It's the holiday edition! No I'm kidding it's the same stuff as usual. Sorry.
Apparently there is a chat app that is literally spyware developed by a nation state. This isn't a political blog, but the technical implications are deep. Here's a good writeup.
https://objective-see.com/blog/blog_0x52.html
I'm all about supply chain issues, and this is a really good analysis of risks involved with package managers like npm.
https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/
Someone reverse engineered an RSA token, and is using it to bypass two factor in the wild.
https://www.schneier.com/blog/archives/2019/12/chinese_hackers_1.html
That's the news folks. See you next decade.