ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories
Thursday, December 25, 2025
What
Attackers are utilizing the open-source tool Nezha to gain remote access to compromised systems, reflecting a trend of blending malicious activity with legitimate software. This tactic allows them to evade traditional security measures while maintaining persistence within networks. In parallel, South Korea is implementing facial recognition requirements for new mobile phone number registrations to prevent identity fraud, emphasizing the need for enhanced security measures in response to rising scams.
Where
International focus with specific mention of South Korea and the use of Alibaba Cloud infrastructure in Japan.
When
The Nezha exploitation is ongoing, while the facial recognition policy in South Korea is set to take effect on March 23, following a pilot program.
Key Factors
- •Nezha is being weaponized as a post-exploitation tool for remote access.
- •Facial recognition will be required for mobile number registration in South Korea to combat scams.
- •NFC-abusing Android malware has surged, indicating a growing threat landscape.
Takeaways
- →Organizations must enhance their awareness of legitimate tools being exploited by attackers.
- →The rise in sophisticated scams necessitates stronger identity verification measures.
- →Users should remain vigilant about the applications they install and the permissions they grant.
Opens original article on The Hacker News
