Daily Security Briefing #119

December 30, 2025 | Read Online

Magecart’s 50+ scripts hijack e-commerce, critical SmarterMail RCE, IBM API authentication bypass alert

Executive Summary

Today’s cybersecurity landscape highlights increasing sophistication in cyberattacks and critical vulnerabilities looming large. Magecart operators have expanded their toolkit with over 50 malicious scripts targeting global e-commerce platforms, signaling more complex client-side attacks. Critical flaws in SmarterMail and IBM API Connect demand immediate patching to prevent remote code execution and unauthorized access. Emerging threats such as the “VOID” AV killer and new ErrTraffic ClickFix attack tool illustrate evolving malware tactics designed to evade detection and exploit users. Additionally, security challenges persist with AI prompt injection risks and large-scale data harvesting through browser extensions.

Top Articles

Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions
A large-scale Magecart campaign has been uncovered utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows on dozens of e-commerce sites worldwide. Unlike previous data skimming, this operation actively manipulates user interactions to harvest payment information and credentials, increasing the threat to online shoppers globally.
GBHackers

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
Singapore’s Cyber Security Agency has issued a highest-severity alert for a vulnerability in SmarterTools’ SmarterMail email platform (CVE-2025-52691) that enables arbitrary file uploads leading to remote code execution. The flaw carries a CVSS score of 10.0, urging system administrators to deploy patches without delay to prevent exploitation.
TheHackerNews | CyberPress

Critical IBM API Connect Vulnerability Allows Attackers to Bypass Authentication
IBM has warned of a critical authentication bypass vulnerability in its API Connect platform discovered during internal testing. The flaw allows unauthorized attackers to gain access to sensitive systems, posing serious risks to enterprise environments. Immediate application of IBM’s security updates is strongly recommended to prevent unauthorized access.
CyberPress

Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion
A cybercrime actor known as Crypt4You is advertising a new offensive tool called VOID KILLER on underground forums, touted as a kernel-level malware designed to forcibly terminate antivirus and endpoint detection processes. This marks a move beyond traditional crypting techniques, potentially increasing the effectiveness of malware by evading security defenses at a deep system level.
GBHackers

New ErrTraffic Service Enables ClickFix Attacks via Fake Browser Glitches
ErrTraffic is a recently introduced cybercrime service automating ClickFix attacks by generating fake browser glitches on compromised sites. These false errors trick users into downloading malicious payloads or following harmful instructions, representing a new social engineering vector for threat actors.
BleepingComputer

OpenAI Says Prompt Injection May Never Be ‘Solved’ for Browser Agents Like Atlas
OpenAI warns that prompt injection—embedding hidden malicious commands in normal web content—remains an unsolved security challenge for AI agents operating through browsers, such as their ChatGPT Atlas. Despite recent security updates triggered by internal red-teaming, this vector poses ongoing risks to AI system integrity and user safety.
CyberScoop

Zoom Stealer Browser Extensions Harvest Corporate Meeting Intelligence
A campaign named Zoom Stealer impacts over 2.2 million users of Chrome, Firefox, and Edge through 18 malicious browser extensions that collect sensitive corporate meeting data including URLs, IDs, topics, and embedded passwords. The data theft risks corporate confidentiality and calls for vigilance regarding browser extension security.
BleepingComputer

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
The Silver Fox threat group is using Indian income tax-themed phishing emails to distribute ValleyRAT, a modular remote access trojan employing advanced techniques like DLL hijacking to maintain persistence on infected systems. This campaign represents a focused regional threat leveraging financial themes to increase success rates.
TheHackerNews

Cyber Resilience Starts with Training: Why Skills Define Security Success
Organizations face widening cyber security skills gaps amid a rising threat landscape. Compliance-only training fails to prepare teams for real-world incident response and threat hunting. Platforms like Cybrary enable practical, role-based learning to build resilience by improving security team competencies beyond basic frameworks.
Checkpoint Blog

AI Doesn’t Care if It’s in California or Texas. It Just Runs.
With AI development outpacing federal regulation, states like California are leading efforts through laws such as S.B. 53 to govern AI deployment. However, the evolving technology challenges regulatory frameworks, underscoring the need for unified federal standards to ensure consumer protection and promote transparency.
CyberScoop

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.