age verification for websites with potentially sexual content. The bills propose mandatory blocking of VPNs under the guise of protecting children, raising significant privacy and free internet access concerns.
Bruce Schneier

Qualcomm Issues Urgent Patch for Critical Secure Boot Vulnerabilities
Qualcomm revealed multiple high-severity vulnerabilities affecting millions of devices, targeting the secure boot process that safeguards device integrity from startup attacks. An urgent security update addresses six critical flaws, including CVE-2025-47372, underscoring the broad impact on mobile and IoT ecosystems.
GBHackers | CyberPress

Glassworm Malware Returns in Third Wave via Malicious VS Code Packages
The Glassworm campaign, active since October, has launched a third wave by distributing 24 new malicious extensions through OpenVSX and Microsoft Visual Studio marketplaces. These packages pose renewed supply chain risks for developers relying on widely used IDE tools.
BleepingComputer

India Mandates Preinstallation of Sanchar Saathi App to Counter Telecom Fraud
India’s telecom ministry has directed phone manufacturers to preload the Sanchar Saathi cybersecurity app on all new devices within 90 days. The non-removable app enables users to report and monitor telecom fraud incidents, reflecting government efforts to enhance mobile user security in a mandated way.
The Hacker News

ShadyPanda Spyware Campaign Infects Millions via Popular Browser Extensions
The threat group ShadyPanda exploited five browser extensions, collectively installed over 4.3 million times, to inject spyware functionality since mid-2024. Originally legitimate extensions were maliciously updated to harvest user data before being pulled from distribution platforms.
The Hacker News

Operation Hanoi Thief Employs Pseudo-Polyglot Malware Against Vietnamese IT Teams
SEQRITE Labs uncovered a spear-phishing campaign targeting Vietnamese IT and hiring professionals using fake resumes with sophisticated pseudo-polyglot malware. The final-stage payload, LOTUSHARVEST, steals browser credentials and tracking history, attributed to Chinese-linked threat actors.
CyberPress

OpenAI Codex CLI Vulnerable to Command Injection via Local Configurations
A critical vulnerability (CVE-2025-61260) was identified in OpenAI’s Codex CLI tool allowing command injection through project-local configuration files. This flaw could let attackers execute arbitrary commands within developer environments using this AI-powered command line interface.
Check Point Research

SmartTube Android TV App Compromised to Distribute Malicious Update
The open-source SmartTube YouTube client for Android TV was breached after attackers obtained developer signing keys. A malicious update was pushed to users, highlighting risks in app signing key management that can lead to widespread distribution of harmful code.
BleepingComputer

BreachLock Retains Leadership in 2025 GigaOm Radar Report for PTaaS
BreachLock has been recognized as a Leader and Fast Mover for the third consecutive year in the 2025 GigaOm Radar Report for Penetration Testing as a Service. The annual report guides security professionals in selecting quality PTaaS providers for vulnerability assessment and management.
GBHackers

OpenAI Data Breach Linked to Mixpanel Incident Exposes API Client Details
Check Point Research reported a data breach at Mixpanel, a third-party analytics provider, resulting in limited exposure of some ChatGPT API client information, including names and emails. This incident highlights ongoing risks in vendor security that can indirectly impact major AI service providers.
Check Point Research

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.