Cyber Attack

The cybersecurity landscape in 2025 saw an increase in the scale and sophistication of cyber threats. Nation-states, organized crime, and hybrid groups blurred the lines between espionage and financial crime, while supply chain weaknesses and social engineering became major attack methods. Massive data theft targeting cloud platforms like Salesforce exposed …

The RondoDox botnet is using the serious React2Shell vulnerability (CVE-2025-55182) to infect unprotected Next.js servers with malware and cryptominers. RondoDox, a large-scale botnet first reported by Fortinet in July 2025, targets various n-day vulnerabilities in global attacks. In November, VulnCheck discovered new variants of RondoDox that exploit the critical remote …

Employee data at Korean Air, South Korea’s largest airline, was leaked following a cyberattack on a partner firm that provides in-flight meals and onboard services, industry sources reported on Monday. According to the sources, Korean Air issued an internal notice earlier in the day informing employees that KC&D, the airline’s …

Threat actor dubbed “D3f4c3rX” offers to sell a huge amount (60 million) of mobile number dataset from France in a forum. The mammoth dataset contains 160,000,000+ “verified mobile numbers, professionally processed and categorized by network operator.” According to the claim of the threat actor’s post, the database includes: Total Records: …

Two new banks reported a data breach that revealed customer information due to a hack of their third-party vendor, Marquis Software Solutions. VeraBank in Texas reported that a data breach affected 37,318 clients, revealing their names and some personal information. The bank didn’t detail which personal information was stolen, but …

Denmark has accused Russia of orchestrating two harmful cyber-attacks dubbed ‘destructive and disruptive’. The Danish Defence Intelligence Service revealed on Thursday that Moscow conducted a cyber-attack on a Danish water utility in 2024 and executed DDoS attacks on Danish websites prior to the municipal and regional council elections in November. …

GreyNoise reported that login attempts on GlobalProtect portals surged to 1.7 million over 16 hours, targeting various VPNs, including Palo Alto Networks GlobalProtect and Cisco SSL VPN. Data revealed that over 10,000 unique IP addresses targeted infrastructure in the United States, Mexico, and Pakistan. The malicious traffic originated almost entirely …

Cisco warned customers maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. This yet-to-be-patched zero-day (CVE-2025-20393) affects only Cisco SEG and Cisco SEWM appliances with non-standard configurations, when the Spam Quarantine feature is enabled and exposed on the …

A financially motivated ransomware gang exploited React2Shell vulnerability (CVE-2025-55182) to quickly access corporate networks and deploy malware less than a minute later. React2Shell (CVE-2025-55182) is a maximum severity vulnerability in React Server Components (RSC) which was publicly disclosed on 3 December 2025. The vulnerability impacts the Flight Protocol, a core …

At least 17 Firefox extensions managed to evade detection by hiding malware in their icons. Thousands of users have been compromised, and these harmful add-ons remain accessible on the Firefox platform. Koi Security found 17 Firefox extensions that look safe, with no visible malicious scripts. They offer services like “free …