News
-
RondoDox botnet exploited React2Shell to enroll IoT devices and web apps
A nine month campaign enrolled IoT devices and web applications into the RondoDox botnet by exploiting React2Shell. About 90,300 hosts remained vulnerable at the end of 2025. Researchers advise patching Next.js and segmenting IoT.
-
Critical authentication bypass in IBM API Connect prompts urgent patching
A critical authentication bypass in IBM API Connect, tracked as CVE-2025-13915 and affecting several 10.0.8.x and 10.0.11.0 releases, can grant unauthorized access without user interaction. IBM issued interim fixes and advised disabling developer self-service if unable to patch.
-
Actor Using Alias 888 Offers More Than 200 GB of Alleged ESA Data
An actor using alias 888 posted on DarkForums on 18 December 2025 offering more than 200 GB of data alleged to be from the European Space Agency. The report has not been independently verified.
-
GlassWorm fourth wave targets macOS with trojanized crypto wallets in VS Code extensions
A fourth GlassWorm wave is targeting macOS developers with trojanized VS Code and OpenVSX extensions that steal credentials and attempt to replace hardware wallet apps. More than 33,000 installs were recorded.
-
Korean Air says employee data exposed after supplier hack
Korean Air said an internal notice that employee names and bank account numbers in its ERP were compromised after a hack of its supplier KC&D. Local reporting put the number of exfiltrated records at about 30,000.
-
MongoDB zlib flaw CVE-2025-14847 exploited in the wild with more than 87,000 instances at risk
CVE-2025-14847, dubbed MongoBleed, is actively exploited and can leak MongoDB server memory. More than 87,000 potentially vulnerable instances were identified. Apply vendor patches or disable zlib compression and limit exposure until fixed.
-
Alleged WIRED subscriber database of 2.37 million records posted to hacking forum
An alleged WIRED subscriber database of 2,366,576 records was posted to a hacking forum on December 20. Independent analysis matched records to infostealer logs and the dataset is listed on Have I Been Pwned.
-
Lumma Stealer delivered through fake itch.io update links to Patreon
G DATA Security Lab found a campaign using spam comments on itch.io that linked to Patreon downloads of a nexe compiled executable which writes a native module and loads a LummaStealer payload. Samples include six anti analysis checks.
-
China-linked APT used DNS poisoning to deliver MgBot backdoor, Kaspersky says
Kaspersky linked a China-aligned APT known as Evasive Panda to a campaign from November 2022 to November 2024 that used DNS poisoning to deliver an MgBot backdoor to targets in Türkiye, China and India, employing staged loaders, custom encryption and host-specific payloads.
-
SEC Charges Multiple Firms Over $14 Million Artificial Intelligence Crypto Scam
The U.S. Securities and Exchange Commission has charged several firms and investment clubs in an alleged AI-themed cryptocurrency scam that defrauded retail investors of more than $14 million, accusing operators of using WhatsApp groups and fake trading platforms to solicit funds.
