Top 5 Cybersecurity News Stories December 12, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

NanoRemote, a newly discovered malware strain, leverages Google Drive for command-and-control operations, enabling attackers to bypass traditional security measures. The malware employs encrypted communications and modular architecture, allowing remote execution, data exfiltration, and persistence on compromised systems.

Its use of legitimate cloud services complicates detection and mitigation, posing a significant threat to enterprises relying on Google Workspace. Security experts recommend monitoring unusual Drive activity and implementing advanced threat detection tools to counter this evolving tactic.
Read more on The Hacker News

2. Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Google has issued an urgent update for Chrome following reports of active exploitation of a zero-day vulnerability. The flaw, affecting the browser’s rendering engine, allows attackers to execute arbitrary code and potentially gain system-level access.

Exploits have been observed targeting Windows and macOS users, emphasizing the need for immediate patching. Security researchers warn that delayed updates could expose organizations to ransomware and data theft campaigns. Users should apply the latest Chrome version and enable automatic updates to reduce risk.
Read more on The Hacker News

3. Hackers exploit unpatched Gogs zero-day to breach 700 servers

A critical remote code execution (RCE) vulnerability in Gogs, a self-hosted Git service, is being actively exploited. The flaw, present in unpatched instances, enables attackers to run arbitrary commands and compromise repositories. Exploitation campaigns target development environments, raising concerns about supply chain security.

Researchers advise immediate patching or applying mitigations, such as restricting network access and monitoring suspicious activity. Failure to address the issue could lead to source code theft and downstream attacks on dependent projects.
Read more on Bleeping Computer

4. UK fines LastPass over 2022 data breach impacting 1.6 million users

The UK’s data protection authority has fined LastPass for its 2022 breach that exposed sensitive vault data of 16 million users. Investigators cited inadequate encryption practices and delayed incident response as key failures. The breach, caused by compromised developer credentials, resulted in significant reputational and financial damage.

 

Regulators stress the importance of robust key management and timely disclosure in safeguarding user data. Organizations are urged to review password management policies and adopt zero-knowledge architectures.
Read more on Bleeping Computer

5. OpenAI warns new models pose ‘high’ cybersecurity risk

OpenAI has cautioned that its latest AI models pose heightened cybersecurity risks, including potential misuse for automated hacking and phishing campaigns. The company acknowledges that advanced capabilities could accelerate vulnerability discovery and exploitation if weaponized.

OpenAI is implementing safeguards and collaborating with security researchers to mitigate threats while balancing innovation. Experts urge enterprises to monitor AI-driven attack trends and strengthen defenses against adversarial use of generative technologies.
Read more on Reuters

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!