Cybercrime
-
France interior ministry confirms cyberattack on e-mail servers
France’s Interior Ministry confirmed a cyberattack on its e-mail servers that allowed access to some files; investigators have not confirmed whether data was stolen and are probing motives including foreign interference, activists and cybercrime.
-
VolkLocker ransomware contains hard-coded master keys, SentinelOne analysis finds
A SentinelOne analysis says VolkLocker, a RaaS from the CyberVolk collective, contains hard-coded master keys and writes a plaintext backup key to the temporary folder, enabling file recovery without payment while still displaying typical ransomware behaviors.
-
GitHub repositories used to deliver new PyStoreRAT JavaScript RAT
Researchers say GitHub-hosted Python repositories have been used to deliver a JavaScript-based RAT called PyStoreRAT that executes remote HTA payloads, deploys a Rhadamanthys stealer and includes persistence and evasion measures; Chinese vendor QiAnXin also reported a separate SetcodeRat campaign.
-
Researchers Flag Four New Phishing Kits That Automate Credential Theft and MFA Bypass
Security firms have identified four phishing kits — BlackForce, GhostFrame, InboxPrime AI and Spiderman — that automate credential theft, bypass multi-factor authentication and mass-produce phishing emails, with researchers warning the tools lower barriers for large-scale attacks.
-
U.S. sues former Accenture manager over alleged false claims on Army cloud security
The U.S. has sued Danielle Hillmer, a former senior manager tied to Accenture, accusing her of misleading auditors about the security of the NIFMS cloud platform and falsely claiming FedRAMP High and DoD Impact Level compliance while work on Army contracts proceeded.
-
CISA sets Dec. 12 deadline to patch React2Shell RSC flaw amid widespread exploitation
CISA has set a December 12 deadline for federal agencies to patch the critical React2Shell RSC vulnerability CVE-2025-55182 after widespread exploitation was observed; security firms report rapid, opportunistic scans and attacks against Next.js and other internet-facing services.
-
UK data watchdog fines LastPass £1.2m after 2022 breach exposed data of up to 1.6m users
The UK Information Commissioner’s Office fined LastPass £1.2 million over a two-part 2022 breach that exposed personal data for up to 1.6 million UK users, finding failures in technical and organisational security including permissive account-linking policies and missed AWS alerts.
-
Unpatched Gogs vulnerability being actively exploited; hundreds of instances compromised
Wiz researchers say a high-severity unpatched flaw in Gogs (CVE-2025-8110) is being actively exploited, with more than 700 compromised instances; the issue allows file overwrites via symbolic links and can lead to remote code execution. Researchers recommend disabling open registration, limiting internet exposure and scanning for random repositories while a fix is developed.
-
CISA adds WinRAR flaw CVE-2025-6218 to known-exploited list after reported active use
CISA added a WinRAR path traversal vulnerability, CVE-2025-6218 (CVSS 7.8), to its Known Exploited Vulnerabilities catalog after reports of active exploitation by multiple threat groups; RARLAB patched the bug in WinRAR 7.12 for Windows in June 2025 and agencies are required to remediate by Dec. 30, 2025.
-
North Korea-linked actors exploit React2Shell flaw to deploy EtherRAT using Ethereum-based C2
Sysdig reported that actors tied to North Korea exploited a critical React Server Components flaw to deploy EtherRAT, a Node.js-based remote access trojan that uses Ethereum smart contracts and RPC consensus for C2 resolution and multiple Linux persistence mechanisms.
