Today’s roundup
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
A Good Year for North Korean Cybercriminals
Dismantling Defenses: Trump 2.0 Cyber Year in Review
U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog
Hackers Stole Millions of PornHub Users’ Data for Extortion
University of Sydney reports data breach affecting over 20,000 staff, affiliates
Smart TV manufacturer ordered to stop collecting viewer data while court case proceeds in Texas
Summary
A Russia-aligned group, UNK_AcademicFlare, is conducting a phishing campaign that compromises Microsoft 365 accounts. Active since September 2025, the attacks leverage OAuth device code authentication and primarily target government entities for account takeovers.
A new campaign is spreading the modular CountLoader and GachiLoader malware via cracked software distribution sites and YouTube videos. CountLoader acts as an initial access tool, while GachiLoader, an obfuscated Node.js malware, delivers info-stealers using advanced PE injection for evasion.
North Korean cybercriminals have shifted strategies to target higher-value entities, employing more sophisticated methods for increased financial gains throughout the past year.
A comprehensive review outlines significant policy pivots by the Trump administration, impacting national cybersecurity. Measures include substantial workforce and funding cuts at agencies like CISA, reassignment of cyber specialists, and altered regulations on data collection and cryptocurrency, raising concerns about weakened national defenses.
CISA has added CVE-2025-14733, a critical RCE flaw (CVSS 9.3) in WatchGuard Fireware OS, to its KEV catalog. The out-of-bounds write vulnerability allows remote unauthenticated arbitrary code execution via IKEv2 VPN services. Federal agencies must remediate by December 26, 2025, with IoAs including suspicious IPs and IKED process anomalies.
Millions of PornHub users' data has reportedly been stolen by hackers, now being used for extortion attempts.
The University of Sydney reported a data breach affecting over 20,000 staff and affiliates. The incident was discovered last week in an online code repository and prompted immediate security actions.
A Texas court ordered Hisense to stop collecting viewer data via Automated Content Recognition (ACR) technology. This temporary restraining order, part of an ongoing lawsuit, prohibits the company from using, sharing, or selling Texans’ data acquired this way.
Want to dig deeper?
Vulnerabilities
Malware Families