Wednesday War Room – 12/03/2025

The past three days have been a whirlwind of critical supply chain attacks, massive data breaches, and actively exploited zero-days.

Author

J.W. Croley
December 03, 2025

In partnership with

Run ads IRL with AdQuick

With AdQuick, you can now easily plan, deploy and measure campaigns just as easily as digital ads, making them a no-brainer to add to your team’s toolbox.

You can learn more at www.AdQuick.com

Welcome to December! As we enter the final stretch of the year, threat actors are showing no signs of slowing down. It seems the only thing spreading faster than holiday cheer is malware.

Let's unwrap the latest threats.

DPRK's 'Contagious Interview' Spawns Malicious NPM Package Factory

Risk Level: Critical  

Business Impact: Massive supply chain compromise targeting software developers, widespread credential theft, and significant threat to the integrity of the open-source ecosystem

What You Need to Know: North Korean attackers have delivered more than 197 malicious packages with 31,000+ downloads since October 10, as part of ongoing state-sponsored activity to compromise software developers. The campaign uses fake job interviews and test assignments to lure blockchain and Web3 developers into installing malicious NPM packages that deliver OtterCookie malware.

Why This Matters:

  • This attack demonstrates the sophistication of nation-state actors in targeting the software supply chain.

  • The campaign's persistence and scale make it one of the most prolific NPM exploitation campaigns to date.

  • The attack underscores the critical need for enhanced developer security awareness and supply chain protection measures.

Executive Actions:

💻 Review and enhance your organization's software supply chain security program to protect against malicious package infiltration.

🔗 Implement dependency governance as a top-level security discipline with enhanced scrutiny of package maintainers.

⚙️ Deploy contemporary risk tools to detect obfuscated code, post-install hooks, and unexpected network activity in packages.

🤝 Educate development teams about social engineering tactics used in fake recruitment campaigns.

Coupang Data Breach Impacts 33.7 Million Customers

Risk Level: Critical

Business Impact: Massive data breach affecting a large number of individuals, potential for widespread identity theft and fraud, and a major blow to customer trust in the retail sector

What You Need to Know: South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. This represents one of the largest retail sector breaches in recent history with significant regional economic implications.

Why This Matters: 

  • The attack reinforces that the retail industry remains a top target for cybercriminals seeking valuable customer data.

  • The incident highlights the importance of comprehensive security programs that include robust privacy and data protection policies.

  • The breach demonstrates the need for strong incident response plans with clear customer notification processes.

Executive Actions: 

🛒 Review and enhance your organization's security and privacy programs to ensure protection against the latest threats.

🔒 Implement and enforce strong data loss prevention (DLP) controls to protect sensitive customer data from exfiltration.

📢 Develop a clear and consistent process for communicating with customers and the public during data breach incidents.

🤝 Engage with legal and compliance teams to ensure adherence to all applicable data protection regulations.

Google Patches Two Actively Exploited Android Zero-Days

Risk Level: Critical

Business Impact: Widespread exposure to mobile device compromise, potential for significant data loss and financial fraud, and a major threat to the security of the Android ecosystem

What You Need to Know: Google has released its December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws that are being actively exploited in targeted attacks. The framework bugs represent critical mobile platform security issues with confirmed active exploitation.

Why This Matters: 

  • The attack demonstrates that mobile devices continue to be prime targets for sophisticated attackers.

  • The incident highlights the importance of comprehensive mobile security programs beyond basic device management.

  • The active exploitation underscores the need for rapid patch deployment and mobile incident response capabilities.

Executive Actions: 

📱 Review and enhance your organization's mobile security program to ensure protection against the latest mobile threats.

🔗 Implement and enforce strong mobile device management (MDM) controls to protect sensitive data on mobile devices.

⚙️ Develop and test a comprehensive mobile incident response plan with clear compromise response procedures.

🤝 Partner with industry peers to share mobile threat intelligence and security best practices.

Leadership Insight:

This week's threats paint a clear picture of an expanding and evolving attack landscape. 

From sophisticated nation-state campaigns targeting our software supply chains to massive retail breaches affecting millions of consumers, the threats are becoming more persistent, more targeted, and more damaging. As leaders, we must recognize that cybersecurity is no longer just an IT issue…

It's a fundamental business risk that requires board-level attention, comprehensive investment, and organization-wide commitment.

The attackers are patient, well-funded, and increasingly sophisticated. Our defenses must match their determination.

The Future of Shopping? AI + Actual Humans.

AI has changed how consumers shop, but people still drive decisions. Levanta’s research shows affiliate and creator content continues to influence conversions, plus it now shapes the product recommendations AI delivers. Affiliate marketing isn’t being replaced by AI, it’s being amplified.

Korean IP Camera Hacking Ring Busted

Risk Level: High

Business Impact: Massive privacy violation affecting thousands of individuals, potential for widespread reputational damage, and a major blow to public trust in IoT devices

What You Need to Know: The Korean National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and selling stolen footage to foreign adult sites. This represents a massive privacy violation and highlights critical IoT security failures.

Why This Matters:

  • The attack serves as a stark reminder that IoT devices are increasingly attractive targets for cybercriminals.

  • The incident highlights the importance of comprehensive IoT security programs that include device management and monitoring.

  • The breach demonstrates the need for strong incident response plans specifically addressing IoT device compromises.

Executive Actions: 

📷 Review and enhance your organization's IoT security program to ensure protection against device-based attacks.

🔒 Implement and enforce strong IoT device management controls to protect against unauthorized access and data exfiltration.

📢 Develop clear communication processes for addressing IoT device compromises with customers and stakeholders.

🤝 Engage with legal and compliance teams to ensure IoT deployments meet all applicable privacy and data protection requirements.

Lazarus APT Targets Remote Workers in Sophisticated Scheme

Risk Level: Critical

Business Impact: Significant threat to organizations with remote workforces, potential for widespread data breaches and financial losses, and a major challenge to remote work security

What You Need to Know: Security researchers have captured the Lazarus APT's remote-worker scheme live on camera. The North Korean threat actors are conducting sophisticated social engineering operations to infiltrate organizations through their remote workers, representing an evolution in nation-state targeting tactics.

Why This Matters: 

  • The attack demonstrates that remote workers have become prime targets for sophisticated nation-state actors.

  • The incident highlights the importance of comprehensive remote work security programs beyond basic VPN access.

  • The campaign underscores the need for enhanced security awareness training, specifically addressing remote work threats. Regulatory penalties for insurance data breaches can be severe and long-lasting.

Executive Actions:

🧑‍💻 Review and enhance your organization's remote work security program to address nation-state-level threats.

🔗 Implement and enforce strong remote access controls with multi-factor authentication and zero-trust principles.

⚙️ Develop and test comprehensive remote work incident response plans with clear compromise identification procedures.

🤝 Partner with threat intelligence providers to stay informed about evolving nation-state tactics targeting remote workers.

University of Pennsylvania Confirms New Oracle Breach

Risk Level: High 

Business Impact: Significant data breach affecting a major university, potential for widespread identity theft and fraud, and a major blow to student and faculty trust

What You Need to Know: The University of Pennsylvania has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. This breach highlights the ongoing targeting of universities and their valuable intellectual property and personal data.

Why This Matters: 

  • The attack reinforces that the higher education sector remains a top target for cybercriminals seeking valuable data.

  • The incident highlights the importance of comprehensive security programs that protect both intellectual property and personal data.

  • The breach demonstrates the need for strong incident response plans with clear stakeholder notification processes.

Executive Actions:

🎓 Review and enhance your organization's security and privacy programs to ensure comprehensive data protection.

🔒 Implement and enforce strong data loss prevention controls specifically protecting intellectual property and personal information.

📢 Develop clear communication processes for notifying students, faculty, and stakeholders during security incidents.

🤝 Engage with legal and compliance teams to ensure adherence to education sector data protection requirements.

⚙️ Immediate Leadership Checklist ⚙️

🔄 Assess Software Supply Chain Security: Have you implemented comprehensive controls to detect and prevent malicious package infiltration?

📦 Review Retail Security Posture: If in retail, have you conducted recent assessments of customer data protection controls and incident response capabilities?

🧠 Strengthen Remote Work Security: Have you enhanced remote work security programs to address nation-state level threats and social engineering?

📊 Evaluate Mobile Security Program: Do you have comprehensive mobile security controls that address both corporate and BYOD devices?

📜 Inventory and Secure IoT Devices: Have you identified all IoT devices on your network and implemented appropriate security and privacy controls?

💡 Stay vigilant, stay informed, and never underestimate the creativity of those who wish us harm. 💡

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Want to get the most out of ChatGPT?

ChatGPT is a superpower if you know how to use it correctly.

Discover how HubSpot's guide to AI can elevate both your productivity and creativity to get more things done.

Learn to automate tasks, enhance decision-making, and foster innovation with the power of AI.