Last Week in AppSec for 02. December 2025

This Checkmarx AppSec weekly report highlights a resurgence of the Shai-Hulud self-replicating NPM worm (a more aggressive variant that steals GitHub/NPM credentials and can delete files if theft fails), a high-severity node-forge signature validation bypass (CVE-2025-12816), an Apache Syncope hard-coded AES key allowing decryption of stored passwords (CVE-2025-65998), memory-safety vulnerabilities in libxml2/libxslt affecting many XML/XSLT consumers, and multiple GitLab security fixes; the report lists affected versions and provides patching and mitigation guidance.