Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-11 07:00 PST
- ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
The Hacker News • 2025-12-11 05:40 • thehackernews.com
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open.
The new Threatsday Bulletin
https://thehackernews.com/2025/12/threatsday-bulletin-spyware-alerts.html - Hackers exploit unpatched Gogs zero-day to breach 700 servers
BleepingComputer • 2025-12-11 05:19 • www.bleepingcomputer.com
An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. […]
https://www.bleepingcomputer.com/news/security/unpatched-gogs-zero-day-rce-flaw-actively-exploited-in-attacks/ - NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
The Hacker News • 2025-12-11 05:16 • thehackernews.com
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.
According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a
https://thehackernews.com/2025/12/nanoremote-malware-uses-google-drive.html - Hunting for Mythic in network traffic
Securelist • 2025-12-11 04:00 • securelist.com
We analyze the network activity of the Mythic framework, focusing on agent-to-C2 communication, and use signature and behavioral analysis to create detection rules for Network Detection and Response (NDR) solutions.
https://securelist.com/detecting-mythic-in-network-traffic/118291/ - The Impact of Robotic Process Automation (RPA) on Identity and Access Management
The Hacker News • 2025-12-11 03:30 • thehackernews.com
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber
https://thehackernews.com/2025/12/the-impact-of-robotic-process.html - WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
The Hacker News • 2025-12-11 03:00 • thehackernews.com
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.
Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor has trained its sights
https://thehackernews.com/2025/12/wirte-leverages-ashenloader-sideloading.html - Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
The Hacker News • 2025-12-11 02:30 • thehackernews.com
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz.
The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix for the issue is said to be currently in the
https://thehackernews.com/2025/12/unpatched-gogs-zero-day-exploited.html - Microsoft fixes Windows Explorer white flashes in dark mode
BleepingComputer • 2025-12-11 02:09 • www.bleepingcomputer.com
Microsoft has fixed a known issue that caused bright white flashes when launching File Explorer in dark mode on Windows 11 systems after installing the KB5070311 optional update. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-explorer-white-flashes-in-dark-mode/ - GOLD SALEM tradecraft for deploying Warlock ransomware
Sophos Threat Research • 2025-12-11 02:00 • news.sophos.com
Analysis of the tradecraft evolution across 6 months and 11 incidents
https://news.sophos.com/en-us/2025/12/11/gold-salem-tradecraft-for-deploying-warlock-ransomware/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
