Holiday Havoc: 'MongoBleed' Exploit Unleashed, Chinese APTs Escalate Attacks, and Critical Infrastructure Hit by Ransomware
Summary
This cybersecurity brief for December 26, 2025, covers a series of critical holiday-timed incidents. A public exploit for 'MongoBleed' (CVE-2025-14847), a severe memory leak flaw in MongoDB, has been released and is under active attack. Multiple Chinese APT groups, including 'Evasive Panda', 'Silver Fox', and 'HoneyMyte', have launched sophisticated espionage campaigns using advanced techniques like DNS poisoning and kernel-mode rootkits. Concurrently, a ransomware attack by the 'Gentlemen' group struck a major Romanian energy producer, and CISA issued alerts for several critical vulnerabilities, underscoring a period of heightened threat activity.
Today New Articles
Evasive Panda APT Hijacks DNS to Deploy MgBot Backdoor in Multi-Country Espionage Campaign
A sophisticated, long-running cyber-espionage campaign by the China-linked threat actor 'Evasive Panda' (also known as Bronze Highland) has been detailed. Active between November 2022 and November 2024, the group targeted entities in Türkiye, China, and India....
Romanian Energy Giant Hit by 'Gentlemen' Ransomware in Holiday Attack
Romania's largest coal-based energy producer, Oltenia Energy Complex, was struck by the 'Gentlemen' ransomware group in a targeted attack on December 26, 2025. The incident disrupted key business applications, including ERP systems and corporate email, by encr...
Critical Flaws Under Fire: 'React2Shell' (CVSS 10.0) and Windows Zero-Day Actively Exploited
A December 26 security report highlights a convergence of critical vulnerabilities being actively exploited in the wild. Among them is 'React2Shell' (CVE-2025-55182), a CVSS 10.0 remote code execution flaw in React Server Components used to deploy cryptominers...
Christmas Day Barrage: Mass Exploit Campaign Hits Adobe ColdFusion Servers
A massive, coordinated exploitation campaign targeted Adobe ColdFusion servers, peaking on Christmas Day 2025. Security firm GreyNoise reported that a single threat actor, operating almost exclusively from Japan-based infrastructure, launched nearly 6,000 expl...
Critical Flaw in WHILL Wheelchairs Allows Remote Hijacking via Bluetooth
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for a critical vulnerability, CVE-2025-14346, in WHILL electric wheelchairs. The flaw, rated 9.8 on the CVSS scale, stems from a missing authentication mechanism over Bluet...
HoneyMyte APT (Mustang Panda) Deploys New Kernel-Mode Rootkit to Hide Backdoor
The Chinese cyber-espionage group HoneyMyte (also known as Mustang Panda) has significantly upgraded its toolkit by incorporating a kernel-mode rootkit, according to research from December 26, 2025. The rootkit is used to protect and conceal a new variant of i...
CISA Warns of Code Execution Flaw in WatchGuard Fireware OS
On December 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert for a vulnerability in WatchGuard's Fireware OS. The flaw could potentially allow an attacker to execute arbitrary code on an affected network security appli...
2025 in Review: Simple Errors, Not 0-Days, Caused Biggest Breaches
A year-end analysis of 2025's major data breaches reveals a recurring theme: fundamental security failures, not sophisticated zero-day exploits, were the primary cause. The report, published on December 26, 2025, highlights cloud security misconfigurations and...