After two glorious weeks off , Metacurity is back with a holiday round-up edition of the top infosec developments you should know, including

--Substation destruction and not cyber expertise likely led to Caracas power outages,
--Denmark says Russia was behind destructive cyberattacks,
--CISA staffers suspended after organizing polygraph test of acting director,
--Chinese cyberattacks on Taiwan jumped in 2025,
--OpenAI says prompt injection attack risks are here to stay,
--European Space Agency confirms breach,
--France’s national postal and banking services were DDoS'ed,
--Hackers scraped Spotify’s entire music library,
--Data breach exposed Korean Air's employee data,
--Coupang is offering compensation to customers after breach,
--New Kimwolf botnet is growing rapidly,
--Salt Typhoon likely infiltrated Australia and New Zealand,
--Zoom Stealer affects 2.2m browser users,
--Former customer service agent busted in Coinbase hack,
--Apple supplier was the target of a cyberattack,
--Cardano users are targeted in new phishing campaign,
--Claims administration company Sedgwick is coping with cyber incident,
--New Glassworm campaign emerges to deliver poisoned crypto wallets,
--Chinese short video TikTok rival Kuaishou targeted in cyberattack,
--Resecurity denies breach and says attackers only hit honeypot,
--Rainbow Six Siege (R6) hit with two breaches,
--Trump lifts sanctions on Intellexa executives,
--Trump prison reform law frees Razzlekhan crypto hack money launderer,
--Cisco will reportedly buy Axonius for $2B,
--Palo Alto Networks eyes buying Koi Security for $400m,
--ServiceNow inked deal to buy Armis for $7.75B,
--Palo Alto Networks and Google Cloud sign $10B partnership deal,
--Access Now runs hotline for potential spyware victims,
--Wegmans wants all your biometrics
https://www.metacurity.com/substation-destruction-and-not-cyber-expertise-likely-led-to-caracas-power-outages/

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code.

https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/

A reminder to all who may have Visa, AmEx, or Master Card gift cards now and in the future. Often you'll wind up with a small balance on them that doesn't make it worthwhile to make a purchase with it online or in a store. Something like US$1.60 or less.

Go to Wikipedia, Archive.org, your local animal shelter, or just about any worthwhile nonprofit and donate that odd amount on their web page.

#donations #nonprofit #giving #Holidays #Christmas #Kwanza

Amazon Web Services announces declarative policies [One of the coolest things I have seen in a while. Can’t wait to try this out!]

https://aws.amazon.com/about-aws/whats-new/2024/12/aws-declarative-policies/

Police fatally shoot man wielding chainsaw in a St. Charles assisted living facility
https://www.chicagotribune.com/2024/12/01/police-fatally-shoot-man-wielding-chainsaw-in-a-st-charles-assisted-living-facility/?utm_source=flipboard&utm_medium=activitypub

Posted into Chicago-area news @chicago-area-news-chicagotribune