VulnHub

Hackers are exploiting a serious vulnerability in older D-Link DSL routers, identified as CVE-2026-0625. This flaw allows attackers to execute commands remotely, potentially compromising users' devices and networks. The vulnerability has a high severity score of 9.3, which indicates that it poses a significant risk. Users of legacy D-Link DSL routers need to be aware of this issue as it could lead to unauthorized access and control over their internet-connected devices. As attackers actively exploit this flaw, it is crucial for affected users to take immediate action to protect their systems.

A serious security vulnerability has been identified in legacy D-Link DSL gateway routers, specifically affecting the 'dnscfg.cgi' endpoint. This flaw, known as CVE-2026-0625, has a high severity score of 9.3 and allows unauthenticated remote attackers to execute commands through improper handling of user-provided DNS configuration inputs. Current reports indicate that this vulnerability is actively being exploited in the wild, putting users of these older routers at risk. It is crucial for individuals and organizations using these devices to be aware of the potential for unauthorized access and control. The situation underscores the need for users to assess their network security and consider upgrading their hardware to mitigate these risks.

Taiwan's National Security Bureau has reported a significant increase in cyberattacks from China targeting its energy sector, with incidents rising tenfold in 2025 compared to the previous year. This surge in attacks raises serious concerns about the security of Taiwan's critical infrastructure, particularly as tensions between the two nations continue to escalate. The energy sector is vital for maintaining the country's operations, and disruptions could have widespread implications for both the economy and public safety. Taiwan's government is likely to enhance its cybersecurity measures to protect against these aggressive tactics. This situation highlights the ongoing cyber conflict in the region and the need for robust defenses against state-sponsored threats.

Email continues to be the main entry point for cyber attackers, with significant increases in various types of email threats. Malware delivered through email surged by over 130% year-over-year, while phishing scams rose by more than 20% and other scams increased by 30%. These alarming trends expose vulnerabilities across different industries, indicating that many security teams are still missing critical gaps in their defenses. As attackers increasingly exploit email for impersonation and account takeover, companies must reassess their email security strategies to better protect sensitive information and prevent breaches. The growing reliance on email as a communication tool makes it essential for organizations to prioritize security measures in this area.

A serious security flaw known as 'MongoBleed' has been identified in MongoDB servers, allowing attackers who are not authenticated to access sensitive information like passwords and tokens. This vulnerability is currently being exploited in the wild, raising significant concerns for organizations using MongoDB. The issue stems from a memory leak that can be exploited by attackers to extract confidential data directly from the servers. Companies running affected versions of MongoDB should prioritize patching their systems to mitigate the risk of unauthorized data access. Given the potential for serious data breaches, immediate action is essential for any organization relying on MongoDB for data storage.

The article discusses ongoing cyber espionage activities by China and Russia targeting the United States' critical infrastructure and government networks. China is reportedly stealing sensitive information and embedding tools into key systems, allowing for future leverage against the U.S. Similarly, Russia is ramping up its operations to test the resilience of American infrastructure. This situation poses significant risks not only to national security but also to the integrity of essential services that millions of people rely on. Experts emphasize the urgent need for stronger cybersecurity measures to protect against these persistent threats.

Resecurity recently caught a group known as ShinyHunters, also referred to as Scattered Lapsus$ Hunters, using decoy accounts to target various sectors including airlines, telecommunications, and law enforcement in September 2025. This detection took place through a honeypot operation, where fake accounts were set up to lure attackers. The activities of ShinyHunters are concerning as they indicate a growing trend of sophisticated cyber attacks aimed at critical industries. The group is known for stealing sensitive data and selling it on the dark web, which poses significant risks to both organizations and individuals. Resecurity's findings emphasize the need for enhanced cybersecurity measures across these sectors to prevent future breaches.

The latest Security Affairs Malware newsletter outlines several concerning cybersecurity incidents. Notably, the Evasive Panda APT group has been reported to poison DNS requests to deploy MgBot, a type of malware. Additionally, there is a spear-phishing campaign that targets U.S. and allied manufacturing and healthcare organizations by exploiting vulnerabilities in the npm registry. Furthermore, details have emerged about a supply chain incident involving EmEditor, where information-stealing malware has been distributed. These incidents demonstrate the ongoing threat posed by sophisticated cyber actors, particularly in sectors critical to national security and public health.