ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories

The U.K. National Cyber Security Centre said prompt injections – which refer to flaws in generative artificial intelligence (GenAI) applications that allow them to parse malicious instructions to generate content that’s otherwise not possible – “will never be properly mitigated” and that it’s important to raise awareness about the class of vulnerability, as well as designing systems that “constrain the actions of the system, rather than just attempting to prevent malicious content reaching the LLM.”

Europol’s Operational Taskforce (OTF) GRIMM has arrested 193 individuals and disrupted criminal networks that have fueled the growth of violence-as-a-service (VaaS). The task force was launched in April 2025 to combat the threat, which involves recruiting young, inexperienced perpetrators to commit violent acts. “These individuals are groomed or coerced into committing a range of violent crimes, from acts of intimidation and torture to murder,” Europol said. Many of the criminals involved in the schemes are alleged to be members of The Com, a loosely-knit collective comprising primarily English speakers who are involved in cyber attacks, SIM swaps, extortion, and physical violence.

Polish law enforcement arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using specialized hacking equipment after their vehicle was stopped and inspected. They have been charged with fraud, computer fraud, and acquiring computer equipment and software adapted to commit crimes, including damage to computer data of particular importance to the country’s defense. “Officers thoroughly searched the vehicle’s interior. They found suspicious items that could even be used to interfere with the country’s strategic IT systems, breaking into IT and telecommunications networks,” authorities said. “During the investigation, officers seized a spy device detector, advanced Flipper hacking equipment, antennas, laptops, a large number of SIM cards, routers, portable hard drives, and cameras.” The three men, of ages between 39 and 43, claimed to be computer scientists and “were visibly nervous,” but did not give reasons as to why they were carrying such tools in the first place, and pretended not to understand what was being said to them, officials said.

The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. The defendant is said to have used six online accounts and five pseudonyms to advertise and sell the stolen databases. The teen faces charges related to involvement in cybercrime, unauthorized access, and disclosure of private data, and privacy violations. “The cybercriminal accessed nine different companies where he obtained millions of private personal records that he later sold online,” authorities alleged. In a related development, Ukrainian police officials announced the arrest of a 22-year-old cybercriminal who used a custom malware he independently created to automatically hack user accounts on social networks and other platforms. The compromised accounts were then sold on hacker forums. Most of the victims were based in the U.S. and various European countries. The Bukovyn resident is also accused of administering a bot farm with more than 5,000 profiles in various social networks in order to implement various shadow schemes and transactions.

Russian police said they have dismantled a criminal enterprise that stole millions from bank customers in the country using malware built on NFCGate, a legitimate open-source tool increasingly exploited by cybercriminals worldwide. To that end, three suspects have been arrested for distributing NFC-capable malware through WhatsApp and Telegram, disguising it as software from legitimate banks. Victims were first approached via phone and persuaded to install a fraudulent banking app. During the fake “authorization” process, they were guided to hold their bank card to the back of their smartphone and enter their PIN — a step that enabled the attackers to harvest card credentials and withdraw funds from ATMs anywhere in the country without the cardholder’s involvement. Preliminary losses exceed 200 million rubles (about $2.6 million).

The recently disclosed React security flaw (React2Shell, aka CVE-2025-55182) has come under widespread exploitation, including targeting smart home devices, according to Bitdefender. These include smart plugs, smartphones, NAS devices, surveillance systems, routers, development boards, and smart TVs. These attacks have been found to deliver Mirai and RondoDox botnet payloads. Significant probing activity has been detected from Poland, the U.S., the Netherlands, Ireland, France, Hong Kong, Singapore, China, and Panama. This indicates “broad global participation in opportunistic exploitation,” the company said. Threat intelligence firm GreyNoise said it observed 362 unique IP addresses across ~80 countries attempting exploitation as of December 8, 2025. “Observed payloads fall into distinct groups: miners, dual-platform botnets, OPSEC-masked VPN actors, and recon-only clusters,” it added.

Cybersecurity researchers have discovered a previously undocumented Linux backdoor named GhostPenguin. A multi-thread backdoor written in C++, it can collect system information, including IP address, gateway, OS version, hostname, and username, and send it to a command-and-control (C&C) server during a registration phase. “It then receives and executes commands from the C&C server. Supported commands allow the malware to provide a remote shell via ‘/bin/sh,’ and perform various file and directory operations, including creating, deleting, renaming, reading, and writing files, modifying file timestamps, and searching for files by extension,” Trend Micro said. “All C&C communication occurs over UDP port 53.” The discovery comes as Elastic detailed a new syscall hooking technique called FlipSwitch that has been devised in the aftermath of fundamental changes introduced to the Linux kernel 6.9 to allow malware to hide its presence on infected hosts. “Traditional rootkit techniques relied on direct syscall table manipulation, but modern kernels have moved to a switch-statement based dispatch mechanism,” security researcher Remco Sprooten said. “Instead of modifying the syscall table, it locates and patches specific call instructions inside the kernel’s dispatch function. This approach allows for precise and reliable hooking, and all changes are fully reverted when the module is unloaded.”

Evan Tangeman, a 22-year-old California resident, pleaded guilty to RICO conspiracy charges after being accused of buying homes and laundering $3.5 million on behalf of a criminal gang that stole cryptocurrency through social engineering schemes. “The enterprise began no later than October 2023 and continued through at least May 2025. It grew from friendships developed on online gaming platforms and consisted of individuals based in California, Connecticut, New York, Florida, and abroad,” the Justice Department (DoJ) said. “Tangeman was a money launderer for the group that also included database hackers, organizers, target identifiers, callers, and residential burglars targeting hardware virtual currency wallets.” Members of the group were previously charged with stealing more than $263 million worth of cryptocurrency from a victim in Washington, D.C.

Apple and Google have sent a new round of spyware notifications to users in nearly 80 countries, according to a report from Reuters. There are currently no details about what kind of spyware the victims were targeted with. Neither company provided information on the number of users targeted or who they thought was behind the surveillance efforts.

The European Commission has given its stamp of approval to a Meta proposal to give Instagram and Facebook users an option to share less personal data and see fewer personalized ads. The new option goes into effect in January 2026. “Meta will give users the effective choice between consenting to share all their data and seeing fully personalized advertising, and opting to share less personal data for an experience with more limited personalized advertising,” the Commission said. The move comes after the social media giant was fined €200 million in April 2025 (then $227 million) for violating the bloc’s Digital Markets Act (DMA) over the binary choice it gives E.U. users to either pay to access ad-free versions of the platforms or agree to being tracked in exchange for targeted ads. In a post last week, Austrian non-profit None of Your Business (noyb) published a survey that said “when there’s a ‘pay,’ a ‘consent,’ and an ‘advertising, but no tracking’ option, […] 7 out of 10 people then choose the ‘advertising, but no tracking’ option.”

New Zealand’s National Cyber Security Centre (NCSC) said it’s notifying around 26,000 users who have been infected with Lumma Stealer, in what it described as the first large-scale public outreach. “The malicious software is designed to steal sensitive information, like email addresses and passwords, from devices typically for the purposes of fraud or identity theft,” it said. “The use of Lumma Stealer and other similar malware by cyber criminals is an ongoing international issue.”

Notepad++ has released version 8.8.9 to fix a critical flaw in the open-source text and source code editor for Windows. This bug, according to security researcher Kevin Beaumont, was being abused by threat actors in China to hijack traffic from WinGUp (the Notepad++ updater), redirect it to malicious servers, and then trick people into downloading malware. “Verify certificate and signature on downloaded update installer,” reads the release notes for version 8.8.9. “The review of the reports led to the identification of a weakness in the way the updater validates the integrity and authenticity of the downloaded update file,” Notepad++ maintainers said. “In case an attacker is able to intercept the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and execute an unwanted binary (instead of the legitimate Notepad++ update binary).”

A new report from Kaspersky examining more than 800 blocked Telegram channels that existed between 2021 and 2024 has revealed that the “median lifespan of a shadow Telegram channel increased from five months in 2021-2022 to nine months in 2023-2024” The messaging app also appears to be increasingly blocking cybercrime-focused channels since October 2024, prompting threat actors to migrate to other platforms.

The U.K. has imposed new sanctions against several Russian and Chinese organizations accused of undermining the West through cyber attacks and influence operations. The actions target two Chinese entities, I-Soon and the Integrity Technology Group (aka Flax Typhoon), as well as a Telegram channel Ryber and its co-owner, Mikhail Zvinchuk, an organization called Pravfond that’s believed to be a front for the GRU, and the Centre for Geopolitical Expertise, a Moscow-based think tank founded by Aleksandr Dugin. “I-Soon and Integrity Tech are examples of the threat posed by the cyber industry in China, which includes information security companies, data brokers (that collect and sell personal data), and ‘hackers for hire,'” the U.K. government said. “Some of these companies provide cyber services to the Chinese intelligence services.”

A new analysis from Sonatype has revealed that about 13% of all Log4j downloads in 2025 are susceptible to Log4Shell. “In 2025 alone, there were nearly 300 million total Log4j downloads,” the supply chain security company said. “Of those, about 13% – roughly 40 million downloads — were still vulnerable versions. Given that safe alternatives have been available for nearly four years, every one of those vulnerable downloads represents risk that could have been avoided.” China, the United States, India, Japan, Brazil, Germany, the United Kingdom, Canada, South Korea, and France accounted for a huge chunk of the vulnerable downloads.

The Indian government is reportedly reviewing a telecom industry proposal to force smartphone firms to enable satellite location tracking that is always activated for better surveillance, with no option for users to disable it, Reuters revealed. The idea is to get precise locations when legal requests are made to telecom firms during investigations, the news agency added. The move has been opposed by Apple, Google, and Samsung. Amnesty International has called the plan “deeply concerning.”

A “concentrated spike” comprising more than 7,000 IP addresses has been observed attempting to log into Palo Alto Networks GlobalProtect portals. The activity, which originated from infrastructure operated by 3xK GmbH, was observed on December 2, 2025. GreyNoise said the December wave shares three identical client fingerprints with a prior wave observed between late September and mid-October. The threat intelligence firm said it also recorded a surge in scanning against SonicWall SonicOS API endpoints a day later. Both the attack waves have been attributed to the same threat actor.

Artificial intelligence (AI) company OpenAI said there is a need for strengthening resilience as cyber capabilities in AI models advance rapidly, posing dual-use risks. To that end, the firm said it’s investing in safeguards to help ensure these capabilities mainly benefit defensive uses and limit their use for malicious purposes. This includes: (1) Training the model to refuse or safely respond to harmful requests, (2) Maintaining system-wide monitoring across products that use frontier models to detect malicious cyber activity, and (3) End-to-end red teaming. “As these capabilities advance, OpenAI is investing in strengthening our models for defensive cybersecurity tasks and creating tools that enable defenders to more easily perform workflows such as auditing code and patching vulnerabilities,” the company said. “Our goal is for our models and products to bring significant advantages for defenders, who are often outnumbered and under-resourced.”

Spanish Android users have become the target of a new malware called DroidLock that propagates via dropper apps hosted on phishing websites. “It has the ability to lock device screens with a ransomware-like overlay and illegally acquire app lock credentials, leading to a total takeover of the compromised device,” Zimperium said. “It employs deceptive system update screens to trick victims and can stream and remotely control devices via VNC. The malware also exploits device administrator privileges to lock or erase data, capture the victim’s image with the front camera, and silence the device.” In all, it supports 15 distinct commands. While the malware does not actually have the ability to encrypt files, it displays a scary overlay that instructs victims to contact a Proton email address within 24 hours or risk getting their files destroyed. Like other Android malware of its kind, it leverages accessibility services to carry out its malicious activities, including changing the device lock screen PIN or password, effectively locking users out. It also serves traditional WebView overlays atop targeting apps to capture credentials.

Google has announced that the Chrome Root Program and the CA/Browser Forum have taken steps to sunset 11 legacy methods for Domain Control Validation, a security-critical process designed to ensure certificates are only issued to the legitimate domain operator. “By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security,” the company said. The deprecation is expected to be carried out in phases and completed by March 2028.

Cybersecurity researchers have warned of a new campaign that uses a fake torrent for the Leonardo DiCaprio starrer One Battle After Another as a launchpad for a complex infection chain that drops Agent Tesla malware. “Instead of the expected video file, users unknowingly download a compilation of PowerShell scripts and image archives that build into a memory-resident command-and-control (C2) agent, also known as a trojan (RAT – Remote Access Trojan) under the name of Agent Tesla,” Bitdefender said. “This type of malware is designed with a single purpose: to provide attackers with unfettered access to the victim’s Windows computer.” The attack is part of a growing trend of embedding malware in bogus multimedia files. Earlier this May, a lure for Mission: Impossible – The Final Reckoning was used to spread Lumma Stealer.

A new study from Flare has found that more than 10,000 Docker Hub container images are exposing credentials to production systems, CI/CD databases, or large language model (LLM) keys. “42% of exposed images contained five or more secrets each, meaning a single container could unlock an entire cloud environment, CI/CD pipeline, and database,” the company said. “AI LLM model keys were the most frequently leaked credentials, with almost 4,000 exposed, revealing how fast AI adoption has outpaced security controls.” The exposure represents severe risks, as it enables full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components.

As many as 19 Microsoft Visual Studio Code (VS Code) extensions have been identified on the official Marketplace, with most of them embedding a malicious file that masquerades as a PNG image. The campaign, active since February 2025, was discovered last week. “The malicious files abused a legitimate npm package [path-is-absolute] to avoid detection and crafted an archive containing malicious binaries that posed as an image: A file with a PNG extension,” ReversingLabs researcher Petar Kirhmajer said. “For this latest campaign, the threat actor modified it by adding a few malicious files. However, it’s important to note that these changes to the package are only available when it is installed locally through the 19 malicious extensions, and they are not actually part of the package hosted on npm.” The net effect is that the weaponized package is used to launch the attack as soon as one of the malicious extensions is used and VS Code is launched. The main purpose of the malicious code is to decode what appears to be a PNG file (“banner.png”), but, in reality, is an archive containing two binaries that are executed using the “cmstp.exe” living-off-the-land binary (LOLBin) by means of a JavaScript dropper. “One of these binaries is responsible for closing the LOLBin by emulating a key press, while the other binary is a more complicated Rust trojan,” ReversingLabs said. The extensions have since been removed by Microsoft from the Marketplace.

Check Point Research said it was able to reverse engineer the ValleyRAT (aka Winos or Winos4.0) backdoor and its plugins by examining a publicly leaked builder and its development structure. “The analysis reveals the advanced skills of the developers behind ValleyRAT, demonstrating deep knowledge of Windows kernel and user-mode internals, and consistent coding patterns suggesting a small, specialized team,” the cybersecurity company said. “The ‘Driver Plugin’ contains an embedded kernel-mode rootkit that, in some cases, retains valid signatures and remains loadable on fully updated Windows 11 systems, bypassing built-in protection features.” Specifically, the plugin facilitates stealthy driver installation, user-mode shellcode injection via APCs, and forceful deletion of AV/EDR drivers. The rootkit is based on the publicly available open-source project Hidden. One of the other plugins is a login module that is designed to load additional components from an external server. ValleyRAT is attributed to a Chinese cybercrime group known as Silver Fox. Approximately 6,000 ValleyRAT-related samples have been detected in the wild between November 2024 and November 2025, in addition to 30 distinct variants of the ValleyRAT builder and 12 variants of the rootkit driver.

In a new campaign, threat actors are abusing the ability to share chats on OpenAI ChatGPT and Grok to surface them in search results, either via malvertising or search engine optimization (SEO) poisoning, to trick users into installing stealers like AMOS Stealer when searching for “sound not working on macOS,” “clear disk space on macOS,” or ChatGPT Atlas on search engines like Google. The chat sessions are shared under the guise of troubleshooting or installation guides and include ClickFix-style instructions to launch the terminal and paste a command to address issues faced by the user. “Attackers are systematically weaponizing multiple AI platforms with SEO poisoning, and that it is not isolated to a single AI platform, page, or query, ensuring victims encounter poisoned instructions regardless of which tool they trust,” Huntress said. “Instead, multiple AI-style conversations are being surfaced organically through standard search terms, each pointing victims toward the same multi-stage macOS stealer.” The development comes as platforms like itch.io and Patreon are being used by threat actors to distribute Lumma Stealer. “Newly created Itch.io accounts spam comments in different legitimate games, with templated text messages that show Patreon links to supposed game updates,” G DATA said. These links direct to ZIP archives containing a malicious executable that’s compiled with nexe and runs a six-levels of anti-analysis checks before dropping the stealer malware.