Daily Security Briefing #099
- DjediTech
- Security , Newsletter
- December 10, 2025
Table of Contents
December 10, 2025 | Read Online
Patch Tuesday updates, FBI alerts on AI video scams, ransomware surge with GenAI risks…
Executive Summary
Cybersecurity activity continues to escalate globally with ransomware and generative AI-related threats driving up attack volumes. Microsoft’s December Patch Tuesday introduces 54 vulnerability fixes, including critical remote code execution patches and a known exploited flaw, reflecting a somewhat lighter update cycle. Supply-chain attacks remain a major concern, highlighted by Microsoft’s guidance on the sophisticated Shai-Hulud 2.0 npm compromise. AI-fueled scams have caught FBI attention, spotlighting novel social engineering risks. Additionally, Linux malware exploiting the critical React2Shell vulnerability and widespread flaws in Adobe and .NET frameworks underscore the persistent vulnerabilities across platforms.
Top Articles
Patch Tuesday - December 2025
Microsoft’s December Patch Tuesday addresses 54 new vulnerabilities, fewer than in recent cycles. It includes two publicly disclosed remote code execution issues and one exploited-in-the-wild vulnerability. Three critical RCE flaws have been patched but are currently assessed as unlikely to be exploited. This update highlights the continued need for prompt patching to mitigate emerging risks.
Rapid7
FBI Warns of Fake Video Scams
The FBI has issued a warning about AI-assisted fake kidnapping scams, where criminals use AI-generated videos alongside threatening texts to extort victims. These scams often feature fabricated images or videos showing loved ones to demand immediate ransom payments under threat of violence. The advisory emphasizes the growing sophistication of AI-powered social engineering attacks.
Schneier
Global Cyber Attacks Increase in November 2025 Driven by Ransomware Surge and GenAI Risks
November 2025 saw a 3% increase in global cyber-attacks compared to October, with over 2,000 weekly attacks on average. Check Point Research notes rising ransomware activity compounded by security challenges introduced by generative AI tool adoption within organizations, making the attack surface more complex and vulnerable.
Checkpoint
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Newly identified “PeerBlight” backdoor malware exploits the critical React2Shell vulnerability (CVE-2025-55182) in Linux environments, using the BitTorrent DHT network for resilient command-and-control communications. Researchers warn of multiple post-exploitation payloads facilitating proxy tunneling and stealthy persistence within compromised systems.
GBHackers
AI-Powered Analysis Exposes Massive 5,000-Domain Chinese Malware Operation
DomainTools Investigations reveals an expansive malware network targeting Chinese-speaking users globally, now consisting of roughly 5,000 domains. AI-assisted analysis uncovered nearly 2,000 new domains created between May and November 2025 alone, illustrating the scale and persistence of this coordinated campaign.
GBHackers
Microsoft Issues Defense Blueprint for Organizations Targeted by Shai-Hulud 2.0 Supply-Chain Attacks
Microsoft provides guidance on defending against Shai-Hulud 2.0, a high-impact supply-chain attack compromising hundreds of npm packages. This advanced campaign injects malicious code early in the package lifecycle, evading security controls and enabling rapid spread across cloud-native development environments.
CyberPress
Adobe Acrobat Reader Vulnerability Allows Attackers to Execute Arbitrary Code and Bypass Security Protections
Adobe released critical security patches fixing four vulnerabilities in Acrobat and Reader, including two that allow attackers to execute arbitrary code. These flaws affect Windows and macOS versions and pose significant risks to both enterprise and individual users, emphasizing the urgent need for updates.
CyberPress
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
Exploitation of the React2Shell vulnerability continues to intensify, with attackers deploying cryptocurrency miners and previously unknown malware families. Huntress researchers identify new tools including the PeerBlight Linux backdoor, CowTunnel reverse proxy, and several Go-based malware variants impacting diverse sectors.
TheHackerNews
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
A newly uncovered “invalid cast” vulnerability in the .NET Framework, dubbed SOAPwn, enables attackers to write files and achieve remote code execution by leveraging rogue WSDL endpoints. Affected enterprise applications include Barracuda Service Center RMM, Ivanti Endpoint Manager, and Umbraco 8, suggesting a broad impact.
TheHackerNews
Why a secure software development life cycle is critical for manufacturers
Recent supply-chain breaches reveal attackers targeting development tools and malicious npm packages to infiltrate manufacturing environments. This article stresses the increasing importance of secure software development life cycle (SSDLC) practices for manufacturing organizations to evaluate partners and safeguard critical systems.
BleepingComputer
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits
Checkpoint Research presents in-depth analysis of the modular ValleyRAT backdoor widely linked to Chinese threat actors, detailing its evolution throughout 2025. Their report explores builder methodologies and kernel-level rootkits used in this persistent malware family to evade detection and extend access within targeted networks.
Checkpoint
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.