This is your weekly cyber news roll-up for the week ending December 5th, 2025. Holiday shopping dominates the threat landscape, with industrial scale fake Christmas and Cyber Monday stores siphoning card data while a massive breach at Korean retail giant Coupang exposes tens of millions of shoppers. At the same time, attackers are burrowing into the software factory, from exposed secrets in cloud code repositories and malicious developer packages to tainted browser extensions that quietly spy on everyday work in customer relationship, finance, and human resources tools. Law enforcement’s takedown of a major crypto mixer shows real pressure on ransomware cash washing, even as mobile devices and airport Wi Fi remind leaders how fragile everyday access can be.

Across the episode, you will hear how attackers exploit hurry, convenience, and shared platforms in very different settings, from North Korean software supply chain campaigns and steganography tools built for espionage, to vendor breaches at financial data providers and cross tenant flaws in cloud services. We explore how weak artificial intelligence governance and powerful low code workflows can be twisted into ransomware launchers, how fake ChatGPT style browsers steal passwords at scale, and why critical bugs in React based web stacks demand rapid attention from builders. Executives, security teams, engineers, and students all get practical context on where trust is eroding and which signals to watch in logs, workflows, and vendor relationships. This weekly roll-up is designed to help you decide what to act on first, and it is available at DailyCyber.news.

Excel is great for many things — but it is not a governance, risk, and compliance (GRC) platform. In this Cyber Talk developed by BareMetalCyber.com, Dr. Jason Edwards sits down with Dean Charlton, Managing Director of DC CyberTech, to unpack why even the most well-intentioned GRC programs stall out when they live in spreadsheets.

Dean walks through the real-world pain points of “Excel-driven” GRC, from version chaos and manual updates to audit gaps and poor visibility for leadership. He then shows how automated, AI-driven GRC solutions can support organizations of all sizes, giving you cleaner data, clearer accountability, and a living view of risk instead of static files.

If you’re still managing controls, risks, and audits in Excel — or you’re afraid a full-blown platform is “too big” for your team — this session will give you practical ways to think differently about tooling, scalability, and where AI can actually help.

In this episode, we pull back the curtain on Shadow SaaS—the hidden world of unsanctioned apps quietly multiplying across the enterprise. You’ll learn how a single “Sign in with Google” click can spawn a durable, invisible connection, why OAuth tokens never seem to die, and how browser extensions and plug-ins form entire shadow ecosystems. We trace the blast radius from data leaks to compliance failures, and show how discovery pipelines, technical guardrails, and smart workflows can expose the sprawl without slowing innovation.

By listening, you’ll sharpen your ability to spot the signs of Shadow SaaS in your own environment, build stronger instincts around risk-based discovery, and gain practical strategies for token management, data protection, and cultural alignment. You’ll walk away with skills to govern SaaS without becoming the “department of no,” turning hidden risk into managed resilience. This episode equips you to secure speed and innovation hand in hand.

Produced by BareMetalCyber.com.