Month: December 2025

Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. Threat actors can exploit the two security flaws tracked as CVE-2025-59718 (FortiOS, FortiProxy, FortiSwitchManager) and CVE-2025-59719 (FortiWeb) by abusing improper verification of cryptographic signature weaknesses in vulnerable products via a […]

Multiple ransomware gangs are using a packer-as-a-service platform named Shanya to help them deploy payloads that disable endpoint detection and response solutions on victim systems. Packer services provide cybercriminals with specialized tools to package their payloads in a way that obfuscates malicious code to evade detection by most known security tools and antivirus engines. The Shanya packer […]

Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions. The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options. The two malicious extensions, called Bitcoin Black and Codo […]

A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. From thousands of Bank Secrecy Act filings, the report documents 4,194 ransomware incidents between January 2022 and December 2024. These reports […]

The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining “computer data of particular importance to national defense.” The three men, aged between 39 and 43, could not explain why they were carrying the electronic devices. They now face charges of fraud, computer […]

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. React2Shell is an unauthenticated remote code execution vulnerability that can be exploited via a single HTTP request and affects all frameworks that implement React […]

A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. The activity started on December 2nd and originated from more than 7,000 IP addresses from infrastructure operated by the German IT company 3xK GmbH, which runs its own BGP network (AS200373) and operates as […]