Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new…
Glenn Greenwald Was Always Suspect. Now He’s Clear.
Nick Fuentes is the man who in 2023 said this: I think the Holocaust is exaggerated. I don’t hate Hitler. I think there’s a Jewish conspiracy. I believe in race realism. And Fuentes celebrated the rising popularity of his message by proclai…
Pro-Russian group Noname057 claims cyberattack on La Poste services
Pro-Russian hacking group Noname057 claimed responsibility for the cyberattack that recently disrupted La Poste’s digital banking and online services. This week, the French national postal service La Poste confirmed a major cyber incident had knocked its information systems offline, disrupting digital banking and online services for millions of customers. On social media, La Poste said […]
CT Tesla Cybertruck Kills One
The Tesla hit-and-run was on Christmas Day. Officers responding to a two-car crash on Cornwall Street just south of Hebron Street around 9:20 p.m. found the occupants of a Toyota Camry trapped and injured and a black Tesla Cybertruck with no one inside…
Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats
Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data.
Defensive Security Podcast Episode 334
Want to be the first to hear our episodes each week? Become a Patreon donor here.
Merry Christmas and Happy Holidays!
Links to this week’s stories:
https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
htt…
Eurostar Accused Researchers of Blackmail for Reporting AI Chatbot Flaws
Researchers discovered critical flaws in Eurostar’s AI chatbot including prompt injection, HTML injection, guardrail bypass, and unverified chat IDs – Eurostar later accused them of blackmail.
The Age of the All-Access AI Agent Is Here
Big AI companies courted controversy by scraping wide swaths of the public internet. With the rise of AI agents, the next data grab is far more private.
New MacSync Stealer Disguised as Trusted Mac App Hunts Saved Passwords
Jamf security experts have found a new version of MacSync Stealer. Disguised as a zk-call app, it uses official notarization to bypass security and steal your saved passwords.
Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline
Romania’s national water authority, Romanian Waters, was hit by a major ransomware attack affecting 1,000 systems but dams remain safe. Learn how authorities are fighting back without paying the ransom.