ALL POSTS

Key Findings Cybersecurity firm Resecurity responded to claims made by hacking group ShinyHunters that they had breached the company's internal systems. Resecurity says the attackers were interacting with a honeypot, not their real infrastructure. The honeypot included synthetic employee accounts, fake apps, and isolated infrastructure unrelated to Resecurity's real operations or customers. Resecurity claims no actual client data, passwords, or operational systems were affect

Key Findings Cybersecurity researchers have uncovered a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The campaign used layered redirection, trusted cloud services, user validation checks, and brand impersonation to evade detection and increase phishing success. Over a two-week period, the researchers observed nearly 9,400 phishing emails targeting approximately 3,200 customers across various indust

Key Findings SpaceX, OpenAI, and Anthropic are reportedly preparing for IPOs in 2026 that could collectively exceed $3 trillion in valuation. SpaceX is targeting a $1.5 trillion IPO, fueled by Starlink's profitability and plans to accelerate Starship's Mars colonization and develop space-based AI data centers. OpenAI is eyeing a $1 trillion IPO to fund the development of GPT-6 and the Stargate supercomputing infrastructure. Anthropic, the dark horse, may leapfrog OpenAI by go

Key Findings The RondoDox botnet has been conducting a persistent nine-month campaign targeting IoT devices and web applications. The botnet has been exploiting the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) vulnerability in Next.js and React Server Components (RSC) to achieve remote code execution on susceptible devices. There are about 90,300 instances that remain vulnerable to React2Shell globally, with the majority (68,400) located in the U.S. The R

Key Findings The RondoDox botnet is exploiting the critical React2Shell vulnerability (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. The RondoDox botnet has been active since 2024 and has evolved through three phases: reconnaissance and vulnerability testing, automated web application exploitation, and large-scale IoT botnet deployment. The botnet now runs hourly IoT exploitation waves targeting routers from vendors like Linksys and Wavli

Key Findings HoneyMyte, also known as Mustang Panda or Bronze President, has deployed a sophisticated kernel-mode rootkit to infiltrate government networks in Southeast and East Asia. The rootkit, named ProjectConfiguration.sys, is signed with a stolen digital certificate to bypass security checks. The rootkit acts as a "bodyguard" for HoneyMyte's malware, including the group's signature backdoor ToneShell, by manipulating driver loading order to blind security software like

Key Findings IBM disclosed a critical vulnerability (CVE-2025-13915) in its API Connect product that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability has a CVSS score of 9.8, indicating a severe and high-risk flaw. The issue affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 of IBM API Connect. Background IBM API Connect is an end-to-end API management solution used by organizations to create, test, manage, and secure APIs

Key Findings The second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain attack in November 2025 was likely responsible for the hack of Trust Wallet's Google Chrome extension. The attack resulted in the theft of approximately $8.5 million in cryptocurrency assets from 2,520 wallet addresses. The attacker obtained full access to the Chrome Web Store (CWS) API key, allowing them to upload a trojanized version of the extension with a backdoor capable of harvesting users

Key Points The cybercrime group known as Silver Fox has shifted its focus to Indian users, using income tax-themed phishing emails to distribute the ValleyRAT remote access trojan. Silver Fox is a Chinese hacking group that has been active since 2022, targeting Chinese-speaking individuals and organizations initially, but has now expanded its victimology to include Indian users. The phishing emails contain malicious PDF attachments that lead victims to download a ZIP file con

Key Findings Mustang Panda (aka HoneyMyte, Camaro Dragon, RedDelta, Bronze President) used a signed kernel-mode rootkit driver to deploy its ToneShell backdoor in attacks targeting government entities in Southeast and East Asia, especially Myanmar and Thailand. The driver file, named "ProjectConfiguration.sys", is signed with a stolen or leaked digital certificate from Guangzhou Kingteller Technology Co., Ltd. (serial number 08 01 CC 11 EB 4D 1D 33 1E 3D 54 0C 55 A4 9F 7F). T

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the MongoDB vulnerability CVE-2025-14847, known as "MongoBleed," to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, with a CVSS score of 8.7, allows unauthenticated, remote attackers to execute arbitrary code on vulnerable MongoDB servers. Over 87,000 potentially vulnerable MongoDB instances have been identified worldwide, primarily located in the U.S., China, Germany

Key Findings Servers of Ubisoft's Rainbow Six Siege were compromised in a hacker attack Attackers infiltrated the servers and granted massive amounts of in-game currency and items to players This triggered Ubisoft's anti-cheat system, which began issuing account bans indiscriminately Even well-known players were caught up in the wave of suspensions Ubisoft is working to resolve the issue through data rollbacks and quality control testing The company cautioned that a full rest

Key Findings Vulnerability CVE-2025-54322 in XSpeeder networking devices allows for remote root access without a password. The vulnerability earned a perfect 10.0 (Critical) CVSS score, the highest possible threat rating. The vulnerability was discovered by the research firm pwn.ai using its proprietary AI tool. Over 70,000 XSpeeder devices are currently exposed online due to this vulnerability. Despite the research team's 7-month effort to notify the vendor, XSpeeder has not

Key Findings A critical vulnerability, tracked as CVE-2025-14847, has been discovered in MongoDB, a popular open-source database system. The flaw, dubbed "MongoBleed," allows remote, unauthenticated attackers to read sensitive contents from the server's memory (heap), potentially exposing internal states and pointers. The vulnerability lies in how MongoDB handles Zlib compressed protocol headers, where the server blindly trusts the length claimed by a client, even when it doe

Key Findings Autonomous AI agents discovered a critical, unpatched vulnerability (CVE-2025-54322) in networking gear manufactured by Xspeeder, a Chinese vendor known for routers and SD-WAN appliances. The vulnerability is a pre-authentication Remote Code Execution (RCE) flaw with a CVSS score of 10. This is the first remotely exploitable zero-day vulnerability discovered by an automated AI platform, according to the report. The vulnerable firmware, SXZOS, powers Xspeeder's SD

Key Findings Encrypted vault backups stolen in the 2022 LastPass breach are still being cracked, enabling crypto theft as late as 2025. Attackers have drained over $28 million in crypto by exploiting weak master passwords to decrypt the stolen vaults. The funds were laundered through Russian cybercrime infrastructure, including mixers and high-risk exchanges. TRM Labs' analysis indicates likely Russian criminal involvement in monetizing the LastPass breach. Background In 2022

Key Findings An NPM package named 'Lotusbail' with over 56,000 downloads has been stealing WhatsApp credentials and data The package is a fork of the legitimate 'Baileys' WhatsApp Web API library, making it hard to detect It intercepts and exfiltrates user credentials, messages, contacts, and media, encrypting the data with custom RSA before sending it to the attacker The malware also hijacks the WhatsApp device pairing process, secretly linking the attacker's device to the v

Key Findings Everest ransomware group claims to have breached Chrysler systems and stolen over 1TB of data Stolen data includes extensive customer, dealer, and internal records spanning 2021-2025 Over 105GB of Salesforce-related information is reportedly part of the stolen data Screenshots show customer interaction logs, agent work logs, and potential HR/identity records Everest has threatened to publish the full dataset and audio recordings if demands are not met Chrysler ha

Key Findings Trust Wallet confirmed a security incident involving its Chrome extension version 2.68 that resulted in approximately $7 million in losses. The malicious code in the compromised extension version prompted users to share their wallet mnemonic phrases, which were then used to drain funds. Trust Wallet is advising all users to urgently update to version 2.69 of the extension to mitigate the issue. The company stated it will ensure all affected users are refunded, wi

Key Findings China-linked advanced persistent threat (APT) group Evasive Panda (also known as Bronze Highland, Daggerfly, and StormBamboo) conducted a cyber espionage campaign targeting victims in Türkiye, China, and India. The group used adversary-in-the-middle (AitM) attacks and DNS poisoning techniques to deliver its signature MgBot backdoor. The attackers leveraged lures that masqueraded as updates for third-party software, such as SohuVA, Baidu's iQIYI Video, IObit Smart