Good morning. This is your security briefing for Monday, December 01, 2025, covering three critical developments. All attribution is by the article authors, and all article analysis is automated.
New Zealand's National Cyber Security Centre reports they're now managing approximately one cyber incident per day that could cause national-level harm. The agency warns that ransomware-as-a-service models are enabling low-skilled actors to conduct sophisticated attacks, and emphasizes that third-party supply chain risks are significantly expanding the threat surface for all organizations regardless of size.
Synapticsystems reports that a Russian threat actor is actively exploiting CVE-2025-6218, a directory traversal vulnerability in WinRAR versions up to 7.11, to target Ukrainian entities. The attacks use malicious RAR archives to deploy backdoors like Pteranodon and GammaLoad, abusing Windows living-off-the-land binaries including mshta.exe for remote code execution and data exfiltration.
Security researcher Himanshu Anand discovered multiple compromised high-profile domains, including a europa.eu subdomain, being exploited for SEO poisoning attacks. Attackers injected malicious content into publicly accessible development servers to redirect users searching for trending topics to scam streaming sites, likely exploiting stored cross-site scripting, CMS vulnerabilities, or misconfigurations to abuse domain authority for affiliate fraud.