Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
actively-exploited-vulnerabilityphishing-campaign-intelligenceembedded-device-vulnerabilityidentity-authentication-vulnerability

Weekly Cybersecurity News Roundup: Threats, Vulnerabilities, and Smart Home Risks

Updated 2d agoFirst seen Dec 8, 20253 sources

A variety of cybersecurity incidents and trends were reported in early December, including the exposure of zero-day vulnerabilities, new phishing techniques, and the exploitation of smart home devices. Notable events included leaks revealing the use of zero-days by Intellexa to maintain Predator spyware, Google patching multiple security flaws in Chrome and Android (with some actively exploited), and attackers developing new methods to bypass multi-factor authentication in educational organizations. Additionally, there were reports of large-scale breaches, such as the hacking of 120,000 home security cameras in South Korea for illicit purposes, and the abuse of Microsoft Teams notifications for callback phishing attacks.

Security experts emphasized the importance of proactive measures to protect both organizations and individuals. Recommendations included updating software promptly, using strong and unique passwords, enabling multi-factor authentication, and researching device security before purchase. The risks associated with smart home devices were highlighted, with advice on securing IoT devices to prevent opportunistic attacks. These developments underscore the evolving tactics of threat actors and the need for continuous vigilance in both enterprise and consumer environments.

Share:
Weekly Cybersecurity News Roundup: Threats, Vulnerabilities, and Smart Home Risks
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

10 events from the most recent confirmed update back to the earliest known activity.

10 EVENTS
Dec 8, 20257mo ago

Google released Chrome and Android security updates

Google issued updates for Chrome and Android to fix multiple security issues, including vulnerabilities reported as actively exploited in the wild.

Dec 6, 20257mo ago

South Korean camera hack exposed 120,000 home security feeds

Hackers compromised about 120,000 home security cameras in South Korea and used the access to produce sexploitation footage, illustrating the privacy risks of insecure IoT devices.

Dec 5, 20257mo ago

Kohler Dekoda toilet camera exposed over encryption claims

Reporting revealed that the Kohler Dekoda toilet camera was exposed after allegedly misleading users about its encryption protections, raising privacy concerns around health-related IoT devices.

Handala leaked personal data of Israeli Iron Dome engineers

The pro-Palestine group Handala published personal data belonging to Israeli Iron Dome engineers, escalating regional cyber tensions.

Ukraine's DIU Cyber Corps hit major Russian logistics company

Ukraine's military intelligence cyber unit reportedly carried out a major cyberattack on a leading Russian logistics company, causing broad disruption and destroying data.

Uganda introduced offline biometric voter kits ahead of 2026 election

Uganda rolled out offline biometric voter kits to reduce hacking risks in preparation for the 2026 elections.

MédecinDirect disclosed breach affecting nearly 300,000 users

The French teleconsultation platform MédecinDirect suffered a data breach impacting almost 300,000 users; the company said video consultations and medical documents were not affected.

Research linked Indonesia gambling ecosystem to possible state cyber activity

New research suggested Indonesia's gambling ecosystem may be serving as a front for state-sponsored cyber operations.

Threat actors abused Microsoft Teams notifications for callback phishing

Attackers were reported using Microsoft Teams notifications as part of callback phishing campaigns to trick targets into contacting malicious operators.

BT launched a sovereign platform for UK data security

BT introduced a sovereign platform intended to improve data security and regulatory compliance for UK organizations.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

18 LINKEDOpen in app
Threat actors
2 linked
Organizations
16 linked
EufyWyzeMicrosoft CorporationKohlerGoogleAmazonBT GroupAmazon Web ServicesZDNETCalifornia Privacy Protection AgencyMalantaHandalaDIU Cyber CorpsNTV UgandaMédecinDirectPhilips Hue
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.