The beginning of 2026 reveals a landscape of subtle and targeted cyber threats, with hackers evolving their tactics even during holidays. Key incidents include malware scams, exploitation campaigns, and backdoored devices, highlighting the increasing sophistication of cyber adversaries. #KMSAuto #ColdFusionExploitation…
Tag: IOT
Cybersecurity experts have revealed a nine-month-long campaign targeting IoT devices and web apps, involving the exploitation of React2Shell vulnerability to build the RondoDox botnet. The campaign progressed through advanced phases, including malware deployment and infection persistence tactics, emphasizing the importance of timely updates and network segmentation. #React2Shell #RondoDox #IoTThreats #NextjsVulnerability…
The RondoDox botnet is actively exploiting the React2Shell vulnerability to infect vulnerable Next.js servers and deploy various malware. This ongoing campaign involves large-scale IoT exploitation and targeted attacks by North Korean hackers, affecting thousands of internet-exposed assets. #React2Shell #RondoDox
BioNet-Asia has allegedly fallen victim to The Gentlemen ransomware group, which infiltrated their network using advanced evasion techniques to steal sensitive data before encryption. This incident highlights the growing threat of sophisticated cyberattacks targeting healthcare and biotechnology sectors. #TheGentlemen #BioNetAsia #Ransomware #Cyberattack #HealthcareSecurity…
Poland has formally asked the European Commission to investigate TikTok for failing to properly moderate AI-generated disinformation promoting “Polexit” and threatening democratic stability. The case emphasizes concerns over synthetic media manipulation and TikTok’s obligations under the Digital Services Act. #Polexit #DigitalServicesAct…
In 2025, the cybersecurity industry experienced a record-breaking year with over 420 M&A deals totaling more than $84 billion, including eight deals exceeding $1 billion. Major acquisitions by companies like Google, Palo Alto Networks, and ServiceNow indicate significant consolidation and expansion in the cybersecurity sector. #Wiz #CyberArk #PaloAltoNetworks #ServiceNow #Veeam…
CloudSEK recovered nine months of exposed RondoDoX/Rondo botnet C2 logs that document a three‑phase campaign evolving from reconnaissance and web‑app exploitation to large‑scale IoT botnet deployment and a December 2025 Next.js Server Actions RCE wave. The activity included automated command-injection and deserialization attacks, mass binary downloads (e.g., /nuts/poop) from C2s such as 51.81.104.115 and 5.255.121.141, and repeated exploitation of internet‑facing routers and Next.js servers #Rondo #NextJS
Arkanix Stealer is an actively developed credential‑theft malware family distributed via Discord and forums that exists in both Python and a paid C++ “Premium” edition and uses VMProtect obfuscation, AMSI/ETW bypasses, anti‑VM/debugging checks, ChromElevator process hollowing to defeat App‑Bound Encryption, and HTTP POST exfiltration to arkanix[.]pw. The operators host a gated control panel and expose infrastructure mistakes that reveal origin IPs used for C2 and hosting. #ArkanixStealer #ChromElevator
ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories
Cybersecurity is evolving with attackers blending into normal tech environments using sophisticated tactics like open-source tools, AI, and social engineering. The future of defense depends on increased awareness of these subtle and innovative threats. #Nezha #RokRAT…
ServiceNow is acquiring cybersecurity firm Armis for $7.75 billion to enhance its AI-native cybersecurity and vulnerability response capabilities. This strategic deal reflects ServiceNow’s efforts to stay competitive amid major acquisitions in the cybersecurity industry by companies like Google and Palo Alto Networks. #Armis #ServiceNow #Wiz #CyberArkSoftware #Moveworks…
ServiceNow plans to acquire cybersecurity firm Armis for $7.75 billion, significantly expanding its security and risk management capabilities. The deal also follows ServiceNow’s recent acquisition of Veza Security, strengthening its position in identity and asset security sectors. #Armis #ServiceNow #VezaSecurity #CybersecurityM&A…
Gambit Cyber, a Dutch startup, has raised $3.4 million to expand its AI-native threat management platform, KnightGuard. The platform helps organizations identify vulnerabilities in real time and automate security responses, focusing on high-priority risks. #KnightGuard #AIagents…
![Cybersecurity News | Daily Recap [19 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [19 Dec 2025]")
Daily Recap, major breaches impacted 27,000 University of Sydney records and about 113,000 VA patients, while UK NHS‑linked providers and other government intrusions highlighted a broad cross‑sector threat landscape. The roundup also notes ransomware takedowns like E‑Note, critical exploits from WatchGuard and Cisco AsyncOS, and campaigns such as Kimsuky’s DocSwap Android malware and North Korea–linked crypto theft, plus policy and industry responses shaping defenses. #Kimsuky #DocSwap #NKCryptoTheft #ENote #WatchGuard #CiscoAsyncOS
This article discusses a UEFI firmware vulnerability in motherboards from ASUS, Gigabyte, MSI, and ASRock that allows DMA attacks, potentially exposing system memory. The issue impacts security protections during early boot and affects systems running certain games like Valorant, with updates from vendors and Riot Games addressing the problem. #UEFIvulnerability #DMAattack #Valorant #Vanguard
A security vulnerability affects certain motherboard models from vendors like ASRock, ASUS, GIGABYTE, and MSI, allowing DMA attacks during the early boot phase due to a failure in configuring IOMMU properly. Patch updates are crucial to fix these issues and prevent potential memory access breaches by malicious peripherals. #ASRock #ASUS #GIGABYTE…