ClearSky has spotted the Gamaredon APT deploying the GamaWiper in data-wiping attacks at Ukrainian organizations. The attacks leveraged a WinRAR vulnerability tracked as CVE-2025-80880.

Making sure you're not a bot!

ANY.RUN says activity from the Salty2FA phishing service collapsed in October and payloads now seem to overlap with the IOCs of another service named Tycoon2FA.

Salty2FA & Tycoon2FA: Hybrid Phishing Threat

A Salty2FA–Tycoon2FA hybrid is hitting inboxes worldwide. See how it formed, why attribution is breaking, and the updates SOC teams need now.

India orders online IM apps to link user accounts to a SIM card

The Economic Times

Why your WhatsApp Web may now log out every six hours - The Economic Times

Under the new rule, the DoT requires messaging apps, including WhatsApp, Telegram, and Signal, to implement "SIM binding", i.e., linking of service...

India has ordered smartphone makers to pre-install the government's Sanchar Saathi app. The app is available for Android and iOS and allows users to report fraud and spam. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140&reg=3&lang=2

Cato Networks has discovered HashJack, an indirect prompt injection technique that conceals malicious instructions after the # in legitimate URLs. This attack works when AI agents have to parse links inside documents or emails.

HashJack - First Known Indirect Prompt Injection | Cato Networks

Europol has seized the domain of the Cryptomixer cryptocurrency mixing service. The site was allegedly responsible for helping criminal groups launder funds. Officials also seized €25 million worth of assets.

Europol

Europol and partners shut down ‘Cryptomixer’ – EUR 25 million in cryptocurrency seized during the operation | Europol

From 24 to 28 November 2025, Europol supported an action week conducted by law enforcement authorities from Switzerland and Germany in Zurich, Swit...

A threat actor has breached and pushed a malicious update to SmartTube, an app typically used on Android-based smart TVs

GitHub

[NOT A BUG!]: Google just removed SmartTube from my Android TV Box · Issue #5131 · yuliskov/SmartTube

Checklist I made sure that there are no existing issues - open or closed - which I could contribute my information to. I have read the FAQ and my p...

GitHub

Release Important Announcement · yuliskov/SmartTube

Important Announcement Friends, it seems that my digital signature has been exposed. This signature protects the app from fake and malicious update...

Threat actors are now exploiting an XSS bug in the OpenPLC ScadaBR code editor, typically used for programming SCADA/PLC stuff

Cybersecurity and Infrastructure Security Agency CISA

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation.

The FCC says hackers hijacked Barix studio-transmitter link (STL) equipment to broadcast obscene materials via state emergency systems https://www.fcc.gov/document/fcc-urges-broadcasters-follow-cybersecurity-best-practices

Hackers exploited a bug in the wallet system of South Korean cryptocurrency exchange Upbit to steal over $37 million worth of Solana tokens

업비트(Upbit)

디지털 자산 입출금 서비스 긴급 점검 사유에 대해 안내드립니다. (추가 안내)

디지털 자산 입출금 서비스 긴급 점검 사유에 대해 안내드립니다. (추가 안내)