A cyber attack on the Polish power grid in December 2025 has been attributed to the Russian state-sponsored group ELECTRUM. The attack targeted operational technology systems managing distributed energy resources.

A malicious VSCode extension, "ClawdBot Agent - AI Coding Assistant," was identified on the official Extension Marketplace. This extension, posing as a free AI coding assistant for Moltbot, stealthily deploys malware on compromised systems.

Two cyber campaigns, Gopher Strike and Sheet Attack, have been identified targeting Indian government entities. These campaigns are linked to a Pakistan-based threat actor and employ sophisticated techniques to compromise systems and exfiltrate data.

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations. The closure of Tudou is a significant blow to the Southeast Asian scam economy.

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.

A new hardware vulnerability, named StackWarp, has been identified in AMD processors, specifically affecting Zen 1 through Zen 5 models. This flaw allows attackers with privileged control over host servers to execute malicious code within CVMs.

A China-linked advanced persistent threat (APT) group, identified as UAT-8837, has been exploiting a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS score: 9.0) to target critical infrastructure sectors in North America.

Cisco has patched a critical 0-day vulnerability in its AsyncOS Software for Secure Email Gateway and Secure Email and Web Manager. This vulnerability, exploited by a China-linked APT group, allows RCE due to insufficient validation of HTTP requests.

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025.

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.