Ticker feed

Notepad++ has patched a serious vulnerability that allowed hackers to hijack the popular code editor's update system. Security researcher Kevin Beaumont reported that Chinese threat actors exploited this flaw to target telecoms and financial services companies across East Asia in early December.

The attack worked by intercepting traffic between Notepad++ and its update servers, tricking users into downloading malicious files instead of legitimate updates. The vulnerability affected the WinGUp updater component, which failed to properly verify the authenticity of downloaded files.

Version 8.8.9 now includes signature verification to prevent fake updates from installing. However, experts believe the attacks required significant resources, possibly involving traffic hijacking at the internet service provider level.

Source: SecurityWeek

A critical zero-day vulnerability (CVE-2025-8110) in Gogs, a popular self-hosted Git service, is being actively exploited by attackers who have already compromised over 700 instances. The flaw allows authenticated users to bypass security protections using symbolic links, leading to remote code execution.

Discovered on July 10, 2025, the vulnerability exploits how Gogs handles file modifications through its API. Attackers create repositories with symlinks pointing to sensitive system files, then use the API to overwrite critical files and inject malicious commands.

The attacks appear automated, targeting instances with open registration enabled. Infected servers show repositories with random 8-character names and deploy Supershell malware for persistent access. Despite responsible disclosure in July, no patch is available yet.

Source: Cybersecurity News

Logitech disclosed a cybersecurity incident in an SEC filing Friday after being named as a victim in the Cl0p ransomware group's Oracle E-Business Suite hacking campaign. The consumer electronics company said hackers exploited a zero-day vulnerability in third-party software to steal employee, consumer, customer, and supplier data.

Logitech emphasized that no sensitive personal information like Social Security numbers or credit card details were compromised, and business operations remain unaffected. The Cl0p group leaked 1.8 TB of alleged Logitech data in early November.

Over 50 companies have been targeted in this Oracle EBS campaign, including The Washington Post, Harvard University, and American Airlines subsidiary Envoy Air. Security experts link the attacks to the FIN11 threat actor group.

Source: SecurityWeek

Google released an urgent Chrome security update to patch a high-severity zero-day vulnerability that hackers are actively exploiting in the wild. The emergency fix brings Chrome to version 143.0.7499.109/.110 for Windows/Mac and 143.0.7499.109 for Linux.

Google confirmed threat actors are leveraging this flaw (tracked as Issue 466192044) to compromise unpatched systems. The company is keeping technical details restricted to prevent other hackers from reverse-engineering the patch.

The update also fixes two medium-severity bugs in Chrome's Password Manager and Toolbar. Users should update immediately through Chrome's Help menu to protect against targeted attacks.

Source: Cybersecurity News

The Justice Department charged Victoria Eduardovna Dubranova, 33, a Ukrainian national, with cyberattacks on critical US infrastructure as part of two Russian state-sponsored hacking groups. Working with CyberArmyofRussia_Reborn (CARR) and NoName057(16), she allegedly targeted water systems, food processing facilities, and government networks across the US and allied nations.

The attacks caused real damage: drinking water systems in several states spilled hundreds of thousands of gallons, and a November 2024 attack on a Los Angeles meat plant spoiled thousands of pounds of meat and triggered an ammonia leak evacuation.

Dubranova faces up to 27 years if convicted on all charges. The State Department is offering rewards up to $10 million for information on the groups.

Source: CyberScoop

Microsoft released patches for 57 vulnerabilities this month, including one zero-day bug that attackers are already exploiting. CVE-2025-62221 affects Windows Cloud Files Mini Filter Driver and lets attackers escalate privileges to system-level access once they're inside a network.

Two other flaws have public proof-of-concept exploits available: a PowerShell remote code execution bug and a GitHub Copilot vulnerability affecting JetBrains tools. Security experts say the Copilot flaw could let attackers use AI prompt injections to access development environments.

This December update is much lighter than earlier releases—Microsoft patched over 1,150 vulnerabilities in 2025, making it one of their busiest years ever.

Source: Dark Reading

Royal Cornwall Hospitals NHS Trust accidentally leaked personal details of 8,100 current and former employees through a botched Freedom of Information request response. The trust mistakenly shared an editable spreadsheet containing staff names, job titles, and detailed sick leave records spanning April 2020 to May 2023.

No patient data or financial information was compromised, but the breach exposed sensitive employment details that could embarrass or harm affected workers. The trust quickly removed the file, suspended its disclosure log, and reported the incident to the Information Commissioner's Office.

New safeguards now disable spreadsheet editing before any public releases. The ICO reviewed the case and decided no further action was needed.

Source: BBC News

Manufacturing companies are struggling against a rising ransomware threat, with a new Sophos report revealing alarming vulnerabilities across the sector. Based on 332 IT leaders' experiences, the study found exploited vulnerabilities caused 32% of attacks, while malicious emails accounted for 23%.

A critical skills shortage emerged as the top factor, with 42.5% of victims citing lack of expertise as a key vulnerability. Unknown security gaps and inadequate protection followed closely at 41.6% and 41% respectively.

The human toll is severe. Nearly half of IT teams reported increased anxiety about future attacks, while 27% saw leadership replaced after breaches. One in five teams experienced staff absenteeism due to stress.

There's hope: only 40% of attacks now result in data encryption, down from 74% in 2024, suggesting improved defenses are working.

Source: Industrial Cyber

A critical React vulnerability dubbed React2Shell (CVE-2025-55182) is facing massive exploitation just days after its December 3rd disclosure. The maximum severity flaw earned a perfect 10 CVSS score and enables remote code execution in React applications.

China-linked threat groups began attacking within hours, but exploitation has now exploded across the threat landscape. Security firm Wiz documented attacks ranging from cryptomining to sophisticated backdoor campaigns targeting Next.js applications and Kubernetes environments. VulnCheck reported hundreds of exploit attempts by December 6th.

Over 2.1 million exposed web services run vulnerable frameworks, with the US leading exposure counts. While web application firewalls offer some protection, researchers warn bypass techniques exist. Organizations must prioritize patching over temporary mitigations.

Source: Dark Reading

Chinese hackers gained remote access to several U.S. Treasury Department workstations and unclassified documents by compromising BeyondTrust, a third-party software provider. The Treasury discovered the breach on December 8 when hackers stole a security key used for remote technical support services.

The department called it a "major cybersecurity incident" but said there's no evidence the hackers still have access. China denied involvement, with officials calling the allegations "groundless" and an attempt to "smear" their reputation.

This breach adds to ongoing concerns about Chinese cyber espionage, including the Salt Typhoon campaign that affected nine U.S. telecommunications companies and intercepted Americans' private communications.

Source: CBS News