Dec 18, 2025

Email 1:

Subject: Risky Bulletin: Most smart devices run outdated web browsers

Sender: risky-biz@ghost.io

Date: 17 Dec 2025

Summary:

A study from KU Leuven reveals that most smart devices, including smart TVs, e-readers, and gaming consoles, ship with embedded web browsers that are often three years behind current versions. Manufacturers rarely update these browsers, creating vulnerabilities and exposing users to attacks. Some devices shipped with already outdated and vulnerable browsers from launch. The browsers often lack UI elements for users to update them directly, requiring firmware updates, which manufacturers are reluctant to provide due to cost. This issue is critical as upcoming EU Cyber Resilience Act regulations starting 2027 will require timely security updates for such devices. The researchers have demonstrated that known exploits can compromise these embedded browsers. They reported findings to Belgian and US authorities; only Belgian agencies engaged vendors on this issue.

Additional highlights:

– Ribbon Finance lost $2.7M in crypto due to a hack.

– Prosper suffered a data breach compromising 17.6 million customers.

– SoundCloud data breached affecting about 20% of users.

– PornHub extorted over stolen user data from analytics provider Mixpanel.

– Cyberattack shutdowns affecting Venezuela’s state-owned oil company.

– Iranian hackers offering bounties for info on Israeli defense engineers.

– Ukrainian hacktivists sabotaged a Russian defense contractor.

– Russian hacking of a Dutch public fountain mentioned as first Russian sabotage in the Netherlands.

---

Email 2:

Subject: Venezuela’s state-run oil company PDVSA was hit by a cyberattack

Sender: info@metacurity.com

Date: 17 Dec 2025

Summary:

Venezuela’s state-run oil company PDVSA experienced a ransomware cyberattack that led to system shutdowns and suspensions of oil cargo deliveries, though the company claimed operations were unaffected. The Venezuelan government accused the U.S. of orchestrating the attack through foreign and domestic collaborators aiming to control Venezuela’s oil. However, a PDVSA insider said antivirus software malfunction during ransomware mitigation caused broader system disruption. Venezuelan authorities’ frequent claims of foreign conspiracies lack concrete evidence.

Additional news:

– Coupang’s founder Bom Kim failed to attend a parliamentary hearing on South Korea’s massive personal data breach affecting over 30 million users. Interim executives committed cooperation and customer compensation.

– Research by Infoblox found that over 90% of parked or typo-squatting domains redirect visitors to scam or malware sites.

– The U.S. Federal Trade Commission settled with Nomad over a software vulnerability exploited by hackers to steal hundreds of millions in crypto. Nomad must refund stolen funds and improve security.

– Advocacy group noyb filed complaints against TikTok, Grindr, and AppsFlyer for illegal cross-app data tracking violating EU privacy laws.

– Arctic Wolf reported exploitation of critical Fortinet SSO bypass vulnerabilities (CVE-2025-59718, CVE-2025-59719) starting mid-December.

– Chinese cyberespionage group Ink Dragon expanded operations into European government networks.

– NCC Group reports global ransomware activity plateauing with increased use of social engineering techniques like ClickFix.

– Insider attack at Opexus compromised data from multiple U.S. federal agencies.

– Texas AG filed lawsuits against five smart TV manufacturers accusing them of spying on consumers using Automated Content Recognition technology.

– Significant cybersecurity funding rounds in AI-based threat prevention firms.

---

Email 3:

Subject: Researchers outline a years-long Russian campaign targeting the energy sector

Sender: editor@newsletter.n2k.com

Date: 17 Dec 2025

Summary:

Amazon’s threat intelligence team released a report detailing a prolonged Russian state-sponsored cyber campaign targeting critical infrastructure globally, with emphasis on the energy sector in Western countries. The campaign, attributed with high confidence to Russian military intelligence (GRU) and its Sandworm group, marks a tactical shift from vulnerability exploitation to compromising misconfigured edge network devices for initial access. This technique reduces exposure risk while enabling credential theft and lateral movement. The campaign reflects an evolution in Russian cyber operations.

Other highlights:

– New Android malware “Cellik” can Trojanize legitimate Play Store apps, allowing threat actors to bundle Remote Access Trojans and distribute malicious APKs effortlessly.

– Texas filed lawsuits against major TV manufacturers Samsung, LG, Sony, Hisense, and TCL over illegal personal data collection via Automated Content Recognition (ACR), which captures display screenshots for ad targeting.

– Additional info on cybersecurity innovations, including Attack Path Management techniques, and summaries of recent threats and vulnerabilities.

---

Email 4:

Subject: Auto Parts Giant LKQ Confirms Oracle EBS Breach

Sender: news@securityweek.com

Date: 17 Dec 2025

Summary:

Auto parts supplier LKQ Corporation confirmed a cybersecurity breach affecting its Oracle E-Business Suite (EBS), potentially exposing sensitive internal information. SecurityWeek covered this along with other major cybersecurity news including:

• Increasing cyber-enabled cargo theft warned by NMFTA.
• Researchers exposing “GhostPoster” Firefox extensions hiding malware in icon images.
• New Android RAT “Cellik” Trojanizing Play Store apps and controlling infected devices.
• $81 million Series B funding rounding for Adaptive Security, a firm specializing in AI-powered social engineering prevention.
• Predictions for 2026 focus on identity security, AI risks, and declining perimeter-based defenses.
• Notable research reports on vulnerabilities like JumpCloud Remote Assist, Apache Tika, and React2Shell exploitations.

The edition also featured expert insights on the evolution of third-party risk from open source to AI-powered coding assistants and the communication challenges in cybersecurity teams.

---

These summaries are strictly based on the provided email contents and reflect reported cybersecurity developments as of December 17, 2025.

Stay Well!