ALL POSTS

Key Findings Mustang Panda (aka HoneyMyte, Camaro Dragon, RedDelta, Bronze President) used a signed kernel-mode rootkit driver to deploy its ToneShell backdoor in attacks targeting government entities in Southeast and East Asia, especially Myanmar and Thailand. The driver file, named "ProjectConfiguration.sys", is signed with a stolen or leaked digital certificate from Guangzhou Kingteller Technology Co., Ltd. (serial number 08 01 CC 11 EB 4D 1D 33 1E 3D 54 0C 55 A4 9F 7F). T

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the MongoDB vulnerability CVE-2025-14847, known as "MongoBleed," to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, with a CVSS score of 8.7, allows unauthenticated, remote attackers to execute arbitrary code on vulnerable MongoDB servers. Over 87,000 potentially vulnerable MongoDB instances have been identified worldwide, primarily located in the U.S., China, Germany

Key Findings Servers of Ubisoft's Rainbow Six Siege were compromised in a hacker attack Attackers infiltrated the servers and granted massive amounts of in-game currency and items to players This triggered Ubisoft's anti-cheat system, which began issuing account bans indiscriminately Even well-known players were caught up in the wave of suspensions Ubisoft is working to resolve the issue through data rollbacks and quality control testing The company cautioned that a full rest

Key Findings Vulnerability CVE-2025-54322 in XSpeeder networking devices allows for remote root access without a password. The vulnerability earned a perfect 10.0 (Critical) CVSS score, the highest possible threat rating. The vulnerability was discovered by the research firm pwn.ai using its proprietary AI tool. Over 70,000 XSpeeder devices are currently exposed online due to this vulnerability. Despite the research team's 7-month effort to notify the vendor, XSpeeder has not

Key Findings A critical vulnerability, tracked as CVE-2025-14847, has been discovered in MongoDB, a popular open-source database system. The flaw, dubbed "MongoBleed," allows remote, unauthenticated attackers to read sensitive contents from the server's memory (heap), potentially exposing internal states and pointers. The vulnerability lies in how MongoDB handles Zlib compressed protocol headers, where the server blindly trusts the length claimed by a client, even when it doe

Key Findings Autonomous AI agents discovered a critical, unpatched vulnerability (CVE-2025-54322) in networking gear manufactured by Xspeeder, a Chinese vendor known for routers and SD-WAN appliances. The vulnerability is a pre-authentication Remote Code Execution (RCE) flaw with a CVSS score of 10. This is the first remotely exploitable zero-day vulnerability discovered by an automated AI platform, according to the report. The vulnerable firmware, SXZOS, powers Xspeeder's SD

Key Findings Encrypted vault backups stolen in the 2022 LastPass breach are still being cracked, enabling crypto theft as late as 2025. Attackers have drained over $28 million in crypto by exploiting weak master passwords to decrypt the stolen vaults. The funds were laundered through Russian cybercrime infrastructure, including mixers and high-risk exchanges. TRM Labs' analysis indicates likely Russian criminal involvement in monetizing the LastPass breach. Background In 2022

Key Findings An NPM package named 'Lotusbail' with over 56,000 downloads has been stealing WhatsApp credentials and data The package is a fork of the legitimate 'Baileys' WhatsApp Web API library, making it hard to detect It intercepts and exfiltrates user credentials, messages, contacts, and media, encrypting the data with custom RSA before sending it to the attacker The malware also hijacks the WhatsApp device pairing process, secretly linking the attacker's device to the v

Key Findings Everest ransomware group claims to have breached Chrysler systems and stolen over 1TB of data Stolen data includes extensive customer, dealer, and internal records spanning 2021-2025 Over 105GB of Salesforce-related information is reportedly part of the stolen data Screenshots show customer interaction logs, agent work logs, and potential HR/identity records Everest has threatened to publish the full dataset and audio recordings if demands are not met Chrysler ha

Key Findings Trust Wallet confirmed a security incident involving its Chrome extension version 2.68 that resulted in approximately $7 million in losses. The malicious code in the compromised extension version prompted users to share their wallet mnemonic phrases, which were then used to drain funds. Trust Wallet is advising all users to urgently update to version 2.69 of the extension to mitigate the issue. The company stated it will ensure all affected users are refunded, wi

Key Findings China-linked advanced persistent threat (APT) group Evasive Panda (also known as Bronze Highland, Daggerfly, and StormBamboo) conducted a cyber espionage campaign targeting victims in Türkiye, China, and India. The group used adversary-in-the-middle (AitM) attacks and DNS poisoning techniques to deliver its signature MgBot backdoor. The attackers leveraged lures that masqueraded as updates for third-party software, such as SohuVA, Baidu's iQIYI Video, IObit Smart

Key Findings Trust Wallet, a popular non-custodial cryptocurrency wallet, has suffered a security breach that resulted in the loss of approximately $7 million in digital assets. The issue was caused by a vulnerability in version 2.68 of the Trust Wallet Chrome extension, which has around one million users. The malicious code in the affected extension version was designed to extract the mnemonic phrases (recovery seeds) of all wallets stored in the extension, and then send the

Key Findings: A critical security flaw (CVE-2025-68664) has been disclosed in LangChain Core that could enable attackers to steal sensitive secrets and influence large language model (LLM) responses through prompt injection. The vulnerability, tracked as CVE-2025-68664, carries a CVSS score of 9.3 out of 10.0. The vulnerability is caused by a serialization injection issue in the `dumps()` and `dumpd()` functions of LangChain, which fail to properly escape dictionaries with "l

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw in Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2023-52163, has a CVSS score of 8.8 and allows post-authentication remote code execution through a case of command injection. CISA cited evidence of active exploitation of the flaw by threat actors to deliver botnets like Mirai and S

Key Findings Fortinet reported active exploitation of a five-year-old security vulnerability, CVE-2020-12812 (CVSS score: 5.2), in FortiOS SSL VPN. The vulnerability is an improper authentication flaw that may allow users to bypass two-factor authentication (2FA) by changing the case of the username, enabling successful login without being prompted for the second authentication factor. The issue occurs when FortiGate has local 2FA users linked to LDAP, the same users belong t

Key Findings The fraudulent investment scheme known as Nomani has witnessed a 62% increase, according to ESET. Nomani campaigns have expanded beyond Facebook to include other social media platforms, such as YouTube. ESET blocked over 64,000 unique URLs associated with the Nomani threat this year, with the majority of detections originating from Czechia, Japan, Slovakia, Spain, and Poland. Nomani leverages social media malvertising, company-branded posts, and AI-powered video

Key Findings A new variant of the MacSync Stealer malware has been discovered, which uses a digitally signed and notarized Swift application to bypass macOS Gatekeeper security checks. The malicious application is distributed via a disk image (DMG) named "zk-call-messenger-installer-3.9.2-lts.dmg" hosted on the "zkcall[.]net/download" website. The application is code-signed and successfully notarized by Apple, giving it a veneer of legitimacy and allowing it to run on macOS w

Key Findings Italy's antitrust authority (AGCM) fined Apple €98.6 million for abusing its dominant position in the App Store market through its App Tracking Transparency (ATT) framework. The AGCM found that Apple's ATT policy, which requires a double consent prompt for developers to access user data for advertising, is disproportionate and limits competition. Apple's own apps and services can obtain user consent for data collection and personalized ads in a single tap, giving

Key Findings: Two malicious Google Chrome extensions named "Phantom Shuttle" have been discovered secretly stealing user credentials from over 170 websites. The extensions are advertised as a "multi-location network speed test plug-in" for developers and foreign trade personnel. The extensions execute complete traffic interception, operate as man-in-the-middle proxies, and continuously exfiltrate user data to a command-and-control server. Once users make a subscription paymen

Key Findings NVIDIA has issued a critical security update for its Isaac Launchable software, patching three vulnerabilities with a CVSS score of 9.8. The most severe flaw, CVE-2025-33222, involves hard-coded credentials that allow attackers to bypass authentication and gain complete control of affected systems. The remaining two vulnerabilities, CVE-2025-33223 and CVE-2025-33224, stem from improper privilege management, enabling attackers to execute code with elevated permiss