Daily Security Briefing #103
- DjediTech
- Security , Newsletter
- December 14, 2025
Table of Contents
December 14, 2025 | Read Online
PayPal subscription scam, Google Chromium 0-day exploited, Upcoming cybersecurity talks…
Executive Summary
Today’s cybersecurity news highlights ongoing threats stemming from common digital services and the latest emerging vulnerabilities. A new phishing technique leverages PayPal’s subscription notifications to fool users with fake purchase emails, emphasizing the need for vigilance. Meanwhile, Google’s Chromium browser faces a severe zero-day vulnerability actively exploited in the wild, prompting urgent security advisories. On the lighter side, the community can look forward to several expert speaking events in early 2026, offering valuable insights into current and future cybersecurity challenges.
Top Articles
Beware: PayPal subscriptions abused to send fake purchase emails
Cybercriminals are exploiting PayPal’s “Subscriptions” feature to send authentic-looking but fraudulent emails that falsely notify recipients of purchases. These emails embed fake purchase details within the Customer Service URL field, tricking users into clicking malicious links. This scam underscores the importance of carefully verifying subscription and billing emails before acting.
BleepingComputer
Google Chromium Faces 0-Day Vulnerability Exploited in Cyberattacks, CISA Alerts
Google has disclosed a critical zero-day vulnerability (CVE-2025-14174) in the Chromium browser engine, specifically within the ANGLE component. The flaw allows attackers to execute out-of-bounds memory access through crafted HTML content, posing risks of code execution. Active exploitation has been reported, and users are urged to update promptly following CISA’s alert.
CyberPress
Upcoming Speaking Engagements
A schedule of upcoming cybersecurity speaking events has been announced, including appearances in Chicago and Munich in early 2026. These sessions will provide opportunities to learn directly from experts through talks and book signings, with additional details forthcoming. This is a chance for professionals and enthusiasts alike to deepen their knowledge and engagement with the community.
Schneier.com
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.