VulnHub

Email continues to be the main entry point for cyber attackers, with significant increases in various types of email threats. Malware delivered through email surged by over 130% year-over-year, while phishing scams rose by more than 20% and other scams increased by 30%. These alarming trends expose vulnerabilities across different industries, indicating that many security teams are still missing critical gaps in their defenses. As attackers increasingly exploit email for impersonation and account takeover, companies must reassess their email security strategies to better protect sensitive information and prevent breaches. The growing reliance on email as a communication tool makes it essential for organizations to prioritize security measures in this area.

A threat actor named Zestix has reportedly stolen corporate data from numerous companies after breaching their cloud file-sharing services, specifically ShareFile, Nextcloud, and OwnCloud. This attack highlights the vulnerabilities present in these platforms, which are widely used for storing and sharing sensitive business information. Companies that rely on these services should be particularly vigilant, as the stolen data is being offered for sale on dark web forums. The incident raises concerns about the security measures in place for protecting corporate data in cloud environments. Organizations are urged to review their security protocols and consider additional protections to safeguard against similar attacks.

A new social engineering attack called ClickFix is targeting the hospitality industry in Europe by using fake Windows Blue Screen of Death (BSOD) screens. This scheme tricks users into believing their systems have crashed, prompting them to manually compile and run malicious software. The attackers are specifically focusing on employees in hotels and related businesses, making this a significant threat to sensitive customer data and operational continuity. Companies in this sector need to raise awareness among staff and implement training to recognize such scams. The use of a familiar error screen is particularly deceptive, as it plays on users' fears of system failures, leading them to take harmful actions without realizing the risks.

A serious security flaw known as 'MongoBleed' has been identified in MongoDB servers, allowing attackers who are not authenticated to access sensitive information like passwords and tokens. This vulnerability is currently being exploited in the wild, raising significant concerns for organizations using MongoDB. The issue stems from a memory leak that can be exploited by attackers to extract confidential data directly from the servers. Companies running affected versions of MongoDB should prioritize patching their systems to mitigate the risk of unauthorized data access. Given the potential for serious data breaches, immediate action is essential for any organization relying on MongoDB for data storage.

A group of hackers known as UAC-0184, believed to be aligned with Russia, has been targeting Ukrainian military and government organizations by using the Viber messaging app. They are sending malicious ZIP files that likely contain malware designed for espionage. According to the 360 Threat Intelligence Center, these activities have been ongoing and are part of a broader strategy to gather intelligence on Ukraine's military operations. This incident highlights the ongoing cyber warfare between Russia and Ukraine, emphasizing the need for heightened security measures within government and military communications. As the conflict continues, the use of widely used messaging platforms for cyber attacks poses significant risks to sensitive information.

Brightspeed is currently investigating a cyberattack attributed to the hacking group Crimson Collective, which has reportedly stolen personal information of more than 1 million customers. This breach raises serious concerns about the security of sensitive data, as the stolen information could potentially be used for identity theft or fraud. Brightspeed has not disclosed specific details about the data compromised or how the attackers gained access. The incident emphasizes the ongoing risks faced by telecom companies and their customers in the digital age. Users affected by the breach should be vigilant about potential phishing attempts and monitor their accounts for unusual activity.

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by 20% in 2025, now listing a total of 1,484 vulnerabilities. Among these, 24 new vulnerabilities have been identified as being actively exploited by ransomware groups. This expansion is significant as it highlights the ongoing risk posed by these vulnerabilities to various software and hardware systems. Organizations that rely on affected products need to take immediate action to secure their systems, as these vulnerabilities can lead to severe security breaches if left unaddressed. The increase in vulnerabilities also reflects the evolving tactics of cybercriminals, making it crucial for companies to stay informed and proactive in their cybersecurity efforts.

The Kimwolf Android botnet has expanded significantly, now comprising around 2 million devices. This botnet primarily targets residential proxy networks, allowing its operators to profit through various means, including launching Distributed Denial of Service (DDoS) attacks, installing applications without user consent, and selling proxy bandwidth. The growth of this botnet poses serious risks to users, as it can lead to unauthorized use of their devices and potential data breaches. It also raises concerns for internet service providers and businesses that may be targeted by DDoS attacks. The situation highlights the ongoing challenges in securing IoT devices and the need for users to be vigilant about their device security.

The article discusses ongoing cyber espionage activities by China and Russia targeting the United States' critical infrastructure and government networks. China is reportedly stealing sensitive information and embedding tools into key systems, allowing for future leverage against the U.S. Similarly, Russia is ramping up its operations to test the resilience of American infrastructure. This situation poses significant risks not only to national security but also to the integrity of essential services that millions of people rely on. Experts emphasize the urgent need for stronger cybersecurity measures to protect against these persistent threats.