Dec 20, 2025

Email 1:

Subject: Risky Bulletin: Belarus Deploys Spyware on Journalists’ Phones

Summary: Belarusian authorities are installing spyware called ResidentBat on journalists’ smartphones during police interrogations. This malware can access calls, microphone, messages, and local files. The spyware infrastructure appeared in 2021 amid protests, and while used by Belarus KGB, its origin remains unclear. Google is notified and will alert infected users. Belarus joins countries like China and Russia using spyware in interrogations. The bulletin also covers recent arrests related to malware installation on ferry systems, new zero-day vulnerabilities in Cisco and SonicWall, and data breaches such as the hacking of former Israeli PM’s Telegram by Iranian actors. Additionally, it notes North Korea’s extensive cryptocurrency thefts and updates on malware and ransomware group developments.

Email 2:

Subject: Hacker Newsletter #775

Summary: This edition includes curated highlights like simulation tools for financial planning, practical coding advice, and AI’s increasing role in SaaS. It features open-source projects, including a voxel engine, RSS reader in Zig, and real-time livecoding tools. Fundamental programming discussions such as SQLite JSON indexing, AI for programming, and history of computer games are noted. Privacy and design topics include classical statue painting, new fonts, and drag-and-drop alternatives. Updates on developer tools like GitHub Actions pricing postponement and Twitch’s new Terms of Service are summarized. The newsletter announces a break for the holidays after this issue.

Email 3:

Subject: The UK Foreign Office was hacked in October

Summary: Hackers, likely the Chinese group Storm 1949, breached the UK Foreign Office servers in October, stealing thousands of confidential visa-related documents, though no personal data compromise is confirmed. An Amazon keystroke anomaly revealed North Korean imposters attempting remote IT jobs, with over 1,800 prevented attempts noted. Italian authorities arrested a second Latvian suspect in connection with malware installation on Mediterranean ferries, suspected to be linked to foreign interference, possibly Russia. Danish intelligence blamed Russia for cyberattacks on infrastructure and elections. ESET identified the China-aligned LongNosedGoblin group targeting Southeast Asian and Japanese government institutions using Group Policy abuse. DXS International reported a cybersecurity incident affecting NHS-related services. North Korean-linked Lazarus Group deployed advanced BeaverTail malware concealed in VS Code extensions. The Clop ransomware gang targets exposed Gladinet CentreStack servers. Former cybersecurity employees pleaded guilty to ransomware extortion. President Trump nominated Lt. Gen. Joshua Rudd to lead the NSA and US Cyber Command. TikTok finalized a US entity joint venture for data security oversight, and a new AI-focused cybersecurity firm Armadin launched.

Email 4:

Subject: Palo Alto Networks, Google Cloud Strike Multibillion-Dollar Deals

Summary: Palo Alto Networks and Google Cloud reached multibillion-dollar agreements focusing on AI and cloud security solutions. Denmark attributed recent destructive cyberattacks and election-related DDoS incidents to Russian state-linked groups. The Chinese APT LongNosedGoblin continues targeting Asian governments. Security updates include SonicWall patching an actively exploited zero-day in its SMA1000 gateway and warnings from CISA on Asus update tool vulnerabilities. Other news highlights include Google suing Chinese cybercriminals, the takedown of crypto exchange E-Note, and a significant data breach at University of Sydney affecting 27,000 individuals. The Kimwolf Android botnet has infected over 1.8 million devices, with ongoing trends showing increased North Korean crypto theft and Amazon blocking numerous fake IT worker hires.

Email 5:

Subject: President Trump signs the 2026 National Defense Authorization Act

Summary: President Trump signed the $901 billion 2026 NDAA, authorizing record national security spending including $417 million for US Cyber Command. The Act maintains Cyber Command’s leadership authority intact and nominates Lt. Gen. Joshua Rudd to lead both Cyber Command and NSA. It mandates secure encrypted mobile devices for senior defense officials. Denmark attributes recent destructive cyberattacks on critical infrastructure and election systems to Russia-linked groups conducting hybrid warfare. The US Justice Department charged 54 individuals linked to a Venezuelan ATM malware jackpotting scheme deploying Ploutus malware. The briefing also covers cybersecurity insights such as vendor vulnerability exploits, threat intelligence updates, and industry expert commentary on evolving AI and identity security challenges.

Stay Well!