Trump Administration Plans Mandatory Social Media and Family Data for Foreign Visitors

The Trump administration’s proposed overhaul of the ESTA process may soon force tourists from visa-waiver countries to hand over five years of social media identifiers, along with phone numbers, emails, selfies, and detailed family information—as if a quick vacation requires surrendering your entire digital life to border bureaucrats. Framed as a national security boost ahead of major events like the World Cup, this potential mandate marks another escalation in turning routine travel into a privacy-invasive audit.

While nothing is finalized yet—with a 60-day public comment period underway—this could set a chilling precedent, signaling that free movement comes with compulsory self-censorship and government scrutiny of your online footprint. If you’re wary of surveillance creep eroding personal liberty, these kinds of “security” expansions rarely stop at the border.

More via Reclaim The Net

Yet Another Cloudflare Outage (YACO)

A change deployed at 08:47 UTC on December 5, 2025 caused failures affecting 28% of HTTP traffic, limited to customers using the FL1 proxy with the Managed Ruleset; the China network was unaffected.

The issue, resolved at 09:12, arose during mitigation of a vulnerability in React Server Components known as CVE-2025-55182, including buffer adjustments aligned with Next.js. Disabling an internal WAF testing tool via the global configuration system triggered 500 errors when Lua logic attempted to access a skipped execute action—an old flaw not present in the Rust-based Rust FL2 proxy. The summary also notes the earlier November 18, 2025 incident, outlines planned safeguards such as safer rollouts and fail-open handling, references the use of Lua in the failing code, and mentions 1.1.1.1 among related services.

More via Cloudflare

Conservative Party of Canada Faces Major Cybersecurity Breach Affecting Hundreds of Candidates

A cybersecurity breach at the Conservative Party of Canada (CPC) during the 2025 election compromised hundreds of nomination applications, initially reported as affecting 15 MPs. Discovered on November 17, 2025, via an email from “Rory McTory” containing MPs’ credit reports, the breach exposed detailed personal, financial, and professional information.

CPC communications director Sarah Fischer confirmed victims were notified and that Ottawa Police, RCMP, and the Canadian Centre for Cyber Security are involved. Victims, including MP Jamil Jivani, criticized the party’s accountability. The CPC offers two years of credit monitoring and identity-restoration services.

More via Hill Times


Chinese Hackers Use BRICKSTORM Malware to Target Governments and Critical Technology Systems

Chinese state-sponsored actors are deploying BRICKSTORM, a stealthy backdoor malware, to target governments and IT sectors globally. CISA, NSA, and Canada’s cybersecurity agency issued a Thursday advisory based on eight samples, highlighting long-term persistence, self-reinstall functionality, and capabilities to manipulate files and enable lateral movement. The malware primarily attacks VMware vSphere and Windows systems, stealing credentials, creating hidden virtual machines, and compromising domain controllers and Active Directory Federation Services (ADFS) servers, including cryptographic keys.

CISA noted an April 2024 intrusion into a VMware vCenter server granting persistent access. Crowdstrike and Mandiant observed multiple incidents since 2023 affecting U.S.-based legal firms, SaaS providers, technology companies, and email inboxes of senior leaders, developers, and system administrators. The campaign seeks intellectual property, sensitive data, and long-term surveillance, disruption, or sabotage, underscoring persistent PRC cyber threats to North American and allied networks.

More via The Record

Researchers Discover EtherRAT Malware Exploiting Critical React2Shell Vulnerability

Sysdig researchers discovered EtherRAT, malware exploiting CVE-2025-55182 (React2Shell), disclosed December 3, 2025, by Lachlan Davidson, affecting React Server Components like Next.js. The vulnerability allows unauthenticated Remote Code Execution via unsafe deserialization and was added to CISA’s KEV catalogue on December 5.

Early exploits used cryptominers and China-nexus credential harvesters, but EtherRAT combines methods from three prior campaigns, uses Ethereum smart contracts for C2 across nine nodes, installs five Linux persistence mechanisms, and downloads Node.js from nodejs.org. Analysts link it to North Korean DPRK tooling, including “Contagious Interview” and BeaverTail-style encryption. Experts Casey Ellis (Bugcrowd) and Mike McGuire (Black Duck) emphasize its rapid exploitation, stealthy persistence, and framework-level impact on JavaScript, marking a sophisticated evolution in React2Shell attacks.

More via HackRead

Developers Are Targeted by Malicious VS Code Extensions That Steal Data

Cybersecurity researchers have uncovered three malicious VS Code extensions—BigBlack.bitcoin-black (16 installs, removed Dec 5, 2025), BigBlack.codo-ai (25 installs, removed Dec 8, 2025), and BigBlack.mrbigblacktheme—designed to steal developer data. Disguised as a dark theme or AI coding assistant, they exfiltrate code, emails, Slack messages, clipboard contents, WiFi passwords, and browser sessions. Bitcoin-black triggers on every action, while Codo AI hides malware in a working tool.

Early versions used PowerShell to fetch a ZIP from syn1112223334445556667778889990[.]org, later versions used a batch script with curl to load Lightshot, which runs the malicious Lightshot.dll via DLL hijacking, capturing system data, screenshots, processes, and browser cookies. Broader threats exist in Go (bpoorman/uuid, bpoorman/uid), 420 npm “elf-stats-*” packages, and Rust (finch-rust loading sha-rust).

More via The Hacker News

Elsewhere Online: 

Chinese Salt Typhoon Agents Trained Through Cisco Education Initiative
Read: https://www.wired.com/story/2-men-linked-to-chinas-salt-typhoon-hacker-group-likely-trained-in-a-cisco-academy/

Customer Privacy Risk Petco’s Vetco Site Exposed Medical Records
Read: https://techcrunch.com/2025/12/10/petco-takes-down-vetco-website-after-exposing-customers-personal-information/

Fortinet SSO Flaw Allows Unauthenticated Access Requires Immediate Patching
Read: https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html

Researchers Warn of Unpatched .NET RCE Bug Affecting Enterprise Applications
Read: https://www.theregister.com/2025/12/10/microsoft_wont_fix_net_rce/