VulnHub

Step Finance reported a significant security breach resulting in the theft of $40 million worth of cryptocurrency. The incident occurred after hackers compromised the devices of several executives within the company. This breach raises concerns about the security of sensitive information and the potential vulnerability of key personnel in organizations handling digital assets. The theft not only affects Step Finance but also highlights the risks associated with managing cryptocurrencies, especially in terms of device security. As digital assets continue to grow in popularity, companies must prioritize securing their executives' devices to prevent future breaches.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in SolarWinds Web Help Desk that is currently being exploited in active attacks. This flaw poses a risk to federal agencies, which have been instructed to apply necessary patches within three days to mitigate potential damage. The urgency of the situation underscores the importance of maintaining up-to-date systems, especially for organizations that rely on SolarWinds products. If left unaddressed, this vulnerability could lead to unauthorized access and compromise sensitive data, affecting not just government agencies but potentially their partners and clients as well. The situation is a reminder for all users of SolarWinds software to remain vigilant and ensure their systems are secure.

CrossCurve, a decentralized finance platform, recently lost $3 million due to an exploit in its smart contract. Attackers took advantage of a vulnerability in the ReceiverAxelar contract, which was missing an essential validation check. This flaw allowed them to manipulate transactions undetected, leading to significant financial loss. The incident raises concerns about the security of smart contracts within the DeFi space, where similar vulnerabilities can have widespread implications for users and investors. As decentralized finance continues to grow, ensuring the security of such contracts is crucial to maintaining trust in these platforms.

Hackers have been exploiting a serious vulnerability in the React Native CLI, identified as CVE-2025-11953, to execute remote commands and deploy stealthy Rust-based malware. This flaw arises from the React Native CLI's Metro server, which, by default, binds to external interfaces, making it susceptible to unauthorized access. This exploitation occurred weeks before the vulnerability was publicly disclosed, indicating that attackers are actively targeting this weakness. Users of React Native should be particularly vigilant, as the impact could extend to various applications built on this framework. Prompt action is necessary to secure affected systems and prevent further malicious activities.

A newly discovered vulnerability in React Native has been exploited in the wild, allowing attackers to disable security protections and deliver malware to affected devices. This flaw, which was previously thought to be a theoretical risk, has now raised alarms among developers and users of applications built with React Native. The impact of this vulnerability can be significant, as it compromises the integrity and security of applications, potentially affecting millions of users. Developers are urged to take immediate action to secure their applications and protect user data from malicious exploitation.

A serious security vulnerability, identified as CVE-2025-11953 and nicknamed Metro4Shell, has been discovered in the Metro Development Server, which is part of the '@react-native-community/cli' npm package. This flaw, rated 9.8 on the CVSS scale, allows remote attackers to execute arbitrary code without authentication. Researchers from VulnCheck first detected active exploitation of this vulnerability on December 21, 2025. This poses a significant risk for developers and organizations using this package, as it could lead to unauthorized control over their systems. Users of the affected npm package need to take immediate action to protect their applications.

Ukraine's Computer Emergency Response Team (CERT) has reported that Russian hackers are taking advantage of a newly patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This flaw affects multiple versions of the software, which could leave users open to various cyberattacks. The exploitation of this vulnerability is concerning, especially as Microsoft Office is widely used in both personal and professional settings. Users and organizations are urged to ensure that their systems are updated with the latest security patches to mitigate the risk of being targeted. The situation underscores the need for vigilance in maintaining software security, especially with ongoing geopolitical tensions.

A new wave of automated data extortion attacks is targeting exposed MongoDB instances. Cybercriminals are scanning for these unsecured databases and demanding low ransoms from their owners to restore access to the data. This trend raises concerns for businesses and individuals who may not have secured their databases properly, leaving them vulnerable to these attacks. The attackers exploit the lack of security measures in place, making it crucial for database administrators to implement proper configurations and safeguards. Without these protections, organizations risk losing important data and facing financial repercussions from ransom demands.

Last week, Microsoft addressed a serious vulnerability in its Office software, which was being actively exploited by attackers. This zero-day flaw could allow unauthorized access to user systems, putting sensitive information at risk. Users of Microsoft Office should ensure they install the latest updates to protect themselves from potential attacks. Additionally, Fortinet released patches for a flaw in its FortiCloud single sign-on (SSO) service, which could have allowed unauthorized access to user accounts. Organizations using FortiCloud should prioritize applying these updates to safeguard their systems from exploitation.

Ivanti has revealed two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities are currently being exploited in zero-day attacks, meaning attackers have already taken advantage of them before any fix was made available. Organizations using EPMM are at risk, as these flaws could allow unauthorized access to sensitive mobile device management functions. The situation is urgent, as the vulnerabilities are actively being exploited in the wild, which could lead to data breaches or unauthorized control over managed devices. Users and companies are advised to monitor for updates and take immediate action to secure their systems.