{"id":34955,"date":"2025-12-06T16:56:48","date_gmt":"2025-12-07T00:56:48","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=34955"},"modified":"2025-12-06T17:30:12","modified_gmt":"2025-12-07T01:30:12","slug":"sb-2025-12-06","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2025\/12\/sb-2025-12-06\/","title":{"rendered":"Security Bits \u2014 6 December 2025"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>A good example of why Bart has been going on and on about secret management in recent conversations with Allison: <a href=\"https:\/\/cyberinsider.com\/massive-gitlab-scan-finds-17000-valid-secrets-in-public-repositories\/\">Massive GitLab scan finds 17,000+ valid secrets in public repositories \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<li>A nice illustration of why Agentic browsers are just not safe to use today: <a href=\"https:\/\/thehackernews.com\/2025\/12\/zero-click-agentic-browser-attack-can.html\">Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li>We told you about Google scanning Gmail and other services to train its AI. Malwarebytes updated their story on this, explaining that they misunderstood the new wording from Google, and they are <em>not<\/em> training their AI on your Gmail: <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/gmail-is-reading-your-emails-and-attachments-to-train-its-ai-unless-you-turn-it-off\">&#91;Correction&#93; Gmail can read your emails and attachments to power &#8220;smart features&#8221; | Malwarebytes<\/a><\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/cyberinsider.com\/google-fixes-two-actively-exploited-android-zero-days-in-december-2025-security-update\/\">Google fixes two actively exploited Android zero-days in December 2025 security update \u2014 cyberinsider.com\/\u2026<\/a> (107 fixes in total)<\/li>\n<li>\u26a0\ufe0f <strong>Android TV Users<\/strong> of <strong>SmartTube:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update\/\">SmartTube YouTube app for Android TV breached to push malicious update \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li><em>&#8220;Until the developer transparently discloses all points publicly in a detailed post-mortem, users are recommended to stay on older, known-to-be-safe builds, avoid logging in with premium accounts, and turn off auto-updates.&#8221;<\/em><\/li>\n<li>The lede story on this <a href=\"https:\/\/isc.sans.edu\/podcast.html\">SANS Internet Stormcast<\/a> episode adds an interesting detail \u2013 the malware protections Google have been incorporating into the Google Play Services (so they can be updated by Google independently of Device manufacturers providing OS updates) appear to be working, because users got notifications that the app appeared to be malicious \u2014 <a href=\"https:\/\/overcast.fm\/+AA4E6RBPgV8\">overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\u26a0\ufe0f <strong>ASUS Users:<\/strong> <a href=\"https:\/\/cyberinsider.com\/asus-patches-critical-vulnerabilities-in-routers-and-pc-software\/\">ASUS patches critical vulnerabilities in routers and PC software \u2014 cyberinsider.com\/\u2026<\/a>\n<ul>\n<li><em>ASUSWRT<\/em> router firmware<\/li>\n<li><em>MyASUS<\/em> app on PCs<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>Another deviously clever ClickFix evolution \u2013 abusing full-screen browser windows to display convincing Windows Update messages with dangerous instructions \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clickfix-attack-uses-fake-windows-update-screen-to-push-malware\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Don&#8217;t paste important code into online prettifier tools, no matter how important the presentation you&#8217;re preparing is: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/code-formatters-expose-thousands-of-secrets-from-banks-govt-tech-orgs\/\">Code beautifiers expose credentials from banks, govt, tech orgs \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Yet another good example of why Bart has been going on and on about secret management in recent conversations with Allison<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fbi-warns-of-virtual-kidnapping-ransom-scams-using-altered-social-media-photos\/\">FBI warns of virtual kidnapping scams using altered social media photos \u2014 www.bleepingcomputer.com\/\u2026<\/a> (more AI-powered chicanery \ud83d\ude41)<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\ud83c\uddea\ud83c\uddfa A nice reminder that there is no such thing as a verified X account: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/eu-fines-x-140-million-over-deceptive-blue-checkmarks-transparency-violations\/\">EU fines X $140 million over deceptive blue checkmarks \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>X are also in trouble for their opaque advertising database, and their blocking of researchers&#8217; access to public data.<\/li>\n<li>This is the result of a Digital Services Act (DSA) investigation into the effectiveness of X&#8217;s measures to combat information manipulation and the dissemination of illegal content.<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-expands-android-scam-protection-feature-to-chase-cash-app-in-us\/\">Google expands Android scam protection feature to Chase, Cash App in U.S. \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>This is a relatively new feature that warns users when dangerous patterns of behaviour are detected, like screen-sharing a financial app<\/li>\n<\/ul>\n<\/li>\n<li>The cybersecurity company GreyNoise launches a free tester to check if your home network is housing any botnet conscripts \u2014 <a href=\"https:\/\/check.labs.greynoise.io\/\">check.labs.greynoise.io\/\u2026<\/a>\n<ul>\n<li>A nice explanation: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/greynoise-launches-free-scanner-to-check-if-youre-part-of-a-botnet\/\">GreyNoise launches free scanner to check if you&#8217;re part of a botnet \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Not a scanner, but a check against GreyNoise&#8217;s DB of IPs observed participating in botnets<\/li>\n<\/ul>\n<\/li>\n<li>Two nice updates from the privacy-focused Swiss company Proton:\n<ul>\n<li><a href=\"https:\/\/cyberinsider.com\/proton-pass-cli-debuts-for-encrypted-vault-access-in-the-terminal\/\">Proton Pass CLI debuts for encrypted vault access in the terminal \u2014 cyberinsider.com\/\u2026<\/a> (Nice follow-up to the latest Taming the Terminal!)<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/proton-launches-encrypted-spreadsheet-tool-proton-sheets\/\">Proton launches encrypted spreadsheet tool Proton Sheets \u2014 cyberinsider.com\/\u2026<\/a> (An End-to-End-Encrypted Google Sheets alternative)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tips, tricks, or advice that are likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/cybersecurity-best-practices\/\">Cybersecurity Best Practices: Essential Tips for Modern Mac Security \u2014 www.intego.com\/\u2026<\/a> (Lots of great advice and minimal up-sell for Intego products)<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong> this made me cry, in the good way \u2014 we love the nerd jokes on XKCD, but Randal Munroe is a true artist, and he shows it when he tackles major life issues: <a href=\"https:\/\/xkcd.com\/3172\/\">Fifteen Years \u2014 xkcd.com\/\u2026<\/a><\/li>\n<li><strong>From Allison:<\/strong> With Alan Dye (responsible for Liquid Glass in Apple OSes 26) leaving to go to Meta, this gave me a good giggle: <a href=\"https:\/\/chaos.social\/@podfeet\/115674856289366779\">chaos.social\/@podfeet&#8230;<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. A good example of why Bart has been going on and on about secret management in recent conversations with Allison: Massive GitLab scan finds 17,000+ valid secrets in public repositories \u2014 cyberinsider.com\/\u2026 A nice [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[7712,5548,2906,50,7711],"class_list":["post-34955","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-agentic-browsers","tag-cybersecurity","tag-gmail","tag-security","tag-securitybits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34955","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=34955"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34955\/revisions"}],"predecessor-version":[{"id":34956,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34955\/revisions\/34956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=34955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=34955"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=34955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}