Daily Security Briefing #108
- DjediTech
- Security , Newsletter
- December 19, 2025
Table of Contents
December 19, 2025 | Read Online
AI-driven threat intel integration, insider recruitment surge, Gladinet zero-day exploited…
Executive Summary
Today’s cybersecurity landscape reveals escalating sophistication in threat actor capabilities and attack vectors. The integration of AI-driven threat intelligence into automated incident response frameworks points to a trend of increased automation in defense. Meanwhile, insider recruitment continues to rise sharply in critical sectors such as banking and telecoms, posing a growing internal threat. Exploitation of zero-day vulnerabilities, including a critical flaw in Gladinet’s Triofox, demonstrates that threat groups remain adept at targeting emerging weaknesses. Coordinated phishing operations, particularly from Russia-aligned groups, underscore ongoing concerns over credential theft and account takeovers.
Top Articles
Metasploit Wrap-Up 12/19/2025
Metasploit has enhanced its exploit framework by improving payload selection logic across all modules, favoring more effective default payloads following the recent React2Shell vulnerability exploitation. These updates streamline attack execution for penetration testers and red teams.
Rapid7
Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response
Criminal IP’s AI-powered threat intelligence platform is now embedded in Palo Alto Networks’ Cortex XSOAR, enabling real-time external threat context and automated multi-stage scanning within the orchestration engine. This integration enhances incident response workflows with dynamic exposure intelligence.
GBHackers
AI Advertising Company Hacked
Doublespeed, an AI-powered social media advertising startup, suffered a breach exposing the promotional products managed by its network of AI-generated accounts. The attack also compromised over 1,000 smartphones used in its operation, revealing a lack of advertisement disclosures and raising concerns about AI-driven influence campaigns.
Schneier
Cyber Criminals Are Recruiting Insiders in Banks, Telecoms, and Tech
Insider recruitment has become a prevalent threat vector, with criminals offering substantial payouts for employee access or data. Financial institutions, telecom companies, and cloud providers report increased targeting via darknet markets, necessitating enhanced employee education and access controls to mitigate risks.
Checkpoint
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration’s cybersecurity and technology policy shifts have notably weakened national defenses, affecting privacy, disinformation countermeasures, and fraud prevention. Rapid policy changes and restrictions on free speech have contributed to the erosion of comprehensive cyber risk management.
KrebsOnSecurity
BlueDelta Hackers Target Users of Popular Ukrainian Webmail and News Service
Russian GRU-linked group BlueDelta executed a prolonged credential-harvesting campaign against users of UKR.NET, Ukraine’s leading webmail and news platform. The attacks, spanning from mid-2024 to early 2025, represent a significant escalation targeting Ukrainian digital infrastructure.
GBHackers
Malicious Code Executed Through Gladinet Triofox 0-Day Vulnerability Exploited by Hackers
Threat actors identified as UNC6485 exploited a critical zero-day flaw (CVE‑2025‑12480) in Gladinet Triofox to achieve unauthenticated remote code execution. The vulnerability enables SYSTEM-level access on affected servers, marking a serious risk for enterprise file-sharing environments.
CyberPress
Cloud Atlas Leveraging Office Application Flaws for Silent Compromise
The Cloud Atlas group, active since 2014, continues its targeted campaign using legacy Microsoft Office vulnerabilities to compromise victims in Eastern Europe and Central Asia. Their ongoing phishing-based infection chains deploy multiple backdoors to maintain persistence.
CyberPress
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
A Russia-aligned threat actor employing device code authentication phishing has been targeting Microsoft 365 users since September 2025. The campaign aims at government-affiliated email accounts, facilitating account takeovers through credential theft.
TheHackerNews
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
Researchers uncovered a campaign using cracked software download sites and YouTube videos to distribute the CountLoader modular malware. This campaign serves as an initial foothold for complex multi-stage attacks that deliver further payloads and enable evasion techniques.
TheHackerNews
Book Store Updates
IntelTechniques revamped their online bookstore, now offering current and archived books, magazines, and bundled discounts. A new gifting option allows personalized messages with purchases, improving access to a broad collection of cybersecurity resources.
IntelTechniques
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.