Dec 19, 2025

Subject: Srsly Risky Biz: Dumb and Dumber, Russia’s State-Backed “Hacktivists”

Sender: risky-biz@ghost.io

Summary:

– The US revealed Russia’s government backed two hacktivist groups, CyberArmyofRussia_Reborn (CARR) and NoName057(16), to conduct disruptive attacks globally on critical infrastructure.

– CARR, founded in early 2022 by Russian military intelligence (GRU), started with DDoS attacks and evolved to target operational technology (OT) systems like water systems and meat processing plants.

– Impact of CARR attacks included minor damage to US water supplies and meat spoilage that caused over $5,000 in damages; attacks on US election infrastructure and nuclear regulatory websites also occurred.

– The GRU ceased funding CARR’s DDoS due to ineffectiveness and a splinter group, Z-Pentest, was formed focusing on disruptive OT attacks.

– NoName is linked directly to a government tech organization established by Putin, focusing on DDoS attacks with infrastructure paid and managed by government employees.

– These Russian hackers use unsophisticated, opportunistic methods without deep OT knowledge, causing random disruptions but exaggerating their impact.

– Despite being largely ineffective now, the intent to cause serious damage remains, warranting ongoing caution.

– Other topics include potential US involvement in a ransomware attack on Venezuela’s state oil company PDVSA and the cyber risks associated with Chinese dominance in renewable energy grid components.

– The newsletter concludes with positive updates such as Microsoft’s security improvements, Android’s scam call protections, and declining ransomware payments in 2024.

Subject: Cops take down alleged money-laundering operations E-Notes

Sender: info@metacurity.com

Summary:

– Federal prosecutors in Michigan dismantled the online infrastructure of E-Note, a money laundering operation for ransomware and cybercrime funds, indicting Mykhalio Petrovich Chudnovets on conspiracy charges; $70 million illicit proceeds transferred since 2017.

– Google sued Chinese-speaking cybercrime group Darcula responsible for mass phishing text scams impersonating US agencies; seeks court orders to seize their websites.

– Startup Doublespeed, operating AI-generated social media accounts, was hacked; over 1,000 smartphones in its “phone farm” were compromised, revealing undisclosed advertising promotions.

– Former Israeli Prime Minister Naftali Bennett’s mobile phone and Telegram account were compromised by Iranian hackers, leaking contacts including technology executives.

– South Korea formed a multi-agency task force to address a data breach at Coupang affecting 33 million users.

– French authorities found and neutralized ransomware on an Italian passenger ferry, arrested crew members; suspect linked to foreign-state interests.

– A 22-year-old suspect arrested for hacking France’s Interior Ministry, with access to document files but unclear if data stolen.

– The University of Sydney mistakenly sent students emails containing other students’ grades, affecting multiple faculties; investigation underway.

– Chainalysis 2026 Crypto Crime Report highlights North Korea’s role in stealing $2B in crypto; Bybit hack accounted for major losses.

– Dutch HAN University fined €175,000 for GDPR breach after a hacker accessed and threatened to leak personal info.

– React2Shell vulnerability exploited widely, with over 60 organizations affected; unprecedented number of public exploits.

– AWS GuardDuty warns of ongoing crypto-mining campaign exploiting compromised credentials on cloud services.

– Cisco alerts customers of an unpatched zero-day exploited by Chinese group UAT-9686 targeting email gateway appliances.

– Singapore-based crypto investor Mark Koh lost $14,189 due to malware disguised as a beta game.

– The Zeroday.Cloud hacking competition awarded $320K for exploits in cloud/security tech.

– Italian startup Exein S.p.A raised €100 million to secure connected devices.

– UK statistics reveal 1 in 3 adults use AI for emotional or social interaction.

Subject: Understand Your Digital Supply Chain Risk in 2026

Sender: news@securityweek.com

Summary:

– As 2026 approaches, organizations are encouraged to proactively secure their digital supply chains and vendor ecosystems.

– RiskRecon offers a free trial of “Know Your Portfolio” tool that provides:

* Visibility into cyber risks across vendors and third parties.

* Prioritized mitigation efforts based on real-world security signals.

* Data-driven insights to plan security initiatives effectively for the coming year.

– Related resources include reports and whitepapers on supply chain incidents, risk ratings, and ransomware lessons.

– This initiative helps firms uncover vulnerabilities and exposures before they turn into problems.

Subject: French police arrest suspect who allegedly planted malware on a passenger ferry | The CyberWire 12.18.25

Sender: editor@newsletter.n2k.com

Summary:

– French police arrested a Latvian crew member of an Italian passenger ferry suspected of installing a Remote Access Trojan (RAT) aboard the ferry in the Mediterranean port of Sète.

– Investigation led by France’s General Directorate for Internal Security (DGSI) suspects foreign nation-state involvement.

– France’s Interior Minister emphasized severity and foreign interference likely linked to state actors.

– The suspect’s lawyer dismisses notions of Russian interference, suggesting the case may not be as severe.

– Separately, a 22-year-old was arrested for hacking France’s Interior Ministry earlier in December; investigations ongoing.

– Hewlett Packard Enterprise patched a maximum-severity remote code execution vulnerability in OneView software.

– Cisco Talos noted attacks exploiting a Chinese APT “UAT-9686” targeting Cisco Secure Email Gateway and Secure Email/Web Manager using a yet unpatched zero-day.

– US Cybersecurity and Infrastructure Security Agency (CISA) mandated mitigations for federal agencies by December 24.

– Other topics include attack path management discussions, cybersecurity threat trends, and security podcast promotions.

Subject: China-Linked Hackers Exploit Cisco Zero-Days

Sender: news@securityweek.com

Summary:

– China-linked hackers exploited zero-day vulnerabilities in Cisco security appliances, including Secure Email Gateway and Secure Email and Web Manager using a high-severity flaw (CVE-2025-20393).

– US CISA warns about an actively exploited flaw in Asus Update Tool.

– Other vulnerabilities and incidents include:

* A UEFI vulnerability enabling early-boot attacks on major motherboards.

* HPE patched critical flaws in IT infrastructure software.

* NMFTA warns of increased cyber-enabled cargo theft.

* Virginia Mental Health Authority suffered a data breach affecting 113,000 individuals.

– IoT security firm Exein secured €100 million funding.

– France investigates ‘foreign interference’ after malware discovered on a Mediterranean ferry.

– SonicWall patched exploited SMA 1000 zero-day.

– Major themes include the collapse of traditional perimeter security, growing importance of identity and AI in cybersecurity, and emerging third-party and supply chain risks.

– SecurityWeek’s 2026 virtual event lineup announced to address these evolving threats.

Stay Well!