The "ShadyPanda" campaign is a long-running malware operation involving browser extensions that have amassed over 4.3 million installations. Initially submitted in 2018, the first signs of malicious activity were observed in 2023.

The Glassworm malware has resurfaced in its third wave, targeting developers using VS Code-compatible editors. This campaign introduces 24 new malicious packages on the OpenVSX and Microsoft Visual Studio marketplaces.

Google's December security update for Android addresses 107 vulnerabilities, including two high-severity zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572. This update marks the second-highest number of vulnerabilities patched this year.

A vulnerability in Revive Adserver, identified as CVE-2025-55129, has been reported. This vulnerability involves an incomplete list of disallowed inputs, allowing for potential impersonation attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability, CVE-2021-26829, in OpenPLC ScadaBR to its Known Exploited Vulnerabilities (KEV) catalog.

The "Contagious Interview" campaign, linked to North Korean threat actors, has expanded with the addition of 197 new malicious npm packages. This campaign targets software developers in the crypto and Web3 sectors.

PostHog experienced a major security incident involving the Shai-Hulud 2.0 npm worm, which compromised its JavaScript SDKs: posthog-node, posthog-js, and posthog-react-native.

A new Mirai-variant botnet named ShadowV2 has been identified targeting Internet of Things (IoT) devices globally. It is designed to exploit known vulnerabilities across multiple embedded platforms

RomCom malware, linked to Russian military intelligence unit GRU Unit 29155, has been observed using the SocGholish fake browser update framework to deliver a Mythic C2 agent, targeting a U.S. civil engineering firm with ties to Ukraine.

A newly discovered architectural flaw in Microsoft Teams B2B Guest Access exposes users to malware, phishing, and data exfiltration attacks. Attackers are exploiting a systemic gap that bypasses Microsoft Defender for Office 365 protections.