Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

DEC 3, 20256 MIN
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

DEC 3, 20256 MIN

Description

<br/> SmartTube Android App Compromise<br/> The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version.<br/> <a href="https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826">https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826</a><br/> <a href="https://github.com/yuliskov/SmartTube/releases/tag/notification">https://github.com/yuliskov/SmartTube/releases/tag/notification</a><br/> Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners<br/> Over the course of two years, a malicious NPM package was updated to evade detection and has now been identified, in part, due to its attempt to bypass AI scanners through prompt injection.<br/> <a href="https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-scanners">https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-scanners</a><br/> Stored XSS Vulnerability via SVG Animation, SVG URL, and MathML Attributes<br/> Angular fixed a store XSS vulnerability.<br/> <a href="https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49">https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49</a><br/>