VulnHub

Cybernews has reported that fake cryptocurrency wallet applications are targeting Linux users, specifically those pretending to be popular wallets like Exodus, Trust Wallet, and Ledger Live. These malicious apps are available in the Canonical Snap Store and have been designed to steal cryptocurrency from unsuspecting users. This situation poses a significant risk for Linux users who may believe they are downloading legitimate software when in fact they are exposing themselves to malware. Users are advised to be cautious when downloading apps and to verify the authenticity of the software they use for managing their cryptocurrency. The increase in such scams highlights the ongoing dangers in the crypto space, especially for those using less traditional operating systems like Linux.

A significant data breach has surfaced, revealing that 149 million login credentials from popular platforms such as Roblox, TikTok, Netflix, and various crypto wallets have been exposed online in plain text. This incident raises serious concerns for users of these services, as attackers could easily exploit these credentials for unauthorized access. The discovery of these credentials emphasizes the ongoing risks associated with poor security practices, such as weak passwords and lack of two-factor authentication. Companies must take immediate action to secure their systems and encourage users to change their passwords and enable additional security measures. As the digital landscape continues to evolve, incidents like this serve as a stark reminder of the importance of safeguarding personal information.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of four vulnerabilities affecting enterprise software. These vulnerabilities impact products from Versa and Zimbra, as well as the Vite frontend tooling framework and the Prettier code formatter. Organizations using these tools are at risk as attackers are actively exploiting these flaws, which could lead to unauthorized access or data breaches. It's crucial for affected companies to address these vulnerabilities promptly to protect their systems and sensitive information. CISA's alert serves as a reminder of the ongoing security challenges in enterprise environments.

The Osiris ransomware, which emerged in November, is raising concerns among cybersecurity experts due to its advanced techniques that suggest the involvement of experienced attackers. This ransomware targets various organizations, encrypting their data and demanding a ransom for its release. The sophistication of Osiris indicates that it could pose a significant risk to businesses that might not have robust security measures in place. As ransomware continues to evolve, companies must be vigilant and proactive in their cybersecurity strategies to defend against such threats. Understanding the tactics used by Osiris can help organizations better prepare for potential attacks and minimize their impact.

Cyber Centaurs, a digital forensics firm, discovered critical attacker infrastructure while investigating a ransomware incident involving a U.S. client. This operational security lapse allowed the firm to recover data that the attackers had encrypted. The incident serves as a reminder of the vulnerabilities that organizations face when dealing with ransomware, particularly if they fail to maintain strict security protocols. Companies should take this case as a warning to enhance their cybersecurity measures, as ransomware attacks can have devastating consequences for both data integrity and business operations. The recovery of the data also raises questions about the methods used by attackers and the potential for further exploitation of the exposed infrastructure.

In 2025, various hacktivist groups such as Z-Pentest, Dark Engine, and Sector 16 ramped up their attacks on critical infrastructure, specifically targeting industrial control systems (ICS), operational technology (OT), and Human Machine Interface (HMI) environments. These attacks pose significant risks as they can disrupt essential services that rely on these systems, including utilities and manufacturing processes. By focusing on ICS and OT, these groups are not just seeking to cause chaos but are also likely aiming to draw attention to specific political or social issues. This increase in activity highlights the vulnerabilities in these crucial sectors and raises concerns about the potential for more severe consequences if these systems are compromised. Companies and organizations that manage such infrastructure need to bolster their cybersecurity defenses to prevent potential disruptions.

Two Venezuelan nationals have been convicted for their involvement in an ATM jackpotting scheme that resulted in the theft of hundreds of thousands of dollars from U.S. banks. Federal prosecutors in South Carolina announced that after serving their prison sentences, the men will be deported back to Venezuela. Jackpotting refers to a method where criminals use malware to manipulate ATMs, causing them to dispense cash without proper authorization. This case highlights the ongoing risks of ATM fraud and the challenges law enforcement faces in addressing cybercrime that crosses international borders. The actions of these individuals not only impacted financial institutions but also posed risks to consumers and the integrity of banking systems in the U.S.

Two Venezuelan nationals are facing deportation after being implicated in a multi-state ATM jackpotting scheme. Authorities reported that both suspects were in the United States illegally and used sophisticated techniques to manipulate ATMs, allowing them to withdraw large sums of cash unlawfully. This type of attack, known as jackpotting, targets ATMs and involves exploiting vulnerabilities in the machines' software or hardware. The incident raises concerns about the security of ATM systems and highlights the ongoing challenges law enforcement faces in combating financial crimes. As these types of schemes become more prevalent, financial institutions may need to enhance their security measures to protect against similar attacks in the future.

Hackers are actively exploiting a serious vulnerability in the GNU InetUtils telnetd server that has been around for 11 years. This flaw allows attackers to bypass authentication and gain root access, which poses a significant risk to systems still using this service. Organizations that rely on telnetd are at risk of unauthorized access, potentially leading to data breaches or system compromise. Security experts are urging affected users to address this vulnerability immediately to prevent exploitation. Given the age of the flaw, many systems might still be running unpatched versions, making them easy targets for attackers.

Researchers at Intruder have discovered that AI-generated code can create hidden security vulnerabilities when teams place too much trust in automated outputs. They set up an AI-written honeypot, a decoy system designed to lure attackers, only to find that it contained subtle flaws that were eventually exploited in real attacks. This incident highlights the risks of relying solely on AI for coding without thorough human oversight. Companies and developers need to be cautious and verify AI-generated code to prevent these kinds of vulnerabilities from being introduced into their systems. The findings serve as a reminder that while AI can enhance efficiency, it can also introduce risks that must be managed carefully.