Vulnerabilities
-
Investors in F5 urged to seek lead plaintiff status after BIG-IP breach and 10.9% share drop
A press release said investors in F5 have until February 17, 2026 to seek lead plaintiff status after the company linked weaker fiscal 2026 guidance to a BIG-IP security breach and a 10.9 percent two-day share decline.
-
PS5 BootROM keys leaked in late 2025 expose unpatchable hardware secrets
A set of PlayStation 5 BootROM keys was posted online on 31 December 2025. The leak exposes hardware cryptographic keys burned into consoles and cannot be fixed by software updates on existing units.
-
Unit 42 analysis finds VVS stealer targets Discord users and exfiltrates tokens and browser data
A Unit 42 technical analysis found VVS stealer, a Python based malware marketed on Telegram in April 2025, targets Discord and browsers to steal tokens and saved credentials and exfiltrates them via Discord webhooks.
-
RondoDox botnet exploited React2Shell to enroll IoT devices and web apps
A nine month campaign enrolled IoT devices and web applications into the RondoDox botnet by exploiting React2Shell. About 90,300 hosts remained vulnerable at the end of 2025. Researchers advise patching Next.js and segmenting IoT.
-
Critical authentication bypass in IBM API Connect prompts urgent patching
A critical authentication bypass in IBM API Connect, tracked as CVE-2025-13915 and affecting several 10.0.8.x and 10.0.11.0 releases, can grant unauthorized access without user interaction. IBM issued interim fixes and advised disabling developer self-service if unable to patch.
-
Actor Using Alias 888 Offers More Than 200 GB of Alleged ESA Data
An actor using alias 888 posted on DarkForums on 18 December 2025 offering more than 200 GB of data alleged to be from the European Space Agency. The report has not been independently verified.
-
GlassWorm fourth wave targets macOS with trojanized crypto wallets in VS Code extensions
A fourth GlassWorm wave is targeting macOS developers with trojanized VS Code and OpenVSX extensions that steal credentials and attempt to replace hardware wallet apps. More than 33,000 installs were recorded.
-
MongoDB zlib flaw CVE-2025-14847 exploited in the wild with more than 87,000 instances at risk
CVE-2025-14847, dubbed MongoBleed, is actively exploited and can leak MongoDB server memory. More than 87,000 potentially vulnerable instances were identified. Apply vendor patches or disable zlib compression and limit exposure until fixed.
-
Jamf finds MacSync macOS stealer delivered in signed, notarized Swift installer
Jamf researchers found a MacSync macOS stealer variant delivered in a code-signed, notarized Swift installer inside a DMG that could bypass Gatekeeper; Apple revoked the signing certificate and analysis links the payload to the rebranded Mac.c infostealer with remote command-and-control capabilities.
-
Two Chrome extensions intercepted traffic and exfiltrated credentials, researchers say
Researchers reported two Chrome extensions named Phantom Shuttle that posed as VPN/speed-test tools but injected hard-coded proxy credentials, routed traffic through attacker-controlled proxies and exfiltrated user credentials and other sensitive data to a command-and-control server.
