Welcome to BSafes Library
BSafes library includes mobile-friendly cybersecurity publications.
News
January 13, 2026
Meta fixes Instagram password reset flaw, denies data breach Full Text
Abstract
Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data.Cyware
January 13, 2026
“TryCloudflare” Abuse: AsyncRAT Exploits Free Tunnels to Build Stealthy WebDAV Network Full Text
Abstract
A new report from Trend Micro details how threat actors are abusing Cloudflare’s free-tier services and TryCloudflare tunneling domains to host malicious WebDAV servers, effectively hiding their command-and-control infrastructure.Cyware
January 13, 2026
CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks Full Text
Abstract
?The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks.Cyware
January 13, 2026
Facebook login thieves now using browser-in-browser trick Full Text
Abstract
Cybercriminals over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials.Cyware
January 13, 2026
Hacker gets seven years for breaching Rotterdam and Antwerp ports Full Text
Abstract
The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. The man was arrested in 2021 and convicted in 2022 by the Amsterdam District Court.Cyware
January 13, 2026
Spanish police disrupt Black Axe, arrest alleged leaders in action spanning four cities Full Text
Abstract
Authorities arrested 34 alleged cybercriminals in Spain, including some leaders of Black Axe, a transnational criminal organization responsible for adversary-in-the-middle scams such as business email compromise, and money laundering.Cyware
January 12, 2026 – Government
North Korea–linked APT Kimsuky behind quishing attacks, FBI warns Full Text
Abstract
North Korea–linked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns.Security Affairs
January 12, 2026 – Phishing
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors Full Text
Abstract
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.The Hacker News
January 9, 2026 – Vulnerabilities
Cisco Snort 3 Security Flaws Threaten Network Inspection Full Text
Abstract
Two critical flaws in Cisco Snort 3, identified as CVE-2026-20026 and CVE-2026-20027, pose significant risks to network inspection processes. These vulnerabilities allow unauthenticated attackers to disrupt inspection or leak sensitive data.ESecurity Planet
January 9, 2026 – Breach
EEOC experienced security incident involving contractor’s ‘unauthorized’ access, email says Full Text
Abstract
The Equal Employment Opportunity Commission (EEOC) experienced a security incident involving unauthorized access by a contractor's employees. This breach affected the EEOC's Public Portal system.Next Gov
January 9, 2026 – Breach
Chinese hackers targeted email systems of US congressional staff, people familiar say Full Text
Abstract
Chinese state-aligned hacking group, Salt Typhoon, has allegedly targeted the email systems of U.S. congressional staff. This breach is part of a broader pattern of cyber threats against U.S. government entities.Next Gov
January 9, 2026 – Vulnerabilities
Critical RCE Vulnerability in Hitachi Energy Asset Suite Full Text
Abstract
A critical vulnerability has been identified in the Hitachi Energy Asset Suite, specifically within the Jasper Report component. This vulnerability, identified as CVE-2025-10492, allows for remote code execution (RCE) attacks.CISA
January 9, 2026 – Attack
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging Full Text
Abstract
A new campaign, codenamed Boto Cor-de-Rosa, is using WhatsApp to distribute the Astaroth banking trojan across Brazil. This malware targets users by automatically sending malicious messages to their WhatsApp contacts.The Hacker News
January 9, 2026 – Botnet
50,000 Servers Exposed as GoBruteforcer Scales Brute-Force Attacks Full Text
Abstract
The GoBruteforcer botnet is aggressively targeting Linux servers worldwide, exploiting weak and reused credentials to gain access. Over 50,000 servers are at risk due to exposed infrastructure.ESecurity Planet
January 9, 2026 – Malware
GenDigital Research Exposes AuraStealer Infostealer Tactics Full Text
Abstract
AuraStealer is a sophisticated MaaS infostealer targeting Windows systems. It employs advanced evasion techniques and social engineering to steal sensitive data, posing significant risks to both individual users and enterprise environments.ESecurity Planet
January 9, 2026 – Government
FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs Full Text
Abstract
The FBI issued a warning regarding Kimsuky that is using malicious QR codes in spearphishing campaigns. These campaigns target U.S. organizations involved in North Korea-related policy, research, and analysis.Bleeping Computer
January 8, 2026 – Malware
Malicious NPM Packages Deliver NodeCordRAT Full Text
Abstract
Zscaler ThreatLabz identified three malicious npm packages in November 2025—bitcoin-main-lib, bitcoin-lib-js, and bip40—that deliver NodeCordRAT, a remote access trojan (RAT) with data-stealing capabilities.ZSCalar
January 8, 2026 – Vulnerabilities
Microsoft: Classic Outlook bug prevents opening encrypted emails Full Text
Abstract
Microsoft is investigating a bug in classic Outlook that prevents recipients from opening encrypted emails with "Encrypt Only" permissions after a recent update. Affected users see a message_v2.rpmsg attachment instead of readable content.Bleeping Computer
January 8, 2026 – Phishing
Misconfigured email routing enables internal-spoofed phishing Full Text
Abstract
Attackers are abusing misconfigured email routing and spoof protections to send phishing emails that appear to be from within an organization. These emails often use themes like HR notices, password resets, and shared documents to deceive recipients.Security Affairs
January 8, 2026 – Breach
Major Data Breach Hits Company Operating 150 Gas Stations in the US Full Text
Abstract
A major data breach has impacted Gulshan Management Services, a Texas-based company operating over 150 gas stations under the Handi Plus and Handi Stop brands. The breach exposed sensitive personal information of more than 377,000 individualsHack Read
January 8, 2026 – Vulnerabilities
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication Full Text
Abstract
Veeam has released patches for multiple vulnerabilities in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability, CVE-2025-59470, with a CVSS score of 9.0.The Hacker News
January 8, 2026 – General
Telecommunications Sector Sees a Four-fold Jump in Ransomware Attacks in last 4 Years: Report Full Text
Abstract
The telecommunications sector experienced a four-fold increase in ransomware attacks over the past 4 years. This sector is a critical component of national infrastructure, making it a prime target for both ransomware groups and nation-state actors.The Cyber Express
January 7, 2026 – Criminals
Cyber Counterintelligence (CCI): When ‘Shiny Objects’ trick ‘Shiny Hunters’ Full Text
Abstract
The cybercriminal group known as "The Com," which includes subgroups like "Shiny Hunters" and "Scattered Lapsus$ Hunters," is involved in significant cybercriminal activities, including data breaches and extortion.ReSecurity
January 7, 2026 – Vulnerabilities
Google fixes critical Dolby Decoder bug in Android January update Full Text
Abstract
A critical vulnerability, CVE-2025-54957, in the Dolby audio decoder has been addressed in the January 2026 Android security update. This flaw affects Dolby DD+ decoders and poses a significant risk to Android devices.Security Affairs
January 7, 2026 – Government
UK government injects £210M into cybersecurity overhaul Full Text
Abstract
The UK Government has announced an investment of £210 million to bolster cybersecurity across its public services. This Government Cyber Action Plan aims to enhance the security of digital public services to the level of critical infrastructure.The Register
January 7, 2026 – General
Taiwan says China’s attacks on its energy sector increased tenfold Full Text
Abstract
The number of cyberattacks on Taiwan's energy sector increased by 1,000% in 2025 compared to 2024, making it the most targeted sector among nine critical infrastructure categories.Bleeping Computer
January 7, 2026 – Vulnerabilities
High-Severity Flaw in Open WebUI Affects AI Connections Full Text
Abstract
A high-severity vulnerability has been identified in Open WebUI, affecting versions 0.6.34 and older. This flaw, with a severity rating of 7.3, poses risks of account takeover and server compromise when the Direct Connections feature is enabled.Infosecurity Magazine
January 7, 2026 – Malware
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users Full Text
Abstract
Two malicious Chrome extensions have been identified, targeting over 900,000 users by exfiltrating conversations from ChatGPT and DeepSeek. These extensions impersonate legitimate ones and request permissions to collect anonymized data.The Hacker News
January 7, 2026 – Vulnerabilities
Columbia Weather Systems MicroServer Vulnerabilities Allow Unauthorized Access Full Text
Abstract
The Columbia Weather Systems MicroServer is affected by multiple vulnerabilities that could allow attackers to redirect SSH connections, gain admin access to the web portal, and obtain limited shell access.CISA
January 7, 2026 – Vulnerabilities
New D-Link flaw in legacy DSL routers actively exploited in attacks Full Text
Abstract
A critical command injection vulnerability, identified as CVE-2026-0625, has been discovered in legacy D-Link DSL routers. This flaw allows unauthenticated attackers to execute arbitrary commands remotely.Bleeping Computer
January 6, 2026 – Malware
VVS Stealer Uses Advanced Obfuscation to Target Discord Users Full Text
Abstract
VVS Stealer is a Python-based malware targeting Discord users, employing advanced obfuscation techniques to extract sensitive data. It primarily focuses on stealing Discord tokens and browser information.Infosecurity Magazine
January 6, 2026 – Vulnerabilities
VSCode IDE forks expose users to “recommended extension” attacks Full Text
Abstract
AI-powered IDEs forked from Microsoft VSCode, such as Cursor, Windsurf, Google Antigravity, and Trae, are vulnerable to "recommended extension" attacks. These IDEs recommend extensions that are not present in the OpenVSX registry.Bleeping Computer
January 6, 2026 – Breach
California urgent care clinic notifies patients of data breach that compromised SSNs, medical info Full Text
Abstract
Pulse Urgent Care Center in Redding, California, experienced a data breach in March 2025, compromising sensitive patient information, including Social Security numbers, driver's license numbers, medical information, and health insurance details.CompariTech
January 6, 2026 – Vulnerabilities
Researchers Warn of Data Exposure Risks in Claude Chrome Extension Full Text
Abstract
The Claude Chrome extension, developed by Anthropic, poses significant data exposure risks. This extension allows AI to browse and interact with websites on behalf of users, potentially bypassing traditional web security measures.Hack Read
January 6, 2026 – Vulnerabilities
SlowMist Flags Potential Security Risk at HitBTC Exchange Full Text
Abstract
A critical security vulnerability has been identified at the HitBTC Exchange by the blockchain security researchers. Despite attempts to responsibly disclose the issue, HitBTC has not responded.The Cyber Express
January 6, 2026 – Attack
Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government Full Text
Abstract
UAC-0184 has been targeting Ukrainian military and government entities using the Viber messaging platform. The attack involves distributing malicious ZIP archives containing LNK files disguised as Microsoft Word and Excel documents.The Hacker News
January 6, 2026 – Breach
Crimson Collective Claims Breach of U.S. Fiber Broadband Provider Brightspeed Full Text
Abstract
The hacking group Crimson Collective has claimed responsibility for a significant data breach involving the U.S. fiber broadband provider Brightspeed. The breach reportedly affects over a million residential customers.The Cyber Express
January 6, 2026 – Attack
Cloud file-sharing sites targeted for corporate data theft attacks Full Text
Abstract
A threat actor known as Zestix is actively selling corporate data stolen from cloud file-sharing services such as ShareFile, Nextcloud, and OwnCloud. The data theft is facilitated by info-stealing malware like RedLine, Lumma, and Vidar.Bleeping Computer
January 6, 2026 – Attack
Russian hackers target European hospitality industry with ‘blue screen of death’ malware Full Text
Abstract
A sophisticated malware campaign, attributed to Russian cybercriminals, is targeting the European hospitality industry. The attack uses a fake "Blue Screen of Death" to deceive victims into downloading the DCRat malware.The Record
January 5, 2026 – Phishing
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign Full Text
Abstract
Cybercriminals are abusing Google Cloud's Application Integration service to conduct a sophisticated phishing campaign. The attackers use the email address "noreply-application-integration@google[.]com" to send phishing emails that appear legitimate.The Hacker News
January 5, 2026 – Vulnerabilities
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass Full Text
Abstract
Over 10,000 Fortinet firewalls are currently exposed to a critical two-factor authentication (2FA) bypass vulnerability, CVE-2020-12812. This flaw allows attackers to log in without the second factor of authentication by altering the username's case.Bleeping Computer
January 5, 2026 – Breach
Cryptocurrency theft attacks traced to 2022 LastPass breach Full Text
Abstract
Ongoing cryptocurrency thefts have been traced back to the 2022 LastPass breach, where attackers stole encrypted vaults containing cryptocurrency wallet private keys and seed phrases.Bleeping Computer
January 5, 2026 – Criminals
Cybercrook claims to sell critical info about utilities Full Text
Abstract
A cybercriminal claims to have breached Pickett and Associates and is selling 139 GB of sensitive engineering data related to three major US utilities: Tampa Electric Company, Duke Energy Florida, and American Electric Power.The Register
January 5, 2026 – Breach
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary Full Text
Abstract
Sedgwick Government Solutions, a subsidiary of Sedgwick, experienced a cybersecurity incident involving the TridentLocker ransomware gang, which claimed to have stolen 3.4 gigabytes of data.The Record
January 5, 2026 – Breach
Latest Oracle EBS Victims Include Korean Air, University of Phoenix Full Text
Abstract
The CL0P ransomware group has targeted Oracle EBS vulnerabilities, affecting organizations such as Korean Air and the University of Phoenix. The University of Phoenix reported a breach compromising personal data of nearly 3.5 million individuals.The Cyber Express
December 30, 2025 – Phishing
Fake Grubhub emails promise tenfold return on sent cryptocurrency Full Text
Abstract
Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified cryptocurrency wallet.Bleeping Computer
December 30, 2025 – APT
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor Full Text
Abstract
Researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and India.Security Affairs
December 30, 2025 – Breach
Korean Air discloses data breach after the hack of its catering and duty-free supplier Full Text
Abstract
Korean Air suffered a data breach after its in-flight catering supplier Korean Air Catering & Duty-Free (KC&D) was hacked, exposing personal data of ~30,000 employees of Korean Air employees.Security Affairs
December 30, 2025 – Criminals
Hacker arrested for KMSAuto malware campaign with 2.8 million downloads Full Text
Abstract
A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software.Bleeping Computer
December 30, 2025 – Breach
Two more banks notifying thousands of victims about Marquis Software ransomware attack Full Text
Abstract
Two U.S. banks have come forward to warn customers they were impacted by an August ransomware attack. Artisans' Bank and VeraBank informed regulators in Maine last week that recent data breaches were sourced back to a cyberattack on Marquis Software.The Record
December 30, 2025 – Hacker
Chinese state hackers use rootkit to hide ToneShell malware activity Full Text
Abstract
A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.Bleeping Computer
December 26, 2025 – Government
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks Full Text
Abstract
The FCC has announced a ban on foreign-made drones and critical components, citing national security risks. This decision is grounded in the 2025 National Defense Authorization Act (NDAA) and aims to protect U.S. airspace.The Hacker News
December 26, 2025 – Government
Japan Adopts New Cybersecurity Strategy to Counter Rising Cyber Threats Full Text
Abstract
The new strategy identifies cyber operations linked to China, Russia, and North Korea as significant threats. These attacks have targeted public institutions, private companies, and essential services, leveraging advanced technologies like AI.The Cyber Express
December 26, 2025 – Phishing
Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media Full Text
Abstract
The Nomani investment scam has surged by 62%, utilizing AI deepfake ads on social media platforms to deceive users. This alert provides an overview of the scam's tactics, improvements in AI-generated content, and the broader implications of ad fraud.The Hacker News
December 26, 2025 – Government
CISA Releases One Industrial Control Systems Advisory Full Text
Abstract
The vulnerabilities in Mitsubishi Electric Air Conditioning Systems could potentially allow unauthorized access or control over the systems, leading to disruptions in operations and potential safety hazards.CISA
December 25, 2025 – General
NIST, MITRE announce $20 million research effort on AI cybersecurity Full Text
Abstract
The NIST and The MITRE Corporation have announced a $20 million initiative to establish two new research centers focused on artificial intelligence (AI) and its impact on cybersecurity for U.S. critical infrastructure.Cyber Scoop
December 25, 2025 – Malware
Webrat, disguised as exploits, is spreading via GitHub repositories Full Text
Abstract
The Webrat malware campaign is actively targeting inexperienced security professionals and students by disguising itself as exploits for high-profile vulnerabilities. The campaign exploits vulnerabilities with high CVSSv3 scores.Secure List
December 25, 2025 – Criminals
Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever Full Text
Abstract
The Chinese-speaking crypto scam markets on Telegram, specifically Tudou Guarantee and Xinbi Guarantee, have become the largest darknet markets in history. These markets facilitate nearly $2 billion in monthly transactions.Wired
December 25, 2025 – Vulnerabilities
React2Shell Explained (CVE-2025-55182): From Vulnerability Discovery to Exploitation Full Text
Abstract
React2Shell is a critical RCE vulnerability affecting React Server Components and the React Flight protocol. This vulnerability allows unauthenticated attackers to execute arbitrary code on vulnerable servers through a single crafted HTTP request.ReSecurity
December 25, 2025 – Privacy
Inside Uzbekistan’s nationwide license plate surveillance system Full Text
Abstract
Uzbekistan's nationwide license plate surveillance system has been exposed to the internet without a password. This lapse reveals the real-time locations of surveillance cameras and millions of photos and videos of vehicles.Tech Crunch
December 25, 2025 – Vulnerabilities
MongoDB warns admins to patch severe RCE flaw immediately Full Text
Abstract
MongoDB has issued an urgent advisory for IT administrators to patch a critical remote code execution (RCE) vulnerability, CVE-2025-14847. This flaw affects multiple versions of MongoDB and MongoDB Server.Bleeping Computer
December 24, 2025 – Government
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The CISA has added a critical vulnerability in the Digiever DS-2105 Pro network video recorder to its Known Exploited Vulnerabilities catalog. This vulnerability, identified as CVE-2023-52163, has a CVSS score of 8.8.Security Affairs
December 24, 2025 – Breach
South Korea’s Shinhan Card Data Breach Affects 192,000 Merchants Full Text
Abstract
The Shinhan Card data breach has exposed the personal information of approximately 192,000 card merchants. This incident highlights the risks associated with internal misconduct within financial institutions.The Cyber Express
December 24, 2025 – Criminals
U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme Full Text
Abstract
The U.S. Department of Justice has seized the domain web3adspanels[.]org, used in a bank account takeover scheme resulting in $14.6 million in losses. Visitors to the domain now see a seizure banner indicating its takedown.The Hacker News
December 23, 2025 – Criminals
FBI Seizes Fake ID Template Domains Operating from Bangladesh Full Text
Abstract
The FBI has successfully dismantled an online marketplace operated by Zahid Hasan from Bangladesh, which sold fake ID templates. This operation, known as TechTreek, involved the sale of digital templates for fraudulent identification documents.Hack News
December 23, 2025 – Vulnerabilities
New Flaw in Somalia’s E-Visa System Exposes Travelers’ Passport Data Full Text
Abstract
A critical security flaw in Somalia's e-visa system has been identified, exposing sensitive personal data of travelers. This vulnerability allows unauthorized access to passport details, full names, and birth dates.The Cyber Express
December 23, 2025 – Breach
1,000 systems pwned in Romanian Waters ransomware attack Full Text
Abstract
A ransomware attack has compromised approximately 1,000 systems within Romania's water management administration Romanian Waters. The attack began on December 20 and spread to ten of the country's 11 river basin management organizations.The Register
December 23, 2025 – Breach
University of Phoenix data breach impacts nearly 3.5 million individuals Full Text
Abstract
The University of Phoenix (UoPX) experienced a data breach affecting 3,489,274 individuals, including students, staff, and suppliers. The breach was disclosed on the university's official website in early December.Bleeping Computer
December 23, 2025 – Hacker
Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan Full Text
Abstract
Hackers have been using Nezha with scripts containing Simplified Chinese messages, and their command center is hosted on Alibaba Cloud services in Japan. This activity is part of a broader trend of digital warfare.Hack Read
December 23, 2025 – Malware
Malicious npm package steals WhatsApp accounts and messages Full Text
Abstract
A malicious npm package named lotusbail has been identified, posing as a legitimate WhatsApp Web API library. This package is a fork of the WhiskeySockets Baileys project and has been downloaded over 56,000 times.Bleeping Computer
December 23, 2025 – Breach
Florida dermatologist warns 55,000+ people of data breach that compromised SSNs, medical info Full Text
Abstract
Brevard Skin and Cancer Center has notified over 55,000 individuals of a data breach that compromised sensitive personal information, including names, SSNs, billing and claims information, diagnoses, clinical information, and more.CompariTech
December 22, 2025 – Malware
TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs Full Text
Abstract
A deep-dive analysis by Gen Digital (Gen Threat Labs) has unveiled AuraStealer, an emerging Malware-as-a-Service (MaaS) that is rapidly gaining traction in underground forums by leveraging a devious distribution tactic known as “Scam-Yourself.”Security Online
December 22, 2025 – Ransomware
“ClickFix” Trap: Fake Human Verification Leads to Qilin Ransomware Infection Full Text
Abstract
A deceptive social engineering tactic known as “ClickFix” has evolved into a gateway for major ransomware attacks, with researchers uncovering a direct link between these fake verification prompts and the notorious Qilin ransomware group.Security Online
December 22, 2025 – General
Senior U.S. Officials Continue to be Impersonated in Malicious Messaging Campaign Full Text
Abstract
Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals.IC3
December 22, 2025 – Government
CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor Full Text
Abstract
CISA, National Security Agency, and Canadian Centre for Cyber Security have released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples.CISA
December 22, 2025 – Law Article
Nefilim Ransomware Affiliate Pleads Guilty Full Text
Abstract
Artem Aleksandrovych Stryzhak, 35, was extradited from the Spanish city of Barcelona earlier this year after being arrested in June 2024. He pleaded guilty to one count of conspiracy to commit computer fraud, according to the US Justice Department.Infosecurity Magazine
December 19, 2025 – Attack
GachiLoader: Defeating Node.js Malware with API Tracing GachiLoader: Defeating Node.js Malware Full Text
Abstract
A sophisticated malware distribution campaign has been identified, leveraging the YouTube Ghost Network to deploy GachiLoader, a heavily obfuscated Node.js-based loader. This loader delivers Rhadamanthys infostealer to unsuspecting victims.Check Point
December 19, 2025 – Attack
Clop ransomware targets Gladinet CentreStack in data theft attacks Full Text
Abstract
The Clop ransomware gang is actively targeting Gladinet CentreStack file servers in a new data theft extortion campaign. This campaign involves scanning for and breaching Internet-exposed CentreStack servers.Bleeping Computer
December 19, 2025 – Vulnerabilities
Windows 10 OOB update released to fix Message Queuing (MSMQ) issues Full Text
Abstract
Microsoft has released an out-of-band (OOB) update (KB5074976) to address issues with the Message Queuing (MSMQ) functionality in Windows 10, which arose after the December 9, 2025, update.Bleeping Computer
December 19, 2025 – Phishing
Inside a purchase order PDF phishing campaign Full Text
Abstract
A sophisticated phishing campaign has been identified, utilizing weaponized PDF documents to steal corporate credentials. The phishing emails contain a PDF attachment named "NEW Purchase Order # 52177236.pdf.Malware Byte
December 19, 2025 – Criminals
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists Full Text
Abstract
The emergence of DIG AI, an uncensored darknet AI assistant, has been identified as a significant threat, with a notable increase of over 200% in mentions and use of malicious AI tools from 2024 to 2025.ReSecurity
December 19, 2025 – APT
Group Policy abuse reveals China-aligned espionage group targeting governments Full Text
Abstract
A China-aligned advanced persistent threat group, LongNosedGoblin, has been identified targeting government institutions in Southeast Asia and Japan. The group exploits Windows Group Policy to deploy malware and conduct long-term surveillance.Help Net Security
December 19, 2025 – Criminals
Amazon blocked 1,800 suspected DPRK job applicants Full Text
Abstract
Amazon has successfully blocked over 1,800 suspected North Korean scammers from securing remote jobs since April 2024. These scammers use fake identities, AI tools, and deepfakes to apply for jobs, funneling their wages to the North Korean regime.The Register
December 18, 2025 – General
November 2025 Trends Report on Phishing Emails Full Text
Abstract
This advisory provides an overview of phishing email trends observed in November 2025, highlighting the tactics, techniques, and procedures (TTPs) employed by threat actors.Ahn Lab.
December 18, 2025 – Botnet
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks Full Text
Abstract
The Kimwolf botnet has emerged as a significant threat, hijacking 1.8 million Android-based devices, including TVs, set-top boxes, and tablets, to conduct large-scale DDoS attacks. This botnet is linked to the AISURU botnet.The Hacker News
December 18, 2025 – Hacker
Ink Dragon’s Relay Network and Stealthy Offensive Operation Full Text
Abstract
Ink Dragon, a sophisticated Chinese threat actor, has been leveraging a custom ShadowPad IIS Listener module to transform compromised servers into distributed relay nodes.Check Point
December 18, 2025 – Malware
New spyware discovered on Belarusian journalist’s phone after interrogation Full Text
Abstract
A new spyware, dubbed ResidentBat, has been discovered on a Belarusian journalist's phone. This spyware targets Android devices and can access call logs, SMS, encrypted app messages, microphone recordings, locally stored files, and screen captures.The Record
December 18, 2025 – Breach
Richmond, VA mental health service notifies 113,000+ people of data breach Full Text
Abstract
The Richmond Behavioral Health Authority in Virginia experienced a data breach, affecting 113,232 individuals. The compromised data includes names, SSNs, passport numbers, financial account information, and protected health information.CompariTech
December 18, 2025 – Vulnerabilities
Exploited SonicWall zero-day patched (CVE-2025-40602) Full Text
Abstract
A critical vulnerability has been patched in SonicWall's Secure Mobile Access (SMA) 1000 appliances. This vulnerability, when combined with CVE-2025-23006, allows attackers to achieve unauthenticated remote code execution with root privileges.Help Net Security
December 18, 2025 – Government
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation. These vulnerabilities pose significant risks to federal enterprises and require immediate attention.CISA
December 18, 2025 – Government
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation Full Text
Abstract
A critical vulnerability in ASUS Live Update, identified as CVE-2025-59374 with a CVSS score of 9.3, has been actively exploited. This flaw, resulting from a supply chain compromise, allows attackers to perform unintended actions on affected devices.The Hacker News
December 17, 2025 – Vulnerabilities
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution Full Text
Abstract
Multiple bugs have been identified in Apple products, with the most severe potentially allowing for arbitrary code execution. Apple is aware of reports that CVE-2025-43529 and CVE-2025-14174 may have been exploited in sophisticated attacks.Ci Security
December 17, 2025 – Cryptocurrency
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign Full Text
Abstract
A sophisticated cryptocurrency mining campaign has been identified targeting AWS customers. The attackers leverage compromised IAM credentials to deploy crypto miners, using advanced persistence techniques to evade detection and maintain operations.The Hacker News
December 17, 2025 – Vulnerabilities
Photo booth flaw exposes people’s private pictures online Full Text
Abstract
A vulnerability in a photo booth company's website exposed private photos of users, posing significant privacy risks. The flaw allowed unauthorized access to photos and videosMalware Bytes
December 17, 2025 – Breach
Russia-linked hackers breach critical infrastructure organizations via edge devices Full Text
Abstract
The threat actor has shifted its focus from exploiting zero-day and N-day vulnerabilities to targeting known but unpatched flaws in edge devices. This strategy reduces their workload and chances of detection while maintaining operational outcomes.Cybersecurity Dive
December 17, 2025 – Vulnerabilities
Vulnerability in Mitsubishi Electric GT Designer3 Allows Unauthorized Device Operation Full Text
Abstract
A vulnerability in Mitsubishi Electric GT Designer3 allows attackers to obtain plaintext credentials, potentially leading to unauthorized operation of GOT2000 and GOT1000 series devices.CISA
December 17, 2025 – Vulnerabilities
Critical Vulnerability in Hitachi Energy AFS, AFR, and AFF Series Full Text
Abstract
A critical vulnerability, CVE-2024-3596, has been identified in Hitachi Energy's AFS, AFR, and AFF series. This vulnerability can compromise data integrity and disrupt availability, posing significant risks to critical infrastructure sectors.CISA
December 17, 2025 – Government
CISA Alerts on Apple WebKit Zero-Day Actively Exploited Full Text
Abstract
CISA identified a critical zero-day vulnerability, CVE-2025-43529, in Apple's WebKit rendering engine. This vulnerability is actively exploited in the wild, affecting millions of users across iOS, iPadOS, macOS, and other Apple platforms.CISA
December 17, 2025 – Malware
Cellik Android malware builds malicious versions from Google Play apps Full Text
Abstract
Cellik is a newly discovered Android malware-as-a-service (MaaS) that allows cybercriminals to create malicious versions of apps from the Google Play Store. It is offered for $150 per month or $900 for lifetime access.Bleeping Computer
December 17, 2025 – Phishing
BlindEagle Deploys Caminho and DCRAT Full Text
Abstract
BlindEagle, a threat actor operating in South America, has launched a sophisticated spear phishing campaign targeting a Colombian government agency under the Ministry of Commerce, Industry and Tourism (MCIT).ZScaler
December 17, 2025 – Attack
GhostPoster attacks hide malicious JavaScript in Firefox addon logos Full Text
Abstract
The "GhostPoster" campaign is exploiting Firefox extensions by embedding malicious JavaScript in the image logos using steganography. This technique allows attackers to monitor browser activity and plant a backdoor, affecting over 50,000 users.Bleeping Computer