Ticker feed

Pro-Russia hacktivist groups are exploiting weak passwords and exposed connections to breach US critical infrastructure systems in water treatment, food production, and energy sectors. CISA, FBI, and NSA report that groups like Cyber Army of Russia Reborn and NoName057(16) use basic hacking tools to access internet-facing control systems.

While less sophisticated than state-sponsored attacks, these intrusions have caused physical impacts including temporary system shutdowns and costly manual recoveries. The hackers alter system parameters, disable alarms, and restart devices primarily for online publicity rather than strategic advantage.

Federal agencies urge operators to reduce internet exposure, implement multi-factor authentication, and maintain manual operation contingency plans.

Source: Infosecurity Magazine

A critical security flaw dubbed "MongoBleed" is threatening over 87,000 MongoDB databases exposed online. The vulnerability (CVE-2025-14847) allows unauthenticated attackers to steal sensitive data directly from database memory, including passwords, session tokens, and customer information.

The flaw exploits MongoDB's default zlib compression feature. When attackers send specially crafted packets, they can "bleed" memory contents without needing login credentials. A proof-of-concept exploit is already public on GitHub, dramatically increasing attack risks.

Affected versions span from legacy 3.6 to current 8.2 releases. MongoDB has released patches, and administrators should immediately upgrade to versions 8.2.3, 8.0.17, 7.0.28, or newer. Organizations can temporarily disable zlib compression as a stopgap measure.

Source: Cybersecurity News

Freedom Mobile disclosed a data breach on October 23 after hackers gained access to customer accounts through a compromised subcontractor's credentials. The attackers accessed the company's customer management platform and obtained personal information including names, addresses, phone numbers, birth dates, and account numbers for a "limited number" of customers.

The Canadian telecom provider, which serves over 3.5 million subscribers, quickly blocked suspicious accounts and IP addresses. Freedom Mobile confirmed this wasn't a ransomware attack and that their network operations remained unaffected. The company hasn't revealed how many customers were impacted or identified the attackers.

This marks Freedom Mobile's second public data breach, following a 2019 incident involving 15,000 customers.

Source: SecurityWeek

Russia's attempt to shut down its massive illegal data market has completely backfired. For over a decade, the "probiv" market let anyone buy personal information like passport numbers and police records for as little as $10 from corrupt officials. The system helped both investigative journalists expose corruption and police track dissidents.

But as phone scammers and Ukrainian intelligence exploited the leaks, Putin cracked down with 10-year prison sentences and arrests of major operators. Instead of stopping the trade, brokers simply moved overseas where they operate without restrictions. Now they're dumping even more sensitive data, including massive FSB border crossing records and bank customer information affecting millions of Russians.

Source: The Guardian

A massive supply chain attack called "GhostAction" has compromised 327 GitHub users across 817 repositories, stealing over 3,325 secrets including DockerHub credentials, GitHub tokens, and npm tokens. GitGuardian discovered the attack on September 5 when investigating suspicious activity in the FastUUID project repository.

The attack began with a compromised maintainer pushing malicious GitHub action workflow files designed to steal secrets. While FastUUID wasn't the main target, investigators uncovered hundreds of similar malicious commits across multiple repositories, all connected to the same threat actor.

Several companies had their entire SDK portfolios compromised, affecting Python, Rust, JavaScript, and Go repositories simultaneously. GitGuardian notified affected users immediately, with 100 repositories already reverting the malicious changes, though hundreds remain at risk.

Source: Infosecurity Magazine

A critical vulnerability in Net-SNMP software (CVE-2025-68615) allows remote attackers to crash network monitoring systems or potentially execute code remotely. The flaw affects the snmptrapd daemon that processes SNMP trap messages on routers, switches, and servers.

Attackers can exploit this by sending specially crafted packets that trigger buffer overflows. With a CVSS score of 9.8, the vulnerability could enable complete system takeover without passwords or user interaction.

Net-SNMP maintainers have released patches in versions 5.9.5 and 5.10.pre2. Organizations should upgrade immediately or implement network segmentation as a temporary workaround, ensuring SNMP ports aren't exposed to the internet.

Source: Cybersecurity News

Interpol's Operation Sentinel swept across 19 African countries, resulting in 574 arrests and $3 million in seized assets from cybercrime networks that caused over $21 million in losses.

The operation dismantled business email compromise schemes, ransomware attacks, and fraud rings. In Senegal, authorities blocked a $7.9 million petroleum company heist where hackers impersonated executives. Ghana saw arrests after ransomware encrypted 100 TB of data at a financial institution, though investigators created decryption tools to recover 30 TB.

Ghana also busted a fake food delivery scam that collected $400,000 from 200+ victims through copycat websites. Benin arrested 106 people in extortion schemes while shutting down 43 domains and over 4,000 social media accounts.

Source: Security Week

A critical vulnerability in Net-SNMP software (CVE-2025-68615) allows remote attackers to crash network monitoring systems or potentially take complete control. The flaw affects the snmptrapd daemon that processes SNMP trap messages on routers, switches, and servers across enterprise networks.

Attackers can exploit this by sending specially crafted packets that trigger buffer overflows. With a severe CVSS score of 9.8, the vulnerability could enable remote code execution without authentication.

Net-SNMP maintainers have released patches in versions 5.9.5 and 5.10.pre2. Organizations should upgrade immediately or implement network segmentation to block external access to SNMP ports as a temporary workaround.

Source: Cybersecurity News

A fake WhatsApp Web API library called 'Lotusbail' has been secretly stealing users' credentials and messages for six months on NPM, racking up over 56,000 downloads. Koi Security discovered the malicious package masquerades as a legitimate WhatsApp tool but captures everything - authentication tokens, messages, contacts, and media files - then encrypts and sends the data to attackers.

The malware goes further by hijacking WhatsApp's device pairing process, secretly linking the attacker's device to victims' accounts for permanent backdoor access. Simply uninstalling the package won't help - users must manually remove all linked devices from WhatsApp settings to regain security.

Source: SecurityWeek

Cybercriminals are actively exploiting a critical zero-day vulnerability in WatchGuard Firebox firewalls, prompting CISA to add it to its priority threat list. The flaw, CVE-2025-14733, allows remote code execution on affected devices through VPN configurations.

WatchGuard discovered the vulnerability internally on December 15 and released a patch three days later. The company warns this is part of a broader campaign targeting edge networking devices from multiple vendors, following similar attacks on Fortinet and SonicWall systems this month.

Nearly 125,000 vulnerable devices remain exposed globally, with over 35,000 in the US. WatchGuard urges immediate patching.

Source: Dark Reading