MongoBleed Exploit Unleashed, React2Shell Deadline Passes Amid Active Attacks, and Ransomware Strikes European Critical Infrastructure

Publication Date: December 27, 2025

Summary

In the period of December 26-27, 2025, the cybersecurity landscape was dominated by the release of a public exploit for the critical 'MongoBleed' vulnerability (CVE-2025-14847), triggering widespread scanning and placing tens of thousands of MongoDB databases at immediate risk. Concurrently, the CISA deadline passed for patching the 'React2Shell' flaw (CVE-2025-55182), which is already under active exploitation by state-sponsored actors. The holiday period saw targeted ransomware attacks, with the 'Gentlemen' group hitting a major Romanian energy producer and LockBit 5.0 claiming a breach of a Greek luxury hotel brand. Other significant events include the discovery of a critical RCE in the n8n automation platform, a supply chain attack on Trust Wallet leading to a $7 million theft, and a sophisticated DNS poisoning campaign by the China-linked 'Evasive Panda' APT.

Today New Articles

Critical RCE Flaw in n8n Puts 103,000+ Workflow Automation Servers at Risk

A critical remote code execution (RCE) vulnerability, CVE-2025-68613, with a CVSS score of 9.9, has been disclosed in the n8n workflow automation platform. The flaw affects over 103,000 publicly exposed instances. It allows an authenticated attacker with low-l...

LockBit 5.0 Ransomware Claims Attack on Greek Luxury Hotel Group EM Resorts

On December 26, 2025, the prolific LockBit 5.0 ransomware group claimed responsibility for a cyberattack against EM Resorts, a luxury hotel operator based in Crete, Greece. The group posted a notice on its dark web leak site, threatening to publish exfiltrated...

Typo in Windows Activation Script Leads to Cosmali Loader Malware Infection

A typosquatting campaign discovered on December 26, 2025, is targeting users of the popular Microsoft Activation Scripts (MAS) tool. Attackers registered the domain `get.activate[.]win`, a common misspelling of the legitimate domain. Users who mistype the comm...

Malicious Trust Wallet Chrome Extension Pushed via Leaked API Key, $7M Stolen

Trust Wallet confirmed on December 26, 2025, that a malicious version of its Chrome browser extension (v2.68) was published, leading to the theft of approximately $7 million in cryptocurrency from 2,596 wallet addresses. The attackers bypassed internal securit...

Debian Patches High-Severity SQL Injection Flaw in PgBouncer

On December 27, 2025, the Debian project released a security update for a high-severity SQL injection vulnerability, CVE-2025-12819, in PgBouncer, a widely used connection pooler for PostgreSQL. The flaw, which has a CVSS score of 8.1, allows an unauthenticate...