Daily CISO Briefing Note | December 8, 2025

Welcome reader, here’s today’s Cyber Briefing Note.

Brought to you by:

👣 Smallstep – Secures Wi-Fi, VPNs, ZTNA, SaaS and APIs with hardware-bound credentials powered by ACME Device Attestation

 📊 LockThreat – AI-powered GRC that replaces legacy tools and unifies compliance, risk, audit and vendor management in one platform

Full access to CybersecurityHQ’s deep-dive intelligence, weekly executive cyber briefings, premium research, and analytic tools — $299/year.
Enterprise and team licenses available.

Summary

The past 48 hours included disclosures across government vulnerability notification programs, enterprise VPN appliances, consumer browser extensions, desktop browser security updates, and mobile banking applications in Southeast Asia. These signals arose from unrelated sectors and appeared within the same reporting window through national cybersecurity agency announcements, regional CERT coordination, browser vendor patch cycles, and independent security research publication.

Theme 1: United Kingdom national cybersecurity agency launches proactive vulnerability notification service for internet-facing systems

The National Cyber Security Centre announced the launch of its Proactive Notifications Service as a pilot program delivered in partnership with internet security firm Netcraft. The service uses internet scanning and publicly available information to identify organizations operating software with known vulnerabilities, then delivers plaintext email notifications to system owners advising them to apply software updates. The program scans UK domains and IP addresses within Autonomous System Numbers registered in the country. Source category: government agency announcement. Executive relevance sits in the notification model, which introduces a new external input into enterprise patch management workflows for organizations with UK-based infrastructure.

Theme 2: Japanese national CERT confirms command injection vulnerability in Array Networks secure access gateways under active exploitation

JPCERT/CC published an advisory documenting active exploitation of a command injection vulnerability affecting Array Networks AG Series secure access gateways since August 2025. The vulnerability resides in the DesktopDirect remote desktop access feature and does not have an assigned CVE identifier. Array Networks addressed the issue in ArrayOS version 9.4.5.9 released in May 2025. JPCERT/CC confirmed exploitation in domestic Japanese organizations involving webshell deployment, unauthorized user account creation, and internal network intrusion. Source category: national CERT advisory. Executive relevance sits in the VPN appliance as a perimeter device providing remote access to enterprise applications and workstations.

Theme 3: Security vendor research documents seven-year browser extension campaign with remote code execution capability across Chrome and Edge marketplaces

Koi Security published research documenting a campaign attributed to an actor designated ShadyPanda involving 145 browser extensions across Google Chrome Web Store and Microsoft Edge Add-ons platforms since 2018. Five extensions with approximately 300,000 combined installations received a mid-2024 update enabling hourly remote code execution through arbitrary JavaScript download and execution with full browser API access. Extensions gathered website visit data, encrypted browsing history, and browser fingerprint information. Source category: security vendor research. Executive relevance sits in the browser extension as an enterprise-deployed or BYOD-tolerated component operating within authenticated sessions across corporate and SaaS applications.

Theme 4: Google releases Chrome 143 addressing thirteen vulnerabilities including type confusion in V8 JavaScript engine

Google promoted Chrome version 143.0.7499.40/41 to the stable channel on December 2, 2025, addressing thirteen security vulnerabilities. The most severe issue, CVE-2025-13630, is a type confusion vulnerability in the V8 JavaScript engine reported by an external researcher with an $11,000 bounty award. Additional high-severity issues include CVE-2025-13631 affecting Google Updater, CVE-2025-13632 in DevTools, and CVE-2025-13633, a use-after-free vulnerability in the Digital Credentials component. Source category: browser vendor security advisory. Executive relevance sits in Chrome's deployment across enterprise endpoints and its use of Digital Credentials for authentication to web applications.

Theme 5: Security vendor research documents financially motivated group distributing modified banking applications in Southeast Asian mobile markets

Group-IB published research documenting activity by a group designated GoldFactory distributing modified mobile banking applications targeting users in Indonesia, Thailand, and Vietnam. The research identified over 11,000 infections across more than 300 unique samples of altered banking applications. The modifications inject hooking frameworks including FriHook, SkyHook, and PineHook to bypass application integrity verification and enable credential capture, screen monitoring, and device control. Distribution relied on impersonation of government entities and trusted local brands. Source category: security vendor research. Executive relevance sits in the modification of legitimate banking applications used by workforce populations in regional offices or consumer-facing business operations.

Synthesis

Multiple unrelated sectors appeared within the same reporting window through national CERT coordination, government agency service announcements, browser vendor patch schedules, and independent security research publication timing. (8 themes excluded—covered in prior 48-hour briefings.)

Author
Daniel Michan is the founder of CybersecurityHQ, a CISO-grade intelligence platform read weekly across the Fortune 100. He analyzes identity-centric risk, machine identity failures, SaaS integration breakdowns, and emerging AI-speed threats, producing executive briefings and deep-dive research used by enterprise security leaders for decision support.