Cyber News 12DEC2025

General

• Android screen-lock scareware targeting Spanish-speaking users. Locks the screen, threatens to delete files (no file encryption, but does have wipe permissions), provides remote access via VNC. Not sure how effective monetisation will be - locking out the mobile channel may also lock out the user's abilities to pay.
  • https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
  • https://www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/
  • https://therecord.media/android-droidlock-malware-demands-ransom-locks-mobile-device
• Interesting social-engineering attack, leveraging trust in LLM outputs. A chat session with an LLM (e.g. ChatGPT, Grok), is setup with a common question, and an LLM-generated-answer, that contains the malicious commands (presumably this is setup through a tainted system command). This chat session is then publicly shared, and distributed through paid search advertisements.
  • https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust
  • https://www.kaspersky.co.uk/blog/share-chatgpt-chat-clickfix-macos-amos-infostealer/29796/
  • https://www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/
• The 'clickfix' attacks just keep growing - this time, guiding users through a login meant for Azure CLI, to gain OAuth tokens.
  The Recommendations section has some useful guidance on detection.
  • https://pushsecurity.com/blog/consentfix
  • https://www.bleepingcomputer.com/news/security/new-consentfix-attack-hijacks-microsoft-accounts-via-azure-cli/
• [UK] Information Commissioners Office (ICO) fine LastPass £1.2m over their 2022 breach. Whilst the ICO may think password data is safe, Krebs' reporting suggests otherwise.
  • https://therecord.media/uk-fines-lastpass-over-1-million-data-breach
  • https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/
  • https://www.theregister.com/2025/12/11/lastpass_ico_fine/
• [US] Identity Theft Resource Center (ITRC) has released a report on the impact of cybercrime on small business.
  Note: The sample size is very small, and the selection of people to survey unlikely to meet academic criteria. It was sponsored by a fraud protection platform (Mitek Systems).
  • https://www.idtheftcenter.org/wp-content/uploads/2025/11/ITRC-2025-Business-Impact-Report.pdf
  • https://www.cybersecuritydive.com/news/cyberattacks-force-small-firms-raise-prices-itrc/807619/
• [US] Wired look at Emergency Data Requests (EDR) - meant to provide information to police in high-impact, time-sensitive situations. The EDR process bypasses normal warrants, paperwork and most oversight. It's been abused by doxers for years.
  • https://www.wired.com/story/doxers-posing-as-cops-are-tricking-big-tech-firms-into-sharing-peoples-private-data/

Getting Techy

• The Mythic C2 (Command and Control) framework is becoming more popular. Kaspersky dive into the details, and how it looks on the wire.
  • (Kaspersky Securelist) https://archive.is/Llxqd
  • https://github.com/its-a-feature/Mythic
  • https://docs.mythic-c2.net/home
• Well, if they're going to build ransomware, best they make mistakes like this...

VolkLocker does not generate encryption keys dynamically. Instead, master keys are hardcoded as hex strings within the binaries. The same master key encrypts all files on a victim system.
Critically, this master key is also written to a plaintext file in the %TEMP% folder, creating a trivial decryption pathway for victims who discover it.

• https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
• https://www.theregister.com/2025/12/11/cybervolk_ransomware_is_back/

Geo-Politics

• [RU] Software developer for the Russian draft system allegedly hacked.

The unified military registration database stores detailed personal data on all military-eligible citizens. It is designed to streamline mobilization and replace the Soviet-era paper registration system used by local draft offices.

• https://therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database
• [US] Wired takes a look at what has and has-not been released as yet in the Epstein files
  • https://www.wired.com/story/a-complete-guide-to-the-jeffrey-epstein-document-dumps/

Privacy

• [US] Wired discuss some of the controversy around Section 702 surveillance powers. Current approval runs to April 2026.
  • https://www.wired.com/story/warnings-mount-in-congress-over-expanded-us-wiretap-powers/

AI

• Want to improve the quality of your AI interactions? Learn Polish!

The study assessed how the largest AI language models...handle intricate language processing across 26 different tongues. To the researchers’ surprise, Polish ranked first in accuracy for highly complex tasks, while English, historically the primary language for AI training data, slid to sixth position.

• https://poland-24.com/polish-surpasses-english-as-top-language-for-complex-ai-tasks-study-reveals/
• OpenAI and Disney trade content for access. Disney gets access to OpenAI tools for its staff, OpenAI gets US$1b and rights to generate licenced content in Sora (video generation).

As part of this three-year licensing agreement, Sora will be able to generate short, user-prompted social videos that can be viewed and shared by fans, drawing on more than 200 Disney, Marvel, Pixar and Star Wars characters.

Agreement will make a selection of these fan-inspired Sora short form videos available to stream on Disney+.

Alongside the licensing agreement, Disney will become a major customer of OpenAI, using its APIs to build new products, tools, and experiences, including for Disney+, and deploying ChatGPT for its employees.

As part of the agreement, Disney will make a $1 billion equity investment in OpenAI, and receive warrants to purchase additional equity.

• (OpenAI) https://archive.is/NMDdb
• https://www.404media.co/disney-invests-1-billion-in-the-ai-slopification-of-its-brand/
• The share market may not be as confident as Oracle, with their large data-centre investment programme.

Shares in Larry Ellison’s database company fell 11 percent in pre-market trading on Thursday

Oracle raised its forecast for capital expenditure this financial year by more than 40 percent to $50 billion. The outlay, largely directed to building data centers, climbed to $12 billion in the quarter, above expectations of $8.4 billion.

Its long-term debt increased to $99.9 billion, up 25 percent from a year ago.

• https://arstechnica.com/information-technology/2025/12/oracle-shares-slide-on-15b-increase-in-data-center-spending/
• GitHub Copilot might not be ready for serious autonomous use just yet. Best to keep a real human in the loop, willing to take over and do things properly.
  • (joshua.hu) https://archive.is/l2aUu
  • (joshua.hu) https://archive.is/kx6P6