2025 cyber recap: React2Shell hit CVSS 10.0, the first AI attack emerged, but only 23% paid ransoms. Law enforcement seized $320M across 20 operations. 2025 pushed cybersecurity to its limits. Our analysis covers top data breaches, critical vulnerabilities, and what 2026 demands.

Read More: https://www.security.land/2025-cybersecurity-year-in-review/

#SecurityLand #News #YearInReview #Cybersecurity #InfoSec #ThreatIntelligence #Ransomware #AI #DataBreach #CyberDefense #CISO #SecurityVulnerability #LawEnforcement #LEA #Government

A high-severity flaw known as MongoBleed (CVE-2025-14847) is currently being exploited in the wild.

The scale is significant:

🔍 Wiz researchers have confirmed active exploitation.
📊 Data from Shodan and Censys reveals between 87,000 and 100,000 potentially vulnerable MongoDB instances.

Read More: https://www.security.land/mongobleed-alert-cve-2025-14847-exploited-in-the-wild/

#SecurityLand #CyberSecurity #InfoSec #MongoDB #MongoBleed #DatabaseSecurity #Wiz #Shodan #Censys #CloudSecurity

A five-month spearphishing operation discovered by Socket has transformed the npm registry into a durable hosting layer for AiTM credential theft, specifically targeting sales teams in the manufacturing and healthcare industries.

Read More: https://www.security.land/npm-registry-weaponized-in-spearphishing-campaign-against-critical-infrastructure/

#SecurityLand #Cybersecurity #Research #NPM #Phishing #CriticalInfrastructure #AiTM #Spearphishing #Dev

Nissan Motor Co. confirms a data breach affecting 21,000 customers in Japan following a security incident at third-party vendor Red Hat. No financial data was stolen.

Read More: https://www.security.land/nissan-japan-data-breach-affects-21-000-fukuoka-customers/

#SecurityLand #Cybersecurity #DataBreach #RedHat #Nissan #Japan #CrimsonCollective #ThreatActor

Switzerland's Federal Council has analyzed AI's growing influence on cybersecurity, revealing how it boosts both attacks and defenses while updating the National Cyberstrategy for better transparency. This report highlights risks like AI-powered phishing and deepfakes, alongside opportunities for faster threat detection.

Read More: https://www.security.land/swiss-government-assesses-ais-role-in-bolstering-and-threatening-cybersecurity/

#SecurityLand #News #Cybersecurity #AI #Switzerland #DigitalDefense #NationalSecurity

While the industry focused on securing the endpoint, the ground shifted. New data from Huntress and the Cloud Security Alliance confirms a staggering trend.

In our latest feature, we break down the "Inside-Out" Problem—the technical paradox where virtualization isolation actually shields attackers from guest-level security agents.

👇 READ THE FULL ANALYSIS: https://www.security.land/the-foundation-is-cracking-why-the-hypervisor-is-the-final-frontier-of-stealth-attacks/

#SecurityLand #ExpertDecode #CyberSecurity #Infosec #CloudSecurity #Huntress #Ransomware #Virtualization

How many of your dependencies have you actually audited lately?

ReversingLabs uncovered a 4-month campaign where attackers published 14 malicious packages on NuGet, all targeting cryptocurrency developers. These weren't sloppy hacks—they were sophisticated impersonations of legitimate blockchain tools like Nethereum and Coinbase.Net.Api.

#SecurityLand #CyberWatch #Malware #Blockchain #Crypto #Nethereum #Research

Read More: https://www.security.land/crypto-theft-campaign-exploits-nuget-packages-for-months/

The Koi Security research team is on a roll this week.

After exposing the GhostPoster campaign that hid malware in Firefox extension logos, they've now uncovered something that should concern every developer using npm: a WhatsApp API package with 56,000 downloads that steals everything passing through it.

#SecurityLand #CyberWatch #NPM #WhatsApp #API #MaliciousPackage #Koi

Read More: https://www.security.land/whatsapp-stealing-malware-lurked-in-npm-package-with-56-000-downloads/

The Handala group claims to have identified 14 Israeli engineers working on military drone programs—and placed $30,000 bounties on each of them. Israeli security sources haven't verified the breach, but this represents a troubling shift: from targeting infrastructure to targeting individuals with financial incentives for real-world harm.

#SecurityLand #GeoSphere #Cybersecurity #Cybercrime #Israel #Iran #Handala #ThreatActor #Infosec

Read More: https://www.security.land/iranian-hacking-group-puts-30-000-bounties-on-israeli-defense-engineers/

The NCS Guide 2025 is here, and it finally solves the funding gap. With a new 6-phase lifecycle and a mandate for Quantum/AI foresight, this is the definitive playbook for digital sovereignty.

#SecurityLand #BusinessShield #Government #Cybersecurity #AI #Quantum #DigitalSovereignty #NCSGuide #NCS2025

Read More: https://www.security.land/ncs-guide-2025-3rd-edition-analysis/

A sophisticated threat actor with possible links to Russian hybrid-threat groups impersonated Trend Micro security advisories to target defense contractors, energy companies, and cybersecurity firms.

#SecurityLand #ThreatHorizon #APT #TrendMicro #ShadowVoid042 #Cybercrime #SpearPhishing

Read More: https://www.security.land/shadow-void-042-cybercriminals-fake-security-alerts/

Analysis of CVE-2025-14733, a critical WatchGuard Firebox security vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations.

#SecurityLand #CyberWatch #ZeroDay #Watchguard #SecurityVulnerability #Firewall #CVE

Read More: https://www.security.land/watchguard-cve-2025-14733-critical-vulnerability-analysis/

Chinese threat actor UAT-9686 has been compromising Cisco email security systems since late November with a custom backdoor called AquaShell. Organizations should immediately check Cisco Talos advisories for indicators and remediation guidance.

#SecurityLand #ThreatHorizon #Cisco #UAT9686 #EmailSecurity #APT #China

Read More: https://www.security.land/uat-9686-chinese-apt-cisco-email-gateway-attack/

Zscaler ThreatLabz documents BlindEagle APT's sophisticated attack on Colombian government infrastructure using steganography, compromised email accounts, and dual malware deployment (Caminho + DCRat). The September 2025 campaign demonstrates evolved tradecraft including Discord CDN abuse and fileless execution chains.

#SecurityLand #ThreatHorizon #Zscaler #BlindEagle #Colombia #Government #Ecuador #APT #RAT #Malware

Read More: https://www.security.land/blindeagle-colombian-government-caminho-dcrat-attack/

Security researchers from Koi have uncovered 17 malicious Firefox extensions hiding multi-stage malware inside PNG logo files, affecting 50,000+ users. The sophisticated steganography-based campaign strips browser security protections and enables remote code execution while evading detection through probabilistic activation and delayed payloads.

#SecurityLand #ThreatHorizon #Steganography #Malware #PNG #BrowserSecurity #Cybersecurity

Read More: https://www.security.land/firefox-extensions-png-steganography-malware-ghostposter/

Australian Strategic Policy Institute research reveals how Chinese vision-language models systematically embed political censorship across multiple architectural layers. Testing of Qwen, Ernie, GLM, and DeepSeek shows 70%+ refusal rates for sensitive topics via certain providers, with language-dependent filtering that reshapes historical narratives.

#SecurityLand #GeoSphere #ASPI #Research #Australia #China #AI #LLM #Qwen #DeepSeek

Read More: https://www.security.land/china-ai-surveillance-censorship-aspi-report/

The challenge of evolving cyber threats demands constant skill improvement. JSAC2026, hosted by JPCERT/CC in Tokyo (Jan 22-23), is the premier technical exchange for security analysts. Featuring deep-dives from Cisco Talos & Unit 42 on new MitM frameworks, Phishing-as-a-Service, and attributing complex APT campaigns.

#SecurityLand #News #Event #Cybersecurity #ThreatIntelligence #IncidentResponse #JSAC2026 #JPCERT #APT #MiTM

Read More: https://www.security.land/jsac2026-cybersecurity-conference-tokyo/

New research from ISC2 reveals a critical shift in cybersecurity workforce challenges. Their 2025 Cybersecurity Workforce Study surveyed 16,029 professionals globally and found that 88% of organizations experienced security incidents directly caused by skills deficits in the past year.

#SecurityLand #News #Research #ISC2 #Cybersecurity #Workforce #Study #SecurityIncident #CybersecurityJobs

Read More: https://www.security.land/isc2-2025-workforce-study-skills-shortages/

New infrastructure analysis from Censys reveals how the pro-Russian hacktivist group NoName057(16) maintains DDoSia operations through rapid server rotation. Monitoring since mid-2025 shows an average of 6 control servers active simultaneously, but with a mean lifespan of only 2.53 days.

#SecurityLand #ThreatHorizon #Research #Censys #DDoSia #DDoS #DDoSAttack #NoName057 #Ukraine #Russia #Hacktivism

Read More: https://www.security.land/ddosia-infrastructure-censys-research-noname057/

A closer look at the Medusa ransomware group’s latest operations, including their evolving tactics and high-profile targets. Understand the current threat landscape and what defenders need to watch for.

#SecurityLand #BreachBreakdown #Ransomware #Medusa #RansomwareGroup #Cybercrime #Cybersecurity

Read More: https://www.security.land/inside-medusa-ransomware-tactics-targets-and-trends-in-recent-operations/