Daily Security Briefing #092

December 3, 2025 | Read Online

Android zero-day exploitation, Calendly phishing targeting Google accounts, and critical RSC remote code execution flaws dominate today’s headlines…

Executive Summary

Cybersecurity teams face mounting threats as multiple zero-day vulnerabilities and highly targeted phishing campaigns emerge. CISA’s alert on actively exploited Android zero-days raises urgent alarm for mobile device security, while sophisticated Calendly-themed phishing attacks are compromising Google Workspace and Facebook Business accounts. Web application frameworks also remain in the spotlight, with critical unauthenticated remote code execution flaws disclosed in React Server Components and an actively exploited privilege escalation vulnerability found in a popular WordPress plugin. Additionally, an increasing trend in cybercriminals leveraging AI tools accelerates the complexity and scale of attacks. This briefing highlights both the evolving threat landscape and notable security innovations shaping defense strategies.

Top Articles

Check Point Named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security
Check Point has been recognized by Gartner® as a Leader in the 2025 Magic Quadrant™ for Email Security. This independent validation underscores Check Point’s ongoing efforts to deliver advanced, effective email protection against increasingly sophisticated threats while maintaining ease of deployment and management. With phishing and email-based attacks continuing to rise, such leadership highlights a critical bulwark for enterprises.
BLOG.CHECKPOINT.COM

CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) added two critical Android Framework vulnerabilities (CVE-2025-48572 and CVE-2025-48633) to its Known Exploited Vulnerabilities catalog, citing active exploitation in the wild. These zero-day flaws demand immediate attention from organizations and device users worldwide due to their potential to compromise mobile device security at scale. Timely patching and mitigation are strongly recommended.
GBHACKERS

New Calendly-Inspired Phishing Attack Aims to Steal Google Workspace Credentials
A sophisticated phishing campaign abusing Calendly-themed job invitations targets Google Workspace and Facebook Business accounts, primarily focusing on hijacking advertising management platforms. Utilizing advanced Attacker-in-the-Middle and Browser-in-the-Browser techniques, the attackers evade detection while maximizing the impact on large agencies and enterprises. This multi-vector social engineering operation demands heightened vigilance for users of these services.
GBHACKERS | CYBERPRESS.ORG

Rust evm-units Impersonation Leads to Silent Execution of OS-Specific Payloads
Security researchers uncovered a malicious Rust package named evm-units, which mimicked a legitimate Ethereum Virtual Machine utility and was downloaded over 7,000 times before removal. The package silently executed platform-specific payloads designed to compromise systems, highlighting the risks in open-source library ecosystems and the importance of supply chain security practices.
CYBERPRESS.ORG

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
A maximum-severity flaw (CVE-2025-55182) affecting React Server Components (RSC) allows unauthenticated remote code execution by exploiting weaknesses in payload decoding. With a CVSS score of 10.0, this vulnerability poses severe risks to web applications dependent on React and Next.js frameworks, necessitating urgent patching and remediation.
THEHACKERNEWS

Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar
Advancements in AI are democratizing cybercrime, enabling individuals with minimal technical skills to launch campaigns rivaling those of state actors. This webinar discusses the industrialization of cyberattacks using AI-powered tools, stressing the need for adaptive defense mechanisms in an era where threat sophistication and scale are rapidly increasing.
THEHACKERNEWS

Critical flaw in WordPress add-on for Elementor exploited in attacks
Attackers are actively exploiting a critical-level privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor WordPress plugin, which grants administrative privileges during the registration process. This flaw puts many websites at risk, especially those running Elementor with this add-on, highlighting the urgent need for patch application.
BLEEPINGCOMPUTER

Freedom Mobile discloses data breach exposing customer data
Canada’s Freedom Mobile revealed a breach involving unauthorized access to its customer account management systems. The incident exposed personal data of an undisclosed number of customers, raising concerns over data privacy and security practices within telecommunications providers. Investigations and mitigation efforts are ongoing.
BLEEPINGCOMPUTER

Inside the BHIS SOC: A Conversation with Hayden Covington
This interview features Hayden Covington from Black Hills Information Security, providing insights on a collaborative, agile Security Operations Center model that abandons traditional tiered ticket escalations. The approach emphasizes real-time response and problem-solving to improve incident handling efficiency and effectiveness.
BLACKHILLSINFOSEC.COM

‘ShadyPanda’ Hackers Weaponize Millions of Browsers
The Chinese cyber-threat group ‘ShadyPanda’ has been deploying malicious browser extensions on Google Chrome and Microsoft Edge marketplaces to covertly spy on millions of users. This stealthy large-scale espionage campaign underlines continuous supply chain risks in browser extension ecosystems requiring increased scrutiny and user awareness.
DARKREADING

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.