InfoComm | The Mobilized News Network

GO TO: Archives:

Here’s a summary of recent (Nov 30 – Dec 6, 2025) developments in ICT and cybersecurity — both new threats & vulnerabilities and upgrades/system-level responses.

Key Cybersecurity & ICT News (Nov 30 – Dec 6, 2025)

CISA adds exploited vulnerability in OpenPLC ScadaBR to its Known Exploited Vulnerabilities catalog

On Nov 30, 2025, CISA publicly added a security flaw — CVE-2021-26829, an XSS bug in OpenPLC/ScadaBR — to its “actively exploited” catalog.
Impact: This signals that industrial control / SCADA systems remain a high-risk target; infrastructures relying on OpenPLC/ScadaBR must patch or mitigate immediately to avoid compromise. It underscores ongoing threats to critical infrastructure and the need for continuous monitoring and rapid response in ICS/OT (operational technology) environments.

Lumia Security raises US$18 million to build AI-agent security & governance platform

On Dec 5, 2025, security startup Lumia Security announced it had closed an $18M seed round — and added former top official Michael Rogers (ex-NSA / US Cyber Command director) to its advisory board.
Their product aims to give organizations visibility and control over employee/agent interactions with AI systems, monitoring intent, content, and context of AI-agent actions.
Impact: As enterprises rapidly adopt AI tools (for automation, code generation, decision support, etc.), this represents a growing industry focus on governance, compliance, and risk management around generative-AI use. A robust AI-governance layer helps prevent misuse of AI, data leaks, insider threats, and regulatory non-compliance — strengthening corporate cybersecurity posture in a shifting threat landscape.

Emergence of new Android malware — FvncBot — targeting mobile-banking users

On Dec 6, 2025, researchers reported “FvncBot,” a sophisticated malware strain targeting Android devices, first observed on ~Nov 25. It captures keystrokes and drops additional payloads.
Impact: Mobile banking users (especially those on Android) are at increased risk. This highlights the persistent danger from malware even as broader enterprise security matures, emphasizing the need for vigilance, up-to-date security hygiene (e.g., OS updates, secure app practices), and user awareness.

New state-backed malware campaign — Brickstorm — infiltrates IT & government systems in US and Canada

On Dec 4, 2025, agencies in the U.S. and Canada issued an alert about “Brickstorm”: a sophisticated backdoor used by state-linked attackers to infiltrate government/IT systems, including virtualization infrastructure (e.g., VMware vSphere). (Reuters)
Analysts warn this malware could be used for long-term espionage or even sabotage.
Impact: This raises the urgency for organizations (especially public-sector, infrastructure, critical IT providers) to patch systems, audit access rights, rotate credentials, and monitor for malicious persistence. It also spotlights the geopolitical dimension of cyber threats — state-sponsored actors targeting strategic national infrastructure.

Vulnerabilities in widely-used web frameworks & tools — including RCE in React / Next.js and dangerous sandbox bugs in antivirus software — discovered and being exploited

Security coverage from Dec 6, 2025 flags:
- A critical “remote code execution” (RCE) bug in React / Next.js frameworks, potentially exposing millions of web services.
- Privilege-escalation vulnerabilities in the kernel-driver of a major antivirus product (reported by SAFA security researchers).
Impact: This underscores that even “trusted” parts of the modern web stack (frameworks, antivirus tools) remain vulnerable — meaning both developers and end-users need constant vigilance: patch management, dependency hygiene, secure coding, and avoiding blind trust in “security” tools.

Upgrades, Governance & System-Level Responses

Beyond threats and breaches, there are system upgrades and institutional shifts underway — reflecting how ICT and cyber-security are evolving structurally:

The growth of companies like Lumia Security suggests a new layer of “AI-agent governance” is emerging. As AI becomes embedded in workplace tools, this shifts cybersecurity from just “protecting static systems” toward policing dynamic, internal-facing AI workflows. This could become a standard part of enterprise IT & compliance stacks.
Response from agencies like CISA to include ICS/SCADA vulnerabilities (like OpenPLC/ScadaBR) in actively exploited catalogs — plus public alerts on state-sponsored campaigns like Brickstorm — shows cyber defence improving in transparency and coordination, especially for critical infrastructure. That raises baseline requirements for governments, utilities, and large organizations.
On the regulatory/front-end: media and expert reporting highlight a growing push toward “digital trust,” governance, and cyber-governance as core components of ICT infrastructure — particularly in the context of AI, supply-chain risk, and state-sponsored threats.

Broader Implications (Risks, Trends, What to Watch)

Cybersecurity is shifting from perimeter defense to complexity management. As systems become more software-defined (cloud, AI agents, virtualized infrastructure), attackers exploit dependencies — web frameworks, open-source libraries, AI toolbox misuse — rather than just weak passwords or network gaps. Defending means managing complexity, supply chains, dependencies, and dynamic workflows.
State-sponsored, long-term threats are resurging. Malware like Brickstorm shows that nation-state actors remain heavily active — targeting government and IT infrastructure for espionage or sabotage. Organizations and governments will likely need more persistent monitoring, threat-intelligence sharing, and resilience planning.
AI adoption is creating both opportunity and risk — and a new security sub-field. AI-agent governance (as per Lumia’s platform) may become a fundamental part of enterprise security architecture. But it also means more “attack surface” — misuse of AI, data leakage through agents, insider risk, compliance exposure.
End-user endpoints remain vulnerable. New mobile malware, exploits in widely used frameworks (React / Next.js), and vulnerabilities even in antivirus tools show that user devices, web services, and “trusted” applications are still a primary entry point for attackers.
Governance, regulation, and standards are becoming more critical. As cyber threats grow in sophistication and scale, public policy (regulation, cyber-resilience requirements, disclosure mandates) will likely increase, especially for critical sectors and AI-heavy enterprises.

Why This Period Matters — and What it Signals

While there was no single blockbuster event this week, the cluster of reports (new malware strains, state-sponsored campaigns, major vulnerabilities, and emerging AI-governance infrastructure) shows that cybersecurity is accelerating into a new phase — one defined by complexity, scale, and high stakes.

In effect: we are seeing a transition from “once-in-a-while breaches” to an environment of constant cyber-contestation. For organizations, this means cybersecurity must be baked into every layer — from infrastructure to application frameworks, AI usage, policy compliance, and endpoint hygiene. For individuals, it means greater risk and need for awareness: mobile banking, web services, personal data are all in the line of fire.

Here’s a summary of recent (Nov 30 – Dec 6, 2025) developments in ICT and cybersecurity — both new threats & vulnerabilities and upgrades/system-level responses. I also highlight what they mean for the digital system broadly (businesses, users, infrastructure, governance).