🔥 Major Breaches & Incidents
• Coupang mega-breach, Space Bears/Comcast supply-chain claim, DeadLock’s EDR-killing trick

⚠️ Emerging Threats & Vulnerabilities
• React2Shell exploitation, WinRAR 0-day, K.G.B RAT, MITRE Top 25

🕵️ Privacy Watch
• UK MP phishing, AI holiday scams, AI-driven virtual kidnapping scams

🎯 APTs & State-Sponsored Activity
• DPRK-linked React2Shell exploitation

🤖 AI in Cyber
• Stanford’s AI hacker outperforms pros, OpenAI high-risk model warning, global cybercrime cost trends

🔁 Story Follow-Ups
• Patch Tuesday finale, cyberattacks driving consumer price hikes

Coupang Data Breach Exposes ~33M Users
South Korea’s largest retailer suffered a months-long breach that compromised personal data for nearly two-thirds of the nation. Regulators are already circling, signaling harsher privacy enforcement may be on the horizon, with their CEO stepping down.
👉 Takeaway: A breach this large isn’t just corporate news — it’s national infrastructure risk dressed as e-commerce.

Space Bears Claim Comcast Data Theft via Quasar Supplier Breach
The group claims access via a third-party engineering vendor rather than Comcast itself — a classic example of supply-chain slippage. Whether or not the claims hold, it’s another reminder attackers don’t bother kicking down your front door when the side entrance is unlocked.
👉 Takeaway: Supplier security isn’t a checkbox; it’s your most reliable point of failure.

DeadLock Ransomware Uses BYOVD to Kill EDR
DeadLock is escalating its tactics by using vulnerable drivers to shut down endpoint protections before deploying payloads. This technique pushes the ransomware into APT territory, where stealth trumps speed.
👉 Takeaway: If your security strategy assumes EDR is always there to save you, DeadLock is here to ruin that optimism.

React2Shell Vulnerability Actively Exploited by North Korean Actors
The React2Shell flaw is now being abused to deploy EtherRAT, giving attackers footholds in poorly secured web stacks. The speed at which exploitation ramped up shows just how quickly threat actors pounce on modern frontend tooling gaps.
👉 Takeaway: If your web apps ship fast but patch slow, someone else is sprinting faster.

WinRAR 0-Day RCE Being Actively Exploited
WinRAR remains the unexpected gift that keeps giving, with yet another remote-code-execution flaw under active attack. Even though the tool feels ancient, its massive global install base makes it prime real estate for opportunistic threats.
👉 Takeaway: Legacy tech doesn’t fade away — it becomes a recurring vulnerability subscription.

New “K.G.B RAT” Markets Itself as Fully Undetectable
Dark-web operators are hyping this new RAT as EDR-proof with stealth capabilities that mimic legitimate admin tools. Whether or not it meets its own marketing claims, adoption is climbing fast.
👉 Takeaway: Malware authors have entered their SaaS-startup era — pitch decks, branding, and all.

MITRE Releases 2025 Top 25 Most Dangerous Weaknesses
MITRE’s annual hit list reaffirms the usual offenders: injection flaws, memory corruption, and deserialization vulnerabilities continue to dominate. It’s a sign that attack surfaces evolve, but developer mistakes remain remarkably consistent.
👉 Takeaway: The industry doesn’t have a zero-day problem — it has a decades-old coding problem.

UK MPs Hit With Surging WhatsApp/Signal Phishing
Lawmakers are reporting a spike in impersonation, credential theft, and malicious-link campaigns across messaging apps. Even encrypted platforms can’t fix human susceptibility, especially when the attackers lean on political urgency and fear cues.
👉 Takeaway: Encryption protects messages, not judgment.

Smarter, AI-Powered Holiday Scams Flood Consumers
Scammers are deploying AI-generated voices, polished fake deals, and personalized scripts to exploit holiday generosity. The sophistication makes even skeptical consumers second-guess themselves.
👉 Takeaway: Social engineering isn’t evolving — it’s being turbocharged.

FBI Warns of AI-Generated Virtual Kidnapping Scams
Threat actors are cloning voices and faces to simulate emergency ransom scenarios, weaponizing panic with frightening accuracy. The emotional realism is high enough to force immediate responses before victims can verify anything.
👉 Takeaway: Deepfakes aren’t about political misinformation — they’re about monetizing terror.

North Korea Leveraging React2Shell for Malware Deployment
DPRK-linked operators jumped on the React2Shell flaw almost immediately, exploiting it to install remote-access tooling and pivot deeper into networks. Their rapid adoption shows how efficiently state-backed actors farm fresh vulnerabilities for long-term access.
👉 Takeaway: If you’re patching on a monthly cadence, you’re already behind a nation-state.

Stanford’s ARTEMIS AI Hacker Outperforms Human Pentesters
In controlled testing, ARTEMIS identified more exploitable vulnerabilities than expert pentesters — and did so dramatically faster. The research serves as both a breakthrough in automated defense and a warning that offense scales even more easily.
👉 Takeaway: AI isn’t replacing pentesters tomorrow, but attackers using AI might.

OpenAI Warns Its Next Models Pose “High” Cybersecurity Risk
OpenAI is bracing for models capable of generating zero-days, crafting malware, and enabling rapid reconnaissance. The organization is simultaneously building defensive frameworks, signaling that the threat curve is steepening fast.
👉 Takeaway: When the vendor says the risk is “high,” assume it’s already higher.

Global Cybercrime Costs Continue Climbing
New reporting highlights that U.S.-originating attacks make up a large share of global incidents, with public administration being disproportionately targeted. The data underscores how cybercrime has become an entrenched economic engine.
👉 Takeaway: Cybercrime isn't a trend — it’s an industry with recurring revenue.

Microsoft December Patch Tuesday Fixes 50+ Flaws
Microsoft closed out the year with a sprawling patch set, including multiple actively exploited vulnerabilities. The volume feels like the perfect summary of 2025’s vulnerability fatigue.
👉 Takeaway: Patch early, patch often, complain constantly.

Cyberattacks Are Driving Consumer Price Increases
Recovery costs, insurance hikes, and tooling investments are pushing small businesses to raise prices across industries. While invisible to customers, the “cyber tax” is quietly inflating daily life.
👉 Takeaway: Breaches don’t just cost companies — they cost all of us.