Daily Security Briefing #112

December 23, 2025 | Read Online

Interpol arrests 574 suspects in African ransomware crackdown, HardBit 4.0 exploits unsecured RDP/SMB, Chrome extensions caught stealing credentials…

Executive Summary

International law enforcement achieved a major victory against ransomware and cyber extortion with Operation Sentinel, dismantling six ransomware groups and arresting over 500 suspects across Africa. Meanwhile, the HardBit ransomware gang released an advanced 4.0 variant exploiting exposed Remote Desktop Protocol and Server Message Block services for persistence and encryption-only attacks. Additional threats emerged as malicious Chrome extensions were discovered stealing user credentials, and the WebRAT malware spread through fake GitHub vulnerability exploits. On the geopolitical front, Denmark accused Russia of cyberattacks targeting critical infrastructure and election systems. In corporate news, Apple faced heavy fines in Italy over privacy violations, and ServiceNow expanded its cybersecurity portfolio with a $7.75 billion acquisition to boost AI-driven defenses.

Top Articles

INTERPOL Dismantles Six Ransomware Operations, Detains 500+ Individuals
A coordinated month-long operation involving 19 countries led to 574 arrests and the recovery of around $3 million, targeting ransomware, business email compromise, and digital extortion in Africa. This unprecedented law enforcement effort highlights the rising ransomware threat and the increasing international collaboration to degrade cybercrime syndicates operating on the continent.
GBHackers | CyberPress | TheHackerNews | DarkReading

HardBit 4.0 Ransomware Abuses Unsecured RDP and SMB for Access Persistence
The HardBit ransomware family, known for its destructive encryption tactics without data leak portals, has released version 4.0. This update employs vulnerabilities in Remote Desktop Protocol and Server Message Block services to maintain long-term control over infected networks, using sophisticated evasion and obfuscation methods. HardBit demonstrates a shift toward purely encryption-based extortion attacks with enhanced execution control.
GBHackers | CyberPress

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Security researchers identified two malicious Google Chrome extensions, both with the same name and developer, designed to intercept traffic and capture user credentials across more than 170 websites. Marketed as a “multi-location network speed test plug-in” for developers and foreign trade professionals, these extensions remain publicly available, posing a widespread risk to end-users.
TheHackerNews

Denmark Accuses Russia of Conducting Two Cyberattacks
The Danish Defence Intelligence Service attributed a 2024 cyberattack against a Danish water utility and pre-election distributed denial-of-service (DDoS) attacks on Danish websites to Russian-affiliated groups. The water utility attack was linked to the pro-Russian Z-Pentest group while the DDoS attacks were connected to the NoName057(16) group, reflecting ongoing geopolitical cyber tensions.
Schneier on Security

WebRAT Malware Spread Via Fake Vulnerability Exploits on GitHub
A new malware campaign involving WebRAT uses fake GitHub repositories that purport to provide proof-of-concept exploits for recently disclosed vulnerabilities. This malicious distribution technique lures security researchers and developers into downloading malware disguised as legitimate exploit code, increasing infection opportunities across targets.
BleepingComputer

Italy Fines Apple $116 Million Over App Store Privacy Policy Issues
Italy’s competition authority (AGCM) imposed a €98.6 million fine on Apple for alleged abuse of its dominant position via App Tracking Transparency (ATT) mechanisms within the App Store. The penalty addresses concerns about unfair advertising practices and privacy framework misuse affecting mobile app markets.
BleepingComputer

ServiceNow Buys Armis for $7.75B, Boosts ‘AI Control Tower’
ServiceNow expanded its cybersecurity capabilities through a $7.75 billion acquisition of Armis, aiming to accelerate autonomous security management and develop an integrated AI-powered control tower. This strategic move enhances proactive AI-driven threat detection and response within enterprise security stacks.
DarkReading

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.