ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

Chinese operatives used LinkedIn to recruit UK officials via job offers, gathering political intel. Over 31,000 malicious browser extensions were installed, enabling data theft.

Why This Matters

The technical reality of cybersecurity reveals that even trusted platforms like LinkedIn and browsers can be weaponized. The EU’s proposed GDPR changes risk reducing privacy safeguards, while critical flaws in Oracle and IoT devices demonstrate how systemic vulnerabilities scale. The cost of inaction is stark: $237M in crypto laundering and $25M in stolen funds highlight the financial and reputational damage of unpatched systems.

Key Insights

• “Critical Oracle bug (CVE-2025-61757, CVSS 9.8) allows unauthenticated RCE”
• “Browser add-ons turned into data siphons (31,000 installations)”
• “Samourai Wallet used by cybercriminals for $237M in laundering”

Practical Applications

• Use Case: LinkedIn’s recruitment system exploited for espionage
• Pitfall: Overlooking third-party extensions for data leaks

References:

• https://thehackernews.com/2025/11/threatsday-bulletin-0-days-linkedin.html