![Cybersecurity News | Daily Recap [25 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [25 Dec 2025]")
Daily Recap, CISA warns of active exploitation of the Digiever DS-2105 Pro remote-code-execution flaw and a severe MongoDB RCE, both now listed in Known Exploited Vulnerabilities. The activity includes threats from APT37 and campaigns like IconCat and PCPcat, signaling espionage-style operations and large-scale server compromises. #DigieverRCE #APT37
News:
Vulnerabilities & Exploits
- CISA warns of active exploitation of the Digiever DS-2105 Pro remote-code-execution flaw added to its Known Exploited Vulnerabilities catalog β Digiever RCE, Digiever RCE
- MongoDB urges immediate patching of a severe remote-code-execution flaw affecting admins β MongoDB RCE
- A fake MAS Windows-activation domain is being used to spread PowerShell malware to victims via bogus activation workflows β Fake MAS Domain
- An Internet-scale campaign dubbed Operation PCPcat compromised 59,000 React/Next.js servers to inject malicious code at scale β PCPcat Breach
Malware & Infostealers
- The open-source reconnaissance tool theHarvester now integrates Hudson Rockβs free infostealer tools, blurring red/blue tooling lines β theHarvester
- A new macOS stealer called MacSync uses a signed app to bypass Apple Gatekeeper and exfiltrate data from infected Macs β MacSync Stealer
- Two malicious Chrome extensions were found secretly stealing credentials from over 170 websites, exposing users across numerous services β Chrome Extensions
APTs & Targeted Campaigns
- APT37 posed as TV writers in a βcasting callβ lure to deliver malware and target victims in espionage-style operations β APT37 Lure
- Threat actors in βOperation IconCatβ masqueraded as security-vendor representatives to target and reconnaissance Israeli firms β IconCat
- APT-36 used a fake βWhatsApp fraudβ advisory to trick and compromise government systems via social-engineering lures β APT-36
- ProβRussian hackers claimed responsibility for a cyberattack against the French postal service, reporting service disruptions and data impact β French Post
Fraud, Scams & Financial Crime
- AI-driven deepfake ads have fueled a surge in the Nomani investment scam, increasing incidents by 62% on social platforms β Nomani Scam
- The SEC filed charges and sued crypto firms over schemes that defrauded investors of about $14 million, alleging fake AI-themed tips and investment fraud β SEC Crypto, SEC Crypto
- U.S. authorities disrupted multiple bank-account-takeover campaigns, seizing domains and infrastructure tied to credential theft and recovery efforts including a $28 million linked operation β Account Takeover, FBI Domain, 28M Seizure
- Agencies across Africa arrested 574 suspected cybercriminals and recovered about $3 million during a coordinated crackdown on fraud networks β Africa Crackdown
Data Breaches & Impact
- More than 22 million Aflac customers were reported impacted by a June data breach exposing personal information at scale β Aflac Breach
Corporate & Product News
- ServiceNow agreed to acquire security vendor Armis in a $7.75 billion deal to expand its cyber-asset visibility and risk capabilities β ServiceNow Buy
- Microsoft Teams will let admins block external users from within the Defender portal to tighten collaboration controls β Teams Control
- A cyber volunteer initiative for small water utilities announced a new MSSP effort to provide managed cybersecurity services to critical water infrastructure β Water MSSP
Guidance & Strategy
- An advisory outlines the 10 investments CISOs must make by 2026 to modernize defenses and reduce risk exposure β CISO Investments
- A short guide recommends 3 ways businesses should adapt to evolving attack patterns to improve resilience in 2026 β Protect 2026
Vulnerabilities & Exploits
- CISA warns of active exploitation of the Digiever DS-2105 Pro remote-code-execution flaw added to its Known Exploited Vulnerabilities catalog β Digiever RCE, Digiever RCE
- MongoDB urges immediate patching of a severe remote-code-execution flaw affecting admins β MongoDB RCE
- A fake MAS Windows-activation domain is being used to spread PowerShell malware to victims via bogus activation workflows β Fake MAS Domain
- An Internet-scale campaign dubbed Operation PCPcat compromised 59,000 React/Next.js servers to inject malicious code at scale β PCPcat Breach
Malware & Infostealers
- The open-source reconnaissance tool theHarvester now integrates Hudson Rockβs free infostealer tools, blurring red/blue tooling lines β theHarvester
- A new macOS stealer called MacSync uses a signed app to bypass Apple Gatekeeper and exfiltrate data from infected Macs β MacSync Stealer
- Two malicious Chrome extensions were found secretly stealing credentials from over 170 websites, exposing users across numerous services β Chrome Extensions
APTs & Targeted Campaigns
- APT37 posed as TV writers in a βcasting callβ lure to deliver malware and target victims in espionage-style operations β APT37 Lure
- Threat actors in βOperation IconCatβ masqueraded as security-vendor representatives to target and reconnaissance Israeli firms β IconCat
- APT-36 used a fake βWhatsApp fraudβ advisory to trick and compromise government systems via social-engineering lures β APT-36
- ProβRussian hackers claimed responsibility for a cyberattack against the French postal service, reporting service disruptions and data impact β French Post
Fraud, Scams & Financial Crime
- AI-driven deepfake ads have fueled a surge in the Nomani investment scam, increasing incidents by 62% on social platforms β Nomani Scam
- The SEC filed charges and sued crypto firms over schemes that defrauded investors of about $14 million, alleging fake AI-themed tips and investment fraud β SEC Crypto, SEC Crypto
- U.S. authorities disrupted multiple bank-account-takeover campaigns, seizing domains and infrastructure tied to credential theft and recovery efforts including a $28 million linked operation β Account Takeover, FBI Domain, 28M Seizure
- Agencies across Africa arrested 574 suspected cybercriminals and recovered about $3 million during a coordinated crackdown on fraud networks β Africa Crackdown
Data Breaches & Impact
- More than 22 million Aflac customers were reported impacted by a June data breach exposing personal information at scale β Aflac Breach
Corporate & Product News
- ServiceNow agreed to acquire security vendor Armis in a $7.75 billion deal to expand its cyber-asset visibility and risk capabilities β ServiceNow Buy
- Microsoft Teams will let admins block external users from within the Defender portal to tighten collaboration controls β Teams Control
- A cyber volunteer initiative for small water utilities announced a new MSSP effort to provide managed cybersecurity services to critical water infrastructure β Water MSSP
Guidance & Strategy
- An advisory outlines the 10 investments CISOs must make by 2026 to modernize defenses and reduce risk exposure β CISO Investments
- A short guide recommends 3 ways businesses should adapt to evolving attack patterns to improve resilience in 2026 β Protect 2026