Ticker feed

A cybercriminal is selling sensitive engineering data allegedly stolen from Tampa-based Pickett USA, demanding $585,000 in cryptocurrency. The 139GB dataset contains operational information from three major utilities: Tampa Electric Company, Duke Energy Florida, and American Electric Power.

Discovered in January 2026, the breach exposed 892 files including LiDAR point cloud data, high-resolution photos, and design files covering active transmission lines and substations. Security experts warn this "Extended Enterprise" attack highlights how utility companies remain vulnerable through their vendors' weaker security controls.

The incident raises serious concerns about critical infrastructure security, as the stolen data could be used for infrastructure analysis and risk assessment by malicious actors.

Source: Industrial Cyber

Attackers are actively exploiting a critical zero-day vulnerability (CVE-2026-0625) in discontinued D-Link DSL gateway routers, most of which stopped receiving security updates over five years ago. The flaw, with a CVSS score of 9.3, allows remote attackers to execute arbitrary commands through the router's DNS configuration system without authentication.

VulnCheck discovered the vulnerability on December 16, 2025, after spotting active exploitation in production environments. D-Link is still investigating which specific models are affected, promising to release a detailed list this week. The company recommends organizations immediately replace these end-of-life devices with currently supported models.

This highlights ongoing risks of using obsolete networking equipment that no longer receives security patches.

Source: Dark Reading

Google released an urgent Chrome update to patch a high-severity vulnerability in the WebView component that could let hackers bypass security restrictions. The flaw, tracked as CVE-2026-0628, affects Chrome versions 143.0.7499.192/.193 for Windows and Mac, plus 143.0.7499.192 for Linux.

WebView allows apps to display web content without opening a full browser, making this vulnerability particularly dangerous. Attackers could potentially gain unauthorized access, steal data, or execute malicious code in affected applications.

Google is withholding detailed bug information until most users update their browsers. Users should immediately check for updates through Settings > Help > About Google Chrome to protect themselves.

Source: Cybersecurity News

A cybercriminal operating as 'Zestix' and 'Sentap' has orchestrated dozens of major data breaches since 2021, targeting aerospace, government, legal, and robotics companies worldwide. The hacker uses stolen employee credentials harvested by malware like RedLine and Vidar to access file-sharing services including ShareFile and Nextcloud.

Notable victims include Spanish airline Iberia (77GB of data sold for $150,000), engineering firms, defense contractors, and healthcare organizations. The attacker exploited weak security at companies lacking multi-factor authentication on critical systems.

Hudson Rock researchers found credentials from thousands of organizations circulating in hacker forums, including major names like Deloitte, Samsung, and Walmart. The threat actor has built a reputation for reliability in underground markets, selling both stolen data and system access to other criminals.

Source: SecurityWeek

Attackers are actively exploiting a critical MongoDB vulnerability dubbed "MongoBleed" that lets them steal passwords, API keys, and sensitive data directly from server memory without authentication. The attacks started December 29, just three days after exploit code went public.

CVE-2025-14847 affects MongoDB versions 4.4 through 8.0 that use Zlib compression. Attackers send specially crafted network packets to trick servers into leaking memory contents. While they can't target specific data, repeated attempts can capture valuable secrets from concurrent database sessions.

MongoDB rates this 8.7/10 severity, but security firm Rapid7 calls it critical. A new GUI tool now makes exploitation easier for less skilled attackers. Organizations should immediately upgrade to patched versions or disable Zlib compression as a temporary fix.

Source: Dark Reading

A serious security flaw in GNU Wget2 (CVE-2025-69194) allows remote attackers to overwrite files anywhere on a victim's computer. The vulnerability exploits how Wget2 processes Metalink documents, which describe download locations and checksums.

Attackers can create malicious Metalink files with path traversal sequences that trick Wget2 into writing files to dangerous locations. When users download these weaponized documents, the tool fails to properly validate file paths, potentially allowing attackers to overwrite system files, modify security settings, or create backdoor accounts.

Red Hat rates this as "Important" severity with a CVSS score of 8.8. Currently, no complete fix exists, so users should avoid processing Metalink files from untrusted sources.

Source: Cybersecurity News

Cybercriminals launched a sophisticated phishing attack in December 2025, targeting over 3,000 organizations worldwide by exploiting Google Tasks notifications. The attackers sent emails from legitimate Google addresses that bypassed all major security protocols, making them appear completely authentic.

The fake "All Employees Task" messages prompted recipients to click buttons for urgent employee verification, redirecting them to malicious pages hosted on Google Cloud Storage. Since the emails came directly from Google's infrastructure, they inherited Google's trusted reputation and sailed past traditional email security systems.

This attack represents a dangerous evolution in cybercrime, where hackers abuse legitimate platforms rather than spoofing domains. Security experts warn similar campaigns are targeting other trusted services like Salesforce and Amazon SES, forcing organizations to rethink email security strategies beyond conventional authentication methods.

Source: Cybersecurity News

Two cybersecurity professionals have pleaded guilty to running BlackCat ransomware attacks against US companies. Kevin Martin, 36, from Texas worked at threat intelligence firm DigitalMint, while Ryan Goldberg, 40, from Georgia was an incident response manager at Sygnia.

The pair operated as BlackCat affiliates, paying 20% of ransoms to the operation's administrators in exchange for access to the malware. They collected $1.2 million in Bitcoin from one victim alone. Both face up to 20 years in prison, with sentencing set for March 12, 2026.

The BlackCat operation targeted over 1,000 organizations between November 2021 and December 2023 before law enforcement disrupted it.

Source: Security Week

A critical MongoDB vulnerability dubbed "Mongobleed" (CVE-2025-14847) is being actively exploited in the wild, allowing attackers to steal sensitive data from server memory without authentication. The flaw affects over 87,000 exposed MongoDB instances worldwide and carries a CVSS score of 8.7.

CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on December 29, 2025, giving federal agencies until January 19, 2026 to patch. The bug stems from improper handling of compressed network messages, letting attackers extract database credentials, API keys, and personal data by sending specially crafted packets.

Security experts compare it to the infamous Heartbleed vulnerability, noting that pre-authentication exploits bypass all traditional security controls. Organizations should immediately patch affected MongoDB versions 4.4 through 8.2, rotate all potentially compromised credentials, and implement network segmentation to prevent direct internet exposure of database servers.

Source: Cyber Security News

Aflac revealed that a June data breach was much larger than initially reported, compromising personal information of 22.65 million customers, beneficiaries, and employees. The stolen data may include contact details, claims information, health records, and Social Security numbers.

The insurance giant says it contained the breach within hours and began customer notifications quickly. To address the incident, Aflac is offering affected customers 24 months of free CyEx cybersecurity services, including credit monitoring and identity theft protection.

The company maintains it hasn't detected any fraudulent use of the stolen information yet and continues monitoring for suspicious activity.

Source: CNET