Weekly Cybersecurity News Roundup: Threats, Vulnerabilities, and Smart Home Risks
A variety of cybersecurity incidents and trends were reported in early December, including the exposure of zero-day vulnerabilities, new phishing techniques, and the exploitation of smart home devices. Notable events included leaks revealing the use of zero-days by Intellexa to maintain Predator spyware, Google patching multiple security flaws in Chrome and Android (with some actively exploited), and attackers developing new methods to bypass multi-factor authentication in educational organizations. Additionally, there were reports of large-scale breaches, such as the hacking of 120,000 home security cameras in South Korea for illicit purposes, and the abuse of Microsoft Teams notifications for callback phishing attacks.
Security experts emphasized the importance of proactive measures to protect both organizations and individuals. Recommendations included updating software promptly, using strong and unique passwords, enabling multi-factor authentication, and researching device security before purchase. The risks associated with smart home devices were highlighted, with advice on securing IoT devices to prevent opportunistic attacks. These developments underscore the evolving tactics of threat actors and the need for continuous vigilance in both enterprise and consumer environments.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
Google released Chrome and Android security updates
Google issued updates for Chrome and Android to fix multiple security issues, including vulnerabilities reported as actively exploited in the wild.
South Korean camera hack exposed 120,000 home security feeds
Hackers compromised about 120,000 home security cameras in South Korea and used the access to produce sexploitation footage, illustrating the privacy risks of insecure IoT devices.
Kohler Dekoda toilet camera exposed over encryption claims
Reporting revealed that the Kohler Dekoda toilet camera was exposed after allegedly misleading users about its encryption protections, raising privacy concerns around health-related IoT devices.
Handala leaked personal data of Israeli Iron Dome engineers
The pro-Palestine group Handala published personal data belonging to Israeli Iron Dome engineers, escalating regional cyber tensions.
Ukraine's DIU Cyber Corps hit major Russian logistics company
Ukraine's military intelligence cyber unit reportedly carried out a major cyberattack on a leading Russian logistics company, causing broad disruption and destroying data.
Uganda introduced offline biometric voter kits ahead of 2026 election
Uganda rolled out offline biometric voter kits to reduce hacking risks in preparation for the 2026 elections.
MédecinDirect disclosed breach affecting nearly 300,000 users
The French teleconsultation platform MédecinDirect suffered a data breach impacting almost 300,000 users; the company said video consultations and medical documents were not affected.
Research linked Indonesia gambling ecosystem to possible state cyber activity
New research suggested Indonesia's gambling ecosystem may be serving as a front for state-sponsored cyber operations.
Threat actors abused Microsoft Teams notifications for callback phishing
Attackers were reported using Microsoft Teams notifications as part of callback phishing campaigns to trick targets into contacting malicious operators.
BT launched a sovereign platform for UK data security
BT introduced a sovereign platform intended to improve data security and regulatory compliance for UK organizations.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
A week in security (December 1 - December 7) | Malwarebytes
malwarebytes.com
Open sourceWhat'd I Miss? InfoSec Weekend News Roundup for December 5 - 7, 2025
sherpaintelligence.substack.com
Open sourceYour smart home is at risk - 6 ways to protect your devices from attack
zdnet.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


