When cybercriminals strike, companies have just minutes to respond before hackers can "detonate" malware across entire systems. London-based S-RM leads the UK's largest cyber-incident response team, getting back to clients within six minutes on average during that critical "reconnaissance" period when attackers are still figuring out what to steal.

The firm faces ethical dilemmas as part of its "extortion support" work - negotiating ransoms with criminal groups. Director Ted Cowell says they challenge clients with "Why should we pay these criminals?" and push for no-payment decisions whenever possible. However, established ransomware groups often honor settlements, making payment sometimes rational for desperate businesses.

As corporate attitudes shift against funding organized crime, recovery services are growing while the UK's National Cyber Security Centre has become more proactive in warning potential victims.

Source: The Guardian

Popular text editor EmEditor was compromised between December 19-22, with hackers replacing the legitimate download link on the homepage with malicious software. Users who clicked "Download Now" during this window may have received a fake installer that looked identical to the real one but lacked proper digital signatures.

The malware collected sensitive data including system information, files from Desktop and Documents folders, VPN configurations, browser credentials, and login details for apps like Discord, Slack, Teams, and Steam. It also deployed a persistent browser extension called "Google Drive Caching" that hijacks cryptocurrency addresses and steals Facebook ad accounts.

Chinese security firm Qianxin discovered the attack primarily targets users outside former Soviet countries and Iran. EmEditor's developers have posted warnings and indicators of compromise on their website.

Source: Security Week

Pro-Russia hacktivist groups are exploiting weak passwords and exposed connections to breach US critical infrastructure systems in water treatment, food production, and energy sectors. CISA, FBI, and NSA report that groups like Cyber Army of Russia Reborn and NoName057(16) use basic hacking tools to access internet-facing control systems.

While less sophisticated than state-sponsored attacks, these intrusions have caused physical impacts including temporary system shutdowns and costly manual recoveries. The hackers alter system parameters, disable alarms, and restart devices primarily for online publicity rather than strategic advantage.

Federal agencies urge operators to reduce internet exposure, implement multi-factor authentication, and maintain manual operation contingency plans.

Source: Infosecurity Magazine

A critical security flaw dubbed "MongoBleed" is threatening over 87,000 MongoDB databases exposed online. The vulnerability (CVE-2025-14847) allows unauthenticated attackers to steal sensitive data directly from database memory, including passwords, session tokens, and customer information.

The flaw exploits MongoDB's default zlib compression feature. When attackers send specially crafted packets, they can "bleed" memory contents without needing login credentials. A proof-of-concept exploit is already public on GitHub, dramatically increasing attack risks.

Affected versions span from legacy 3.6 to current 8.2 releases. MongoDB has released patches, and administrators should immediately upgrade to versions 8.2.3, 8.0.17, 7.0.28, or newer. Organizations can temporarily disable zlib compression as a stopgap measure.

Source: Cybersecurity News

Freedom Mobile disclosed a data breach on October 23 after hackers gained access to customer accounts through a compromised subcontractor's credentials. The attackers accessed the company's customer management platform and obtained personal information including names, addresses, phone numbers, birth dates, and account numbers for a "limited number" of customers.

The Canadian telecom provider, which serves over 3.5 million subscribers, quickly blocked suspicious accounts and IP addresses. Freedom Mobile confirmed this wasn't a ransomware attack and that their network operations remained unaffected. The company hasn't revealed how many customers were impacted or identified the attackers.

This marks Freedom Mobile's second public data breach, following a 2019 incident involving 15,000 customers.

Source: SecurityWeek

Russia's attempt to shut down its massive illegal data market has completely backfired. For over a decade, the "probiv" market let anyone buy personal information like passport numbers and police records for as little as $10 from corrupt officials. The system helped both investigative journalists expose corruption and police track dissidents.

But as phone scammers and Ukrainian intelligence exploited the leaks, Putin cracked down with 10-year prison sentences and arrests of major operators. Instead of stopping the trade, brokers simply moved overseas where they operate without restrictions. Now they're dumping even more sensitive data, including massive FSB border crossing records and bank customer information affecting millions of Russians.

Source: The Guardian

A massive supply chain attack called "GhostAction" has compromised 327 GitHub users across 817 repositories, stealing over 3,325 secrets including DockerHub credentials, GitHub tokens, and npm tokens. GitGuardian discovered the attack on September 5 when investigating suspicious activity in the FastUUID project repository.

The attack began with a compromised maintainer pushing malicious GitHub action workflow files designed to steal secrets. While FastUUID wasn't the main target, investigators uncovered hundreds of similar malicious commits across multiple repositories, all connected to the same threat actor.

Several companies had their entire SDK portfolios compromised, affecting Python, Rust, JavaScript, and Go repositories simultaneously. GitGuardian notified affected users immediately, with 100 repositories already reverting the malicious changes, though hundreds remain at risk.

Source: Infosecurity Magazine

A critical vulnerability in Net-SNMP software (CVE-2025-68615) allows remote attackers to crash network monitoring systems or potentially execute code remotely. The flaw affects the snmptrapd daemon that processes SNMP trap messages on routers, switches, and servers.

Attackers can exploit this by sending specially crafted packets that trigger buffer overflows. With a CVSS score of 9.8, the vulnerability could enable complete system takeover without passwords or user interaction.

Net-SNMP maintainers have released patches in versions 5.9.5 and 5.10.pre2. Organizations should upgrade immediately or implement network segmentation as a temporary workaround, ensuring SNMP ports aren't exposed to the internet.

Source: Cybersecurity News

Interpol's Operation Sentinel swept across 19 African countries, resulting in 574 arrests and $3 million in seized assets from cybercrime networks that caused over $21 million in losses.

The operation dismantled business email compromise schemes, ransomware attacks, and fraud rings. In Senegal, authorities blocked a $7.9 million petroleum company heist where hackers impersonated executives. Ghana saw arrests after ransomware encrypted 100 TB of data at a financial institution, though investigators created decryption tools to recover 30 TB.

Ghana also busted a fake food delivery scam that collected $400,000 from 200+ victims through copycat websites. Benin arrested 106 people in extortion schemes while shutting down 43 domains and over 4,000 social media accounts.

Source: Security Week

A critical vulnerability in Net-SNMP software (CVE-2025-68615) allows remote attackers to crash network monitoring systems or potentially take complete control. The flaw affects the snmptrapd daemon that processes SNMP trap messages on routers, switches, and servers across enterprise networks.

Attackers can exploit this by sending specially crafted packets that trigger buffer overflows. With a severe CVSS score of 9.8, the vulnerability could enable remote code execution without authentication.

Net-SNMP maintainers have released patches in versions 5.9.5 and 5.10.pre2. Organizations should upgrade immediately or implement network segmentation to block external access to SNMP ports as a temporary workaround.

Source: Cybersecurity News