Latest Internet & Cybersecurity News
2022 LastPass Breach Continues Enabling Crypto Theft into 2025
Blockchain firm TRM Labs reports that stolen LastPass vault backups from 2022 are still being cracked, leading to over $28 million in cryptocurrency theft through 2025, especially from weak master passwords. Funds are laundered via Russian exchanges like Cryptex.
UK fined LastPass £1.2 million for security failures.
CISA Adds MongoDB 'MongoBleed' Vulnerability CVE-2025-14847 to KEV Catalog
CISA confirmed active exploitation of CVE-2025-14847, a critical MongoDB Server flaw causing memory leakage, added to Known Exploited Vulnerabilities on December 29, 2025. Federal agencies must mitigate by January 19, 2026.
Over 87,000 instances targeted in MongoBleed attacks.
ServiceNow Acquires Armis for $7.75 Billion to Boost AI-Driven Cybersecurity
ServiceNow agreed to buy Armis to enhance security across IT, OT, and devices with real-time asset visibility and automated remediation. The deal aims to create an end-to-end security stack amid rising AI threats and 12.5% global cyber spend growth to $240bn in 2026.
Integration with ServiceNow's AI Platform prioritizes cyber exposure reduction.
Coupang Data Breach Affects 33.7 Million Users, Triggers $1.18 Billion Compensation
South Korean e-commerce giant Coupang disclosed a breach impacting 33.7 million users, announcing 1.69 trillion won ($1.18 billion) in user compensation on December 30, 2025. The incident sparked regulatory probes.
Details on attack vector remain limited.
Korean Air Employee Data Stolen in Oracle EBS Hack at Subsidiary KC&D
Hackers breached former subsidiary KC&D, compromising data of roughly 30,000 Korean Air employees via Oracle EBS on December 30, 2025. The attack exposed sensitive employee information.
Korean Air confirmed the incident's scope.
Evasive Panda Conducts DNS Poisoning Attacks to Deploy MgBot Malware
China-linked APT group Evasive Panda poisoned DNS requests from November 2022 to 2024, targeting Türkiye, China, and India with trojanized updates for tools like Tencent QQ to deploy MgBot backdoor. The campaign used adversary-in-the-middle tactics for espionage.
Kaspersky attributed the modular implant's wide info-gathering capabilities.
Surge in Cobalt Strike Servers on AS138415 and AS133199 Networks
Censys observed a spike of over 150 Cobalt Strike servers on AS138415 (YANCY) and AS133199 (SonderCloud) networks between early December and December 18, 2025. Activity showed rapid deployment and takedown patterns.
Linked to potential hacktivist or threat actor operations.
WatchGuard Firebox RCE Vulnerability CVE-2025-14733 Actively Exploited
Over 115,000 WatchGuard Firebox devices remain unpatched against critical IKEv2 VPN RCE flaw CVE-2025-14733, added to CISA KEV catalog. Shadowserver reports nearly 120,000 exposed globally.
Federal patching deadline was December 26.
Historic Mega Leak Exposes 16 Billion Credentials Across Major Platforms
A massive dataset with over 16 billion login credentials from Google, Apple, Facebook, and GitHub was disclosed, labeled history's largest password exposure. Chinese hackers began targeting organizations for cryptominers post-disclosure.
Urgent audits recommended for authentication logs.
Malicious DIG AI Tool Sees Increased Use by Threat Actors
Resecurity noted rising adoption of dark LLM DIG AI by malicious actors for phishing emails, bomb instructions, and other illegal activities. The tool joins a list of unethical LLMs.
Highlights AI's dual-use risks in cybercrime.
ByBit Suffers $1.5 Billion Crypto Heist via Safe{Wallet} Third-Party Breach
North Korean Lazarus Group stole $1.5 billion in Ethereum from ByBit in February 2025 by compromising third-party Safe{Wallet} via social engineering on AWS. Developer access enabled the heist.
Marks major third-party risk incident of 2025.
Mustang Panda Deploys Signed Kernel-Mode Rootkit for TONESHELL Backdoor
Chinese group Mustang Panda used a signed kernel-mode rootkit to load the TONESHELL backdoor in cyber espionage operations as of December 30, 2025. The malware enhances stealth and persistence.
Targets undisclosed but aligns with APT tactics.