Daily Digest

Critical Flaws "MongoBleed" and "React2Shell" Actively Exploited, Major Data Breaches and Ransomware Attacks Continue Year-End Surge

Critical Flaws "MongoBleed" and "React2Shell" Actively Exploited, Major Data Breaches and Ransomware Attacks Continue Year-End Surge

December 28, 2025
5 articles (4 new, 1 updated)
15 min read

Summary

This cybersecurity advisory for December 28, 2025, covers a series of critical threats, including the active exploitation of the "MongoBleed" (CVE-2025-14847) memory leak in MongoDB and the "React2Shell" (CVE-2025-55182) RCE vulnerability in the React framework. The period also saw major data breach disclosures from 700Credit and Baker University, affecting millions. Ransomware activity remains high, with attacks on Romanian critical infrastructure by "The Gentlemen" and a claimed breach of Chrysler by the Everest group. State-sponsored activity also features prominently with updated advisories on the BRICKSTORM backdoor and the re-emergence of Iran's "Prince of Persia" APT.

Filter by Category

New Articles (4)

Everest Ransomware Claims Breach of Chrysler, Threatens to Leak Over 1TB of Data

HIGH

Everest Ransomware Group Claims Major Data Theft from Automaker Chrysler, Including Salesforce Data

The Everest ransomware group has claimed responsibility for a significant data breach at the American automaker Chrysler. In a post on its dark web leak site on December 25, 2025, the group alleged it exfiltrated over 1 terabyte (TB) of data, including a "full database" of company operations and over 100 GB of Salesforce data covering 2021 to 2025. Chrysler has not yet confirmed the breach, but the claim represents a serious threat of data exposure for the major automotive manufacturer, following a common double-extortion tactic.

December 28, 2025
5 min read
EverestRansomwareChryslerData BreachAutomotive +2 more
Everest Ransomware Claims Breach of Chrysler, Threatens to Leak Over 1TB of Data
Ransomware
Data Breach
Cyberattack

Living Off the Cloud: Phishing Campaign Abuses Google Cloud Service to Bypass Security Filters

MEDIUM

Novel Phishing Campaign Leverages Google Cloud Application Integration to Send Malicious Emails from Legitimate Google Domain

A widespread and sophisticated phishing campaign is abusing Google Cloud's own Application Integration service to send malicious emails that appear to come from a legitimate Google address ("noreply-application-integration@google.com"). This technique allows the emails to bypass standard security filters like SPF and DMARC. The campaign, which sent nearly 9,400 emails in two weeks, impersonates routine notifications to trick users into clicking links that lead to credential harvesting pages, demonstrating how attackers are increasingly weaponizing trusted cloud platforms.

December 28, 2025
5 min read
PhishingGoogle CloudCloud SecurityEmail SecurityDMARC +2 more
Living Off the Cloud: Phishing Campaign Abuses Google Cloud Service to Bypass Security Filters
Phishing
Cloud Security
Cyberattack

Iran's "Prince of Persia" APT Returns with Upgraded Malware, Uses Telegram for C2

HIGH

Iranian APT "Prince of Persia" Re-emerges with New Variants of Tonnerre Backdoor Targeting Critical Infrastructure

The Iranian state-sponsored threat group "Prince of Persia" has resurfaced with multiple active malware campaigns, according to a new report from SafeBreach. The APT group is deploying new variants of its signature "Tonnerre" and "Foudre" backdoors. In a significant tactical evolution, one new variant, Tonnerre v50, now uses Telegram for command and control (C2) communications, replacing older protocols. The campaigns, which feature multiple Domain Generation Algorithms (DGAs), appear to be targeting critical infrastructure, indicating a patient and re-tooled adversary.

December 28, 2025
6 min read
Prince of PersiaAPTIranThreat ActorMalware +3 more
Iran's "Prince of Persia" APT Returns with Upgraded Malware, Uses Telegram for C2
Threat Actor
Malware
Industrial Control Systems

"Aisuru" Botnet Shatters Records with 29.7 Tbps DDoS Attack

CRITICAL

"Aisuru" Botnet-for-Hire Service Linked to Record-Breaking 29.7 Tbps DDoS Attack, Leveraging Millions of IoT Devices

A powerful botnet-for-hire service named "Aisuru" has emerged as a major global threat, responsible for a new record-breaking Distributed Denial-of-Service (DDoS) attack peaking at 29.7 Terabits per second (Tbps). The botnet, which leverages millions of compromised Internet of Things (IoT) devices and routers, has been linked to over 1,300 attacks in just three months. The industrial scale of the Aisuru service poses a severe risk to internet stability, with attacks impacting the gaming, telecommunications, and financial services sectors.

December 28, 2025
5 min read
DDoSBotnetAisuruIoT SecurityCyberattack +1 more
"Aisuru" Botnet Shatters Records with 29.7 Tbps DDoS Attack
Cyberattack
Malware
IoT Security

Updated Articles (1)

Baker University Discloses Year-Old Breach Affecting Over 53,000 Individuals

CRITICAL

Baker University Notifies 53,624 Individuals of 2024 Data Breach Exposing SSNs, Health, and Financial Data

Update:

The update provides a refined technical analysis of the Baker University breach, inferring different attacker TTPs including initial access via phishing (T1566.001), establishing persistence (T1136), network discovery (T1018), and data collection (T1074). It also introduces specific D3FEND techniques for detection, such as Process Analysis and Network Traffic Analysis, and MITRE mitigations like Network Segmentation (M1030) and Multi-factor Authentication (M1032). These details offer a fresh perspective on the attack chain and recommended defenses, complementing the existing report.

December 23, 2025
Updated: December 28, 2025
5 min read
university breachidentity theftsocial security numberhealth dataPII +2 more
Baker University Discloses Year-Old Breach Affecting Over 53,000 Individuals
Data Breach
Incident Response
Other

📢 Share This Publication

Help others stay informed about cybersecurity threats