A cybercriminal operating as 'Zestix' and 'Sentap' has orchestrated dozens of major data breaches since 2021, targeting aerospace, government, legal, and robotics companies worldwide. The hacker uses stolen employee credentials harvested by malware like RedLine and Vidar to access file-sharing services including ShareFile and Nextcloud.

Notable victims include Spanish airline Iberia (77GB of data sold for $150,000), engineering firms, defense contractors, and healthcare organizations. The attacker exploited weak security at companies lacking multi-factor authentication on critical systems.

Hudson Rock researchers found credentials from thousands of organizations circulating in hacker forums, including major names like Deloitte, Samsung, and Walmart. The threat actor has built a reputation for reliability in underground markets, selling both stolen data and system access to other criminals.

Source: SecurityWeek

Attackers are actively exploiting a critical MongoDB vulnerability dubbed "MongoBleed" that lets them steal passwords, API keys, and sensitive data directly from server memory without authentication. The attacks started December 29, just three days after exploit code went public.

CVE-2025-14847 affects MongoDB versions 4.4 through 8.0 that use Zlib compression. Attackers send specially crafted network packets to trick servers into leaking memory contents. While they can't target specific data, repeated attempts can capture valuable secrets from concurrent database sessions.

MongoDB rates this 8.7/10 severity, but security firm Rapid7 calls it critical. A new GUI tool now makes exploitation easier for less skilled attackers. Organizations should immediately upgrade to patched versions or disable Zlib compression as a temporary fix.

Source: Dark Reading

A serious security flaw in GNU Wget2 (CVE-2025-69194) allows remote attackers to overwrite files anywhere on a victim's computer. The vulnerability exploits how Wget2 processes Metalink documents, which describe download locations and checksums.

Attackers can create malicious Metalink files with path traversal sequences that trick Wget2 into writing files to dangerous locations. When users download these weaponized documents, the tool fails to properly validate file paths, potentially allowing attackers to overwrite system files, modify security settings, or create backdoor accounts.

Red Hat rates this as "Important" severity with a CVSS score of 8.8. Currently, no complete fix exists, so users should avoid processing Metalink files from untrusted sources.

Source: Cybersecurity News

Cybercriminals launched a sophisticated phishing attack in December 2025, targeting over 3,000 organizations worldwide by exploiting Google Tasks notifications. The attackers sent emails from legitimate Google addresses that bypassed all major security protocols, making them appear completely authentic.

The fake "All Employees Task" messages prompted recipients to click buttons for urgent employee verification, redirecting them to malicious pages hosted on Google Cloud Storage. Since the emails came directly from Google's infrastructure, they inherited Google's trusted reputation and sailed past traditional email security systems.

This attack represents a dangerous evolution in cybercrime, where hackers abuse legitimate platforms rather than spoofing domains. Security experts warn similar campaigns are targeting other trusted services like Salesforce and Amazon SES, forcing organizations to rethink email security strategies beyond conventional authentication methods.

Source: Cybersecurity News

Two cybersecurity professionals have pleaded guilty to running BlackCat ransomware attacks against US companies. Kevin Martin, 36, from Texas worked at threat intelligence firm DigitalMint, while Ryan Goldberg, 40, from Georgia was an incident response manager at Sygnia.

The pair operated as BlackCat affiliates, paying 20% of ransoms to the operation's administrators in exchange for access to the malware. They collected $1.2 million in Bitcoin from one victim alone. Both face up to 20 years in prison, with sentencing set for March 12, 2026.

The BlackCat operation targeted over 1,000 organizations between November 2021 and December 2023 before law enforcement disrupted it.

Source: Security Week

A critical MongoDB vulnerability dubbed "Mongobleed" (CVE-2025-14847) is being actively exploited in the wild, allowing attackers to steal sensitive data from server memory without authentication. The flaw affects over 87,000 exposed MongoDB instances worldwide and carries a CVSS score of 8.7.

CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on December 29, 2025, giving federal agencies until January 19, 2026 to patch. The bug stems from improper handling of compressed network messages, letting attackers extract database credentials, API keys, and personal data by sending specially crafted packets.

Security experts compare it to the infamous Heartbleed vulnerability, noting that pre-authentication exploits bypass all traditional security controls. Organizations should immediately patch affected MongoDB versions 4.4 through 8.2, rotate all potentially compromised credentials, and implement network segmentation to prevent direct internet exposure of database servers.

Source: Cyber Security News

Aflac revealed that a June data breach was much larger than initially reported, compromising personal information of 22.65 million customers, beneficiaries, and employees. The stolen data may include contact details, claims information, health records, and Social Security numbers.

The insurance giant says it contained the breach within hours and began customer notifications quickly. To address the incident, Aflac is offering affected customers 24 months of free CyEx cybersecurity services, including credit monitoring and identity theft protection.

The company maintains it hasn't detected any fraudulent use of the stolen information yet and continues monitoring for suspicious activity.

Source: CNET

Trust Wallet lost $8.5 million to hackers who exploited the Shai-Hulud supply chain attack that hit NPM in November. The attackers used leaked developer credentials to publish a malicious version of Trust Wallet's Chrome extension on December 24.

The fake extension targeted 2,520 wallet addresses, draining funds from users who logged in between December 24-26. Trust Wallet will reimburse all affected customers and urges users to update to version 2.69 immediately.

Shai-Hulud is a self-replicating worm that infected over 640 NPM packages, creating 25,000 data-leaking repositories. Despite cleanup efforts, over 12,000 machines remain compromised with exposed credentials still circulating.

Source: Security Week

A serious security vulnerability in Apache StreamPipes allows regular users to become administrators by manipulating JWT tokens. The flaw (CVE-2025-47411) affects versions 0.69.0 through 0.97.0 and exploits a broken user ID creation system.

Attackers can simply swap their username for an existing admin account to gain full control. Once inside, they can access sensitive data, modify system settings, and potentially compromise entire data streaming infrastructures.

The attack requires no special skills or tools, making it especially dangerous for companies handling sensitive business data. Apache released version 0.98.0 to fix the issue and urges immediate upgrades.

Source: CyberSecurity News

SmarterTools has issued an urgent security fix for a critical vulnerability in SmarterMail that scores a perfect 10.0 on the severity scale. The flaw, CVE-2025-52691, lets unauthenticated attackers upload files anywhere on mail servers and execute remote code without needing login credentials.

The vulnerability affects SmarterMail Build 9406 and earlier versions, putting organizations at immediate risk of complete system compromise. Attackers could access sensitive emails, deploy malware, steal data, and move laterally through corporate networks.

Chua Meng Han from Singapore's CSIT discovered the flaw. SmarterTools has released Build 9413 as a fix. Organizations must update immediately to prevent potential attacks.

Source: Cyber Security News