Latest Internet & Cybersecurity News
Active Exploitation of Critical RCE in Legacy D-Link DSL Routers
A critical command injection vulnerability (CVE-2026-0625, CVSS 9.3) in legacy D-Link DSL routers like DSL-2740R and DSL-2780B allows unauthenticated remote code execution and DNS hijacking. Exploitation began as early as November 27, 2025, with many devices at end-of-life and unpatchable. D-Link is investigating affected models and expects an updated list soon.
GlassWorm Malware Targets macOS via VSCode Extensions
The GlassWorm campaign infects macOS systems through malicious VSCode extensions, stealing passwords, crypto keys, and attempting wallet hijacks. Over 33,000 downloads occurred despite warnings. This reflects a shift in tactics targeting developers and users broadly.
VVS Stealer: Low-Cost Python Malware Extracts Sensitive Data
VVS Stealer, a stealthy Python-based info-stealer, targets Discord credentials, browser data, and cookies, hijacking sessions for further attacks. It spreads via cybercriminals turning compromised systems into attack platforms. Cybersecurity experts highlight its obfuscation and low development cost.
Zoom Stealer Campaign by China-Linked DarkSpectre Affects 2.2M Users
DarkSpectre's Zoom Stealer uses 18 browser extensions to steal video-conferencing data from Chrome, Firefox, and Edge across 28 platforms. It has impacted 2.2 million users, linked to Chinese infrastructure for espionage. Data is exfiltrated via WebSocket for social engineering or sales.
Salesforce Breach via Social Engineering Hits Major Firms
Scattered LAPSUS$ Hunters exploited Salesforce using vishing and fake Connected Apps, bypassing MFA to export data from clients like Air France-KLM, IKEA, and Disney. The group demands ransom, which Salesforce refused. Impact includes widespread data theft via APIs.
MongoDB Servers Remain Vulnerable to Public Exploits
Public exploits for MongoDB vulnerabilities emerged December 25, 2025, with 70% of internet-facing instances still exposed by December 30 despite patches. Over 300,000 servers are at risk of active exploitation. LevelBlue SpiderLabs urges immediate action.
Jaguar Land Rover Cyberattack Halts Production for Five Weeks
A cyber incident starting August 31, 2025, disrupted JLR's systems, halting production and affecting 5,000 supply chain partners with payment delays. Suppliers face up to six months of credit strain. It highlights supply chain ripple effects.
Crimson Collective Claims Red Hat GitLab Breach
Crimson Collective disclosed exfiltrating 570 GB from over 28,000 Red Hat GitLab repositories used for consulting, including customer reports. Red Hat confirmed unauthorized access to a self-hosted instance. The breach was publicly claimed recently.
AI-Powered Attacks and Identity as Primary Attack Surface in 2026
Fully AI-orchestrated cyberattacks are becoming common, with identity compromise replacing exploits as the main entry point per reports from Verizon, Microsoft, and CrowdStrike. Ransomware evolves to multi-stage extortion. SaaS firms face heightened risks from speed and scale.
Fortinet Devices Persist as Ransomware Targets Despite Warnings
Over 1,300 vulnerable Fortinet devices in the US alone are abused in ransomware, ignoring CISA/FBI alerts and mirroring Volt Typhoon exploits. Delayed patching exposes perimeter security. Urgent updates are recommended.
Cybercrime Costs Projected to Reach $12.2 Trillion Annually by 2031
Cybersecurity Ventures forecasts global cybercrime costs rising from $10.5 trillion in 2025 to $12.2 trillion by 2031. This positions it as a major economic force. Companies must prioritize resilience.
23andMe Fined £2.31M for Genetic Data Security Failures
The ICO and Privacy Commissioner fined 23andMe for lacking MFA, secure passwords, and monitoring, exposing raw genetic data. It stems from 2025 failings in authentication and threat response. International operations face stricter privacy demands.