2026-01-10 AI创业新闻

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final stage, said it may have resulted in a ransomware attack. Most notably, the attack is believed to have exploited three VMware vulnerabilities that were disclosed as zero-days by Broadcom in March 2025: CVE-2025-22224 (CVSS score: 9.3), CVE-2025-22225 (CVSS score: 8.2), and CVE-2025-22226 (CVSS score: 7.1). Successful exploitation of the issue could permit a malicious actor with admin privileges to leak memory from the Virtual Machine Executable (VMX) process or execute code as the VMX process.

That same month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. “The toolkit analyzed […] also includes simplified Chinese strings in its development paths, including a folder named ‘全版本逃逸–交付’ (translated: ‘All version escape - delivery’), and evidence suggesting it was potentially built as a zero-day exploit over a year before VMware’s public disclosure, pointing to a well-resourced developer likely operating in a Chinese-speaking region,” researchers Anna Pham and Matt Anderson said. The assessment that the toolkit weaponizes the three VMware shortcomings is based on the exploit’s behavior, its use of Host-Guest File System (HGFS) for information leaking, Virtual Machine Communication Interface (VMCI) for memory corruption, and shellcode that escapes to the kernel, the company added.

The toolkit involves multiple components, chief among them being “exploit.exe” (aka MAESTRO), which acts as the orchestrator for the entire virtual machine (VM) escape by making use of the following embedded binaries - devcon.exe, to disable VMware’s guest-side VMCI drivers MyDriver.sys, an unsigned kernel driver containing the exploit that’s loaded into kernel memory using an open-source tool called Kernel Driver Utility ( KDU ), following which the exploit status is monitored and the VMCI drivers are re-enabled VM Escape exploitation flow The driver’s main responsibility is to identify the exact ESXi version running on the host and trigger an exploit for CVE-2025-22226 and CVE-2025-22224, ultimately allowing the attacker to write three payloads directly into VMX’s memory - Stage 1 shellcode, to prepare the environment for the VMX sandbox escape Stage 2 shellcode, to establish a foothold on the ESXi host VSOCKpuppet, a 64-bit ELF backdoor that provides persistent remote access to the ESXi host and communicates over VSOCK (Virtual Sockets) port 10000 “After writing the payloads, the exploit overwrites a function pointer inside VMX,” Huntress explained. “It first saves the original pointer value, then overwrites it with the address of the shellcode. The exploit then sends a VMCI message to the host to trigger VMX.” VSOCK communication protocol between client.exe and VSOCKpuppet “When VMX handles the message, it follows the corrupted pointer and jumps to the attacker’s shellcode instead of legitimate code. This final stage corresponds to CVE-2025-22225, which VMware describes as an ‘arbitrary write vulnerability’ that allows ‘escaping the sandbox.’” Because VSOCK offers a direct communication pathway between guest VMs and the hypervisor, the threat actors have been found to employ a “client.exe” (aka GetShell Plugin) that can be used from any guest Windows VM on the compromised host and send commands back up to the compromised ESXi and interact with the backdoor.

The PDB path embedded in the binary reveals it may have been developed in November 2023. The client supports the ability to download files from ESXi to the VM, upload files from the VM to ESXi, and execute shell commands on the hypervisor. Interestingly, the GetShell Plugin is dropped to the Windows VM in the form of a ZIP archive (“Binary.zip”), which also includes a README file with usage instructions, giving an insight into its file transfer and command execution features. It’s currently not clear who is behind the toolkit, but the use of simplified Chinese, coupled with the sophistication of the attack chain and the abuse of zero-day vulnerabilities months before public disclosure, likely points to a well-resourced developer operating in a Chinese-speaking region, theorized Huntress.

“This intrusion demonstrates a sophisticated, multi-stage attack chain designed to escape virtual machine isolation and compromise the underlying ESXi hypervisor,” the company added. “By chaining an information leak, memory corruption, and sandbox escape, the threat actor achieved what every VM administrator fears: full control of the hypervisor from within a guest VM.” “The use of VSOCK for backdoor communication is particularly concerning, it bypasses traditional network monitoring entirely, making detection significantly harder. The toolkit also prioritizes stealth over persistence.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a “sustained” credential-harvesting campaign targeting users of UKR[.]net last month. APT28 is associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). “The use of Turkish-language and regionally targeted lure material suggests that BlueDelta tailored its content to increase credibility among specific professional and geographic audiences,” Recorded Future’s Insikt Group said .

“These selections reflect a continued interest in organizations connected to energy research, defense cooperation, and government communication networks relevant to Russian intelligence priorities.” The cybersecurity company described the attacks as targeting a small but distinct set of victims in February and September 2025, with the campaign leveraging fake login pages that were styled to resemble popular services like Microsoft Outlook Web Access (OWA), Google, and Sophos VPN portals. The efforts are noteworthy for the fact that unsuspecting users are redirected to the legitimate sites after the credentials are entered on the bogus landing pages, thereby avoiding raising any red flags. The campaigns have also been found to lean heavily on services like Webhook[.]site, InfinityFree, Byet Internet Services, and ngrok to host the phishing pages, exfiltrate stolen data, and enable redirections. In a further attempt to lend them a veneer of legitimacy, the threat actors are said to have used legitimate PDF lure documents, including a publication from the Gulf Research Center related to the June 2025 Iran-Israel war and a July 2025 policy briefing calling for a new pact for the Mediterranean released by climate change think tank ECCO.

The attack chain starts with a phishing email containing a shortened link that, when clicked, redirects victims to another link hosted on webhook[.]site, which briefly displays the decoy document for about two seconds before redirecting to a second webhook[.]site that hosts a spoofed Microsoft OWA login page. Present within this page is a hidden HTML form element that stores the webhook[.]site URL and uses JavaScript to send a “page opened” beacon, transmit the submitted credentials to the webhook endpoint, and ultimately redirect back to the PDF hosted on the actual website. APT28 has also been observed conducting three other campaigns - A June 2025 campaign that deployed a credential-harvesting page mimicking a Sophos VPN password reset page hosted on infrastructure provided by InfinityFree to harvest credentials entered into the form and redirect victims to a legitimate Sophos VPN portal belonging to an unnamed E.U. think tank A September 2025 campaign that used credential-harvesting pages hosted on InfinityFree domains to falsely warn users of expired passwords to trick them into entering their credentials and redirect to a legitimate login page associated with a military organization in the Republic of North Macedonia and an IT integrator based in Uzbekistan An April 2025 campaign that used a fake Google password reset page hosted on Byet Internet Services to gather victims’ credentials and exfiltrate them to an ngrok URL “BlueDelta’s consistent abuse of legitimate internet service infrastructure demonstrates the group’s continued reliance on disposable services to host and relay credential data,” the Mastercard-owned company said.

“These campaigns underscore the GRU’s sustained commitment to credential harvesting as a low-cost, high-yield method of collecting information that supports Russian intelligence objectives.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored. An upcoming webinar hosted by Bitdefender aims to cut through the noise with a data-driven outlook on where organizations are already falling short, and what those failures signal for the year ahead.

Rather than speculative scenarios, the session focuses on threats that are actively reshaping the attack landscape today. The webinar examines the convergence of three major trends. First, ransomware is evolving beyond opportunistic attacks toward targeted disruptions designed to maximize operational and business impact. Second, the rapid and often uncontrolled adoption of AI within organizations is creating an internal security crisis, eroding traditional perimeter assumptions and expanding risk from within.

Third, the webinar covers a topic of significant concern and the focus of many media stories: are attackers using AI-orchestrated, adaptive attacks? Bitdefender experts will cover why there is still a good reason to be skeptical about this capability in the near-term. These developments highlight a growing gap between popular cybersecurity predictions and the risks that should genuinely influence security strategy. Backed by research and real-world data, the webinar helps security and IT leaders differentiate sensational headlines from actionable, evidence-based predictions .

Attendees will learn how informed predictions can justify security investment based on real risk, how to update defenses ahead of emerging attack techniques before they become widespread, and how to translate technical threat research into clear, business-relevant priorities. Register for the Bitdefender webinar to gain a practical, research-backed view of the cybersecurity predictions that should define your security strategy for 2026. Found this article interesting? This article is a contributed piece from one of our valued partners.

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258 , carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution affecting LoadLibraryEX. “A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations,” the cybersecurity company said.

Also patched by Trend Micro are two other flaws - CVE-2025-69259 (CVSS score: 7.5) - A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations CVE-2025-69260 (CVSS score: 7.5) - A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote, unauthenticated attacker to create a denial-of-service condition on affected installations Tenable, which is credited with identifying and reporting all three flaws in August 2025, said an attacker can exploit CVE-2025-69258 by sending a message “0x0a8d” (“SC_INSTALL_HANDLER_REQUEST”) to the MsgReceiver.exe component, causing a DLL under their control to be loaded into the binary, resulting in code execution with elevated privileges. Similarly, CVE-2025-69259 and CVE-2025-69260 can also be triggered by sending a specially crafted message “0x1b5b” (“SC_CMD_CGI_LOG_REQUEST”) to the MsgReceiver.exe process, which listens on the default TCP port 20001. The issues impact Apex Central on-premise versions below Build 7190. Trend Micro noted that successful exploitation hinges on an attacker already having physical or remote access to a vulnerable endpoint.

“In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date,” it added. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows - ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday ED 21-01: Mitigate SolarWinds Orion Code Compromise ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities ED 21-04: Mitigate Windows Print Spooler Service Vulnerability ED 22-03: Mitigate VMware Vulnerabilities ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System Stating that these directives were issued with an intent to safeguard Federal Civilian Executive Branch (FCEB) agencies potential risks, CISA said it worked closely with federal agencies to remediate them, incorporate best practices, and establish a more resilient digital infrastructure. CISA also said such directives are published to ensure that emerging threats are mitigated in a timely manner, adding required actions have been either successfully implemented or are now enforced through Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities .

“As the operational lead for federal cybersecurity, CISA leverages its authorities to strengthen federal systems and defend against unacceptable risks, especially those related to hostile nation-state actors,” said CISA Acting Director Madhu Gottumukkala. “The closure of these ten Emergency Directives reflects CISA’s commitment to operational collaboration across the federal enterprise. “Every day, CISA’s exceptional team works collaboratively with partners to eliminate persistent access, counter emerging threats, and deliver real-time mitigation guidance. Looking ahead, CISA continues to advance Secure by Design principles – prioritizing transparency, configurability, and interoperability - so every organization can better defend their diverse environments.” Found this article interesting?

Traditional Firewalls Are Obsolete in the AI Era

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. “As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR) codes in spear-phishing campaigns,” the FBI said in the flash alert.

“This type of spear-phishing attack is referred to as quishing.” The use of QR codes for phishing is a tactic that forces victims to shift from a machine that’s secured by enterprise policies to a mobile device that may not offer the same level of protection, effectively allowing threat actors to bypass traditional defenses. Kimsuky, also tracked as APT43, Black Banshee, Emerald Sleet, Springtail, TA427, and Velvet Chollima, is a threat group that’s assessed to be affiliated with North Korea’s Reconnaissance General Bureau (RGB). It has a long history of orchestrating spear-phishing campaigns that are specifically designed to subvert email authentication protocols. In a bulletin released in May 2024, the U.S.

government called out the hacking crew for exploiting improperly configured Domain-based Message Authentication, Reporting, and Conformance (DMARC) record policies to send emails that look like they’ve come from a legitimate domain. The FBI said it observed the Kimsuky actors utilizing malicious QR codes as part of targeted phishing efforts several times in May and June 2025 - Spoofing a foreign advisor in emails requesting insight from a think tank leader regarding recent developments on the Korean Peninsula by scanning a QR code to access a questionnaire Spoofing an embassy employee in emails requesting input from a senior fellow at a think tank about North Korean human rights issues, along with a QR code that claimed to provide access to a secure drive Spoofing a think tank employee in emails with a QR code that’s designed to take the victim to infrastructure under their control for follow-on activity Sending emails to a strategic advisory firm, inviting them to a non-existent conference by urging the recipients to scan a QR code to redirect them to a registration landing page that’s designed to harvest their Google account credentials by using a fake login page The disclosure comes less than a month after ENKI revealed details of a QR code campaign conducted by Kimsuky to distribute a new variant of Android malware called DocSwap in phishing emails mimicking a Seoul-based logistics firm. “Quishing operations frequently end with session token theft and replay, enabling attackers to bypass multi-factor authentication and hijack cloud identities without triggering typical ‘MFA failed’ alerts,” the FBI said. “Adversaries then establish persistence in the organization and propagate secondary spear-phishing from the compromised mailbox.” “Because the compromise path originates on unmanaged mobile devices outside normal Endpoint Detection and Response (EDR) and network inspection boundaries, Quishing is now considered a high-confidence, MFA-resilient identity intrusion vector in enterprise environments.” Found this article interesting?

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. “The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact to further spread the infection,” the cybersecurity company said in a report shared with The Hacker News. “While the core Astaroth payload remains written in Delphi and its installer relies on Visual Basic script, the newly added WhatsApp-based worm module is implemented entirely in Python, highlighting the threat actors’ growing use of multi-language modular components.” Astaroth, also called Guildma, is a banking malware that has been detected in the wild since 2015, primarily targeting users in Latin America, notably Brazil, to facilitate data theft.

In 2024, two different threat clusters tracked as PINEAPPLE and Water Makara were observed leveraging phishing emails to propagate the malware. The use of WhatsApp as a delivery vehicle for banking trojans is a new tactic that has gained traction among threat actors targeting Brazilian users, a move fueled by the widespread use of the messaging platform in the country. Last month, Trend Micro detailed Water Saci’s reliance on WhatsApp to spread Maverick and a variant of Casbaneiro. Sophos, in a report published in November 2025, said it’s tracking a multi-stage malware distribution campaign codenamed STAC3150 targeting WhatsApp users in Brazil with Astaroth.

More than 95% of the impacted devices were located in Brazil, with the remaining infections scattered across the U.S. and Austria. The activity, active since at least September 24, 2025, delivers ZIP archives containing a downloader script that retrieves a PowerShell or Python script to collect WhatsApp user data for further propagation, along with an MSI installer that deploys the trojan. The latest findings from Acronis is a continuation of this trend, where ZIP files distributed through WhatsApp messages act as a jumping-off point for the malware infection.

“When the victim extracts and opens the archive, they encounter a Visual Basic Script disguised as a benign file,” the cybersecurity company said. “Executing this script triggers the download of the next-stage components and marks the beginning of the compromise.” This includes two modules - A Python-based propagation module that gathers the victim’s WhatsApp contacts and automatically forwards a malicious ZIP file to each of them, effectively leading to the spread of the malware in a worm-like manner A banking module that operates in the background and continuously monitors a victim’s web browsing activity, and activates when banking-related URLs are visited to harvest credentials and enable financial gain “The malware author also implemented a built-in mechanism to track and report propagation metrics in real time,” Acronis said. “The code periodically logs statistics such as the number of messages successfully delivered, the number of failed attempts, and the sending rate measured in messages per minute.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop, DriveSwitch, and SilentRaid, according to a Cisco Talos report published today. “In addition to conducting espionage-focused attacks where UAT-7290 burrows deep inside a victim enterprise’s network infrastructure, their tactics, techniques, and procedures (TTPs) and tooling suggest that this actor also establishes Operational Relay Box (ORBs) nodes,” researchers Asheer Malhotra, Vitor Ventura, and Brandon White said . “The ORB infrastructure may then be used by other China-nexus actors in their malicious operations, signifying UAT-7290’s dual role as an espionage-motivated threat actor as well as an initial access group.” Attacks mounted by the adversary have mainly targeted telecommunications providers in South Asia.

However, recent intrusion waves have branched out to strike organizations in Southeastern Europe. UAT-7290’s tradecraft is broad as it’s varied, relying on a combination of open-source malware, custom tooling, and payloads for one-day vulnerabilities in popular edge networking products. Some of the notable Windows implants put to use by the threat actor include RedLeaves (aka BUGJUICE) and ShadowPad , both exclusively linked to Chinese hacking groups. That said, the group mainly leverages a Linux-based malware suite comprising - RushDrop (aka ChronosRAT ), a dropper that initiates the infection chain DriveSwitch, a peripheral malware that’s used to execute SilentRaid on the infected system SilentRaid (aka MystRodX ), a C++-based implant that establishes persistent access to compromised endpoints and employs a plugin-like approach to communicate with an external server, open a remote shell, set up port forwarding, and perform file operations It’s worth noting that a prior analysis from QiAnXin XLab flagged MystRodX as a variant of ChronosRAT, a modular ELF binary that’s capable of shellcode execution, file management, keylogging, port forwarding, remote shell, screenshot capture, and proxy.

Palo Alto Networks Unit 42 is tracking the associated threat cluster under the moniker CL-STA-0969. Also deployed by UAT-7290 is a backdoor called Bulbature that’s engineered to transform a compromised edge device into an ORBs. It was first documented by Sekoia in October 2024. The cybersecurity company said the threat actor shares tactical and infrastructure overlaps with China-linked adversaries known as Stone Panda and RedFoxtrot (aka Nomad Panda).

“The threat actor conducts extensive reconnaissance of target organizations before carrying out intrusions. UAT-7290 leverages one-day exploits and target-specific SSH brute force to compromise public-facing edge devices to gain initial access and escalate privileges on compromised systems,” the researchers said. “The actor appears to rely on publicly available proof-of-concept exploit code as opposed to developing their own.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits.

Honeypot Traps Hackers Hackers Fall for Resecurity’s Honeypot Cybersecurity company Resecurity revealed that it deliberately lured threat actors who claimed to be associated with Scattered LAPSUS$ Hunters ( SLH ) into a trap, after the group claimed on Telegram that it had hacked the company and stolen internal and client data. The company said it set up a honeytrap account populated with fake data designed to resemble real-world business data and planted a fake account on an underground marketplace for compromised credentials after it uncovered a threat actor attempting to conduct malicious activity targeting its resources in November 2025 by probing various publicly facing services and applications. The threat actor is also said to have targeted one of its employees who had no sensitive data or privileged access. “This led to a successful login by the threat actor to one of the emulated applications containing synthetic data,” it said .

“While the successful login could have enabled the actor to gain unauthorized access and commit a crime, it also provided us with strong proof of their activity. Between December 12 and December 24, the threat actor made over 188,000 requests attempting to dump synthetic data.” As of January 4, 2025, the group removed the post announcing the hack from their Telegram channel. Resecurity said the exercise also allowed them to identify the threat actor and link one of their active Gmail accounts to a U.S.-based phone number and a Yahoo account. Regardless of the setback, new findings from CYFIRMA indicate that the loose-knit collective has resurfaced with scaled-up recruitment activity, seeking initial access brokers, insider collaborators, and corporate credentials.

“Chatroom discussions repeatedly reference legacy threat brands such as LizardSquad, though these mentions remain unverified and are likely part of an intimidation or reputation-inflation strategy rather than proof of a formal alliance,” it said . Crypto Miner via GeoServer Exploitation of GeoServer Flaw Threat actors are exploiting a known flaw in GeoServer, CVE-2024-36401 , to distribute an XMRig cryptocurrency miner by means of PowerShell commands. “Additionally, the same threat actor is also distributing a coin miner to WegLogic servers,” AhnLab said . “It appears that they are installing CoinMiner when they scan the systems exposed to the outside world and find vulnerable services.” Two other threat actors have also benefited from abusing the flaw to deliver the miner, AnyDesk for remote access, and a custom-made downloader malware dubbed “systemd” from an external server whose exact function remains unknown.

“Threat actors are targeting environments where GeoServer is installed and are installing various coin miners,” the company said. “The threat actor can then use NetCat, which is installed together with the coin miner, to install other malware or steal information from the system.” KEV Catalog Expansion CISA Added 245 Flaws to KEV Catalog in 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, as the database grew to 1,484 software and hardware flaws at high risk of cyber attacks – an increase of about 20% from the previous year. In comparison, 187 vulnerabilities were added in 2023 and 185 in 2024.

Of the 245 flaws, 24 were exploited by ransomware groups. Microsoft, Apple, Cisco, Fortinet, Google Chromium, Ivanti, Linux Kernel, Citrix, D-Link, Oracle, and SonicWall accounted for 105 of the total vulnerabilities added to the catalog. According to Cyble, the oldest vulnerability added to the KEV catalog in 2025 was CVE-2007-0671, a Microsoft Office Excel Remote Code Execution vulnerability. The oldest vulnerability in the catalog is CVE-2002-0367, a privilege escalation vulnerability in the Windows NT and Windows 2000 “smss.exe” debugging subsystem that has been known to be used in ransomware attacks.

AI Logs Dispute Deepens OpenAI Ordered to Turn Over 20M ChatGPT Logs in Ongoing Copyright Suit OpenAI has been ordered to turn over 20 million anonymized ChatGPT logs in a consolidated AI copyright case in the U.S. after it failed to convince a federal judge to dismiss a magistrate judge’s order, the company said insufficiently weighed privacy concerns. The high-profile lawsuit, which has major news publishers like the New York Times and Chicago Tribune as plaintiffs, is centred around the core argument that the data that powers ChatGPT has included millions of copyrighted works from the news organizations without consent or payment. OpenAI has insisted that AI training is fair use, adding “the data we are making accessible to comply with this order has undergone a de-identification process intended to remove or mask PII and other private information, and is being provided under tight access controls designed to prevent the Times from copying and printing data that isn’t directly relevant to this case.” The news plaintiffs have also alleged that OpenAI destroyed “relevant output log data” by failing to temporarily cease its deletion practices as soon as litigation started in an apparent effort to dodge copyright claims.

Taiwan Faces Surge Attacks China Intensifies Cyber Attacks on Taiwan The National Security Bureau in Taiwan said that China’s attacks on the country’s energy sector increased tenfold in 2025 compared to the previous year. Attackers targeted critical infrastructure in nine key sectors, and the total number of cyber incidents linked to China grew by 6%. The NSB recorded a total of 960,620,609 cyber intrusion attempts targeting Taiwan’s critical infrastructure, allegedly coming from China’s cyber army in 2025. “On average, China’s cyber army launched 2.63 million intrusion attempts per day targeting Taiwan’s CI across nine primary sectors, namely administration and agencies, energy, communications and transmission, transportation, emergency rescue and hospitals, water resources, finance, science parks and industrial parks, as well as food,” the NSB said .

The energy and emergency rescue/hospitals sectors experienced the most significant year-on-year surge in cyber attacks from Chinese threat actors. The attacks have been attributed to five Chinese hacking groups, namely BlackTech (Canary Typhoon, Circuit Panda, and Earth Hundu), Flax Typhoon (aka Ethereal Panda and Storm-0919), HoneyMyte (aka Bronze President, Mustang Panda, and Twill Typhoon), APT41 (aka Brass Typhoon, Bronze Atlas, Double Dragon, Leopard Typhoon, and Wicked Panda), and UNC3886, which are said to have probed network equipment and industrial control systems of Taiwan’s energy companies to plant malware. “China has fully integrated military, intelligence, industrial, and technological capabilities across both public and private sectors to enhance the depth of intrusion and operational stealth of its external cyberattacks through a wide range of cyberattack tactics and techniques,” NSB said. China’s cyber army is also said to have exploited vulnerabilities in the websites and systems of major hospitals in Taiwan to drop ransomware and conduct adversary-in-the-middle (AitM) attacks against communications companies to steal sensitive data.

Exchange Limit Canceled Microsoft Cancels Plans for Mailbox External Recipient Rate Limit Microsoft said it’s indefinitely canceling earlier plans to enforce a Mailbox External Recipient Rate Limit in Exchange Online to combat abuse and prevent misuse of the service for bulk spam and other malicious email activity. “The Recipient Rate Limit and the Tenant-level External Recipient Rate Limit mentioned in Exchange Online limits remain unchanged by this announcement,” the company said. The tech giant first announced the limit in April 2024, stating it would begin enforcing an external recipient rate limit of 2,000 recipients in 24 hours, effective April 2026. Stalkerware Founder Guilty pcTattletale Operator Pleads Guilty Bryan Fleming, the founder of pcTattletale , pleaded guilty to operating stalkerware from his home in the U.S.

state of Michigan. In May 2024, the U.S.-based spyware company said it was “out of business and completely done” after an unknown hacker defaced its website and posted gigabytes of data to its homepage. The app, which covertly captured screenshots of hotel booking systems, suffered from a security flaw that allowed the screenshots to be available to anyone on the internet. The breach affected more than 138,000 users who had registered for the service.

The U.S. Homeland Security Investigations (HSI) said it began investigating pcTattletale in June 2021 for “surreptitiously spying on spouses and partners.” While the tool was ostensibly marketed as a parental control and employee monitoring software, pcTattletale also promoted its ability to snoop on spouses and domestic partners by tracking every click and screen tap. Fleming even had a YouTube channel to promote the spyware. He is expected to be sentenced later this year.

The development marks a rare instance of criminal prosecution for purveyors of stalkerware, who often operate out in the open with impunity. The previous spyware conviction in the U.S. occurred in 2014 when a Danish citizen, Hammad Akbar, pleaded guilty to operating the StealthGenie spyware. Hardcoded Token Risk Critical Flaw in RustFS A critical security vulnerability has been disclosed in RustFS that stems from implementing gRPC authentication using a hard-coded static token that’s publicly exposed in the source code repository, hard-coded on both client and server sides, non-configurable with no mechanism for token rotation, and universally valid across all RustFS deployments.

“Any attacker with network access to the gRPC port can authenticate using this publicly known token and execute privileged operations, including data destruction, policy manipulation, and cluster configuration changes,” RustFS said. The vulnerability, which does not have a CVE identifier, carries a CVSS score of 9.8. It affects versions alpha.13 through alpha.77, and has been patched in 1.0.0-alpha.78 released on December 30, 2025. Malware via pkr_mtsi pkr_mtsi Packer Used to Deliver Malware A Windows packer and loader named pkr_mtsi has been put to use in large-scale malvertising and SEO-poisoning campaigns to distribute trojanized installers for legitimate software such as PuTTY, Rufus, and Microsoft Teams, enabling initial access and flexible delivery of follow-on payloads.

It’s available in both executable (EXE) and dynamic-link library (DLL) forms. “In observed campaigns, pkr_mtsi has been used to deliver a diverse set of malware families, including Oyster , Vidar Stealer , Vanguard Stealer, Supper , and more, underscoring its role as a general-purpose loader rather than a single-payload wrapper,” ReversingLabs said . First observed in April 2025, the packer has witnessed a steady evolutionary trajectory in the intervening months, adding increasingly sophisticated obfuscation layers, anti-analysis and anti-debugging techniques, and evasive API resolution strategies. Open WebUI RCE Risk Security Flaw in Open WebUI A high-severity security flaw has been disclosed in Open WebUI in versions 0.6.34 and older ( CVE-2025-64496 , CVSS score: 7.3) that affects the Direct Connections feature, which lets users connect to external AI model servers (e.g., OpenAI’s API).

“If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack,” Cato Networks said . “If the user also has workspace.tools permission enabled, it can lead to remote code execution (RCE). Which means that a threat actor can control the system running Open WebUI.” The issue was addressed in version 0.6.35 released on November 7, 2025. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker’s malicious model URL.

At its core, the flaw stems from a trust failure between untrusted model servers and the user’s browser session. A hostile server can send a crafted server-sent events message that triggers the execution of JavaScript code in the browser. This allows an attacker to steal authentication tokens stored in localStorage. Once obtained, those tokens grant full access to the victim’s Open WebUI account.

Chats, uploaded documents and API keys can all be exposed. Iranian Group Evolves MuddyWater’s New Tactics Exposed The Iranian nation-state group known as MuddyWater has been conducting phishing attacks designed to deliver known backdoors such as Phoenix and UDPGangster through executable files disguised as PDFs and DOC files with macro code. Both the implants come fitted with command execution and file upload/download capabilities. “It is worth noting that MuddyWater has gradually reduced the use of ready-made remote control programs such as RMM, and instead developed and deployed a variety of dedicated backdoors to implement penetration for specific targets,” the 360 Threat Intelligence Center said .

“The disguised content of the sample is Israeli, Azerbaijani, and English, and the sample is also uploaded by Israel, Azerbaijan, and other regions, which is in line with the attack target of the MuddyWater organization.” ownCloud MFA Alert ownCloud Urges Customers to Enable MFA File-sharing platform ownCloud has warned users to enable multi-factor authentication (MFA) to block malicious attempts that use compromised credentials to steal their data. The alert comes in the wake of a report from Hudson Rock, which flagged a threat actor named Zestix (aka Sentap) for auctioning data exfiltrated from the corporate file-sharing portals of about 50 major global enterprises. “Contrary to attacks involving sophisticated cookie hijacking or session bypasses, the Zestix campaign highlights a far more pedestrian – yet equally devastating – oversight: The absence of Multi-Factor Authentication (2FA),” Hudson Rock said . The attacks follow a well-oiled workflow: An employee inadvertently downloads a malicious file that leads to the deployment of information-stealing malware.

Once the stolen information is made available for sale on darknet forums, the threat actor uses the valid usernames and passwords extracted from the stealer logs to sign into popular cloud file sharing services ShareFile, Nextcloud, and OwnCloud by taking advantage of the missing MFA protections. Zestix is believed to have been active in Russian-language closed forums since late 2024, primarily motivated by financial gain by selling access in exchange for Bitcoin payments. Assessed to be of Iranian origin , the initial access broker has demonstrated ties with a ransomware group named FunkSec . Cross-Platform RAT Analysis GravityRAT Detailed ANY.RUN has published a technical rundown of a sophisticated remote access trojan called GravityRAT that has been actively targeting organizations and government entities since 2016.

A multi-platform malware, it’s equipped to harvest sensitive data, including WhatsApp backups on Android devices, and boasts a wide range of anti-analysis features, including checking BIOS versions, searching for hypervisor artifacts, counting CPU cores, and querying CPU temperature through Windows Management Instrumentation (WMI). “This temperature check is particularly effective because most hypervisors, including Hyper-V, VMware Fusion, VirtualBox, KVM, and Xen, do not support temperature monitoring, causing them to return error messages that immediately reveal the presence of a virtual environment,” ANY.RUN said. The use of GravityRAT is primarily attributed to a Pakistan-origin threat actor tracked as Transparent Tribe. On Windows, it’s often spread via spear-phishing emails containing malicious Office documents with macros or exploits.

On Android, it masquerades as a messaging platform and is distributed via third-party sites or social engineering. “The RAT operates through a multi-stage infection and command-and-control architecture,” ANY.RUN added. “GravityRAT implements a modular architecture where different components handle specific functions.” Scam Empire Kingpin Caught Alleged Scam Empire Mastermind Extradited to China Cambodian authorities have arrested and extradited Chen Zhi, the alleged mastermind behind one of Asia’s largest transnational scam networks, to China. Chen , 38, is the founder and chairman of Prince Group.

He was among the three Chinese nationals arrested on January 6, 2026. His Cambodian nationality was “revoked by a Royal Decree” last month. In October 2025, the U.S. Department of Justice (DoJ) unsealed an indictment against Prince Group and Chen (in absentia) for operating illegal forced-labor scam compounds across Southeast Asia to conduct cryptocurrency fraud schemes, also known as romance baiting or pig butchering.

Scamsters in such incidents begin by establishing fake relationships with unsuspecting users before coaxing them into investing their funds in bogus cryptocurrency platforms. The industrial scale of the operation notwithstanding, those conducting the scams are often trafficked foreign nationals, who are trapped and coerced to carry out online fraud under threat of torture. The U.K. and U.S.

governments have also sanctioned Prince Group, designating it as a transnational criminal organization. In a statement in November 2025, Prince Group said it “categorically rejects” the accusations. China’s Ministry of Public Security described Chen’s arrest as “another great achievement under China-Cambodia law enforcement cooperation.” Mao Ning, a spokesperson for China’s Ministry of Foreign Affairs, said “for quite some time, China has been actively working with countries, including Cambodia, to crack down on crimes of online gambling and telecom fraud with notable outcomes.” Beijing has also worked with Thailand and Myanmar to release thousands of people from scam compounds. Despite ongoing crackdowns, the United Nations Office on Drugs and Crime (UNODC) has said the criminal networks that run the scam hubs are evolving at an unprecedented scale.

Scam victims worldwide lost between $18 billion and $37 billion in 2023, according to UNODC estimates. Phishing Kits Double Evolution of Phishing Kits in 2025 The number of phishing-as-a-service (PhaaS) toolkits doubled during 2025, with 90% of high-volume phishing campaigns leveraging such tools in 2025, according to an analysis by Barracuda. Some of the notable PhaaS players were Sneaky 2FA , CoGUI , Cephas , Whisper 2FA , and GhostFrame . These kits incorporate advanced anti-analysis measures, MFA bypass, and stealth deployment that make it harder to detect using traditional measures.

The main advantage of PhaaS kits is that they lower the barrier to entry, enabling even attackers with little technical expertise to mount large-scale, targeted phishing campaigns with minimal effort. The most common phishing themes observed during the year were fake payment, financial, legal, digital signature, and HR-related messages designed to deceive users into clicking on a link, scanning a QR code, or opening an attachment. Among the novel techniques used by phishing kits are obfuscations to hide URLs from detection and inspection, CAPTCHA for added authenticity, malicious QR codes, abuse of trusted, legitimate online platforms, and ClickFix, among others. Zed IDE RCE Flaws Vulnerabilities in Zed IDE Two high-severity security flaws have been disclosed in Zed IDE that expose users to arbitrary code execution when loading or interacting with a maliciously crafted source code repository.

“Zed automatically loaded MCP [Model Context Protocol] settings from the workspace without requiring user confirmation,” Mindguard said about CVE-2025-68433 (CVSS score: 7.8). “A malicious project could use this to define MCP tools that execute arbitrary code on the developer’s system without explicit permission.” The second vulnerability ( CVE-2025-68432 , CVSS score: 7.8) has to do with the IDE implicitly trusting project-supplied Language Server Protocol ( LSP ) configurations, potentially opening the door to arbitrary command execution when a user opens any source code file in the repository. Following responsible disclosure on November 14, 2025, Zed released version 0.218.2-pre to address the issues last month. That’s the wrap for this week.

These stories show how fast things can change and how small risks can grow big if ignored. Keep your systems updated, watch for the quiet stuff, and don’t trust what looks normal too quickly. Next Thursday, ThreatsDay will be back with more short takes from the week’s biggest moves in hacking and security. Found this article interesting?

The State of Trusted Open Source

Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half a billion builds, they can see what teams pull, deploy, and maintain day-to-day, along with the vulnerabilities and remediation realities that come hand in hand. That’s why they created The State of Trusted Open Source , a quarterly pulse on the open source software supply chain. As they analyzed anonymized product usage and CVE data, the Chainguard team noticed common themes around what open source engineering teams are actually building with and the risks associated.

Here’s what they found: AI is reshaping the baseline stack: Python led the way as the most popular open source image among Chainguard’s global customer base, powering the modern AI stack. Over half of production happens outside of the most popular projects: Most teams may standardize on a familiar set of images, but real-world infrastructure is powered by a broad portfolio that extends far beyond the top 20 most popular, which they refer to in this report as longtail images. Popularity doesn’t map to risk: 98% of the vulnerabilities found and remediated in Chainguard images occurred outside of the top 20 most popular projects. That means the biggest security burden accumulates in the less-visible part of the stack, where patching is hardest to operationalize.

Compliance can be the catalyst for action: Compliance takes many forms today: from SBOM and vulnerability requirements to industry frameworks like PCI DSS, SOC 2, and regulations like the EU’s Cyber Resilience Act. FIPS is just one example, focused specifically on U.S. federal encryption standards. Even so, 44% of Chainguard customers run a FIPS image in production, underscoring how frequently regulatory needs shape real-world software decisions.

Trust is built on remediation speed: Chainguard eliminated Critical CVEs, on average, in under 20 hours. Before we dive in, a note on the methodology: This report analyzes 1800+ unique container image projects, 10,100 total vulnerability instances, and 154 unique CVEs tracked from September 1, 2025, through November 30, 2025. When we use terms like “top 20 projects” and “longtail projects” (as defined by images outside of the top 20), we’re referring to real usage patterns observed across Chainguard’s customer portfolio and in production pulls. Usage: What teams actually run in production If you zoom out, today’s production container footprint looks exactly like you’d expect: foundational languages, runtimes, and infrastructure components dominate the most popular list.

Most popular images: AI is reshaping the baseline stack Across all regions, the top images are familiar staples: Python (71.7% of customers), Node (56.5%), nginx (40.1%), go (33.5%), redis (31.4%), followed by JDK, JRE, and a cluster of core observability and platform tooling like Grafana, Prometheus, Istio, cert-manager, argocd, ingress-nginx, and kube-state-metrics. This indicates that customers operate a portfolio of critical building blocks – including languages, gateways, service mesh, monitoring, and controllers – that collectively form the foundation of their business. It’s not surprising to see Python leading the way globally, as the default glue language for the modern AI stack. Teams typically standardize on Python for model development, data pipelines, and increasingly for production inference services as well.

Most popular by region: Similar foundations, different longtail mix North America shows a broad and consistent set of default production building blocks: Python (71.7% of customers), Node (56.6%), nginx (39.8%), go (31.9%), redis (31.5%), plus strong penetration of Kubernetes ecosystem components (cert-manager, istio, argocd, prometheus, kube-state-metrics, node-exporter, kubectl). Notably, even utility images like busybox show up meaningfully. Outside North America, the same core stack appears, but the portfolio spreads differently: Python (72% of customers), Node (55.8%), Go (44.2%), nginx (41.9%), and a noticeable presence of .NET runtimes (aspnet-runtime, dotnet-runtime, dotnet-sdk) and PostgreSQL. The longtail of images is crucial to production, not edge cases Chainguard’s most popular images represent only 1.37% of all available images and account for roughly half of all container pulls.

The other half of production usage comes from everywhere else: 1,436 longtail images that make up 61.42% of the average customer’s container portfolio. In other words, half of all production workloads run on longtail images. These aren’t edge cases. They’re core to Chainguard’s customers’ infrastructure.

It’s relatively straightforward to keep the top handful of images polished, but what trusted open source requires is maintaining that security and velocity across the breadth of what customers actually run. FIPS usage: Compliance is a catalyst for action FIPS encryption is an essential technology in the compliance landscape, focused on satisfying U.S. federal encryption requirements. And it offers a useful window into how regulatory pressure drives adoption.

In the data, 44% of customers run at least one FIPS image in production. The pattern is consistent: when working within compliance frameworks like FedRAMP, DoD IL-5, PCI DSS, SOC 2, CRA, Essential Eight or HIPAA, teams need hardened, trusted open source software that mirrors their commercial workloads. The most used FIPS images align with the broader portfolio, simply with cryptographic modules strengthened for audit and verification. Top FIPS image projects include Python-fips (62% of customers with at least one FIPS image in production), Node-fips (50%), nginx-fips (47.2%), go-fips (33.8%), redis-fips (33.1%), plus platform components like istio-pilot-fips, istio-proxy-fips, and cert-manager variants.

Even supporting libraries and crypto foundations show up, such as glibc-openssl-fips. FIPS is not the whole story, but it illustrates a broader truth: compliance is a universal driver, emphasizing the need for trusted open source across the entire software stack. CVEs: Popularity doesn’t map to risk When looking across Chainguard’s catalog of images, risk is overwhelmingly concentrated outside of the most popular images. Of the CVEs Chainguard remediated in the past three months, 214 occurred in the top 20 images, accounting for only 2% of the total CVEs.

Go beyond those top images, and you’ll find the other 98% of CVEs Chainguard remediated (10,785 CVE instances). That’s 50 times the number of CVEs in the top 20 images! The largest volume of CVEs are categorized as Medium, but operational urgency often stems from how quickly Critical and High CVEs are addressed, and whether customers can rely on that speed across their entire portfolio, not just the most common images. Trust is built on remediation speed For us, trust is measured in time-to-fix, and Chainguard knows this is most important when it comes to Critical CVEs.

During the three-month period analyzed, Chainguard’s team achieved a less than 20-hour average remediation time for Critical CVEs, with 63.5% of Critical CVEs being resolved within 24 hours, 97.6% within two days, and 100% within three days. In addition to Critical CVE remediation, the team addressed High CVEs in 2.05 days, Medium CVEs in 2.5 days, and Low CVEs in 3.05 days, notably faster than Chainguard’s SLAs (seven days for Critical CVEs and 14 days for high, medium, and low CVEs). And this speed isn’t confined to the most popular packages. For every single CVE remediated in a top 20 image project, they resolved 50 CVEs in less-popular images.

That longtail is where most of your real exposure hides and it can feel hopeless trying to keep up. Most engineering organizations simply can’t allocate resources to patch vulnerabilities in packages that fall outside their core stack, but the data makes it clear that you have to secure the “quiet majority” of your software supply chain with the same rigor as your most critical workloads. A new baseline for trusted open source Across the data, one takeaway stands out: modern software is powered by a wide, shifting portfolio of open source components, most of which live outside the top 20 most popular images. That’s not where developers spend their time, but it’s where the bulk of security and compliance risk accumulates.

This creates a concerning disconnect: it’s rational for engineering teams to focus on the small set of projects that matter most to their stack, but the majority of exposure sits in the vast set of dependencies they don’t have the time to manage. That’s why breadth matters. Chainguard is built to absorb the operational burden of the longtail, providing coverage and remediation at a scale that individual teams can’t justify on their own. As open source supply chains grow more complex, Chainguard will continue to track usage patterns and shine a light on where risk truly resides, so you don’t have to fight the battle against the longtail alone.

Ready to get started with the trusted source for open source? Contact Chainguard to learn more. Note: This article was expertly written and contributed by Ed Sawma, VP Product Marketing, Sasha Itkis, Product Analyst. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. “This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC,” Cisco said in a Wednesday advisory. “An attacker could exploit this vulnerability by uploading a malicious file to the application.” Successful exploitation of the shortcoming could allow an attacker with valid administrative credentials to read arbitrary files from the underlying operating system, which the company said should be off-limits even to administrators.

Bobby Gould of Trend Micro Zero Day Initiative has been credited with discovering and reporting the flaw. It affects the following versions - Cisco ISE or ISE-PIC Release earlier than 3.2 - Migrate to a fixed release Cisco ISE or ISE-PIC Release 3.2 - 3.2 Patch 8 Cisco ISE or ISE-PIC Release 3.3 - 3.3 Patch 8 Cisco ISE or ISE-PIC Release 3.4 - 3.4 Patch 4 Cisco ISE or ISE-PIC Release 3.5 - Not vulnerable Cisco said there are no workarounds to address the flaw, adding it’s aware of the availability of a PoC exploit code. There are no indications that it has been exploited in the wild. In tandem, the networking equipment company also shipped fixes for two other medium-severity bugs stemming from the processing of Distributed Computing Environment Remote Procedure Call (DCE/RPC) requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, impacting availability.

Trend Micro researcher Guy Lederfein has acknowledged for reporting the flaws. The details of the issues are as follows - CVE-2026-20026 (CVSS score: 5.8) - Snort 3 DCE/RPC denial-of-service vulnerability CVE-2026-20027 (CVSS score: 5.3) - Snort 3 DCE/RPC information disclosure vulnerability They affect a number of Cisco products - Cisco Secure Firewall Threat Defense (FTD) Software, if Snort 3 was configured Cisco IOS XE Software Cisco Meraki software With vulnerabilities in Cisco products frequently targeted by bad actors, it’s crucial that users update to the latest version for adequate protection. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT . The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.” bitcoin-main-lib (2,300 Downloads) bitcoin-lib-js (193 Downloads) bip40 (970 Downloads) “The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload,” Zscaler ThreatLabz researchers Satyam Singh and Lakhan Parashar said. “This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities.” NodeCordRAT gets its name from the use of npm as a propagation vector and Discord servers for command-and-control (C2) communications.

The malware is equipped to steal Google Chrome credentials, API tokens, and seed phrases from cryptocurrency wallets like MetaMask. According to the cybersecurity company, the threat actor behind the campaign is assessed to have named the packages after real repositories found within the legitimate bitcoinjs project, such as bitcoinjs-lib, bip32, bip38, and bip38. Both “bitcoin-main-lib” and “bitcoin-lib-js” include a “package.json” file that features “postinstall.cjs” as a postinstall script, leading to the execution of “bip40” that contains the NodeCordRAT payload. The malware, besides fingerprinting the infected host to generate a unique identifier across Windows, Linux, and macOS systems, leverages a hard-coded Discord server to open a covert communication channel to receive instructions and execute them - !run, to execute arbitrary shell commands using Node.js’ exec function !screenshot, to take a full desktop screenshot and exfiltrate the PNG file to the Discord channel !sendfile, to upload a specified file to the Discord channel “This data is exfiltrated using Discord’s API with a hardcoded token and sent to a private channel,” Zscaler said.

“The stolen files are uploaded as message attachments via Discord’s REST endpoint /channels/{id}/messages.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify , an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticated user with database backup permissions to execute arbitrary commands on the host server, resulting in container escape and full server compromise CVE-2025-66210 (CVSS score: 10.0) - An authenticated command injection vulnerability in the database import functionality allows attackers to execute arbitrary commands on managed servers, leading to full infrastructure compromise CVE-2025-66211 (CVSS score: 10.0) - A command injection vulnerability in the PostgreSQL init script management allows authenticated users with database permissions to execute arbitrary commands as root on the server CVE-2025-66212 (CVSS score: 10.0) - An authenticated command injection vulnerability in the Dynamic Proxy Configuration functionality allows users with server management permissions to execute arbitrary commands as root on managed servers CVE-2025-66213 (CVSS score: 10.0) - An authenticated command injection vulnerability in the File Storage Directory Mount functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers CVE-2025-64419 (CVSS score: 9.7) - A command injection vulnerability via docker-compose.yaml that enables attackers to execute arbitrary system commands as root on the Coolify instance CVE-2025-64420 (CVSS score: 10.0) - An information disclosure vulnerability that allows low-privileged users to view the private key of the root user on the Coolify instance, allowing them to gain unauthorized access to the server via SSH and authenticate as the root user using the key CVE-2025-64424 (CVSS score: 9.4) - A command injection vulnerability was found in the git source input fields of a resource, allowing a low-privileged user (member) to execute system commands as root on the Coolify instance CVE-2025-59156 (CVSS score: 9.4) - An operating system command injection vulnerability that allows a low-privileged user to inject arbitrary Docker Compose directives and achieve root-level command execution on the underlying host CVE-2025-59157 (CVSS score: 10.0) - An operating system command injection vulnerability that allows a regular user to inject arbitrary shell commands that execute on the underlying server by using the Git Repository field during deployment CVE-2025-59158 (CVSS score: 9.4) - An improper encoding or escaping of the data that allows an authenticated user with low privileges to conduct a stored cross-site scripting (XSS) attack during project creation that’s automatically executed in the browser context when an administrator later attempts to delete the project or its associated resource The following versions are impacted by the shortcomings - CVE-2025-66209, CVE-2025-66210, CVE-2025-66211

<= 4.0.0-beta.448 (Fixed in >= 4.0.0-beta.451) CVE-2025-66212, CVE-2025-66213
<= 4.0.0-beta.450 (Fixed in >= 4.0.0-beta.451) CVE-2025-64419
< 4.0.0-beta.436 (Fixed in >= 4.0.0-beta.445) CVE-2025-64420, CVE-2025-64424
<= 4.0.0-beta.434 (Fix status unclear) CVE-2025-59156, CVE-2025-59157, CVE-2025-59158
<= 4.0.0-beta.420.6 (Fixed in 4.0.0-beta.420.7) Source: Censys According to data from attack surface management platform Censys, there are about 52,890 exposed Coolify hosts as of January 8, 2026, with most of them located in Germany (15,000), the U.S. (9,800), France (8,000), Brazil (4,200), and Finland (3,400) While there are no indications that any of the flaws have been exploited in the wild, it’s essential that users move quickly to apply the fixes as soon as possible in light of their severity. Found this article interesting?

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records and wellness apps, including Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails, Instacart, and Peloton, to get tailored responses, lab test insights, nutrition advice, personalized meal ideas, and suggested workout classes. The new feature is rolling out for users with ChatGPT Free, Go, Plus, and Pro plans outside of the European Economic Area, Switzerland, and the U.K. “ChatGPT Health builds on the strong privacy, security, and data controls across ChatGPT with additional, layered protections designed specifically for health – including purpose-built encryption and isolation to keep health conversations protected and compartmentalized,” OpenAI said in a statement.

Stating that over 230 million people globally ask health and wellness-related questions on the platform every week, OpenAI emphasized that the tool is designed to support medical care, not replace it or be used as a substitute for diagnosis or treatment. The company also highlighted the various privacy and security features built into the Health experience - Health operates in silo with enhanced privacy and its own memory to safeguard sensitive data using “purpose-built” encryption and isolation Conversations in Health are not used to train OpenAI’s foundation models Users who attempt to have a health-related conversation in ChatGPT are prompted to switch over to Health for additional protections Health information and memories is not used to contextualize non-Health chats Conversations outside of Health cannot access files, conversations, or memories created within Health Apps can only connect with users’ health data with their explicit permission, even if they’re already connected to ChatGPT for conversations outside of Health All apps available in Health are required to meet OpenAI’s privacy and security requirements, such as collecting only the minimum data needed, and undergo additional security review for them to be included in Health Furthermore, OpenAI pointed out that it has evaluated the model that powers Health against clinical standards using HealthBench⁠ , a benchmark the company revealed in May 2025 as a way to better measure the capabilities of AI systems for health, putting safety, clarity, and escalation of care in focus. “This evaluation-driven approach helps ensure the model performs well on the tasks people actually need help with, including explaining lab results in accessible language, preparing questions for an appointment, interpreting data from wearables and wellness apps, and summarizing care instructions,” it added. OpenAI’s announcement follows an investigation from The Guardian that found Google AI Overviews to be providing false and misleading health information.

OpenAI and Character.AI are also facing several lawsuits claiming their tools drove people to suicide and harmful delusions after confiding in them. A report published by SFGate earlier this week detailed how a 19-year-old died of a drug overdose after trusting ChatGPT for medical advice. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.