Dec 05, 2025

1. Email from “risky-biz@ghost.io”:

Subject: Srsly Risky Biz: When Do Cyber Campaigns Cross a Line?

Summary:

This newsletter, authored by Tom Uren and edited by Patrick Gray, discusses a new paper from the Germany-based think tank Interface which proposes principles to define when state cyber operations during peacetime become irresponsible. The paper identifies seven “red flags,” including causing physical harm, losing operational control, intervening in domestic political processes, and triggering physical disruption. Examples such as NotPetya, WannaCry, Stuxnet, and election interference are discussed. The paper highlights the difficulty states face in enforcing norms and the political costs they weigh before responding to cyber operations. Other topics include Iran integrating cyber intelligence to aid proxy kinetic attacks, congressional testimony for AI in cybersecurity, and positive news on the takedown of the Cryptomixer cryptocurrency mixer and advances in privacy legislation requiring browser opt-outs. Sponsored content discusses Mastercard’s efforts in threat intelligence.

1. Email from “info@metacurity.com”:

Subject: Twin brother hackers arrested for US government hacking, data destruction sprees

Summary:

The US Justice Department arrested twin brothers Muneeb and Sohaib Akhter for stealing and destroying government data after being fired from a government contractor in Alexandria, Virginia. The breach involved multiple federal agencies including DHS and the IRS, and stemmed from a weeklong attack spree. The brothers previously pleaded guilty to hacking-related charges while contracting for the government. Additional topics covered include:

– A UK inquiry sanctioning GRU cyber operators involved in the Skripal poisoning and hostile cyber activities targeting Europe and Ukraine.

– A critical vulnerability in React Server Components yielding urgent patches amid expected exploitation.

– AI agents achieving smart contract exploit performance comparable to skilled attackers, with simulated $550 million in stolen funds.

– Arizona’s lawsuit against Chinese retailer Temu for alleged data theft and invasion of privacy.

– North Korean IT recruiters targeting software developers with identity rental schemes uncovered by threat intelligence researchers.

– Various cybersecurity incidents such as a viral ’19-minute video’ malware scam, ASUS third-party supplier breach, Winnipeg school division ransomware aftermath, data breach at Pro Medicus, Freedom Mobile data breach, Marquis ransomware impact on US banks, and others.

– Closing insights on CISA pay incentive program cuts and AI safety evaluations showing major AI companies lacking robust control strategies.

1. Email from “news@securityweek.com”:

Subject: Stronger Threat Modeling = Stronger Security Strategys

Summary:

SecurityWeek offers a free online Threat Modeling Masterclass led by Chris Romeo, co-author of the Threat Modeling Manifesto. Threat modeling is presented as an essential skill in security design and development, helping teams anticipate attacker behavior, find design weaknesses early, and communicate threats clearly. The class covers core questions for threat modeling, use of real architectures, linking threats to mitigations, and adopting a repeatable, simple threat modeling method. SecurityWeek also provides related resources such as product demos, guides, webinars, and ROI evaluations related to threat modeling. The email emphasizes strict distribution control and user privacy.

1. Email from “editor@newsletter.n2k.com”:

Subject: The CyberWire 12.4.25: Marquis breach affects dozens of banks and credit unions.

Summary:

Daily briefing by N2K CyberWire highlights:

– Marquis Software Solutions disclosed a ransomware breach impacting over 400,000 customers across 74+ banks and credit unions due to a compromised SonicWall firewall. Leaked data include personally identifiable information such as Social Security numbers and financial account details. The Akira ransomware gang is suspected.

– Dataminr reports on a threat actor advertising a credible full-chain iOS 26 exploit achieving remote code execution with up to $500,000 valuation.

– Zimperium tracks an upgraded variant of ClayRat Android malware exploiting Accessibility Services for PIN theft and sophisticated surveillance.

Sponsored content from ThreatLocker and Capital One on cybersecurity solutions and AI tokenization accompanies the briefing. A collection of related articles on recent cyberattacks, policy changes, and software vulnerabilities adds context.

1. Email from “news@securityweek.com”:

Subject: React2Shell: In-the-Wild Exploitation Expected

Summary:

SecurityWeek’s latest includes:

– An anticipated in-the-wild exploitation of the critical React vulnerability termed “React2Shell.” Users are urged to patch promptly.

– India retracts its order to preinstall a cybersecurity app on smartphones.

– Cybersecurity mergers and acquisitions update with 30 deals announced recently.

– Agentic security startup 7AI raised $130 million in Series A funding to leverage AI in cybersecurity.

– Personal information theft reported at Inotiv, Freedom Mobile, Marquis affecting hundreds of thousands, and universities impacted by ransomware.

– Russian hackers targeted “Reporters Without Borders,” with global agencies releasing AI security guidance for operational technology.

– Microsoft’s silent mitigation of exploited LNK vulnerability and WordPress King Addons plugin vulnerability actively exploited to gain admin access.

– Additional briefs cover hardware acceleration funding, AI privacy, federal cybersecurity hiring challenges, and acquisition news such as ServiceNow buying Veza Inc.

The email also features expert insights on improved security communications, AI phishing threats, and third-party risk management.

Stay Well!