Project Hyphae
Search

Information Security News – 12/15/2025

Share This Post

CISA Warns Microsoft Windows Users—Log Out and Shut Down

Article Link: https://www.forbes.com/sites/zakdoffman/2025/12/09/cisa-warns-microsoft-windows-users-log-out-and-shut-down/

  • CISA is warning Windows users to log out and fully shut down their PCs before traveling or leaving devices unattended during the holidays.
  • The agency says powering down stops background processes and cuts off network activity, reducing exposure from both remote and in-person attacks while devices sit unused.
  • The guidance comes as the year’s final Windows updates approach and as holiday shopping drives a spike in online threats, with attacks tied to Black Friday and Cyber Monday rising 620%.
  • CISA advises backing up data, shutting down unused computers, and staying alert for fake shopping sites, links, and charities that aim to steal personal and financial details.

Data Brokers are Exposing Medical Professionals, and Turning Their Personal Lives into Open Files

Article Link: https://www.helpnetsecurity.com/2025/12/05/incogni-healthcare-staff-data-exposure-report/

  • A report published by ASIS International, based on analysis from Incogni researchers, found that 97% of 786 U.S. hospital doctors appeared on at least one people-search site.
  • Most doctors were listed across several sites at once, often showing home addresses, phone numbers, relatives, and past locations, with exposure increasing by age and years in practice.
  • The findings echo existing safety concerns in healthcare, where nurses and other staff already report frequent harassment, threats, and unwanted contact.
  • The report explains that data brokers collect public records and third-party data, combine them into searchable profiles, and make personal details easy to find outside the workplace.
  • Asis Report: https://www.asisonline.org/security-management-magazine/latest-news/today-in-security/2025/december/incogni-report-3-in-4-doctors-info-exposed/

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

Article Link: https://www.darkreading.com/threat-intelligence/packer-as-a-service-shanya-hides-ransomware-kills-edr

  • Sophos published new findings on Shanya, a packer-as-a-service (also called PaaS) offering that wraps ransomware in layers meant to bypass security tools.
  • The analysis shows Shanya functions as an EDR killer by loading a legitimate driver alongside a malicious one, then using that access to shut down protection processes before ransomware launches.
  • Activity linked to Shanya has appeared across multiple regions in 2025 and has been associated with groups such as Akira, Medusa, Qilin, and Crytox, along with Booking.com-themed ClickFix campaigns.
  • Sophos outlines defenses that focus on blocking abused drivers, tracking known behaviors, using indicators of compromise, keeping systems current, and training users to spot social engineering.

Threat Landscape Grows Increasingly Dangerous for Manufacturers

Article Link: https://www.darkreading.com/cyberattacks-data-breaches/threat-landscape-increasingly-dangerous-manufacturers

  • Manufacturers remain the most targeted business sector in 2025, driven by downtime sensitivity and gaps in skills and protections that attackers exploit for financial gain.
  • Sophos data from more than 330 manufacturers shows 51% hit by ransomware, with average ransom payments near $1 million and recovery costs close to $1.3 million, while exploited flaws became the top entry point this year.
  • Recent attacks forced shutdowns at firms such as Jaguar Land Rover and Asahi Group, causing production halts, shortages, and losses reaching into the billions.
  • Researchers warn that expanding automation and AI adoption increases data volume and system complexity, prompting the NSA, CISA, and the Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) to publish guidance for manufacturers integrating AI into operational environments.
  • Joint Guidance: https://media.defense.gov/2025/Dec/03/2003834257/-1/-1/0/JOINT_GUIDANCE_PRINCIPLES_FOR_THE_SECURE_INTEGRATION_OF_AI_IN_OT.PDF

Datacenters are Hoarding Grid Power Just in Case, Says Uptime Institute

Article Link: https://www.theregister.com/2025/12/08/uptime_institute_datacenter_grid/

  • A new Uptime Institute report warns that datacenters are reserving far more grid power than they actually use, blocking other customers from connecting to the network.
  • The report explains that grid capacity is allocated on a first-come basis, prompting datacenters and developers to overbook power for future projects that may never materialize.
  • The strain is growing as manufacturing, transportation, and AI workloads increase electricity demand, with AI training creating sharp and irregular power spikes.
  • Governments in the UK and US are responding with rule changes aimed at clearing speculative grid requests, speeding approvals, and favoring flexible power agreements that allow load reductions during grid stress.

Porsche Outage in Russia Serves as a Reminder of the Risks in Connected Vehicle Security

Article Link: https://securityaffairs.com/185398/security/porsche-outage-in-russia-serves-as-a-reminder-of-the-risks-in-connected-vehicle-security.html

  • Hundreds of Porsche vehicles in Russia became undrivable after a failure in the factory-installed satellite alarm system caused engines to shut down or block fuel delivery.
  • Dealers say the issue traces to the Vehicle Tracking System module, which lost connectivity and triggered automatic immobilization across all Porsche models, with service requests spiking after November 28.
  • Some owners restored access by resetting or disabling the alarm module or disconnecting batteries, while dealers continue investigating; Porsche has not commented publicly.
  • The incident shows how connected vehicle systems can become single points of failure, where a malfunction alone can halt vehicles at scale and disrupt mobility.

How Will We Distinguish Truth from Fiction?

Article Link: https://hackernoon.com/how-will-we-distinguish-truth-from-fiction

  • The article argues that AI-made fakes now spread fast because apps can generate realistic voice, face, and video impersonations in seconds, affecting everyday people and businesses.
  • It describes a “reality fatigue” problem: constant checking wears people down, making urgent voice scams and identity theft easier to pull off.
  • For organizations, it flags risks like fake payment requests using a manager’s voice, fake announcements, and employee posts that can feed voice and face cloning.
  • It recommends simple personal habits like a family code word and “pause, then verify via a second channel,” plus workplace controls like dual control for payments, video verification for sensitive requests, and regular tabletop exercises.

Invisible IT is Becoming the Next Workplace Priority

Article Link: https://www.helpnetsecurity.com/2025/12/08/invisible-it-workplace-priority/

  • A new Lenovo report based on a survey of 600 IT leaders finds that digital workplace complexity is slowing down employees, with organizations managing an average of 897 applications and only 28% connected.
  • Nearly half of leaders rank employee experience as their top goal, yet only 36% believe current systems support engagement, largely due to fragmented tools and support workflows.
  • The report introduces “invisible IT,” where predictive support spots issues early and personalized assistance resolves problems before workers notice, with testing showing fewer tickets and faster fixes.
  • Most organizations remain early in this shift, citing disconnected systems, cost concerns, and limited skills, while leaders see future IT roles moving toward productivity and strategic work.
  • Survey: https://news.lenovo.com/pressroom/press-releases/invisible-it-emerges-as-workplace-transformation-evolves/

Student Sells Gov’t, University Sites to Chinese Actors

Article Link: https://www.darkreading.com/threat-intelligence/govt-university-sites-chinese-actors

  • Researchers at Cyderes uncovered a marketplace where a college student in Bangladesh, with ambitions to be a red team cyber defender one day, has been selling access to misconfigured university, government, and court websites through Telegram to fund his education.
  • The student gathered more than 5,200 compromised sites, many tied to education, government, and military sold them cheaply, with higher prices for .edu and .gov domains.
  • While the student was busy paying for his education, investigators found at least 80 running sites and some dirty-rotten buyers were using the access to deploy an innocuous Chinese-language web shell called Beima, which is built to blend into normal web traffic and avoid detection.
  • Cyderes articulates that the underground market consequently points to a broader ecosystem where low-cost website access silently manages servers and supports long-term command-and-control (C2) movement, thereby, resulting in more of a quiet persistence tactic rather than quick profit.


Reach out to our incident response team for help

More To Explore

Information Security News – 12/15/2025

CISA Warns Microsoft Windows Users—Log Out and Shut Down Article Link: https://www.forbes.com/sites/zakdoffman/2025/12/09/cisa-warns-microsoft-windows-users-log-out-and-shut-down/ Data Brokers are Exposing Medical Professionals, and Turning Their Personal Lives into Open

Jo Moldenhauer December 15, 2025

Information Security News – 12/8/2025

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs into Spyware Article link: https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html University of Pennsylvania Joins Victims of Clop’s Oracle EBS Raid Article

Marcus Cylar December 8, 2025

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.