👉 What’s the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. Mustang Panda Uses Signed Rootkit

Mustang Panda has deployed a previously unknown rootkit driver to deliver an updated version of the TONESHELL backdoor against targets in Asia. Detected by Kaspersky in mid-2025, the campaign uses this driver to protect malicious files and processes from security software while facilitating long-term espionage.

2. MongoDB CVE 2025 14847 Under Exploit Now

A critical security flaw in MongoDB known as MongoBleed is being actively exploited, potentially impacting more than 87,000 servers globally. This vulnerability allows unauthenticated attackers to remotely extract sensitive information such as passwords and API keys from server memory by sending specially crafted network packets.

3. 27 Malicious Npm Phishing Packages Steal

Cybersecurity researchers recently identified a targeted five-month spear-phishing campaign that utilized 27 malicious npm packages to steal credentials from critical infrastructure organizations. By repurposing legitimate package distribution networks as hosting infrastructure, the attackers delivered deceptive login lures that specifically targeted commercial personnel in sectors like manufacturing and healthcare.

For more alerts click here!

Subscribe

💥 Cyber Incidents

4. Romanian Energy Hit By Gentlemen Ransomware

Romania’s largest coal-based energy producer, Oltenia Energy Complex, suffered a significant ransomware attack during the Christmas holiday that disabled its IT infrastructure and encrypted critical administrative files. While the breach disrupted internal systems like email and document management, the company confirmed that national power generation remained stable as they work with cybersecurity authorities to restore operations from backups.

5. Trust Wallet Reports 2596 Wallets Drained

Trust Wallet reported that a security breach of its browser extension on Christmas Eve resulted in the theft of 7 million dollars from nearly 3,000 users. Attackers bypassed standard security checks to publish a malicious update that allowed them to exfiltrate sensitive data and launch subsequent phishing attacks.

6. Sax Accounting Data Breach Affects 220,000

Sax, a prominent United States accounting firm, has confirmed a data breach affecting more than 220,000 individuals following an investigation that lasted over a year. The incident highlights the persistent vulnerabilities even established organizations face and the complex, lengthy process required to fully mitigate sophisticated cyber intrusions.

For more incidents click here!

Get Help

📢 Cyber News

7. US Cybersecurity Experts Plead Guilty

Two former cybersecurity professionals from the firms Sygnia and DigitalMint have admitted to conducting ransomware attacks against several American companies using the BlackCat platform. Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty to extortion charges and face up to twenty years in prison when they are sentenced in early 2026..

8. French Software Firm Fined For Breach

The French data protection authority, CNIL, has imposed a 1.7 million euro fine on Nexpublica France following a significant security breach. The regulator determined that the software company failed to implement basic cybersecurity measures, allowing unauthorized access to sensitive third-party documents.

9. Coupang Recovers Laptop From River

South Korea’s largest online retailer, Coupang, recently recovered a damaged laptop from a river as part of an investigation into an insider data breach involving 33.7 million customer accounts. Despite the attempt to destroy evidence, forensic teams confirmed that while millions of accounts were accessed, data was only retained from about 3,000 users and no evidence of third-party sharing was found.

For more news click here!

Register Here

💡 Cyber Tip

🛢️ MongoDB Flaw Under Active Exploitation

A critical MongoDB vulnerability, known as MongoBleed, is being actively exploited and may expose sensitive data from more than 87,000 internet-facing servers. Attackers can remotely extract passwords, API keys, and other secrets directly from server memory by sending specially crafted network requests, without needing to authenticate.

🔐 What You Should Do

• Patch MongoDB immediately to the latest secure version

• Restrict MongoDB access so it is not exposed directly to the internet

• Disable zlib compression temporarily if patching is not immediately possible

• Monitor logs for unusual pre-authentication network traffic

• Audit cloud environments to identify exposed database instances

⚠️ Why This Matters
This flaw leaks raw memory contents, meaning attackers can slowly reconstruct sensitive credentials over time. Because exploitation happens before login, any exposed MongoDB server is a high-value target. Fast remediation is critical to prevent silent data theft and long-term compromise.

Visit Book Club

📚 Cyber Book

The Browser Hacker’s Handbook by Wade Alcorn, Christian Frichot, Michele Orru

Get Book

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium