Best of CybersecurityDecember 2025

  1. 1
    Article
    Avatar of thnThe Hacker News·17w

    Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites

    Two malicious Chrome extensions named "Phantom Shuttle" have been discovered stealing credentials from over 170 websites. Disguised as VPN services with paid subscriptions ($1.40-$13.50), the extensions inject proxy credentials, route traffic through attacker-controlled servers, and exfiltrate user passwords, cookies, API keys, and other sensitive data every five minutes. The extensions target developer platforms (GitHub, Stack Overflow), cloud services (AWS, Azure), social media, and other high-value domains. The operation appears to be China-based and has been active since 2017. Users should immediately remove these extensions, and security teams should implement extension allowlisting and network monitoring.

  2. 2
    Article
    Avatar of arstechnicaArs Technica·19w

    In comedy of errors, men accused of wiping gov databases turned to an AI tool

    Two federal contractors were arrested for allegedly deleting 96 government databases and sensitive records minutes after being fired. The defendants, previously convicted of similar crimes in 2015, attempted to cover their tracks by using an AI chatbot to learn how to clear SQL server logs and Windows event logs. Despite their efforts to destroy evidence, including wiping their laptops three days later, prosecutors obtained sufficient records to charge them with conspiracy to destroy government databases.

  3. 3
    Article
    Avatar of thnThe Hacker News·18w

    React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

    CISA has accelerated the patching deadline for React2Shell (CVE-2025-55182), a critical vulnerability with a CVSS score of 10.0 affecting React Server Components and frameworks like Next.js. The flaw allows unauthenticated remote code execution through unsafe deserialization. Since disclosure on December 3, 2025, threat actors have conducted widespread exploitation with over 35,000 attempts recorded in a single day, targeting government sites, critical infrastructure, and technology companies. Over 137,000 vulnerable IP addresses remain exposed globally, with attackers deploying cryptocurrency miners, botnet malware, and conducting reconnaissance for supply chain attacks.

  4. 4
    Video
    Avatar of seytonicSeytonic·19w

    Inmate Hacks Prison: Watches P***, Prints Money, Reduces Sentence

    A Romanian inmate exploited admin credentials to access a prison management system, allowing prisoners to view restricted content, inflate account balances by millions, and reduce sentences. India's government attempted to mandate a preinstalled, undeletable cybersecurity app on all phones but backtracked after backlash. Multiple US radio stations were hacked through poorly secured studio transmitter links with default passwords, broadcasting unauthorized content and triggering FCC warnings about security practices.

See all Cybersecurity archives