VulnHub

Cybercriminals are exploiting complex routing and misconfigurations to spoof legitimate domains in phishing attacks. By masquerading as trusted internal sources, these attackers trick users into believing the emails are from their organization, increasing the likelihood of successful scams. This tactic can lead to unauthorized access to sensitive information and financial loss for businesses. Organizations need to be vigilant about their domain configurations and educate employees on recognizing such phishing attempts. The implications of these attacks are significant, as they can compromise entire networks if not addressed promptly.

Ledger has confirmed a data breach linked to its partner Global-e, which has resulted in the exposure of customer information. While sensitive data such as passwords and crypto recovery phrases were not compromised, users are now facing active phishing attempts that may target them using the leaked information. This incident raises concerns about the security of personal data in the cryptocurrency space and serves as a reminder for users to remain vigilant against phishing scams. Ledger is advising its customers to be cautious and verify any communications they receive that claim to be from the company or its partners. Staying alert is crucial as scammers may use this data to trick users into revealing more sensitive information.

Cybersecurity researchers at Securonix have reported a new campaign targeting the European hospitality sector, known as PHALT#BLYX. This campaign uses fake booking emails to trick hotel staff into clicking on links that lead to counterfeit blue screen of death (BSoD) error pages. By doing so, attackers aim to install a remote access trojan called DCRat on the victims' systems. This type of malware allows hackers to gain unauthorized access to sensitive information and control over the infected devices. The incident underscores the need for heightened vigilance among hotel employees regarding suspicious emails and links, as these tactics can lead to severe security breaches.

Email continues to be the main entry point for cyber attackers, with significant increases in various types of email threats. Malware delivered through email surged by over 130% year-over-year, while phishing scams rose by more than 20% and other scams increased by 30%. These alarming trends expose vulnerabilities across different industries, indicating that many security teams are still missing critical gaps in their defenses. As attackers increasingly exploit email for impersonation and account takeover, companies must reassess their email security strategies to better protect sensitive information and prevent breaches. The growing reliance on email as a communication tool makes it essential for organizations to prioritize security measures in this area.

Brightspeed is currently investigating a cyberattack attributed to the hacking group Crimson Collective, which has reportedly stolen personal information of more than 1 million customers. This breach raises serious concerns about the security of sensitive data, as the stolen information could potentially be used for identity theft or fraud. Brightspeed has not disclosed specific details about the data compromised or how the attackers gained access. The incident emphasizes the ongoing risks faced by telecom companies and their customers in the digital age. Users affected by the breach should be vigilant about potential phishing attempts and monitor their accounts for unusual activity.

The latest Security Affairs Malware newsletter outlines several concerning cybersecurity incidents. Notably, the Evasive Panda APT group has been reported to poison DNS requests to deploy MgBot, a type of malware. Additionally, there is a spear-phishing campaign that targets U.S. and allied manufacturing and healthcare organizations by exploiting vulnerabilities in the npm registry. Furthermore, details have emerged about a supply chain incident involving EmEditor, where information-stealing malware has been distributed. These incidents demonstrate the ongoing threat posed by sophisticated cyber actors, particularly in sectors critical to national security and public health.

Researchers have discovered a phishing campaign that leverages Google Cloud Application Integration to send emails that mimic legitimate messages from Google. This scheme uses a combination of trusted cloud services, user validation checks, and brand impersonation to trick users into believing the emails are authentic. The attackers aim to capture sensitive information by exploiting the trust associated with Google’s brand. This incident raises concerns for both individuals and organizations that rely on Google services, as it highlights the vulnerabilities in cloud-based email systems. Users are advised to be cautious and verify the authenticity of emails, especially those requesting sensitive data or actions.

The cybercriminal group known as Silver Fox has recently shifted its focus to Indian users, employing income tax-themed phishing emails to spread a remote access trojan called ValleyRAT. This malware is designed to give attackers remote control over infected systems. Researchers from CloudSEK, Prajwal Awasthi and Koushik Pal, noted that the attack utilizes a sophisticated method involving DLL hijacking to ensure the malware remains persistent on the target devices. Users in India should be particularly cautious of emails related to taxes, as they are being used as bait to deliver this malicious software. The rise in such targeted phishing campaigns emphasizes the need for increased awareness and cybersecurity measures among individuals and organizations.

Condé Nast has reported a significant data breach involving the personal information of 2.3 million subscribers from WIRED.com. The hacker, known as 'Lovely', posted the leaked data on December 20, 2025, on a hacking forum called Breach Stars. In addition to the WIRED records, the hacker claims to have access to data from up to 40 million more users associated with other Condé Nast brands. This breach raises serious concerns about the security of personal information held by major publishers and the potential for further exposure of sensitive data. Users affected by this incident may face risks such as identity theft and phishing attacks, emphasizing the need for vigilance in monitoring their accounts and personal information.

A hacker known as 'Lovely' has leaked personal data from over 2.3 million Wired.com accounts, claiming to have access to a larger trove of data that includes 40 million user records from Condé Nast, the parent company of Wired. This breach raises significant concerns for users who may have had their sensitive information exposed, including email addresses and potentially other personal details. The hacker shared the leaked data on a dark web forum, which poses serious risks for identity theft and phishing attacks. Companies like Condé Nast must take immediate action to investigate the claims and ensure the security of their systems to protect users. The incident serves as a reminder of the ongoing vulnerabilities that exist in the digital landscape and the need for robust security measures.

Users of the Trust Wallet Chrome extension have reported significant cryptocurrency losses after a malicious update was released on December 24. This compromised update allowed attackers to drain wallets, leading to millions in losses for affected individuals. In conjunction with this incident, researchers discovered a phishing domain set up by the hackers, further indicating a coordinated effort to exploit Trust Wallet users. The company has responded urgently, advising users to take precautions and remain vigilant to avoid further losses. This incident serves as a stark reminder of the risks associated with browser extensions and the importance of ensuring that software updates are legitimate and secure.

The Clop ransomware group has claimed responsibility for a significant data breach at the University of Phoenix, affecting approximately 3.5 million people. The breach reportedly exposed sensitive information, although the exact nature of the data compromised has not been detailed. This incident raises serious concerns about the security measures in place at educational institutions and the potential for misuse of the stolen data. Individuals affected by the breach may face risks such as identity theft or phishing attempts. As the investigation continues, it underscores the need for stronger cybersecurity protocols to protect personal information in higher education settings.

In 2025, ransomware attacks have shown a significant increase, with various industries facing heightened risks. The report outlines key statistics that reveal the evolving tactics used by attackers, including targeted assaults on critical infrastructure and healthcare systems. Companies are increasingly vulnerable as ransomware groups adapt, often deploying double extortion techniques that not only encrypt data but also threaten to leak sensitive information if ransoms are not paid. This trend poses serious implications for businesses, as the financial and reputational damage from such attacks can be substantial. Organizations are urged to bolster their cybersecurity measures and educate employees about phishing and other attack vectors to mitigate these risks.

Federal authorities have seized a password database linked to a large-scale bank account takeover scheme that targeted $28 million in funds. The attackers used phishing techniques to compromise bank accounts, putting numerous individuals and financial institutions at risk. This operation illustrates the ongoing threat posed by cybercriminals who exploit user credentials to access sensitive financial information. The seizure of the password database is a significant step in disrupting these criminal activities and protecting potential victims from further financial loss. As phishing remains a prevalent tactic, users must remain vigilant and practice safe online behaviors to safeguard their accounts.