VulnHub

The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a series of cyber attacks targeting Ukrainian defense forces using a malware called PLUGGYAPE. These attacks occurred between October and December 2025 and have been linked to a Russian hacking group known as Void Blizzard. This group, also referred to as Laundry Bear or UAC-0190, has been active for several years. The use of popular messaging platforms like Signal and WhatsApp suggests that attackers are exploiting familiar tools to deliver their malware, making detection and prevention more challenging. This incident raises concerns about the cybersecurity of military organizations, especially in conflict zones, where the integrity of communications is crucial.

In 2025, Taiwan experienced a significant increase in cyberattacks from China, with incidents targeting critical infrastructure such as energy utilities and hospitals rising by 6%. On average, Taiwan faced approximately 2.63 million cyberattacks each day. This uptick in activity poses serious risks to the nation's essential services and public safety. The ongoing assaults highlight the tense geopolitical climate and the vulnerabilities of Taiwan's digital infrastructure. As these attacks escalate, it becomes crucial for Taiwan to enhance its cybersecurity measures to protect against such threats.

AZ Monica hospital in Belgium has been hit by a cyberattack that led to the shutdown of all its servers. The attack forced the cancellation of scheduled medical procedures and required the transfer of critical patients to other facilities. The incident has raised concerns about the security of healthcare systems, especially as hospitals are increasingly targeted by cybercriminals. AZ Monica operates two campuses in Antwerp and Deurne, and the disruption could have significant implications for patient care and hospital operations. Authorities are investigating the attack to understand its impact and prevent future incidents.

From October to December 2025, Ukraine's Defense Forces were targeted by a malware campaign disguised as a charity initiative. The attackers deployed backdoor malware known as PluggyApe, which allowed them unauthorized access to sensitive systems. This incident raises concerns about the security of military communications and the potential for further cyberattacks against Ukraine amidst ongoing tensions. The use of a charity theme to lure victims highlights the evolving tactics of cybercriminals, making it crucial for organizations to remain vigilant. As the conflict continues, the implications of such attacks could extend beyond immediate data breaches, affecting national security and public trust.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a serious vulnerability in the open-source Git service Gogs to its Known Exploited Vulnerabilities catalog. This flaw, identified as CVE-2025-8110, is a path traversal issue that attackers are actively exploiting. Organizations using Gogs should be particularly vigilant, as this vulnerability allows unauthorized access to sensitive files on affected systems. The inclusion in CISA's catalog highlights the urgency for users to address this issue promptly, as it can lead to significant security breaches if not mitigated. Companies relying on Gogs for version control must prioritize patching this vulnerability to protect their data.

A recent security incident involves eight malicious npm packages masquerading as integrations for the n8n workflow automation platform. These packages have been used to steal OAuth tokens from developers, compromising their accounts and potentially exposing sensitive information. The attack exploits community nodes within the n8n ecosystem, indicating a significant supply chain risk. Developers who have installed these packages may be at risk, as their stolen OAuth tokens could grant attackers unauthorized access to their applications. This incident underscores the need for developers to be cautious about the packages they use and to regularly review their OAuth token security.

A new phishing campaign is targeting employees by exploiting their anxiety around performance reviews. The attackers are sending emails that impersonate management or HR, claiming to discuss performance evaluations scheduled for October 2025 and falsely hinting at potential layoffs. This tactic aims to create urgency and fear, prompting recipients to click on malicious links or download malware. Companies and employees need to be vigilant, as these scams can lead to data breaches or financial loss. The incident highlights the need for better cybersecurity awareness and training, especially during sensitive times like performance review periods.

AZ Monica, a hospital in Belgium, has had to shut down all its servers following a cyberattack that forced the cancellation of scheduled procedures and the transfer of critical patients. The incident raises serious concerns about the impact of cyber threats on healthcare facilities, which are often vulnerable targets. Hospitals rely heavily on their IT systems for patient care, and disruptions can lead to significant risks for patient safety and treatment continuity. This attack not only affects the immediate operations of AZ Monica but also serves as a reminder of the growing threats facing healthcare institutions worldwide. The situation is still developing as the hospital works to assess the damage and restore its systems.

Researchers have uncovered a significant web skimming campaign that has been stealing credit card information from online checkout pages since January 2022. This attack primarily targets major payment networks, including American Express, Mastercard, and UnionPay, affecting enterprise organizations that use these payment services. The skimming malware is designed to capture sensitive payment information as users enter it during online transactions. As a result, customers of these affected enterprises may be at risk of fraud and identity theft. It’s crucial for businesses to enhance their security measures and for users to monitor their financial statements for any suspicious activity.