Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-17 12:00 PST
- WhatsApp device linking abused in account hijacking attacks
BleepingComputer • 2025-12-17 11:14 • www.bleepingcomputer.com
Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. […]
https://www.bleepingcomputer.com/news/security/whatsapp-device-linking-abused-in-account-hijacking-attacks/ - Cisco warns of unpatched AsyncOS zero-day exploited in attacks
BleepingComputer • 2025-12-17 10:45 • www.bleepingcomputer.com
Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. […]
https://www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/ - SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
The Hacker News • 2025-12-17 10:17 • thehackernews.com
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild.
The vulnerability, tracked as CVE-2025-40602 (CVSS score: 6.6), concerns a case of local privilege escalation that arises as a result of insufficient authorization in the appliance management console (AMC).
It affects the following
https://thehackernews.com/2025/12/sonicwall-fixes-actively-exploited-cve.html - Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
The Hacker News • 2025-12-17 10:09 • thehackernews.com
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab.
“Kimwolf is a botnet compiled using the NDK [Native Development Kit],” the company said in a report
https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html - Sonicwall warns of new SMA1000 zero-day exploited in attacks
BleepingComputer • 2025-12-17 09:44 • www.bleepingcomputer.com
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. […]
https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/ - Maybe a Little Bit More Interesting React2Shell Exploit, (Wed, Dec 17th)
SANS ISC Diary (full) • 2025-12-17 09:12 • isc.sans.eduI have already talked about various React2Shell exploit attempts we have observed in the last weeks. But new varieties of the exploit are popping up, and the most recent one is using this particular version of the exploit:
- Critical React2Shell flaw exploited in ransomware attacks
BleepingComputer • 2025-12-17 08:09 • www.bleepingcomputer.com
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. […]
https://www.bleepingcomputer.com/news/security/critical-react2shell-flaw-exploited-in-ransomware-attacks/ - APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign
The Hacker News • 2025-12-17 07:30 • thehackernews.com
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a “sustained” credential-harvesting campaign targeting users of UKR[.]net, a webmail and news service popular in Ukraine.
The activity, observed by Recorded Future’s Insikt Group between June 2024 and April 2025, builds upon prior findings from the cybersecurity company in May 2024 that
https://thehackernews.com/2025/12/apt28-targets-ukrainian-ukr-net-users.html - New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails
The Hacker News • 2025-12-17 06:54 • thehackernews.com
The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky.
The Russian cybersecurity vendor said it detected the new activity in October 2025. The origins of the threat actor are presently unknown.
“While the spring cyberattacks focused on organizations, the fall campaign honed in on
https://thehackernews.com/2025/12/new-forumtroll-phishing-attacks-target.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
