Ticker feed

A serious security flaw in GNU Wget2 (CVE-2025-69194) allows remote attackers to overwrite files anywhere on a victim's computer. The vulnerability exploits how Wget2 processes Metalink documents, which describe download locations and checksums.

Attackers can create malicious Metalink files with path traversal sequences that trick Wget2 into writing files to dangerous locations. When users download these weaponized documents, the tool fails to properly validate file paths, potentially allowing attackers to overwrite system files, modify security settings, or create backdoor accounts.

Red Hat rates this as "Important" severity with a CVSS score of 8.8. Currently, no complete fix exists, so users should avoid processing Metalink files from untrusted sources.

Source: Cybersecurity News

Cybercriminals launched a sophisticated phishing attack in December 2025, targeting over 3,000 organizations worldwide by exploiting Google Tasks notifications. The attackers sent emails from legitimate Google addresses that bypassed all major security protocols, making them appear completely authentic.

The fake "All Employees Task" messages prompted recipients to click buttons for urgent employee verification, redirecting them to malicious pages hosted on Google Cloud Storage. Since the emails came directly from Google's infrastructure, they inherited Google's trusted reputation and sailed past traditional email security systems.

This attack represents a dangerous evolution in cybercrime, where hackers abuse legitimate platforms rather than spoofing domains. Security experts warn similar campaigns are targeting other trusted services like Salesforce and Amazon SES, forcing organizations to rethink email security strategies beyond conventional authentication methods.

Source: Cybersecurity News

Two cybersecurity professionals have pleaded guilty to running BlackCat ransomware attacks against US companies. Kevin Martin, 36, from Texas worked at threat intelligence firm DigitalMint, while Ryan Goldberg, 40, from Georgia was an incident response manager at Sygnia.

The pair operated as BlackCat affiliates, paying 20% of ransoms to the operation's administrators in exchange for access to the malware. They collected $1.2 million in Bitcoin from one victim alone. Both face up to 20 years in prison, with sentencing set for March 12, 2026.

The BlackCat operation targeted over 1,000 organizations between November 2021 and December 2023 before law enforcement disrupted it.

Source: Security Week

A critical MongoDB vulnerability dubbed "Mongobleed" (CVE-2025-14847) is being actively exploited in the wild, allowing attackers to steal sensitive data from server memory without authentication. The flaw affects over 87,000 exposed MongoDB instances worldwide and carries a CVSS score of 8.7.

CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on December 29, 2025, giving federal agencies until January 19, 2026 to patch. The bug stems from improper handling of compressed network messages, letting attackers extract database credentials, API keys, and personal data by sending specially crafted packets.

Security experts compare it to the infamous Heartbleed vulnerability, noting that pre-authentication exploits bypass all traditional security controls. Organizations should immediately patch affected MongoDB versions 4.4 through 8.2, rotate all potentially compromised credentials, and implement network segmentation to prevent direct internet exposure of database servers.

Source: Cyber Security News

Aflac revealed that a June data breach was much larger than initially reported, compromising personal information of 22.65 million customers, beneficiaries, and employees. The stolen data may include contact details, claims information, health records, and Social Security numbers.

The insurance giant says it contained the breach within hours and began customer notifications quickly. To address the incident, Aflac is offering affected customers 24 months of free CyEx cybersecurity services, including credit monitoring and identity theft protection.

The company maintains it hasn't detected any fraudulent use of the stolen information yet and continues monitoring for suspicious activity.

Source: CNET

Trust Wallet lost $8.5 million to hackers who exploited the Shai-Hulud supply chain attack that hit NPM in November. The attackers used leaked developer credentials to publish a malicious version of Trust Wallet's Chrome extension on December 24.

The fake extension targeted 2,520 wallet addresses, draining funds from users who logged in between December 24-26. Trust Wallet will reimburse all affected customers and urges users to update to version 2.69 immediately.

Shai-Hulud is a self-replicating worm that infected over 640 NPM packages, creating 25,000 data-leaking repositories. Despite cleanup efforts, over 12,000 machines remain compromised with exposed credentials still circulating.

Source: Security Week

A serious security vulnerability in Apache StreamPipes allows regular users to become administrators by manipulating JWT tokens. The flaw (CVE-2025-47411) affects versions 0.69.0 through 0.97.0 and exploits a broken user ID creation system.

Attackers can simply swap their username for an existing admin account to gain full control. Once inside, they can access sensitive data, modify system settings, and potentially compromise entire data streaming infrastructures.

The attack requires no special skills or tools, making it especially dangerous for companies handling sensitive business data. Apache released version 0.98.0 to fix the issue and urges immediate upgrades.

Source: CyberSecurity News

SmarterTools has issued an urgent security fix for a critical vulnerability in SmarterMail that scores a perfect 10.0 on the severity scale. The flaw, CVE-2025-52691, lets unauthenticated attackers upload files anywhere on mail servers and execute remote code without needing login credentials.

The vulnerability affects SmarterMail Build 9406 and earlier versions, putting organizations at immediate risk of complete system compromise. Attackers could access sensitive emails, deploy malware, steal data, and move laterally through corporate networks.

Chua Meng Han from Singapore's CSIT discovered the flaw. SmarterTools has released Build 9413 as a fix. Organizations must update immediately to prevent potential attacks.

Source: Cyber Security News

When cybercriminals strike, companies have just minutes to respond before hackers can "detonate" malware across entire systems. London-based S-RM leads the UK's largest cyber-incident response team, getting back to clients within six minutes on average during that critical "reconnaissance" period when attackers are still figuring out what to steal.

The firm faces ethical dilemmas as part of its "extortion support" work - negotiating ransoms with criminal groups. Director Ted Cowell says they challenge clients with "Why should we pay these criminals?" and push for no-payment decisions whenever possible. However, established ransomware groups often honor settlements, making payment sometimes rational for desperate businesses.

As corporate attitudes shift against funding organized crime, recovery services are growing while the UK's National Cyber Security Centre has become more proactive in warning potential victims.

Source: The Guardian

Popular text editor EmEditor was compromised between December 19-22, with hackers replacing the legitimate download link on the homepage with malicious software. Users who clicked "Download Now" during this window may have received a fake installer that looked identical to the real one but lacked proper digital signatures.

The malware collected sensitive data including system information, files from Desktop and Documents folders, VPN configurations, browser credentials, and login details for apps like Discord, Slack, Teams, and Steam. It also deployed a persistent browser extension called "Google Drive Caching" that hijacks cryptocurrency addresses and steals Facebook ad accounts.

Chinese security firm Qianxin discovered the attack primarily targets users outside former Soviet countries and Iran. EmEditor's developers have posted warnings and indicators of compromise on their website.

Source: Security Week