Latest Internet & Cybersecurity News

📅December 28, 2025 at 1:00 AM
Major global cyber incidents, law‑enforcement takedowns, active zero‑day exploitation, nation‑state intrusion disclosures, and regulatory/legal fallout dominate Internet & cybersecurity news.
1

INTERPOL-led operation arrests 574 in Africa targeting BEC and extortion networks

A coordinated INTERPOL operation named Operation Sentinel resulted in 574 arrests across 19 countries and recovered roughly $3 million while targeting business email compromise and digital extortion networks in AfricaSource 1. The operation ran from October 27 to November 27, 2025 and involved multiple national law-enforcement partnersSource 1.

2

Cisco warns of active exploitation of zero‑day in AsyncOS email security appliances

Cisco disclosed a maximum‑severity zero‑day in AsyncOS affecting Cisco Secure Email Gateway and related appliances and reported active exploitation by a China‑nexus APT tracked as UAT‑9686Source 1. Cisco became aware of the intrusion campaign on December 10, 2025 and urged patching and mitigations for affected AsyncOS versionsSource 1.

3

Fortinet FortiGate appliances under active attack via SAML SSO bypass

Security vendors observed exploitation of two critical authentication bypasses in Fortinet FortiGate devices (CVE‑2025‑59718 and CVE‑2025‑59719), with attackers abusing single sign‑on flows to gain access to appliancesSource 1. Arctic Wolf and others reported intrusions as early as December 12, 2025, prompting urgent advisories to patch and revoke compromised sessionsSource 1.

4

Alleged nation‑state compromise of F5 prompts securities class action

F5 disclosed a nation‑state intrusion in August 2025 that led to persistent access to development environments for BIG‑IP, triggering investor lawsuits alleging delayed disclosure and material impact on revenue guidanceSource 2. A securities class action (Smith v. F5, Inc.) was filed alleging the company misled investors about timing and materiality of the incidentSource 2.

5

Kimwolf botnet reportedly hijacks 1.8 million Android TVs for large DDoS campaigns

Reports indicate the Kimwolf botnet has compromised approximately 1.8 million Android TV devices and is being used to launch large‑scale DDoS attacks, highlighting IoT attack surface risksSource 1. Vendors and ISPs are being urged to mitigate traffic and push firmware updates where possibleSource 1.

6

US DOJ and international partners disrupt E‑Note crypto laundering service

The US Department of Justice coordinated with international partners to take down infrastructure for E‑Note, a cryptocurrency exchange alleged to have laundered funds for transnational cybercriminal groups, disrupting on‑ramps used in ransomware and other crimesSource 3. The action targeted money‑laundering facilitation tied to attacks on healthcare and critical infrastructureSource 3.

7

Ex‑cybersecurity staff plead guilty to moonlighting as ransomware operators

Bloomberg and other reporting cite guilty pleas from former cybersecurity incident responders who allegedly provided services to ransomware actors, underscoring insider threat risks and the criminalization of trusted expertiseSource 3. The cases demonstrate law enforcement focus on people enabling ransomware infrastructureSource 3.

8

FBI disrupts virtual money‑laundering and exposes on‑ramps for cybercrime funds

US authorities announced coordinated disruptions of virtual money‑laundering infrastructure used by cybercriminals, a move intended to choke off proceeds for ransomware and illicit marketplacesSource 3. The disruptions accompany broader international cooperation to trace and seize crypto proceedsSource 3.

9

Reports map persistent links between credential leaks and Russian cybercriminal infrastructure

Analyses of blockchain flows and on‑chain indicators suggest connections between large credential breaches and Russian‑linked cybercriminal infrastructure, highlighting challenges tracing off‑ramp exchangesSource 3. Security researchers warn that lax controls at certain exchanges enable laundering of proceeds from breachesSource 3.

10

Evasive Panda APT abuses DNS poisoning to deliver MgBot malware

Researchers reported that an APT tracked as Evasive Panda is poisoning DNS responses to deliver MgBot, demonstrating sophisticated supply‑chain‑like manipulation of DNS to distribute malwareSource 3. The report emphasizes DNS integrity as a critical defensive control for organizationsSource 3.

11

‘Inside the biggest cyber attacks of 2025’ — industry retrospective highlights record breach volumes

Security analysts published retrospective coverage cataloging 2025 as among the most disruptive years for cyber incidents, noting record credential leaks, supply‑chain failures, and impacts across government, healthcare, finance, and critical infrastructureSource 4Source 8. The analyses argue systemic weaknesses and scale of automation amplified attacker impact throughout 2025Source 4Source 8.

12

Threat intelligence bulletin: Stealth loaders, AI‑chatbot exploitation, and Docker supply‑chain concerns

Periodic threat bulletins list active trends including stealth loader families, exploitation of AI chatbot vulnerabilities, and attacks against Docker images and registries, underlining a diversified threat landscape moving into 2026Source 6. The Hacker News roundup on Dec 25, 2025 notes more than a dozen active stories affecting cloud and AI platformsSource 6.

Back to News