DroidLock ransomware is on the rise, targeting Android users in the Spanish-speaking world with phishing-strategy apps. Once installed, it can modify the device’s PIN, display a ransom note over a locked screen, wipe data, record the screen, and show a counterfeit update screen to block user interaction. It does not encrypt files, but it effectively bricks the device until the victim pays.
Google has issued an urgent Chrome update to address its eighth zero-day of 2025, a high-severity flaw with no CVE or technical details released yet. The vulnerability is being exploited in the wild, so users across Windows, macOS, and Linux should update immediately. The patch also fixes two medium-severity issues in Password Manager and Toolbar.
The UK Information Commissioner’s Office (ICO) has fined LastPass £1.2 million for the 2022 data breach, which exposed personal information and encrypted vaults for up to 1.6 million UK users. The breach stemmed from an attacker gaining access via a compromised employee device, which allowed theft of master credentials and cloud backup keys, leading to the exposure of customer vault data stored with GoTo. While vaults remain encrypted, weak master passwords could still be cracked, and some have already been exploited in crypto-related thefts.
Wired reports a doxing operation where attackers impersonate US police to pressure tech companies into handing over private user data through fake emergency requests. The group forges subpoenas, spoofs law-enforcement domains, and uses compromised officer accounts to obtain names, addresses, phone numbers, and more from companies including Apple, Amazon, Charter, and Rumble. They claim to have completed hundreds of requests and even recruited a real deputy to assist, exploiting a long-standing vulnerability in email-based emergency data requests that many companies still rely on.
OpenAI announces defensive enhancements to its models. The latest GPT-5.1-Codex-Max shows a sharp rise in Capture-the-Flag (CTF) challenge scores, from 27% in August to 76% in November. This has sparked concerns about future models assisting in intrusion, zero-day exploit development, or other offensive tasks. In response, OpenAI is strengthening safeguards through access controls, monitoring, red teaming, and a focus on defensive applications. Initiatives like Aardvark, which analyzes code to propose patches, and a Frontier Risk Council aim to bolster defensive AI and coordinate with global experts to mitigate widespread threats.
A Canadian cybersecurity firm, Flare, warns that Docker Hub is a major source of live cloud credentials leakage. An analysis of November-uploaded images found over 10,000 public containers exposing active secrets from more than 100 organizations. These secrets included multiple production keys across cloud services, CI/CD pipelines, and AI platforms, often uploaded from unmanaged “shadow IT” accounts. Even after secrets are revoked, many remain active in images. Flare urges teams to adopt proper secrets management and implement pre-publish scanning.
Hackers are exploiting a cryptographic flaw in Gladinet’s CentreStack and Triofox products, enabling remote code execution. The issue arises from hardcoded AES keys embedded in the software, allowing attackers to decrypt access tickets or forge their own, which can then trigger RCE via a ViewState deserialization flaw. At least nine organizations across healthcare and technology sectors have been affected. Gladinet recommends users update, rotate machine keys, and review logs for signs of compromise.
CyberVolk, a pro-Russian hacktivist group, has relaunched its ransomware-as-a-service called VolkLocker, now leveraging Telegram for automation and management. The ransomware targets Windows and Linux, escalates privileges, and encrypts files. Notably, the operators hardcode the master encryption key in the malware and store it in plaintext in the %TEMP% folder, which could allow victims to recover files without paying. The reliance on Telegram reflects a trend toward lowering the technical barrier for affiliates.
If you’d like, I can tailor this rewrite for a specific audience (technical or non-technical), adjust the tone further, or add comparable real-world examples to illustrate each point.
