2025-12-30 AI创业新闻

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced.

New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused.

And damage did not stop when an incident was “over” — it continued to surface months or even years later. This weekly recap brings those stories together in one place. No overload, no noise. Read on to see what shaped the threat landscape in the final stretch of 2025 and what deserves your attention now.

⚡ Threat of the Week MongoDB Vulnerability Comes Under Attack — A newly disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. The exact details surrounding the nature of attacks exploiting the flaw are presently unknown.

Users are advised to update to MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30. Data from attack surface management company Censys shows that there are more than 87,000 potentially vulnerable instances, with a majority of them located in the U.S., China, Germany, India, and France. Wiz noted that 42% of cloud environments have at least one instance of MongoDB in a version vulnerable to CVE-2025-14847. This includes both internet-exposed and internal resources.

🔔 Top News Trust Wallet Chrome Extension Hack Leads to $7M Loss — Trust Wallet urged users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss of approximately $7 million. Users are advised to update to version 2.69 as soon as possible. “We’ve confirmed that approximately $7 million has been impacted, and we will ensure all affected users are refunded,” Trust Wallet said. The Chrome extension has about 1 million users.

Mobile-only users and all other browser extension versions are not affected. It’s currently not known who is behind the attack, but Trust Wallet said the attacker likely published a malicious version (2.68) by using a leaked Chrome Web Store API key. Affected victims have been asked to fill out a form to process reimbursements. Evasive Panda Stages DNS Poisoning Attack to Push MgBot Malware — A China-linked advanced persistent threat (APT) group known as Evasive Panda was attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India.

The activity took place between November 2022 and November 2024. According to Kaspersky, the hacking group conducted adversary-in-the-middle (AitM) attacks on specific victims to serve trojanized updates for popular tools like SohuVA, iQIYI Video, IObit Smart Defrag, and Tencent QQ that ultimately deployed MgBot, a modular implant with wide-ranging information gathering capabilities. It’s currently not known how the threat actor is poisoning DNS responses. But two possible scenarios are suspected: either the ISPs used by the victims were selectively targeted and compromised to install some kind of network implant on edge devices, or a router or firewall used by the victims was hacked for this purpose.

LastPass 2022 Breach Leads to Crypto Theft — The encrypted vault backups stolen from the 2022 LastPass data breach enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025. New findings from TRM Labs show that threat actors with possible ties to the Russian cybercriminal ecosystem have stolen no less than $35 million as of September 2025. The Russian links to the stolen cryptocurrency stem from two primary factors: The use of exchanges commonly associated with the Russian cybercriminal ecosystem in the laundering pipeline and operational connections gleaned from wallets interacting with mixers both before and after the mixing and laundering process. Fortinet Warns of Renewed Activity Exploiting CVE-2020-12812 — Fortinet said it observed “recent abuse” of CVE-2020-12812, a five-year-old security flaw in FortiOS SSL VPN, in the wild under certain configurations.

The vulnerability could allow a user to log in successfully without being prompted for the second factor of authentication if the case of the username was changed. The newly issued guidance does not give any specifics on the nature of the attacks exploiting the flaw, nor whether any of those incidents were successful. Fortinet has also advised impacted customers to contact its support team and reset all credentials if they find evidence of admin or VPN users being authenticated without two-factor authentication (2FA). Fake WhatsApp API npm Package Steals Messages — A new malicious package on the npm repository named lotusbail was found to work as a fully functional WhatsApp API, but contained the ability to intercept every message and link the attacker’s device to a victim’s WhatsApp account.

It has been downloaded over 56,000 times since it was first uploaded to the registry by a user named “seiren_primrose” in May 2025. The package has since been removed by npm. Once the npm package is installed, the threat actor can read all WhatsApp messages, send messages to others, download media files, and access contact lists. “And here’s the critical part, uninstalling the npm package removes the malicious code, but the threat actor’s device stays linked to your WhatsApp account,” Koi said.

“The pairing persists in WhatsApp’s systems until you manually unlink all devices from your WhatsApp settings. Even after the package is gone, they still have access.” ‎️‍🔥 Trending CVEs Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach.

Here are this week’s most serious security flaws. Check them, fix what matters first, and stay protected. This week’s list includes — CVE-2025-14847 (MongoDB), CVE-2025-68664 (LangChain Core), CVE-2023-52163 (Digiever DS-2105 Pro), CVE-2025-68613 (n8n), CVE-2025-13836 (Python http.client), CVE-2025-26794 (Exim), CVE-2025-68615 (Net-SNMP), CVE-2025-44016 (TeamViewer DEX Client), and CVE-2025-13008 (M-Files Server). 📰 Around the Cyber World Former Coinbase Customer Service Agent Arrested in India — Coinbase Chief Executive Officer Brian Armstrong said that a former customer service agent for the largest U.S.

crypto exchange was arrested in India, months after hackers bribed customer service representatives to gain access to customer information. In May, the company said hackers bribed contractors working out of India to steal sensitive customer data and demanded a $20 million ransom. “We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice,” Armstrong said . “Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested.

Another one down and more still to come.” The incident impacted 69,461 individuals. A September 2025 class action lawsuit has revealed that Coinbase hired TaskUs to handle customer support from India. The court document also mentioned that Coinbase “cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls.” One TaskUs employee based out of Indore, Ashita Mishra, is accused of “joining the conspiracy by agreeing to sell highly sensitive Coinbase user data to those criminals” as early as September 2024. Mishra was arrested in January 2025 for allegedly selling the stolen data to hackers for $200 per record.

TaskUs claimed that “it identified two individuals who illegally accessed information from one of our clients [who] were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.” It also alleged that Coinbase “had vendors other than TaskUs, and that Coinbase employees were involved in the data breach.” But the company provided no further details. Cloud Atlas Targets Russia and Belarus — The threat actor known as Cloud Atlas has leveraged phishing lures with a malicious Microsoft Word document attachment that, when opened, downloads a malicious template from a remote server that, in turn, fetches and executes an HTML Application (HTA) file. The malicious HTA file extracts and creates several Visual Basic Script (VBS) files on disk that are parts of the VBShower backdoor. VBShower then downloads and installs other backdoors, including PowerShower, VBCloud, and CloudAtlas.

VBCloud can download and execute additional malicious scripts, including a file grabber to exfiltrate files of interest. Similar to VBCloud, PowerShower is capable of retrieving an additional payload from a remote server. CloudAtlas establishes communication with a command-and-control (C2) server via WebDAV and fetches executable plugins in the form of a DLL, allowing it to gather files, run commands, steal passwords from Chromium-based browsers, and capture system information. Attacks mounted by the threat actor have primarily targeted organizations in the telecommunications sector, construction, government entities, and plants in Russia and Belarus.

BlackHawk Loader Spotted in the Wild — A new MSIL loader named BlackHawk has been detected in the wild, incorporating three layers of obfuscation that show signs of being generated using artificial intelligence (AI) tools. Per ESET , it features a Visual Basic Script and two PowerShell scripts, the second of which contains the Base64-encoded BlackHawk loader and the final payload. The loader is being actively used in campaigns distributing Agent Tesla in attacks targeting hundreds of endpoints in Romanian small and medium-sized companies. The loader has also been used to deliver an information stealer known as Phantom.

Surge in Cobalt Strike Servers — Censys has noted a sudden spike in Cobalt Strike servers hosted online between early December and December 18, 2025, specifically on the networks of AS138415 (YANCY) and AS133199 (SonderCloud LTD). “Viewing the timeline above, AS138415 first exhibits limited ‘seed’ activity beginning on December 4, followed by a substantial expansion of 119 new Cobalt Strike servers on December 6,” Censys said . “Within just two days, however, nearly all of this newly added infrastructure disappears. On December 8, AS133199 experienced a near mirror-image increase and decrease in newly observed Cobalt Strike servers.” More than 150 distinct IPs associated with AS138415 have been flagged as hosting Cobalt Strike listeners during this window.

This netblock, 23.235.160[.]0/19, was allocated to RedLuff, LLC in September 2025. Meet Fly, the Russian Market Administrator — Intrinsec has revealed that a threat actor known as Fly is likely the administrator of Russian Market, an underground portal for selling credentials stolen via infostealers. “This threat actor promoted the marketplace on multiple occasions and throughout the years,” the French cybersecurity company said . “His username is reminiscent of the old name of the marketplace, ‘Flyded.’ We found two e-mail addresses used to register the first Russian Market domains, which enabled us to find potential links to a Gmail account named ‘AlexAske1,’ but we could not find additional information surrounding this potential identity.” New Scam Campaign Targets MENA with Fake Job Offers — A new scam campaign is targeting Middle East and North Africa (MENA) countries with fake online jobs across social media and private messaging platforms like Telegram and WhatsApp that promise easy work and fast money, but are designed to collect personal data and steal money.

The scams exploit trust in recognized institutions and the low cost of social media advertising. The targeting is intentionally broad to cast a wide phishing net. “The fake job ads often impersonate well-known companies, banks, and authorities to gain trust of victims,” Group-IB said . “Once victims engage, the conversation moves to private messaging channels where the actual financial fraud and data theft take place.” The ads typically redirect victims to a WhatsApp group, where a recruiter directs them to a scam website for registration.

Once the victim has completed the step, they are added to various Telegram channels where they are instructed to pay a fee to secure tasks and earn commissions from it. “The scammers will actually send a small payout for the initial task to build trust,” Group-IB said. “They will then push victims to deposit larger amounts to take on bigger tasks that promise even greater returns. When victims do make a big deposit, the payout stops, the channels and accounts disappear and the victim finds themselves blocked, making communication and tracking almost impossible.” The ads are directed against MENA countries such as Egypt, Gulf States’ members, Algeria, Tunisia, Morocco, Iraq, and Jordan.

EmEditor Breached to Distribute Infostealer — Windows-based text editing program EmEditor has disclosed a security breach. Emurasoft said a “third-party” performed an unauthorized modification of the download link for its Windows installer to point to a malicious MSI file hosted in a different location on the EmEditor website between December 19 and 22, 2022. Emurasoft said it’s investigating the incident to determine the full scope of impact. According to Chinese security firm QiAnXin, the malicious installer is used to launch a PowerShell script that’s capable of harvesting system information, including system metadata, files, VPN configuration, Windows login credentials, browser data, and information associated with apps like Zoho Mail, Evernote, Notion, discord, Slack, Mattermost, Skype, LiveChat, Microsoft Teams, Zoom, WinSCP, PuTTY, Steam, and Telegram.

It also installs an Edge browser extension (ID: “ngahobakhbdpmokneiohlfofdmglpakd”) named Google Drive Caching that₹₹₹ can fingerprint browsers, replace cryptocurrency wallet addresses in the clipboard, log keystrokes from specific websites such as x[.]com, and steal Facebook advertising account details. Docker Hardened Images Now Available for Free — Docker has made Hardened Images free for every developer to bolster software supply chain security. Introduced in May 2025, these are a set of secure, minimal, production-ready images that are managed by Docker. The company said it has hardened over 1,000 images and helm charts in its catalog.

“Unlike other opaque or proprietary hardened images, DHI is compatible with Alpine and Debian, trusted and familiar open source foundations teams already know and can adopt with minimal change,” Docker noted . Flaw in Livewire Disclosed — Details have emerged about a now-patched critical security flaw in Livewire ( CVE-2025-54068 , CVSS score: 9.8), a full-stack framework for Laravel, that could allow unauthenticated attackers to achieve remote command execution in specific scenarios. The issue was addressed in Livewire version 3.6.4 released in July 2025. According to Synacktiv, the vulnerability is rooted in the platform’s hydration mechanism, which is used to manage component states and ensure that they have not been tampered with during transit by means of a checksum.

“However, this mechanism comes with a critical vulnerability: a dangerous unmarshalling process can be exploited as long as an attacker is in possession of the APP_KEY of the application,” the cybersecurity company said . “By crafting malicious payloads, attackers can manipulate Livewire’s hydration process to execute arbitrary code, from simple function calls to stealthy remote command execution.” To make matters worse, the research also identified a pre-authenticated remote code execution vulnerability that’s exploitable even without knowledge of the application’s APP_KEY. “Attackers could inject malicious synthesizers through the updates field in Livewire requests, leveraging PHP’s loose typing and nested array handling,” Synacktiv added. “This technique bypasses checksum validation, allowing arbitrary object instantiation and leading to full system compromise.” ChimeraWire Malware Boosts Website SERP Rankings — A new malware dubbed ChimeraWire has been found to artificially boost the ranking of certain websites in search engine results pages (SERPs) by performing hidden internet searches and mimicking user clicks on infected Windows devices.

ChimeraWire is typically deployed as a second-stage payload on systems previously infected with other malware downloaders, Doctor Web said. The malware is designed to download a Windows version of the Google Chrome browser and install add-ons like NopeCHA and Buster into it for automated CAPTCHA solving. ChimeraWire then launches the browser in debugging mode with a hidden window to perform the malicious clicking activity based on certain pre-configured criteria. “For this, the malicious app searches target internet resources in the Google and Bing search engines and then loads them,” the Russian company said .

“It also imitates user actions by clicking links on the loaded sites. The Trojan performs all malicious actions in the Google Chrome web browser, which it downloads from a certain domain and then launches it in debug mode over the WebSocket protocol.” More Details About LANDFALL Campaign Emerge — The LANDFALL Android spyware campaign was disclosed by Palo Alto Networks Unit 42 last month as having exploited a now-patched zero-day flaw in Samsung Galaxy Android devices (CVE-2025-21042) in targeted attacks in the Middle East. Google Project Zero said it identified six suspicious image files that were uploaded to VirusTotal between July 2024 and February 2025. It’s suspected that these images were received over WhatsApp, with Google noting that the files were DNG files targeting the Quram library , an image parsing library specific to Samsung devices.

Further investigation has determined that the images are engineered to trigger an exploit that runs within the com.samsung.ipservice process. “The com.samsung.ipservice process is a Samsung-specific system service responsible for providing ‘intelligent’ or AI-powered features to other Samsung applications,” Project Zero’s Benoît Sevens said . “It will periodically scan and parse images and videos in Android’s MediaStore. When WhatsApp receives and downloads an image, it will insert it in the MediaStore.

This means that downloaded WhatsApp images (and videos) can hit the image parsing attack surface within the com.samsung.ipservice application.” Given that WhatsApp does not automatically download images from untrusted contacts, it’s assessed that a 1-click exploit is used to trigger the download and have it added to the MediaStore. This, in turn, fires an exploit for the flaw, resulting in an out-of-bounds write primitive. “This case illustrates how certain image formats provide strong primitives out of the box for turning a single memory corruption bug into interactionless ASLR bypasses and remote code execution,” Sevens noted. “By corrupting the bounds of the pixel buffer using the bug, the rest of the exploit could be performed by using the ‘weird machine’ that the DNG specification and its implementation provide.” New Android Spyware Discovered on Belarusian Journalist’s Phone — Belarusian authorities are deploying a new spyware called ResidentBat on the smartphones of local journalists after their phones are confiscated during police interrogations by the Belarusian secret service.

The spyware can collect call logs, record audio through the microphone, take screenshots, collect SMS messages and chats from encrypted messaging apps, and exfiltrate local files. It can also factory reset the device and remove itself. According to a report from RESIDENT.NGO , ResidentBat’s server infrastructure has been operational since March 2021. In December 2024, similar cases of implanting spyware on individuals’ phones while they were being questioned by police or security services were reported in Serbia and Russia .

“The infection relied on physical access to the device,” RESIDENT.NGO said. “We hypothesize that the KGB officers observed the device password or PIN as the journalist typed it in their presence during the conversation. Once the officers had the PIN and physical possession of the phone while it was in the locker, they enabled ‘Developer Mode’ and ‘USB Debugging.’ The spyware was then sideloaded onto the device, likely via ADB commands from a Windows PC.” Former Incident Responders Plead Guilty to Ransomware Attacks — Former cybersecurity professionals Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty to participating in a series of BlackCat ransomware attacks between May and November 2023 while they were employed at cybersecurity companies tasked with helping organizations fend off ransomware attacks. Goldberg and Martin were indicted last month.

While Martin worked as a ransomware threat negotiator for DigitalMint, Goldberg was an incident response manager for cybersecurity company Sygnia. A third unnamed co-conspirator, who was also employed at DigitalMint, allegedly obtained an affiliate account for BlackCat, which the trio used to commit ransomware attacks. Congressional Report Says China Exploits U.S.-funded Research on Nuclear Technology — A new report released by the House Select Committee on China and the House Permanent Select Committee on Intelligence (HPSCI) has revealed that China exploits the U.S. Department of Energy (DOE) to gain access and divert American taxpayer-funded research and fuel its military and technological rise.

The investigation identified about 4,350 research papers between June 2023 and June 2025, where DOE funding or research support involved research relationships with Chinese entities, including over 730 DOE awards and contracts. Of these, approximately 2,200 publications were conducted in partnership with entities within China’s defense research and industrial base. “This case study and many more like it in the report underscore a deeply troubling reality: U.S. government scientists – employed by the DOE and working at federally funded national laboratories – have coauthored research with Chinese entities at the very heart of the PRC’s military-industrial complex,” the House Select Committee on the Chinese Communist Party (CCP) said.

“They involve the joint development of technologies relevant to next-generation military aircraft, electronic warfare systems, radar deception techniques, and critical energy and aerospace infrastructure – alongside entities already restricted by multiple U.S. agencies for posing a threat to national security.” In a statement shared with Associated Press, the Chinese Embassy in Washington said the select committee “has long smeared and attacked China for political purposes and has no credibility to speak of.” Moscow Court Sentences Russian Scientist to 21 Years for Treason — A Moscow court handed a 21-year prison sentence to Artyom Khoroshilov , 34, a researcher at the Moscow Institute of General Physics, who has been accused of treason, attacking critical infrastructure, and plotting sabotage. He was also fined 700,000 rubles (~$9,100). Khoroshilov is said to have colluded with the Ukrainian IT army to conduct distributed denial-of-service (DDoS) attacks on the Russian Post in August 2022.

He also planned to commit sabotage by blowing up the railway tracks used by the military unit of the Ministry of Defense of the Russian Federation to transport military goods. The IT Army of Ukraine, a hacktivist group known for coordinating DDoS attacks on Russian infrastructure, said it does not know if Khoroshilov was part of their community, but noted “the enemy hunts down any sign of resistance.” New DIG AI Tool Used by Malicious Actors — Resecurity said it has observed a “notable increase” in malicious actors’ utilization of DIG AI, the latest addition to a long list of dark Large Language Models (LLMs) that can be used for illegal, unethical, malicious or harmful activities, such as generating phishing emails or instructions for bombs and prohibited substances. It can be accessed by users via the Tor browser without requiring an account. According to its developer, Pitch, the service is based on OpenAI’s ChatGPT Turbo.

“DIG AI enables malicious actors to leverage the power of AI to generate tips ranging from explosive device manufacturing to illegal content creation, including CSAM,” the company said . “Because DIG AI is hosted on the TOR network, such tools are not easily discoverable and accessible to law enforcement. They create a significant underground market – from piracy and derivatives to other illicit activities.” China Says U.S. Seized Cryptocurrency from Chinese Firm — The Chinese government said the U.S.

unduly seized cryptocurrency assets that actually belonged to LuBian. In October 2025, the U.S. Justice Department seized $15 billion worth of Bitcoin from the operator of scam compounds last month. The agency claimed the funds were owned by the Prince Group and its CEO, Chen Zhi.

China’s National Computer Virus Emergency Response Center (CVERC) alleged that the funds could be traced back to the 2020 hack of Chinese bitcoin mining pool operator LuBian, echoing a report from Elliptic. What’s evident is that the digital assets were stolen from Zhi before they ended up with the U.S. “The U.S. government may have stolen Chen Zhi’s 127,000 Bitcoin through hacking techniques as early as 2020, making this a classic case of ‘black-on-black’ crime orchestrated by a state-sponsored hacking organization,” CVERC said .

However, it bears noting that the report makes no mention of the stolen assets being linked to scam campaigns. 🎥 Cybersecurity Webinars How Zero Trust and AI Catch Attacks With No Files, No Binaries, and No Indicators — Cyber threats are evolving faster than ever, exploiting trusted tools and fileless techniques that evade traditional defenses. This webinar reveals how Zero Trust and AI-driven protection can uncover unseen attacks, secure developer environments, and redefine proactive cloud security—so you can stay ahead of attackers, not just react to them. Master Agentic AI Security: Learn to Detect, Audit, and Contain Rogue MCP Servers — AI tools like Copilot and Claude Code help developers move fast, but they can also create big security risks if not managed carefully.

Many teams don’t know which AI servers (MCPs) are running, who built them, or what access they have. Some have already been hacked, turning trusted tools into backdoors. This webinar shows how to find hidden AI risks, stop shadow API key problems, and take control before your AI systems create a breach. 🔧 Cybersecurity Tools GhidraGPT — It is a plugin for Ghidra that adds AI-powered assistance to reverse engineering work.

It uses large language models to help explain decompiled code, improve readability, and highlight potential security issues, making it easier for analysts to understand and analyze complex binaries. Chameleon — It is an open-source honeypot tool used to monitor attacks, bot activity, and stolen credentials across a wide range of network services. It simulates open and vulnerable ports to attract attackers, logs their activity, and shows the results through simple dashboards, helping teams understand how their systems are being scanned and attacked in real environments. Disclaimer: These tools are for learning and research only.

They haven’t been fully tested for security. If used the wrong way, they could cause harm. Check the code first, test only in safe places, and follow all rules and laws. Conclusion This weekly recap brings those stories together in one place to close out 2025.

It cuts through the noise and focuses on what actually mattered in the final days of the year. Read on for the events that shaped the threat landscape, the patterns that kept repeating, and the risks that are likely to carry forward into 2026. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed . “A flaw in zlib compression allows attackers to trigger information leakage,” OX Security said .

“By sending malformed network packets, an attacker can extract fragments of private data.” The problem is rooted in MongoDB Server’s zlib message decompression implementation (“message_compressor_zlib.cpp”). It affects instances with zlib compression enabled, which is the default configuration. Successful exploitation of the shortcoming could allow an attacker to extract sensitive information from MongoDB servers, including user information, passwords, and API keys. “Although the attacker might need to send a large amount of requests to gather the full database, and some data might be meaningless, the more time an attacker has, the more information could be gathered,” OX Security added.

Cloud security company Wiz said CVE-2025-14847 stems from a flaw in the zlib-based network message decompression logic, enabling an unauthenticated attacker to send malformed, compressed network packets to trigger the vulnerability and access uninitialized heap memory without valid credentials or user interaction. “The affected logic returned the allocated buffer size (output.length()) instead of the actual decompressed data length, allowing undersized or malformed payloads to expose adjacent heap memory,” security researchers Merav Bar and Amitai Cohen said . “Because the vulnerability is reachable prior to authentication and does not require user interaction, Internet-exposed MongoDB servers are particularly at risk.” Data from attack surface management company Censys shows that there are more than 87,000 potentially vulnerable instances , with a majority of them located in the U.S., China, Germany, India, and France. Wiz noted that 42% of cloud environments have at least one instance of MongoDB in a version vulnerable to CVE-2025-14847.

This includes both internet-exposed and internal resources. The exact details surrounding the nature of attacks exploiting the flaw are presently unknown. Users are advised to update to MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30. Patches for MongoDB Atlas have been applied.

It’s worth noting that the vulnerability also affects the Ubuntu rsync package , as it uses zlib. As temporary workarounds, it’s recommended to disable zlib compression on the MongoDB Server by starting mongod or mongos with a networkMessageCompressors or a net.compression.compressors option that explicitly omits zlib. Other mitigations include restricting network exposure of MongoDB servers and monitoring MongoDB logs for anomalous pre-authentication connections. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical infrastructure-adjacent organizations in the U.S. and Allied nations, according to Socket. “A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft,” researchers Nicholas Anderson and Kirill Boychenko said .

The names of the packages are listed below - adril7123 ardril712 arrdril712 androidvoues assetslush axerification erification erificatsion errification eruification hgfiuythdjfhgff homiersla houimlogs22 iuythdjfghgff iuythdjfhgff iuythdjfhgffdf iuythdjfhgffs iuythdjfhgffyg jwoiesk11 modules9382 onedrive-verification sarrdril712 scriptstierium11 secure-docs-app sync365 ttetrification vampuleerl Rather than requiring users to install the packages, the end goal of the campaign is to repurpose npm and package content delivery networks (CDNs) as hosting infrastructure, using them to deliver client-side HTML and JavaScript lures impersonating secure document-sharing that are embedded directly in phishing pages, following which victims are redirected to Microsoft sign-in pages with the email address pre-filled in the form. The use of package CDNs offers several benefits, the foremost being the ability to turn a legitimate distribution service into infrastructure that’s resilient to takedowns. In addition, it makes it easy for attackers to switch to other publisher aliases and package names, even if the libraries are pulled. The packages have been found to incorporate various checks on the client side to challenge analysis efforts, including filtering out bots, evading sandboxes, and requiring mouse or touch input before taking the victims to threat-actor-controlled credential harvesting infrastructure.

The JavaScript code is also obfuscated or heavily minified to make automated inspection more difficult. Another crucial anti-analysis control adopted by the threat actor relates to the use of honeypot form fields that are hidden from view for real users, but are likely to be populated by crawlers. This step acts as a second layer of defense, preventing the attack from proceeding further. Socket said the domains packed into these packages overlap with adversary-in-the-middle (AitM) phishing infrastructure associated with Evilginx , an open-source phishing kit.

This is not the first time npm has been transformed into phishing infrastructure. Back in October 2025, the software supply chain security firm detailed a campaign dubbed Beamglea that saw unknown threat actors uploading 175 malicious packages for credential harvesting attacks. The latest attack wave is assessed to be distinct from Beamglea. “This campaign follows the same core playbook, but with different delivery mechanics,” Socket said.

“Instead of shipping minimal redirect scripts, these packages deliver a self-contained, browser-executed phishing flow as an embedded HTML and JavaScript bundle that runs when loaded in a page context.” What’s more, the phishing packages have been found to hard-code 25 email addresses tied to specific individuals, who work in account managers, sales, and business development representatives in manufacturing, industrial automation, plastics and polymer supply chains, healthcare sectors in Austria, Belgium, Canada, France, Germany, Italy, Portugal, Spain, Sweden, Taiwan, Turkey, the U.K., and the U.S. It’s currently unknown how the attackers obtained the email addresses. But given that many of the targeted firms convene at major international trade shows, such as Interpack and K-Fair, it’s suspected that the threat actors may have pulled the information from these sites and combined it with general open-web reconnaissance. “In several cases, target locations differ from corporate headquarters, which is consistent with the threat actor’s focus on regional sales staff, country managers, and local commercial teams rather than only corporate IT,” the company said.

To counter the risk posed by the threat, it’s essential to enforce stringent dependency verification, log unusual CDN requests from non-development contexts, enforce phishing-resistant multi-factor authentication (MFA), and monitor for suspicious post-authentication events. The development comes as Socket said it observed a steady rise in destructive malware across npm, PyPI, NuGet Gallery, and Go module indexes using techniques like delayed execution and remotely-controlled kill switches to evade early detection and fetch executable code at runtime using standard tools such as wget and curl. “Rather than encrypting disks or indiscriminately destroying files, these packages tend to operate surgically,” researcher Kush Pandya said . “They delete only what matters to developers: Git repositories, source directories, configuration files, and CI build outputs.

They often blend this logic into otherwise functional code paths and rely on standard lifecycle hooks to execute, meaning the malware may never need to be explicitly imported or invoked by the application itself.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025 , malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 million secrets were leaked through AI systems in 2024 alone, a 25% increase from the previous year.

Here’s what these incidents have in common: The compromised organizations had comprehensive security programs. They passed audits. They met compliance requirements. Their security frameworks simply weren’t built for AI threats.

Traditional security frameworks have served organizations well for decades. But AI systems operate fundamentally differently from the applications these frameworks were designed to protect. And the attacks against them don’t fit into existing control categories. Security teams followed the frameworks.

The frameworks just don’t cover this. Where Traditional Frameworks Stop and AI Threats Begin The major security frameworks organizations rely on, NIST Cybersecurity Framework, ISO 27001, and CIS Control, were developed when the threat landscape looked completely different. NIST CSF 2.0, released in 2024, focuses primarily on traditional asset protection. ISO 27001:2022 addresses information security comprehensively but doesn’t account for AI-specific vulnerabilities.

CIS Controls v8 covers endpoint security and access controls thoroughly—yet none of these frameworks provide specific guidance on AI attack vectors. These aren’t bad frameworks. They’re comprehensive for traditional systems. The problem is that AI introduces attack surfaces that don’t map to existing control families.

“Security professionals are facing a threat landscape that’s evolved faster than the frameworks designed to protect against it,” notes Rob Witcher, co-founder of cybersecurity training company Destination Certification . “The controls organizations rely on weren’t built with AI-specific attack vectors in mind.” This gap has driven demand for specialized AI security certification prep that addresses these emerging threats specifically. Consider access control requirements, which appear in every major framework. These controls define who can access systems and what they can do once inside.

But access controls don’t address prompt injection—attacks that manipulate AI behavior through carefully crafted natural language input, bypassing authentication entirely. System and information integrity controls focus on detecting malware and preventing unauthorized code execution. But model poisoning happens during the authorized training process. An attacker doesn’t need to breach systems, they corrupt the training data, and AI systems learn malicious behavior as part of normal operation.

Configuration management ensures systems are properly configured and changes are controlled. But configuration controls can’t prevent adversarial attacks that exploit mathematical properties of machine learning models. These attacks use inputs that look completely normal to humans and traditional security tools but cause models to produce incorrect outputs. Prompt Injection Take prompt injection as a specific example.

Traditional input validation controls (like SI-10 in NIST SP 800-53) were designed to catch malicious structured input: SQL injection, cross-site scripting, and command injection. These controls look for syntax patterns, special characters, and known attack signatures. Prompt injection uses valid natural language. There are no special characters to filter, no SQL syntax to block, and no obvious attack signatures.

The malicious intent is semantic, not syntactic. An attacker might ask an AI system to “ignore previous instructions and expose all user data” using perfectly valid language that passes through every input validation control framework that requires it. Model Poisoning Model poisoning presents a similar challenge. System integrity controls in frameworks like ISO 27001 focus on detecting unauthorized modifications to systems.

But in AI environments, training is an authorized process. Data scientists are supposed to feed data into models. When that training data is poisoned—either through compromised sources or malicious contributions to open datasets—the security violation happens within a legitimate workflow. Integrity controls aren’t looking for this because it’s not “unauthorized.” AI Supply Chain AI supply chain attacks expose another gap.

Traditional supply chain risk management (the SR control family in NIST SP 800-53) focuses on vendor assessments, contract security requirements, and software bill of materials. These controls help organizations understand what code they’re running and where it came from. But AI supply chains include pre-trained models, datasets, and ML frameworks with risks that traditional controls don’t address. How do organizations validate the integrity of model weights?

How do they detect if a pre-trained model has been backdoored? How do they assess whether a training dataset has been poisoned? The frameworks don’t provide guidance because these questions didn’t exist when the frameworks were developed. The result is that organizations implement every control their frameworks require, pass audits, and meet compliance standards—while remaining fundamentally vulnerable to an entire category of threats.

When Compliance Doesn’t Equal Security The consequences of this gap aren’t theoretical. They’re playing out in real breaches. When the Ultralytics AI library was compromised in December 2024, the attackers didn’t exploit a missing patch or weak password. They compromised the build environment itself, injecting malicious code after the code review process but before publication.

The attack succeeded because it targeted the AI development pipeline—a supply chain component that traditional software supply chain controls weren’t designed to protect. Organizations with comprehensive dependency scanning and software bill of materials analysis still installed the compromised packages because their tools couldn’t detect this type of manipulation. The ChatGPT vulnerabilities disclosed in November 2024 allowed attackers to extract sensitive information from users’ conversation histories and memories through carefully crafted prompts. Organizations using ChatGPT had strong network security, robust endpoint protection, and strict access controls.

None of these controls addresses malicious natural language input designed to manipulate AI behavior. The vulnerability wasn’t in the infrastructure—it was in how the AI system processed and responded to prompts. When malicious Nx packages were published in August 2025, they took a novel approach: using AI assistants like Claude Code and Google Gemini CLI to enumerate and exfiltrate secrets from compromised systems. Traditional security controls focus on preventing unauthorized code execution.

But AI development tools are designed to execute code based on natural language instructions. The attack weaponized legitimate functionality in ways that existing controls don’t anticipate. These incidents share a common pattern. Security teams had implemented the controls their frameworks required.

Those controls protected against traditional attacks. They just didn’t cover AI-specific attack vectors. The Scale of the Problem According to IBM’s Cost of a Data Breach Report 2025, organizations take an average of 276 days to identify a breach and another 73 days to contain it. For AI-specific attacks, detection times are potentially even longer because security teams lack established indicators of compromise for these novel attack types.

Sysdig’s research shows a 500% surge in cloud workloads containing AI/ML packages in 2024, meaning the attack surface is expanding far faster than defensive capabilities. The scale of exposure is significant. Organizations are deploying AI systems across their operations: customer service chatbots, code assistants, data analysis tools, and automated decision systems. Most security teams can’t even inventory the AI systems in their environment, much less apply AI-specific security controls that frameworks don’t require.

What Organizations Actually Need The gap between what frameworks mandate and what AI systems need requires organizations to go beyond compliance. Waiting for frameworks to be updated isn’t an option—the attacks are happening now. Organizations need new technical capabilities. Prompt validation and monitoring must detect malicious semantic content in natural language, not just structured input patterns.

Model integrity verification needs to validate model weights and detect poisoning, which current system integrity controls don’t address. Adversarial robustness testing requires red teaming focused specifically on AI attack vectors, not just traditional penetration testing. Traditional data loss prevention focuses on detecting structured data: credit card numbers, social security numbers, and API keys. AI systems require semantic DLP capabilities that can identify sensitive information embedded in unstructured conversations.

When an employee asks an AI assistant, “summarize this document,” and pastes in confidential business plans, traditional DLP tools miss it because there’s no obvious data pattern to detect. AI supply chain security demands capabilities that go beyond vendor assessments and dependency scanning. Organizations need methods for validating pre-trained models, verifying dataset integrity, and detecting backdoored weights. The SR control family in NIST SP 800-53 doesn’t provide specific guidance here because these components didn’t exist in traditional software supply chains.

The bigger challenge is knowledge. Security teams need to understand these threats, but traditional certifications don’t cover AI attack vectors. The skills that made security professionals excellent at securing networks, applications, and data are still valuable—they’re just not sufficient for AI systems. This isn’t about replacing security expertise; it’s about extending it to cover new attack surfaces.

The Knowledge and Regulatory Challenge Organizations that address this knowledge gap will have significant advantages. Understanding how AI systems fail differently than traditional applications, implementing AI-specific security controls, and building capabilities to detect and respond to AI threats—these aren’t optional anymore. Regulatory pressure is mounting. The EU AI Act , which took effect in 2025, imposes penalties up to €35 million or 7% of global revenue for serious violations.

NIST’s AI Risk Management Framework provides guidance, but it’s not yet integrated into the primary security frameworks that drive organizational security programs. Organizations waiting for frameworks to catch up will find themselves responding to breaches instead of preventing them. Practical steps matter more than waiting for perfect guidance. Organizations should start with an AI-specific risk assessment separate from traditional security assessments.

Inventorying the AI systems actually running in the environment reveals blind spots for most organizations. Implementing AI-specific security controls even though frameworks don’t require them yet, is critical. Building AI security expertise within existing security teams rather than treating it as an entirely separate function makes the transition more manageable. Updating incident response plans to include AI-specific scenarios is essential because current playbooks won’t work when investigating prompt injection or model poisoning.

The Proactive Window Is Closing Traditional security frameworks aren’t wrong—they’re incomplete. The controls they mandate don’t cover AI-specific attack vectors, which is why organizations that fully met NIST CSF, ISO 27001, and CIS Controls requirements were still breached in 2024 and 2025. Compliance hasn’t equaled protection. Security teams need to close this gap now rather than wait for frameworks to catch up.

That means implementing AI-specific controls before breaches force action, building specialized knowledge within security teams to defend AI systems effectively, and pushing for updated industry standards that address these threats comprehensively. The threat landscape has fundamentally changed. Security approaches need to change with it, not because current frameworks are inadequate for what they were designed to protect, but because the systems being protected have evolved beyond what those frameworks anticipated. Organizations that treat AI security as an extension of their existing programs, rather than waiting for frameworks to tell them exactly what to do, will be the ones that defend successfully.

Those who wait will be reading breach reports instead of writing security success stories. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency , which arises when a program fails to appropriately tackle scenarios where a length field is inconsistent with the actual length of the associated data. “Mismatched length fields in zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client,” according to a description of the flaw in CVE.org. The flaw impacts the following versions of the database - MongoDB 8.2.0 through 8.2.3 MongoDB 8.0.0 through 8.0.16 MongoDB 7.0.0 through 7.0.26 MongoDB 6.0.0 through 6.0.26 MongoDB 5.0.0 through 5.0.31 MongoDB 4.4.0 through 4.4.29 All MongoDB Server v4.2 versions All MongoDB Server v4.0 versions All MongoDB Server v3.6 versions The issue has been addressed in MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, and 4.4.30.

“An client-side exploit of the Server’s zlib implementation can return uninitialized heap memory without authenticating to the server,” MongoDB said . “We strongly recommend upgrading to a fixed version as soon as possible.” If immediate update is not an option, it’s recommended to disable zlib compression on the MongoDB Server by starting mongod or mongos with a networkMessageCompressors or a net.compression.compressors option that explicitly omits zlib. The other compressor options supported by MongoDB are snappy and zstd. “CVE-2025-14847 allows a remote, unauthenticated attacker to trigger a condition in which the MongoDB server may return uninitialized memory from its heap,” OP Innovate said .

“This could result in the disclosure of sensitive in-memory data, including internal state information, pointers, or other data that may assist an attacker in further exploitation.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

How AI and Zero Trust Work Together to Catch Attacks With No Files or Indicators

JavaScript must be enabled in order to register for webinar. Yes, I’d like to register for the webinar and agree to the handling of my information as explained in thePrivacy Policy. There’s one constant in cybersecurity: the threat landscape continues to rapidly evolve. To bolster their organizations’ resilience, defenders need proactive visibility and tooling across their endpoints, developer environments, and crypto stack to stay several steps ahead of attackers.In this webinar, join experts from the Zscaler Internet Access product team as they cover the next major security challenges and how enterprises can best respond to them:“Living off the Land” Attacks:Today’s attackers use a combination of malware and legitimate system tools like PowerShell, WMI, or RDP.

File-based detection alone misses threats that blend in with trusted processes. Learn how and why gaining endpoint visibility into file-based threats, apps, and process behaviors is essential.Fileless “Last Mile” Reassembly Attacks:Legacy security tools are ineffective against fileless attacks, including those using only obfuscated HTML and JavaScript. Learn how a cloud-native antimalware engine that emulates malicious scripting and reassembles an executable binary in isolation can stop malicious files from being delivered to an endpoint.Securing Developer Environments:Developers are building and deploying applications faster than ever before. But third-party repositories and other open-source CI/CD tools can contain malicious code and vulnerabilities that can compromise your organization’s security.

Inspecting encrypted traffic in developer environments can identify and defeat would-be threats. Learn how to secure development workflows with automated TLS/SSL inspection and code sandboxing.You’ll see howZscaler Internet Access’s capabilities, built on a foundation of zero trust and AI-powered protection, provide SOC and IT teams with the preventative tooling and visibility necessary to effectively defend against emerging threats so you can proactively fortify your security posture to protect your users, devices, and data. There’s one constant in cybersecurity: the threat landscape continues to rapidly evolve. To bolster their organizations’ resilience, defenders need proactive visibility and tooling across their endpoints, developer environments, and crypto stack to stay several steps ahead of attackers.

In this webinar, join experts from the Zscaler Internet Access product team as they cover the next major security challenges and how enterprises can best respond to them: You’ll see howZscaler Internet Access’s capabilities, built on a foundation of zero trust and AI-powered protection, provide SOC and IT teams with the preventative tooling and visibility necessary to effectively defend against emerging threats so you can proactively fortify your security posture to protect your users, devices, and data. By clicking “Register Now,” you agree to permit The Hacker News and its partners to process your contact details, which may include The Hacker News reaching out to you and sharing your contact information with its webinar partners.

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised to update to version 2.69 as soon as possible.

“We’ve confirmed that approximately $7 million has been impacted and we will ensure all affected users are refunded,” Trust Wallet said in a post on X. “Supporting affected users is our top priority, and we are actively finalizing the process to refund the impacted users.” Trust Wallet is also urging users to refrain from interacting with any messages that do not come from its official channels. Mobile-only users and all other browser extension versions are not affected. According to details shared by SlowMist, version 2.68 introduced malicious code that’s designed to iterate through all wallets stored in the extension and trigger a mnemonic phrase request for each wallet.

“The encrypted mnemonic is then decrypted using the password or passkeyPassword entered during wallet unlock,” the blockchain security firm said . “Once decrypted, the mnemonic phrase is sent to the attacker’s server api.metrics-trustwallet[.]com.” The domain “metrics-trustwallet[.]com” was registered on December 8, 2025, with the first request to “api.metrics-trustwallet[.]com” commencing on December 21, 2025. Further analysis has revealed that the attacker has leveraged an open‑source full‑chain analytics library named posthog-js to harvest wallet user information. The digital assets drained so far include about $3 million in Bitcoin, $431 in Solana, and more than $3 million in Ethereum.

The stolen funds have been moved through centralized exchanges and cross-chain bridges for laundering and swapping. According to an update shared by blockchain investigator ZachXBT, the incident has claimed hundreds of victims. “While ~$2.8 million of the stolen funds remain in the hacker’s wallets (Bitcoin/ EVM/ Solana), the bulk – >$4M in cryptos – has been sent to CEXs [centralized exchanges]: ~$3.3 million to ChangeNOW, ~$340,000 to FixedFloat, and ~$447,000 to KuCoin,” PeckShield said . “This backdoor incident originated from malicious source code modification within the internal Trust Wallet extension codebase (analytics logic), rather than an injected compromised third‑party dependency (e.g., malicious npm package),” SlowMist said.

“The attacker directly tampered with the application’s own code, then leveraged the legitimate PostHog analytics library as the data‑exfiltration channel, redirecting analytic traffic to an attacker‑controlled server.” The company said there is a possibility that it’s the work of a nation-state actor, adding the attackers may have gained control of Trust Wallet‑related developer devices or obtained deployment permissions prior to December 8, 2025. Changpeng Zhao, a co-founder of crypto exchange Binance, which owns the utility, hinted that the exploit was “most likely” carried out by an insider, although no further evidence was provided to support the theory. Update Trust Wallet, in a follow-up update, has urged affected users to complete a form on their support desk at “trustwallet-support.freshdesk[.]com” to start the compensation process. Victims have been asked to provide their contact email address, country of residence, compromised wallet address(es), the address to which the funds were drained to, and the corresponding transaction hashes.

“We are seeing scams via Telegram ads, fake ‘compensation’ forms, impersonated support accounts, and DMs,” the company cautioned. “Always verify links, never share your recovery phrase, and use official Trust Wallet channels only.” Eowyn Chen, Trust Wallet’s CEO, said an investigation into the incident is underway, reiterating that the issue impacts only Chrome browser extension version 2.68 users who logged in and before December 26, 2025, 11 a.m. UTC. “The malicious extension v2.68 was NOT released through our internal manual process,” Chen said.

“Our current findings suggest it was most likely published externally through the Chrome Web Store API key, bypassing our standard release checks.” “The hacker used a leaked Chrome Web Store API key to submit the malicious extension version v2.68. This successfully passed the Chrome Web Store’s review and was released on December 24, 2025, at 12:32 p.m. UTC.” Following the discovery of the breach, Chen said the company has taken the step of suspending the malicious domain, expiring all release APIs, and processing reimbursement for affected victims. (The story was updated after publication to reflect the latest developments.) Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has been linked to a hacking group called Evasive Panda , which is tracked as Bronze Highland, Daggerfly, and StormBamboo. It’s assessed to be active since at least 2012.

“The group mainly performed adversary-in-the-middle (AitM) attacks on specific victims,” Kaspersky researcher Fatih Şensoy said in a deep-dive analysis. “These included techniques such as dropping loaders into specific locations and storing encrypted parts of the malware on attacker-controlled servers, which were resolved as a response to specific website DNS requests.” This is not the first time Evasive Panda’s DNS poisoning capabilities have come to the fore. As far back as April 2023, ESET noted that the threat actor may have either carried out a supply chain compromise or an AitM attack to serve trojanized versions of legitimate applications like Tencent QQ in an attack targeting an international non-governmental organization (NGO) in Mainland China. In August 2024, a report from Volexity revealed how the threat actor compromised an unnamed internet service provider (ISP) by means of a DNS poisoning attack to push malicious software updates to targets of interest.

Evasive Panda is also one of the many China-aligned threat activity clusters that have relied on AitM poisoning for malware distribution. In an analysis last month, ESET said it’s tracking 10 active groups from China that have leveraged the technique for initial access or lateral movement, including LuoYu, BlackTech, TheWizards APT, Blackwood, PlushDaemon, and FontGoblin. In the attacks documented by Kaspersky, the threat actor has been found to make use of lures that masquerade as updates for third-party software, such as SohuVA, a video streaming service from the Chinese internet company Sohu. The malicious update is delivered from the domain “p2p.hd.sohu.com[.]cn,” likely indicating a DNS poisoning attack.

“There is a possibility that the attackers used a DNS poisoning attack to alter the DNS response of p2p.hd.sohu.com[.]cn to an attacker-controlled server’s IP address, while the genuine update module of the SohuVA application tries to update its binaries located in appdata\roaming\shapp\7.0.18.0\package,” Şensoy explained. The Russian cybersecurity vendor said it also identified other campaigns in which Evasive Panda utilized a fake updater for Baidu’s iQIYI Video, as well as IObit Smart Defrag and Tencent QQ. The attack paves the way for the deployment of an initial loader that’s responsible for launching shellcode that, in turn, fetches an encrypted second-stage shellcode in the form of a PNG image file, again by means of DNS poisoning from the legitimate website dictionary[.]com. Evasive Panda is said to have manipulated the IP address associated with dictionary[.]com, causing victim systems to resolve the website to an attacker-controlled IP address based on their geographical location and internet service provider.

It’s currently not known how the threat actor is poisoning DNS responses. But two possible scenarios are suspected: either the ISPs used by the victims were selectively targeted and compromised to install some kind of a network implant on edge devices, or a router or firewall used by the victims was hacked for this purpose. The HTTP request to obtain the second-stage shellcode also contains the current Windows version number. This is likely an attempt on the part of the attackers to target specific operating system versions and adapt their strategy based on the operating system used.

It’s worth noting that Evasive Panda has previously leveraged watering hole attacks to distribute an Apple macOS malware codenamed MACMA . The exact nature of the second-stage malware is unclear, but Kaspersky’s analysis shows that the first-stage shellcode decrypts and runs the retrieved payload. It’s assessed that the attackers generate a unique encrypted second shellcode file for each victim as a way to bypass detection. A crucial aspect of the operations is the use of a secondary loader (“libpython2.4.dll”) that relies on a renamed, older version of “python.exe” to be sideloaded.

Once launched, it downloads and decrypts the next-stage malware by reading the contents of a file named “C:\ProgramData\Microsoft\eHome\perf.dat.” This file contains the decrypted payload downloaded from the previous step. “It appears that the attacker used a complex process to obtain this stage from a resource, where it was initially XOR-encrypted,” Kaspersky said. “The attacker then decrypted this stage with XOR and subsequently encrypted and saved it to perf.dat using a custom hybrid of Microsoft’s Data Protection Application Programming Interface (DPAPI) and the RC5 algorithm.” The use of a custom encryption algorithm is seen as an attempt to complicate analysis by ensuring that the encrypted data can only be decoded on the specific system where the encryption was initially performed and block any efforts to intercept and analyze the malicious payload. The decrypted code is an MgBot variant that’s injected by the secondary loader into a legitimate “svchost.exe” process.

A modular implant, MgBot, is capable of harvesting files, logging keystrokes, gathering clipboard data, recording audio streams, and stealing credentials from web browsers. This enables the malware to maintain a stealthy presence in compromised systems for long periods of time. “The Evasive Panda threat actor has once again showcased its advanced capabilities, evading security measures with new techniques and tools while maintaining long-term persistence in targeted systems,” Kaspersky said. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection. LangChain Core (i.e., langchain-core ) is a core Python package that’s part of the LangChain ecosystem, providing the core interfaces and model-agnostic abstractions for building applications powered by LLMs. The vulnerability, tracked as CVE-2025-68664, carries a CVSS score of 9.3 out of 10.0. Security researcher Yarden Porat has been credited with reporting the vulnerability on December 4, 2025.

It has been codenamed LangGrinch . “A serialization injection vulnerability exists in LangChain’s dumps() and dumpd() functions,” the project maintainers said in an advisory. “The functions do not escape dictionaries with ‘lc’ keys when serializing free-form dictionaries.” “The ‘lc’ key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data.” According to Cyata researcher Porat, the crux of the problem has to do with the two functions failing to escape user-controlled dictionaries containing “lc” keys.

The “lc” marker represents LangChain objects in the framework’s internal serialization format. “So once an attacker is able to make a LangChain orchestration loop serialize and later deserialize content including an ‘lc’ key, they would instantiate an unsafe arbitrary object, potentially triggering many attacker-friendly paths,” Porat said . This could have various outcomes, including secret extraction from environment variables when deserialization is performed with “secrets_from_env=True” (previously set by default), instantiating classes within pre-approved trusted namespaces, such as langchain_core, langchain, and langchain_community, and potentially even leading to arbitrary code execution via Jinja2 templates. What’s more, the escaping bug enables the injection of LangChain object structures through user-controlled fields like metadata, additional_kwargs, or response_metadata via prompt injection.

The patch released by LangChain introduces new restrictive defaults in load() and loads() by means of an allowlist parameter “allowed_objects” that allows users to specify which classes can be serialized/deserialized. In addition, Jinja2 templates are blocked by default, and the “secrets_from_env” option is now set to “False” to disable automatic secret loading from the environment. The following versions of langchain-core are affected by CVE-2025-68664 -

= 1.0.0, < 1.2.5 (Fixed in 1.2.5) < 0.3.81 (Fixed in 0.3.81) It’s worth noting that there exists a similar serialization injection flaw in LangChain.js that also stems from not properly escaping objects with “lc” keys, thereby enabling secret extraction and prompt injection. This vulnerability has been assigned the CVE identifier CVE-2025-68665 (CVSS score: 8.6).

It impacts the following npm packages - @langchain/core >= 1.0.0, < 1.1.8 (Fixed in 1.1.8) @langchain/core < 0.3.80 (Fixed in 0.3.80) langchain >= 1.0.0, < 1.2.3 (Fixed in 1.2.3) langchain < 0.3.37 (Fixed in 0.3.37) In light of the criticality of the vulnerability, users are advised to update to a patched version as soon as possible for optimal protection. “The most common attack vector is through LLM response fields like additional_kwargs or response_metadata, which can be controlled via prompt injection and then serialized/deserialized in streaming operations,” Porat said. “This is exactly the kind of ‘AI meets classic security’ intersection where organizations get caught off guard. LLM output is an untrusted input.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use. This week’s findings show a pattern: precision, patience, and persuasion.

The newest campaigns don’t shout for attention — they whisper through familiar interfaces, fake updates, and polished code. The danger isn’t just in what’s being exploited, but in how ordinary it all looks. ThreatsDay pulls these threads together — from corporate networks to consumer tech — revealing how quiet manipulation and automation are reshaping the threat landscape. It’s a reminder that the future of cybersecurity won’t hinge on bigger walls, but on sharper awareness.

Open-source tool exploited Abuse of Nezha for Post-Exploitation Bad actors are leveraging an open-source monitoring tool named Nezha to gain remote access to compromised hosts. Its ability to allow administrators to view system health, execute commands, transfer files, and open interactive terminal sessions also makes it an attractive choice for threat actors. In one incident investigated by Ontinue, the tool was deployed as a post-exploitation remote access tool by means of a bash script, while pointing to a remote dashboard hosted on Alibaba Cloud infrastructure located in Japan. “The weaponization of Nezha reflects an emerging modern attack strategy where threat actors systematically abuse legitimate software to achieve persistence and lateral movement while evading signature-based defenses,” said Mayuresh Dani, security research manager at Qualys.

The abuse of Nezha is part of broader efforts where attackers leverage legitimate tools to evade signature detection, blend with normal activity, and reduce development effort. Facial scans for SIMs South Korea to Require Face Scans to Buy a SIM South Korea will begin requiring people to submit to facial recognition when signing up for a new mobile phone number in a bid to tackle scams and identity theft, according to the Ministry of Science and ICT. “By comparing the photo on an identification card with the holder’s actual face on a real-time basis, we can fully prevent the activation of phones registered under a false name using stolen or fabricated IDs,” the ministry said . The new policy, which applies to SK Telecom, Korea Telecom, and LG Uplus, and other mobile virtual network operators, takes effect on March 23 after a pilot following a trial that began this week .

The science ministry has emphasized that no data will be stored as part of the new policy. “We are well aware that the public is concerned due to a series of hacking incidents at local mobile carriers,” the ministry said. “Contrary to concerns raised by some, no personal information is stored or saved, and it is immediately erased once identification is verified.” Android NFC threat spike NFC-Abusing Android Malware Surges in H2 2025 Data from ESET has revealed that detections of NFC-abusing Android malware grew by 87% between H1 and H2 2025. This increase has been coupled with the growing sophistication of NFC-based malware, such as the harvesting of victims’ contacts, disabling of biometric verification, and bringing together NFC attacks with remote access trojan (RAT) features and Automated Transfer System (ATS) capabilities.

In these campaigns, malicious apps distributing malware such as PhantomCard prompt victims to hold their payment card near the phone and enter their PIN for authentication. In the process, the captured information is relayed to the attackers. “Recent innovations in the NFC sphere demonstrate that threat actors no longer rely solely on relay attacks: they are blending NFC exploitation with advanced capabilities such as remote access and automated transfers,” ESET said . “The efficiency of the scams is further fueled by advanced social engineering and technologies that can bypass biometric verification.” Fake PoCs spread malware Fake PoCs Lead to WebRAT Threat actors are now targeting inexperienced professionals and students in the information security field with fake proof-of-concept (PoC) exploits for security flaws such as CVE-2025-59295, CVE-2025-10294, and CVE-2025-59230 to trick them into installing WebRAT using a ZIP archive hosted in the repositories.

“To build trust, they carefully prepared the repositories, incorporating detailed vulnerability information into the descriptions,” Kaspersky said . The repositories include detailed sections with overviews of the vulnerability, system impact, install guides, usage steps, and even mitigation advice. The consistency of the format of a professional PoC write-up suggests the descriptions are machine-generated to avoid detection. Present within the ZIP file is an executable named “rasmanesc.exe,” that’s capable of escalating privileges, disabling Microsoft Defender, and fetching WebRAT from an external server.

Webrat is a backdoor that allows attackers to control the infected system, as well as steal data from cryptocurrency wallets, Telegram, Discord, and Steam accounts. It can also perform spyware functions such as screen recording, surveillance via a webcam and microphone, and keylogging. WebRAT is sold by NyashTeam , which also advertises DCRat. GuLoader surge observed GuLoader Campaigns Spiked in Late 2025 Campaigns distributing GuLoader (aka CloudEyE) scaled a new high between September and November 2025, according to ESET , with the highest detection peak recorded in Poland on September 18.

“CloudEyE is multistage malware; the downloader is the initial stage and spreads via PowerShell scripts, JavaScript files, and NSIS executables,” the company said. “These then download the next stage, which contains the crypter component with the intended final payload packed within. All CloudEyE stages are heavily obfuscated, meaning that they are deliberately difficult to detect and analyze, with their contents being compressed, encrypted, encoded, or otherwise obscured.” Chatbot flaws exposed Flaws in Eurostar AI Chatbot Multiple vulnerabilities have been disclosed in Eurostar’s public artificial intelligence (AI) chatbot that could allow guardrail bypass by taking advantage of the fact that the frontend relays the entire chat history to the API while running checks only on the latest message to ensure it’s safe. This opens the door to a scenario where an attacker could tamper with earlier messages, which, when fed into the model’s API, causes it to return unintended responses via a prompt injection.

Other identified issues included the ability to modify message IDs to potentially lead to cross-user compromise and inject HTML code stemming from the lack of input validation. “An attacker could exfiltrate prompts, steer answers, and run scripts in the chat window,” Pen Test Partners said. “The core lesson is that old web and API weaknesses still apply even when an LLM is in the loop.” Some of these vulnerabilities have since been fixed, but not before a confusing disclosure process that saw the penetrating testing firm somehow being accused of blackmail by Eurostar’s head of security on LinkedIn after asking, “Maybe a simple acknowledgement of the original email report would have helped?” Critical flaws uncovered Several Flaws in Databases Discovered A hacking competition conducted by Wiz, zeroday.cloud, led to the discovery of 11 critical zero-day exploits affecting foundational open-source components used in critical cloud infrastructure, including container runtimes, AI infrastructure such as vLLM and Ollama, and databases like Redis, PostgreSQL, and MariaDB. The most severe of the flaws has been uncovered in Linux.

“The vulnerability allows for a Container Escape, often enabling attackers to break out of an isolated cloud service, dedicated to one specific user, and spread to the underlying infrastructure that manages all users,” Wiz said . “This breaks the core promise of cloud computing: the guarantee that different customers running on the same hardware remain separate and inaccessible to one another. This further reinforces that containers shouldn’t be the sole security barrier in multi-tenant environments.” Loader targets industries New Campaign Targets Manufacturing and Government Orgs Manufacturing and government organizations in Italy, Finland, and Saudi Arabia are the target of a new phishing campaign that uses a commodity loader to deliver a wide range of malware, such as PureLogs, XWorm, Katz Stealer , DCRat, and Remcos RAT. “This campaign utilizes advanced tradecraft, employing a diverse array of infection vectors including weaponized Office documents (exploiting CVE-2017-11882 ), malicious SVG files, and ZIP archives containing LNK shortcuts,” Cyble said .

“Despite the variety of delivery methods, all vectors leverage a unified commodity loader.” The use of the loader to distribute a variety of malware indicates that the loader is likely shared or sold across different threat actor groups. A notable aspect of the campaign is the use of steganographic techniques to host image files on legitimate delivery platforms, thereby allowing the malicious code to slip past file-based detection systems by masquerading as benign traffic. The commodity loader is assessed to be Caminho based on similar campaigns detailed by Nextron Systems and Zscaler . Teams gets safer defaults Microsoft Bolsters Teams Security Microsoft has announced that Teams will automatically enable messaging safety features by default, including weaponizable file type protection, malicious URL protection, and reporting incorrect detections.

The change will roll out starting January 12, 2026, to tenants that have not previously modified messaging safety settings and are still using the default configuration. “We’re improving messaging security in Microsoft Teams by enabling key safety protections by default,” Microsoft said in a Microsoft 365 message center update. “This update helps safeguard users from malicious content and provides options to report incorrect detections.” In addition, the Windows maker said security administrators will be able to block external users in Microsoft Teams via the Tenant Allow/Block List in the Microsoft Defender portal. The feature is expected to roll out in early January 2026 and be completed by mid-January.

“This centralized approach enhances security and compliance by enabling organizations to control external user access across Microsoft 365 services,” the company said . AI assistant hijack risk Docker Patches Prompt Injection in Ask Gordon Docker has patched a vulnerability in Ask Gordon , its AI assistant embedded in Docker Desktop and the Docker CLI. The flaw, discovered by Pillar Security in the beta version, is a case of prompt injection that enables attackers to hijack the assistant and exfiltrate sensitive data by poisoning Docker Hub repository metadata with malicious instructions. An attacker could have created a malicious Docker Hub repository that contained crafted instructions for the AI to exfiltrate sensitive data when unsuspecting developers ask the chatbot to describe the repository.

“By exploiting Gordon’s inherent trust in Docker Hub content, threat actors can embed instructions that trigger automatic tool execution – fetching additional payloads from attacker-controlled servers, all without user consent or awareness,” security researcher Eilon Cohen said . The issue was addressed in version 4.50.0 released on November 6, 2025. Firewall bypass threat IoT Devices Facing Silent Takeover Researchers have demonstrated how to breach Internet of Things (IoT) devices through firewalls, without the need for any kind of software vulnerability. “We present a new attack technique that allows attackers anywhere in the world to impersonate target intranet devices, hijack cloud communication channels, spoof the cloud, and bypass companion app authentication, and ultimately achieve Remote Code Execution (RCE) with root privileges,” researchers Jincheng Wang and Nik Xe said .

“Our research exposes flaws in existing cloud-device authentication mechanisms, and a widespread absence of proper channel verification mechanisms.” Faster BitLocker encryption Microsoft Announces Hardware-Accelerated BitLocker in Windows 11 Microsoft said it’s rolling out hardware-accelerated BitLocker in Windows 11 to balance robust security with minimal performance impact. “Starting with the September 2025 Windows update for Windows 11 24H2 and the release of Windows 11 25H2, in addition to existing support for UFS (Universal Flash Storage) Inline Crypto Engine technology, BitLocker will take advantage of upcoming system on chip (SoC) and central processing unit (CPU) capabilities to achieve better performance and security for current and future NVMe drives,” the company said . As part of this effort, BitLocker will hardware wrap BitLocker bulk encryption keys and offload bulk cryptographic operations from the main CPU to a dedicated crypto engine. “When enabling BitLocker, supported devices with NVMe drives, along with one of the new crypto offload capable SoCs, will use hardware-accelerated BitLocker with the XTS-AES-256 algorithm by default,” the tech giant added.

Israel-targeted phishing Israeli Entities Targeted by UNG0801 Information Technology (IT), Managed Service Providers (MSPs), human resources, and software development companies in Israel have become the target of a threat cluster likely originating from Western Asia that has used phishing lures written in Hebrew and designed to resemble routine internal communications to infect their systems with a Python- and Rust-based implants tracked as PYTRIC and RUSTRIC. The activity has been tracked by Seqrite Labs under the monikers UNG0801 and Operation IconCat. “A recurring pattern across the observed campaigns is the actor’s heavy reliance on antivirus icon spoofing,” the company said . “Branding from well-known security vendors, most notably SentinelOne and Check Point, is abused to create a false sense of legitimacy.” The PDF attachment in the email messages instructs recipients to download a security scanner by clicking on a Dropbox link that delivers the malware.

PYTRIC is equipped to scan the file system and perform a system-wide wipe. Attack chains distribute RUSTRIC leverage Microsoft Word documents with a malicious macro, which then extracts and launches the malware. Besides enumerating the antivirus programs installed on the infected host, it gathers basic system information and contacts an external server. EDR killer tool sold NtKiller Advertised on Cybercrime Forums A threat actor known as AlphaGhoul is promoting a tool called NtKiller that they claim can stealthily terminate antivirus and security solutions, such as Microsoft Defender, ESET, Kaspersky, Bitdefender, and Trend Micro.

The core functionality, per Outpost24 , is available for $500, with a rootkit add-on and a UAC Bypass add-on costing $300 each. The disclosure comes weeks after a security researcher, who goes by the name Zero Salarium, demonstrated how Endpoint Detection and Response (EDR) programs can be undermined on Windows by exploiting the Bind Filter driver (“bindflt.sys”). In recent months, the security community has also identified ways to bypass web application firewalls (WAFs) by abusing ASP.NET’s parameter pollution, subvert EDRs using an in-memory Portable Executable (PE) loader, and even manipulate Microsoft Defender Antivirus to sideload DLLs and delete executable files to prevent the service from running by exploiting its update mechanism to hijack its execution folder. AI exploits blockchain AI Agents Find $4.6M in Blockchain Smart Contract Exploits AI company Anthropic said Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 developed exploits in blockchain smart contracts that would have allowed the theft of $4.6 million worth of digital assets.

“Both agents uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694, with GPT-5 doing so at an API cost of $3,476,” Anthropic’s Frontier Red Team said . “This demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense.” North Korea’s new lure ScarCruft Behind New Operation Artemis Campaign The North Korean threat actor known as ScarCruft has been linked to a new campaign dubbed Artemis that involves the adversary posing as a writer for Korean TV programs to reach out to targets for casting or interview arrangements. “A short self-introduction and legitimate-looking instructions are used to build trust,” Genians said . “The attacker distributes a malicious HWP file disguised as a pre-interview questionnaire or event guide document.” The end goal of these attacks is to trigger the sideloading of a rogue DLL that ultimately delivers RokRAT, which uses Yandex Cloud for command-and-control (C2).

The campaign gets its name from the fact that one of the identified HWP documents has its Last Saved By field set to the value “Artemis.” AI-fueled disinfo surge CopyCop Scales AI-Driven Influence Ops The Russian influence operation CopyCop (aka Storm-1516) is using AI tools to scale its efforts to a global reach, quietly deploying more than 300 inauthentic websites disguised as local news outlets, political parties, and even fact-checking organizations targeting audiences across North America, Europe, and other regions, including Armenia, Moldova, and parts of Africa. The primary objective is to further Russia’s geopolitical goals and erode Western support for Ukraine. “What sets CopyCop apart from earlier influence operations is its large-scale use of artificial intelligence,” Recorded Future said . “The network relies on self-hosted LLMs, specifically uncensored versions of a popular open-source model, to generate and rewrite content at scale.

Thousands of fake news stories and ‘investigations’ are produced and published daily, blending factual fragments with deliberate falsehoods to create the illusion of credible journalism.” RomCom-themed phishing SHADOW-VOID-042 Behind Trend Micro-Themed Phishing Campaign A threat cluster dubbed SHADOW-VOID-042 has been linked to a November 2025 spear-phishing campaign featuring a Trend Micro-themed social engineering lure to trick victims in the defense, energy, chemical, cybersecurity (including Trend and a subsidiary), and ICT sectors with messages instructing them to install a fake update for alleged security issues in Trend Micro Apex One. The activity, Trend Micro said, shares overlaps with prior campaigns attributed to RomCom (aka Void Rabisu), a threat actor with both financial and espionage motivations that aligned with Russian interests. However, in the absence of a definitive connection, the latter attack waves are being tracked under a separate temporary intrusion set. What’s more, the November 2025 campaign shares tactical and infrastructure overlaps with another campaign in October 2025, which used alleged harassment complaints and research participation as social engineering lures.

“The campaign utilized a multi-stage approach, tailoring every stage to the specific target machine and delivering intermediate payloads to a select number of targets,” Trend Micro said . The URLs embedded in the emails redirect victims to a fake landing page impersonating Cloudflare, while, in the background, attempts are made to exploit a now-patched Google Chrome security flaw (CVE-2018-6065) using a JavaScript file. In the event exploitation fails, they are taken to a decoy site named TDMSec, impersonating Trend Micro. The JavaScript file also contains shellcode responsible for gathering system information and contacting an external server to fetch a second-stage payload, which acts as a loader for an encrypted component that then proceeds to contact a server to obtain an unspecified next-stage malware.

While Void Rabisu has exploited zero-days in the past, the new findings raise the possibility that it could be undergoing several changes. The stories this week aren’t just about new attacks — they’re a snapshot of how the digital world is maturing under pressure. Every exploit, fake lure, or AI twist is a sign of systems being tested in real time. The takeaway isn’t panic; it’s awareness.

The more we understand how these tactics evolve, the less power they hold. Cybersecurity now sits at the crossroads of trust and automation. As AI learns to defend, it’s also learning how to deceive. That tension will define the next chapter — and how ready we are to face it depends on what we choose to notice today.

Stay curious, stay skeptical, and read between the lines. The biggest threats often hide in what feels most routine — and that’s exactly where the next breakthrough in defense will begin. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors in the activity, with one of the Russian exchanges receiving LastPass-linked funds as recently as October. This assessment is “based on the totality of on-chain evidence – including repeated interaction with Russia-associated infrastructure, continuity of control across pre-and post-mix activity, and the consistent use of high-risk Russian exchanges as off-ramps ,” it added. LastPass suffered a major hack in 2022 that enabled attackers to access personal information belonging to its customers, including their encrypted password vaults containing credentials, such as cryptocurrency private keys and seed phrases.

Earlier this month, the password management service was fined $1.6 million by the U.K. Information Commissioner’s Office (ICO) for failing to implement sufficiently robust technical and security measures to prevent the incident. The breach also prompted the company to issue a warning at the time, stating bad actors may use brute-force techniques to guess the master passwords and decrypt the stolen vault data. The latest findings from TRM Labs show that the cybercriminals have done just that.

“Any vault protected by a weak master password could eventually be decrypted offline, turning a single 2022 intrusion into a multi-year window for attackers to quietly crack passwords and drain assets over time,” the company said. “As users failed to rotate passwords or improve vault security, attackers continued to crack weak master passwords years later – leading to wallet drains as recently as late 2025.” The Russian links to the stolen cryptocurrency from the 2022 LastPass breach stem from two primary factors: The use of exchanges commonly associated with the Russian cybercriminal ecosystem in the laundering pipeline and operational connections gleaned from wallets interacting with mixers both before and after the mixing and laundering process. More $35 million in siphoned digital assets have been traced, out of which $28 million was converted to Bitcoin and laundered via Wasabi Wallet between late 2024 and early 2025. Another $7 million has been linked to a subsequent wave detected in September 2025.

The stolen funds have been found to be routed through Cryptomixer.io and off-ramped via Cryptex and Audia6, two Russian exchanges associated with illicit activity. It’s worth mentioning here that Cryptex was sanctioned by the U.S. Treasury Department in September 2024 for receiving over $51.2 million in illicit funds derived from ransomware attacks. TRM Labs said it was able to demix the activity despite the use of CoinJoin techniques to make it harder to trace the flow of funds to external observers, uncovering clustered withdrawals and peeling chains that funneled mixed Bitcoin into the two exchanges.

“This is a clear example of how a single breach can evolve into a multi-year theft campaign,” said Ari Redbord, global head of policy at TRM Labs. “Even when mixers are used, operational patterns, infrastructure reuse, and off-ramp behavior can still reveal who’s really behind the activity.” “Russian high-risk exchanges continue to serve as critical off-ramps for global cybercrime. This case shows why demixing and ecosystem-level analysis are now essential tools for attribution and enforcement.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the case of the username was changed. “This happens when two-factor authentication is enabled in the ‘user local’ setting, and that user authentication type is set to a remote authentication method (eg, LDAP),” Fortinet noted in July 2020. “The issue exists because of inconsistent case-sensitive matching among the local and remote authentication.” The vulnerability has since come under active exploitation in the wild by multiple threat actors , with the U.S.

government also listing it as one of the many weaknesses that were weaponized in attacks targeting perimeter-type devices in 2021. In a fresh advisory issued December 24, 2025, Fortinet noted that successfully triggering CVE-2020-12812 requires the following configuration to be present - Local user entries on the FortiGate with 2FA, referencing back to LDAP The same users need to be members of a group on the LDAP server At least one LDAP group the two-factor users are a member of needs to be configured on FortiGate, and the group needs to be used in an authentication policy which could include for example administrative users, SSL, or IPSEC VPN If these prerequisites are satisfied, the vulnerability causes LDAP users with 2FA configured to bypass the security layer and instead authenticate against LDAP directly, which, in turn, is the result of FortiGate treating usernames as case-sensitive, whereas the LDAP Directory does not. “If the user logs in with ‘Jsmith’, or ‘jSmith’, or ‘JSmith’, or ‘jsmiTh’ or anything that is NOT an exact case match to ‘jsmith,’ the FortiGate will not match the login against the local user,” Fortinet explained. “This configuration causes FortiGate to consider other authentication options.

The FortiGate will check through other configured firewall authentication policies.” “After failing to match jsmith, FortiGate finds the secondary configured group ‘Auth-Group’, and from it the LDAP server, and provided the credentials are correct, authentication will be successful regardless of any settings within the local user policy (2FA and disabled accounts).” As a result, the vulnerability can authenticate admin or VPN users without 2FA. Fortinet released FortiOS 6.0.10, 6.2.4, and 6.4.1 to address the behavior in July 2020. Organizations that have not deployed these versions can run the below command for all local accounts to prevent the authentication bypass issue - set username-case-sensitivity disable Customers who are on FortiOS versions 6.0.13, 6.2.10, 6.4.7, 7.0.1, or later are advised to run the following command - set username-sensitivity disable “With username-sensitivity set to disabled, FortiGate will treat jsmith, JSmith, JSMITH, and all possible combinations as identical and therefore prevent failover to any other misconfigured LDAP group setting,” the company said. As additional mitigation, it’s worth considering removing the secondary LDAP Group if it’s not required, as this eliminates the entire line of attack since no authentication via LDAP group will be possible, and the user will fail authentication if the username is not a match to a local entry.

However, the newly issued guidance does not give any specifics on the nature of the attacks exploiting the flaw, nor whether any of those incidents were successful. Fortinet has also advised impacted customers to contact its support team and reset all credentials if they find evidence of admin or VPN users being authenticated without 2FA. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), relates to a case of command injection that allows post-authentication remote code execution. “Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi,” CISA said.

The addition of CVE-2023-52163 to the KEV catalog comes in the multiple reports from Akamai and Fortinet about the exploitation of the flaw by threat actors to deliver botnets like Mirai and ShadowV2 . According to TXOne Research security researcher Ta-Lun Yen, the vulnerability, alongside an arbitrary file read bug (CVE-2023-52164, CVSS score: 5.1), remains unpatched due to the device reaching end-of-life (EoL) status. Successful exploitation requires an attacker to be logged into the device and perform a crafted request. In the absence of a patch, it’s advised that users avoid exposing the device to the internet and change the default username and password.

CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies apply the necessary mitigations or discontinue use of the product by January 12, 2025, to secure their network from active threats. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple’s Gatekeeper checks. “Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix -style techniques, this sample adopts a more deceptive, hands-off approach,” Jamf researcher Thijs Xhaflaire said . The Apple device management firm and security company said the latest version is distributed as a code-signed and notarized Swift application within a disk image (DMG) file named “zk-call-messenger-installer-3.9.2-lts.dmg” that’s hosted on “zkcall[.]net/download.” The fact that it’s signed and notarized means it can be run without being blocked or flagged by built-in security controls like Gatekeeper or XProtect. Despite this, the installer has been found to display instructions prompting users to right-click and open the app – a common tactic used to sidestep such safeguards.

Apple has since revoked the code signing certificate. The Swift-based dropper then performs a series of checks before downloading and executing an encoded script through a helper component. This includes verifying internet connectivity, enforcing a minimum execution interval of around 3600 seconds to enforce a rate limit, and removing quarantine attributes and validating the file prior to execution. “Notably, the curl command used to retrieve the payload shows clear deviations from earlier variants,” Xhaflaire explained.

“Rather than using the commonly seen -fsSL combination, the flags have been split into -fL and -sS, and additional options like –noproxy have been introduced.” “These changes, along with the use of dynamically populated variables, point to a deliberate shift in how the payload is fetched and validated, likely aimed at improving reliability or evading detection.” Another evasion mechanism used in the campaign is the use of an unusually large DMG file, inflating its size to 25.5 MB by embedding unrelated PDF documents. The Base64-encoded payload, once parsed, corresponds to MacSync , a rebranded version of Mac.c that first emerged in April 2025. MacSync, per MacPaw’s Moonlock Lab, comes fitted with a fully-featured Go-based agent that goes beyond simple data theft and enables remote command and control capabilities. It’s worth noting that code-signed versions of malicious DMG files mimicking Google Meet have also been observed in attacks propagating other macOS stealers like Odyssey .

That said, threat actors have continued to rely on unsigned disk images to deliver DigitStealer as recently as last month. “This shift in distribution reflects a broader trend across the macOS malware landscape, where attackers increasingly attempt to sneak their malware into executables that are signed and notarized, allowing them to look more like legitimate applications,” Jamf said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.