VulnHub

The RondoDox botnet has been identified exploiting a serious vulnerability known as React2Shell (CVE-2025-55182) to compromise Next.js servers. This flaw allows attackers to inject malware and cryptominers into systems that have not been properly secured. Organizations using Next.js frameworks are particularly at risk, as the botnet targets these servers directly. This incident underscores the necessity for companies to regularly update their software and apply security patches to prevent such attacks. The ongoing exploitation of this vulnerability poses significant risks to data integrity and can lead to unauthorized resource usage, impacting both performance and costs for affected users.

Users of the Trust Wallet Chrome extension have reported significant cryptocurrency losses after a malicious update was released on December 24. This compromised update allowed attackers to drain wallets, leading to millions in losses for affected individuals. In conjunction with this incident, researchers discovered a phishing domain set up by the hackers, further indicating a coordinated effort to exploit Trust Wallet users. The company has responded urgently, advising users to take precautions and remain vigilant to avoid further losses. This incident serves as a stark reminder of the risks associated with browser extensions and the importance of ensuring that software updates are legitimate and secure.

Fortinet has alerted users about the active exploitation of a five-year-old vulnerability in its FortiOS SSL VPN, identified as CVE-2020-12812. This flaw, which has a CVSS score of 5.2, involves improper authentication and is particularly dangerous under specific configurations. Researchers have recently observed this vulnerability being abused in real-world attacks, which means organizations using affected versions of FortiOS SSL VPN should take immediate action to secure their systems. The ongoing exploitation of such an outdated vulnerability underscores the need for companies to regularly update their security measures and ensure proper configuration to protect against potential attacks.

The FBI has reported an ongoing issue involving deepfake technology being used to impersonate U.S. government officials. This tactic has been traced back to 2023 and involves impersonators using realistic video or audio to deceive victims. The FBI has shared details about the specific methods and talking points these impersonators utilize to lure people into scams. This situation is concerning as it undermines trust in government communications and could potentially lead to financial losses or other harms for those targeted. As deepfake technology improves, it raises significant questions about verification and security in digital communications.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability, tracked as CVE-2025-59374, found in the Asus Live Update tool. This flaw acts as a backdoor that attackers can exploit, making it a significant concern for anyone using affected Asus devices. The vulnerability stems from a supply chain attack, meaning it was introduced during the software development process rather than through direct hacking. This situation puts users at risk, as the compromised update tool could allow unauthorized access to their systems. Asus users should take this warning seriously and ensure their devices are not vulnerable to exploitation.

This week’s ThreatsDay Bulletin reveals a variety of cybersecurity incidents where attackers are modifying existing tools and utilizing new tactics to exploit vulnerabilities. Notably, there are reports of WhatsApp accounts being hijacked, which can lead to unauthorized access to personal information and communications. Additionally, leaks related to Managed Cloud Providers (MCP) expose sensitive data, raising concerns for businesses relying on cloud services. Other activities involve advancements in AI reconnaissance techniques and the exploitation of the React2Shell vulnerability, which could impact numerous applications. As these tactics evolve, it’s crucial for users and organizations to stay vigilant and update their security measures to prevent potential breaches.

Apple has released security updates to address two vulnerabilities in WebKit, identified as CVE-2025-14174 and CVE-2025-43529, which are currently being exploited in the wild. The first vulnerability, CVE-2025-14174, was previously patched by Google for its Chrome desktop browser, but details were limited at that time. This flaw allows for out-of-bounds memory access, potentially enabling attackers to execute arbitrary code. Users of Apple devices, particularly those running Safari or any applications reliant on WebKit, should prioritize updating their systems to safeguard against these vulnerabilities. Ignoring these updates could leave devices exposed to active exploitation.

Apple has released emergency updates to address two zero-day vulnerabilities that were actively exploited in highly sophisticated attacks targeting specific individuals. These flaws could allow attackers to gain unauthorized access to devices, putting sensitive information at risk. Users of affected devices are urged to update their systems immediately to protect against potential exploitation. The vulnerabilities were significant enough to prompt Apple to act quickly, indicating the serious nature of these threats. This situation emphasizes the ongoing risk that zero-day vulnerabilities pose, particularly for individuals in sensitive positions.

A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.