Ticker feed

A critical vulnerability in Net-SNMP software (CVE-2025-68615) allows remote attackers to crash network monitoring systems or potentially execute code remotely. The flaw affects the snmptrapd daemon that processes SNMP trap messages on routers, switches, and servers.

Attackers can exploit this by sending specially crafted packets that trigger buffer overflows. With a CVSS score of 9.8, the vulnerability could enable complete system takeover without passwords or user interaction.

Net-SNMP maintainers have released patches in versions 5.9.5 and 5.10.pre2. Organizations should upgrade immediately or implement network segmentation as a temporary workaround, ensuring SNMP ports aren't exposed to the internet.

Source: Cybersecurity News

Interpol's Operation Sentinel swept across 19 African countries, resulting in 574 arrests and $3 million in seized assets from cybercrime networks that caused over $21 million in losses.

The operation dismantled business email compromise schemes, ransomware attacks, and fraud rings. In Senegal, authorities blocked a $7.9 million petroleum company heist where hackers impersonated executives. Ghana saw arrests after ransomware encrypted 100 TB of data at a financial institution, though investigators created decryption tools to recover 30 TB.

Ghana also busted a fake food delivery scam that collected $400,000 from 200+ victims through copycat websites. Benin arrested 106 people in extortion schemes while shutting down 43 domains and over 4,000 social media accounts.

Source: Security Week

A critical vulnerability in Net-SNMP software (CVE-2025-68615) allows remote attackers to crash network monitoring systems or potentially take complete control. The flaw affects the snmptrapd daemon that processes SNMP trap messages on routers, switches, and servers across enterprise networks.

Attackers can exploit this by sending specially crafted packets that trigger buffer overflows. With a severe CVSS score of 9.8, the vulnerability could enable remote code execution without authentication.

Net-SNMP maintainers have released patches in versions 5.9.5 and 5.10.pre2. Organizations should upgrade immediately or implement network segmentation to block external access to SNMP ports as a temporary workaround.

Source: Cybersecurity News

A fake WhatsApp Web API library called 'Lotusbail' has been secretly stealing users' credentials and messages for six months on NPM, racking up over 56,000 downloads. Koi Security discovered the malicious package masquerades as a legitimate WhatsApp tool but captures everything - authentication tokens, messages, contacts, and media files - then encrypts and sends the data to attackers.

The malware goes further by hijacking WhatsApp's device pairing process, secretly linking the attacker's device to victims' accounts for permanent backdoor access. Simply uninstalling the package won't help - users must manually remove all linked devices from WhatsApp settings to regain security.

Source: SecurityWeek

Cybercriminals are actively exploiting a critical zero-day vulnerability in WatchGuard Firebox firewalls, prompting CISA to add it to its priority threat list. The flaw, CVE-2025-14733, allows remote code execution on affected devices through VPN configurations.

WatchGuard discovered the vulnerability internally on December 15 and released a patch three days later. The company warns this is part of a broader campaign targeting edge networking devices from multiple vendors, following similar attacks on Fortinet and SonicWall systems this month.

Nearly 125,000 vulnerable devices remain exposed globally, with over 35,000 in the US. WatchGuard urges immediate patching.

Source: Dark Reading

France's national postal service La Poste suffered a suspected DDoS cyber-attack on Monday, disrupting mail deliveries and online banking services during the busiest shipping period of the year. The attack made websites and apps inaccessible, forcing post offices to turn away customers trying to send last-minute Christmas parcels. La Poste typically handles over 2 million items in the pre-Christmas rush.

The postal service's banking arm, La Banque Postale, also experienced disruptions to online banking and mobile apps, though ATMs and card payments continued working. Officials said customer data remained secure.

This incident follows a recent cyber-attack on France's interior ministry and comes amid allegations that Russia is conducting "hybrid warfare" against European allies of Ukraine through cyber-attacks.

Source: The Guardian

WatchGuard has patched a critical zero-day vulnerability (CVE-2025-14733) in its Firebox firewalls after detecting active exploitation in the wild. The flaw, scoring 9.3 on the CVSS scale, allows remote attackers to execute code without authentication through an out-of-bounds write issue in the iked process.

The Shadowserver Foundation identified roughly 125,000 vulnerable IP addresses worldwide, including nearly 40,000 in the United States. The vulnerability affects VPN configurations using IKEv2, particularly mobile user VPN and branch office VPN setups with dynamic gateway peers.

Patches are available for supported Fireware OS versions, but version 11.x won't receive fixes due to end-of-life status. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, giving federal agencies one week to remediate.

Source: Security Week

Cybercriminals are using a clever new trick to break into Microsoft 365 accounts by abusing OAuth device codes—a legitimate Microsoft feature meant for smart TVs and similar devices. The scam works by sending phishing emails with fake document links that generate real device codes. Victims then enter these codes on Microsoft's actual login page at microsoft.com/devicelogin, unknowingly handing over account access to hackers.

Two main tools are driving these attacks: SquarePhish2 uses QR codes for mass campaigns, while Graphish creates fake login pages that steal both passwords and authentication tokens. By September 2025, these attacks became widespread, targeting everyone from corporate users to government officials.

Since the attack uses Microsoft's real authentication system, it's extremely hard to detect with traditional security tools.

Source: Cybersecurity News

Denmark's Defense Intelligence Service revealed Thursday that Russia conducted cyberattacks on Danish infrastructure in 2024 and 2025, including a destructive attack on a water utility that caused pipes to burst near Køge, leaving homes without water. Russian hackers also targeted Danish websites with denial-of-service attacks ahead of November's regional elections.

Authorities linked the attacks to pro-Russian groups Z-Pentest and NoName057(16), calling them part of Russia's "hybrid war" against Western nations supporting Ukraine. Minister Torsten Schack Pedersen warned the incidents expose Denmark's vulnerability to such threats. The attacks join 147 documented incidents across Europe that officials attribute to Russia's broader sabotage campaign since invading Ukraine.

Source: Security Week

Security researchers discovered at least 120 Cisco Secure Email Gateway and Web Manager devices vulnerable to CVE-2025-20393, a critical zero-day flaw that attackers are actively exploiting. No patch is currently available, leaving organizations exposed.

The vulnerable devices are part of over 650 Cisco email security appliances accessible online. These systems are crucial for filtering malicious emails and protecting networks from phishing and malware.

Cisco has released a security advisory urging immediate defensive measures and temporary mitigations until a permanent fix arrives. The company hasn't provided a timeline for the security update, making interim protections essential for affected organizations.

Source: Cyber Security News