Dec 11, 2025

Subject: Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

Sender: risky-biz@ghost.ioD

Summary:

The Linux kernel is introducing PCI Express Link Encryption support in version 6.19, a new security feature developed collaboratively by Intel, AMD, and Arm. This feature encrypts data between CPUs and PCIe-connected hardware, commonly used in cloud server infrastructure, adding an extra layer of security to prevent data interception from rogue devices. The encryption protocol uses certificates and is managed through a Trusted Execution Environment Security Manager (TSM), allowing confidential VMs to verify device authenticity, effectively mitigating physical or low-level access attacks. This rollout coincides with new PCIe vulnerabilities being disclosed recently.

Additional news highlights include Europol cracking down on Violence-as-a-Service providers, the ICC designating cyberspace as a genocide enabler, and Cambodian authorities raiding an SMS blaster warehouse. The bulletin also covers spyware notifications from Apple and Google, police raids related to large data breaches, and cybersecurity developments such as Meta’s updated ad tracking prompts and various patch releases.

Subject: Coupang CEO resigns as cops raid the company’s HQ for a second time

Sender: info@metacurity.comD

Summary:

Park Dae-jun, CEO of South Korean e-commerce giant Coupang, resigned following the country’s largest-ever data breach affecting nearly two-thirds of South Koreans. Coupang’s headquarters were raided twice by police investigating the breach, focusing on unauthorized access to customer shipping addresses and phone numbers. Interim CEO Harold Rogers has been appointed.

Additional updates include:

– Evan Tangeman pleaded guilty to RICO conspiracy charges related to laundering cryptocurrency stolen via social engineering scams as part of the DOJ takedown of the Social Engineering Enterprise.

– The DOJ has filed charges against Victoria Dubranova, a Ukrainian woman accused of aiding Russian state-backed cyberattack groups CARR and NoName057(16).

– Spanish police arrested a 19-year-old hacker for selling 64 million stolen personal records.

– Ukrainian cyber corps launched an attack on Russian logistics company Eltrans+, crippling servers and encrypting data.

– A suspect in Ukraine was apprehended for hacking and selling social media accounts, managing a bot farm of 5,000 accounts.

– Microsoft released fixes for 56 vulnerabilities including an actively exploited zero-day in Windows Cloud Files Mini Filter Driver.

– New Zealand’s cybersecurity agency notified 26,000 users infected by the Lumma Stealer malware.

– Ivanti patched a critical remote code execution vulnerability (CVE-2025-10573) affecting its Endpoint Manager solution.

– Cydome revealed “Broadside,” a new Mirai botnet variant targeting maritime logistics via DVR vulnerabilities.

– Binance co-CEO Yi He’s WeChat account was hacked and used in a memecoin pump-and-dump scheme.

– Paramount Pictures’ official social media account was briefly compromised with a political statement.

– Cybersecurity insurance provider Coalition expanded policies to cover AI-generated deepfake incidents causing reputational harm.

Subject: We’re Live! Cyber AI Virtual Summit – Login now to virtual summits

Sender: news@securityweek.comD

Summary:

The Cyber AI & Automation 2025 Virtual Summit is now live from 11:00 AM to 3:00 PM ET and extended to two days due to high interest. Attendees can join to explore predictive AI, machine learning, and automation in cybersecurity programs. Topics include security analysis for LLMs, AI-powered cybercrime, protection of non-human identities, economic impacts of securing AI, and the integration of DSPM with AI security.

The event offers opportunities for learning, Q&A, and networking with industry experts and security leaders. Virtual access links and the agenda are provided to attendees.

Subject: Patch Tuesday notes | The CyberWire 12.10.25s

Sender: editor@newsletter.n2k.comD

Summary:

Microsoft released patches for 57 vulnerabilities including three zero-days, among them an actively exploited use-after-free flaw in Windows Cloud Files Mini Filter Driver (CVE-2025-62221). Adobe fixed nearly 140 vulnerabilities mostly cross-site scripting bugs affecting Experience Manager. Fortinet patched two critical authentication bypass vulnerabilities across its products. Ivanti fixed a critical remote code execution vulnerability (CVE-2025-10573) in its Endpoint Manager solution. SAP patched three critical bugs, including a severe code injection flaw in Solution Manager with a CVSS of 9.9.

Additional ICS vendor patches were issued for Siemens, Rockwell Automation, Schneider Electric, and Phoenix Contact. Also mentioned are new phishing kits targeting European banks and a US justice department case against a Houston man smuggling Nvidia GPUs to China illegally.

Subject: Google Patches Gemini Enterprise Vulnerabilities

Sender: news@securityweek.comD

Summary:

Google addressed vulnerabilities in its Gemini enterprise AI system and fortified Chrome against indirect prompt injection attacks. The report highlights vulnerabilities in Intel and AMD processors related to PCIe and significant December security updates from multiple vendors including Microsoft, Fortinet, Ivanti, and SAP.

SecurityWeek’s expert insights discuss communication challenges in cybersecurity, AI-driven phishing threats, and boardroom integration of cybersecurity as a core business discipline. The update also covers exploits like React2Shell linked to North Korean hackers and new botnet threats such as “Broadside.”

The newsletter includes cybersecurity event schedules, ongoing trends in AI and threat intelligence, and corporate acquisitions in the security sector.

Stay Well!