TECHZONE™

This month in security with Tony Anscombe – December 2025 edition https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-december-2025/ As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targeting

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More https://thehackernews.com/2025/12/weekly-recap-mongodb-attacks-wallet.html Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. "A flaw

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors https://thehackernews.com/2025/12/traditional-security-frameworks-leave.html In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 million secrets were leaked through AI

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is inconsistent with the

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised to

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has been linked to a

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection https://thehackernews.com/2025/12/critical-langchain-core-vulnerability.html A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection. LangChain Core (i.e., langchain-core) is a core Python package that's part of the LangChain ecosystem, providing the core interfaces and model-agnostic abstractions for building

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories https://thehackernews.com/2025/12/threatsday-bulletin-stealth-loaders-ai.html It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use. This week’s findings show a pattern: precision, patience, and persuasion. The

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors in the activity, with one of the

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), relates to a case of command injection that allows post-authentication remote code

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper https://thehackernews.com/2025/12/new-macsync-macos-stealer-uses-signed.html Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that's delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple's Gatekeeper checks. "Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media https://thehackernews.com/2025/12/nomani-investment-scam-surges-62-using.html The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded beyond Facebook to include other social media platforms, such as YouTube. The Slovak cybersecurity company said it blocked over 64,000 unique URLs associated with the threat this year. A majority of the detections originated from

Attacks are Evolving: 3 Ways to Protect Your Business in 2026 https://thehackernews.com/2025/12/attacks-are-evolving-3-ways-to-protect.html Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting sensitive data, and selling it on the dark web has become a reliable payday.  But in 2025, the data breaches that affected small and medium-sized businesses (SMBs) challenged our perceived wisdom about exactly which types of businesses cybercriminals are targeting.&nbsp

A brush with online fraud: What are brushing scams and how do I stay safe? https://www.welivesecurity.com/en/scams/brush-online-fraud-what-are-brushing-scams-how-do-i-stay-safe/ Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow.

SEC Files Charges Over $14 Million Crypto Scam Using Fake AI-Themed Investment Tips https://thehackernews.com/2025/12/sec-files-charges-over-14-million.html The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million from retail investors. The complaint charged crypto asset trading platforms Morocoin Tech Corp., Berge Blockchain Technology Co., Ltd., and Cirkor Inc., as well as investment clubs AI Wealth Inc., Lane

Italy Fines Apple €98.6 Million Over ATT Rules Limiting App Store Competition https://thehackernews.com/2025/12/italy-fines-apple-986-million-over-att.html Apple has been fined €98.6 million ($116 million) by Italy's antitrust authority after finding that the company's App Tracking Transparency (ATT) privacy framework restricted App Store competition. The Italian Competition Authority (Autorità Garante della Concorrenza e del Mercato, or AGCM) said the company's "absolute dominant position" in app distribution allowed it to "unilaterally impose"