UK moves toward mandatory phone surveillance

UK lawmakers have proposed amendments to the Children’s Wellbeing and Schools Bill that would require most smartphones and tablets sold in the UK to include built-in, unremovable surveillance software to combat child sexual abuse material (CSAM). The rules would apply to internet-connected devices under the Product Security and Telecommunications Infrastructure Act 2022 and place legal obligations on manufacturers and distributors.

To comply, devices would need to continuously scan all photos, videos, and livestreams—including encrypted content—on the device, embedding client-side surveillance and weakening end-to-end encryption. Critics point to risks shown in Germany, where nearly half of CSAM reports sent in 2024 via the US-based National Center for Missing and Exploited Children were false, many originating from Meta, Microsoft, and Google.

The bill also mandates age verification for VPN services and bars under-16s from regulated social media, going further than the EU’s contested Chat Control proposal and significantly expanding digital surveillance in the UK.

More via Reclaim The Net

Apple Permanently Disables Longtime Developer’s Account, Bricking Devices

Veteran Apple developer and author Dr. Paris Buttfield-Addison has had his 25-year Apple ID permanently disabled after attempting to redeem a $500 Apple Gift Card for 6TB iCloud+ storage. Purchased from a major retailer, the card was flagged as compromised, and Apple locked his account under “Media Services Terms and Conditions,” rendering over $30,000 in devices—including iPhone, iPad, Apple Watch, Mac, AirPods, Apple TV, and HomePod—unusable and cutting access to purchased software, iMessage, iCloud Photos, and Apple’s Secure File Transfer.

Apple Support refused explanation or escalation, suggesting a new account, which could risk his Developer Program membership. Buttfield-Addison is pursuing resolution through Apple Executive Relations, Australian regulators, ombudsmen, and Federal Member Andrew Wilkie. Media coverage includes Daring Fireball, Apple Insider, Michael Tsai, and The Register; as of mid-December 2025, the issue remains unresolved.

More via Hey Paris

PornHub Extorted After Historical Data Breach by ShinyHunters

PornHub is facing extortion from the hacker group ShinyHunters, which claims to have stolen 94GB of data containing 201 million records of Premium user activity, allegedly from analytics provider Mixpanel. The breach, tied to a November 8, 2025, smishing attack, likely involves historical data last accessed by a PornHub parent company employee in 2023. Only select users are affected, and passwords and financial data remain secure.

The stolen information includes emails, activity types, locations, video URLs, names, keywords, and timestamps. ShinyHunters, known for targeting OpenAI, CoinTracker, Salesforce integration firms, GainSight, and exploiting Oracle E-Business Suite CVE-2025-61884, began sending extortion emails last week. The group is also launching ShinySpid3r, a ransomware-as-a-service platform with Scattered Spider affiliates, cementing its status as a major 2025 cybersecurity threat.

More via Bleeping Computer 

Russian APT28 Targets Ukrainian Webmail in Credential-Theft Campaign

Russian state-sponsored actor APT28—also known as BlueDelta, Fancy Bear, Sofacy, and others—is running a sustained credential-harvesting campaign against users of Ukrainian webmail service UKR[.]net. Observed from June 2024 to April 2025 by Recorded Future, the campaign uses fake login pages on Mocky and Blogger, distributed via PDFs in phishing emails with shortened links and two-tier redirects.

APT28 has shifted from compromised routers to ngrok and Serveo to capture credentials and 2FA codes, targeting intelligence-gathering amid Russia’s war in Ukraine. The effort continues the group’s long-term operations against governments, defense contractors, weapons suppliers, logistics firms, and think tanks.

More via The Hacker News

Canadian Committee Votes to Remove Religious Speech Protections

On December 9, the House of Commons Justice and Human Rights Committee voted to remove Section 319(3)(b) of the Criminal Code, which protects good-faith religious discussion from prosecution. The change is part of the Combating Hate Act (Bill C-9), which targets hate and certain symbols, including those linked to terrorism. The amendment, introduced by Bloc Québécois leader Yves-François Blanchet through MP Rhéal Éloi Fortin and supported by Liberal MPs, was justified as closing a loophole that could allow otherwise illegal speech.

After a marathon session chaired by Liberal MP James Maloney and an eight-hour clause-by-clause review, the amendment passed. Justice Minister Sean Fraser said faith remains protected, but Conservative MP Garnett Genuis warned constitutional rights may not prevent enforcement. Religious groups—including the Canadian Conference of Catholic Bishops, Toronto Cardinal Frank Leo, and the Catholic Civil Rights League—cautioned that removing the exemption and the Attorney General’s consent requirement could expose clergy and believers to politically motivated complaints, creating fear for good-faith religious teaching.

More via Reclaim the Net

Elsewhere Online: 

ReversingLabs Uncovers Poisoned NuGet Packages Impersonating Popular Ethereum Libraries
Read: https://hackread.com/nuget-malicious-packages-steal-crypto-ad-data/

Stolen AWS Credentials Enable Fast Cryptomining Operations Across Cloud Services
Read: https://www.darkreading.com/cloud-security/attackers-use-stolen-aws-credentials-cryptomining

Kaspersky Identifies New Wave of Targeted Phishing Directed at Russian Universities
Read: https://thehackernews.com/2025/12/new-forumtroll-phishing-attacks-target.html

European Police Crack Down on Sophisticated Ukrainian Banking Fraud Ring
Read: https://www.infosecurity-magazine.com/news/european-investigators-12m-call/

Michigan Attorney General Warns Millions Following Major 700Credit Security Breach
Read: https://techcrunch.com/2025/12/12/data-breach-at-credit-check-giant-700credit-affects-at-least-5-6-million/