Welcome to your daily cybersecurity podcast.
The Linux kernel 5.4 officially reaches end-of-life. After years of LTS support, this version—massively deployed across Ubuntu, Android, and embedded systems—will no longer receive upstream security patches. This creates a critical risk for industrial and network equipment remaining on this version without a rapid migration path.
Check Point dissects the ValleyRAT backdoor and its kernel-mode rootkit following a public builder leak. The malware features 19 plugins and a digitally signed driver for file hiding and process protection. 85% of detected samples appeared in the last six months, complicating attribution to specific state actors.
Google patches CVE-2025-13223, the eighth actively exploited Chrome zero-day of the year. This type-confusion vulnerability in the V8 JavaScript engine allows memory manipulation without complex user interaction, continuing a pattern of espionage-focused exploitation.
Anonymous hackers breach Mikord, the alleged developer of Russia’s unified military registry. Internal documents and source code were transferred to the anti-war NGO Idite Lesom, confirming the firm’s role in the military project. The breach occurs amidst a context of bidirectional cyber escalation following attacks on Ukrainian registries.
Flare identifies over 10,000 Docker Hub images exposing active credentials. The leak affects Fortune 500 companies and includes 4,000 AI model API tokens. The primary vector is Shadow IT, with unmonitored contractor accounts exposing client data that remains valid even after the images are deleted.
Finally, CISA adds two vulnerabilities to its Known Exploited Vulnerabilities catalog. The flaws affect WinRAR (CVE-2025-6218), allowing arbitrary code execution via archives, and the Windows Cloud Files driver (CVE-2025-62221), enabling privilege escalation. Both are confirmed to be exploited in the wild.
We don’t think, we patch!
Sources:
Linux Journal:https://www.linuxjournal.com/content/linux-kernel-54-reaches-end-life-time-retire-workhorse
Check Point Research:https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/
Malwarebytes:https://www.malwarebytes.com/blog/news/2025/12/another-chrome-zero-day-under-attack-update-now
The Record:https://therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database
Bleeping Computer:https://www.bleepingcomputer.com/news/security/over-10-000-docker-hub-images-found-leaking-credentials-auth-keys/
Security Affairs:https://securityaffairs.com/185523/security/u-s-cisa-adds-microsoft-windows-and-winrar-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Your feedback is welcome.
Email: radiocsirt@gmail.com
Website:https://www.radiocsirt.com
Weekly Newsletter:https://radiocsirtintl.substack.com