CISA Warns of Actively Exploited 'MongoBleed' Flaw; Supply Chain Attacks Double in 2025 Amid Holiday Ransomware Surge

Malicious Chrome Extensions Impersonating AI Tools Steal AI Chat Histories and Browsing Data from Over 900,000 Users

A significant data theft campaign has been uncovered involving two malicious Google Chrome extensions that were installed by over 900,000 users. The extensions, which impersonated legitimate AI productivity tools, were designed to secretly capture and exfiltrate entire conversation histories from AI platforms like ChatGPT and DeepSeek. In addition to stealing potentially sensitive AI chat data, the malware also monitored all user browsing activity, sending the harvested information to an attacker-controlled command-and-control server at `deepaichats[.]com`. One of the extensions had even received a 'Featured' badge from Google, highlighting the challenge of policing browser extension marketplaces.

Chrome ExtensionMalwareData TheftChatGPTDeepSeek +2 more

900,000+ Users Compromised: Malicious Chrome Extensions Steal ChatGPT & DeepSeek Conversations

Malware

Data Breach

Phishing

DevMan Ransomware Group Claims Attack on U.S. Financial Firm Sharinc Inc.

DevMan Ransomware Group Targets U.S. Financial Sector, Claims Attack on Sharinc Inc.

The DevMan ransomware group has claimed responsibility for a cyberattack against Sharinc Inc., a U.S.-based financial organization. The claim was made on December 28, 2025, on the group's data leak site. The attackers have threatened to publish sensitive financial and customer data if their extortion demands are not met. This incident underscores the persistent and targeted threat that ransomware gangs pose to the financial services industry, which remains a high-value target due to the sensitive nature of the data it handles.

DevManRansomwareFinancial ServicesData LeakCyber Extortion +1 more

5 min read

Ransomware

Data Breach

Threat Actor

Software Supply Chain Attacks Doubled in 2025, Report Finds

MEDIUM

Software Supply Chain Attacks Hit Record Levels in 2025, Exposing Gaps in Enterprise Readiness

A year-end security analysis published on December 29, 2025, reveals that software supply chain attacks more than doubled globally in 2025, with associated losses projected to reach $60 billion. The report, from CleanStart, indicates that this has become a systemic risk, with over 70% of organizations experiencing a related security incident. Despite the surge, the report finds that enterprise readiness to combat these threats remains critically low, with most organizations unable to quickly identify compromised components within their software.

Supply ChainDevSecOpsSBOMCI/CDOpen Source Security +1 more

Supply Chain Attack

Policy and Compliance

Threat Intelligence

Microsoft and Adobe Release December Patches for Over 190 Vulnerabilities

CRITICAL

Microsoft and Adobe Patch Over 190 CVEs in Final 2025 Update, Including Actively Exploited Windows Zero-Day

In their final security updates for 2025, Microsoft and Adobe addressed a combined total of over 190 vulnerabilities on December 28. Microsoft's Patch Tuesday release fixed 56 flaws, including a critical zero-day privilege escalation vulnerability (CVE-2025-62221) in the Windows Cloud Files Mini Filter Driver that is being actively exploited. Adobe's release was even more extensive, remediating 139 CVEs across a range of products, including Adobe Reader and Experience Manager. Administrators are urged to apply these critical updates promptly to mitigate risks.

Patch TuesdayZero-DayMicrosoftAdobeVulnerability +1 more

Microsoft and Adobe Release December Patches for Over 190 Vulnerabilities

Patch Management

Vulnerability

Critical XSS Flaw in WordPress Plugin 'Invelity SPS connect' Disclosed

MEDIUM

Unpatched Reflected XSS Vulnerability (CVE-2025-68876) Disclosed in 'Invelity SPS connect' WordPress Plugin

A reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-68876, was disclosed on December 28, 2025, affecting the 'Invelity SPS connect' WordPress plugin. The flaw, which has a CVSS score of 7.1, can be exploited by unauthenticated attackers and impacts all versions up to and including 1.0.8. At the time of disclosure, no patch was available. An attacker could trick a user into clicking a malicious link to execute arbitrary JavaScript in their browser, potentially leading to session hijacking. Administrators are advised to disable the plugin immediately.

WordPressXSSVulnerabilityPluginUnpatched +1 more

Critical XSS Flaw in WordPress Plugin 'Invelity SPS connect' Disclosed

Vulnerability

Patch Management

Updated Articles (2)

Qilin Ransomware Gang Adds Business Services Firm B Dynamic to Leak Site

Updated: December 29, 2025

Qilin Ransomware Group Claims B Dynamic as New Victim in Ongoing Double-Extortion Campaign

Update:

The Qilin ransomware group, previously noted for targeting B Dynamic, has significantly escalated its activity. A post-holiday surge between December 26-28, 2025, saw Qilin and other gangs claim over 15 new victims, including the Canadian software company Questica and the major Thai petroleum refiner Bangchak Corporation. This highlights cybercriminals exploiting reduced holiday staffing and the group's willingness to target critical infrastructure. The overall ransomware landscape for 2025 has seen nearly 8,000 victims, a 50% increase, with Qilin being a primary driver of this record-breaking year.

December 1, 2025

5 min read

RansomwareQilinRaaSDouble ExtortionDark Web

Ransomware

Threat Actor

Cyberattack

Clop Ransomware Breaches Barts Health NHS Trust via Oracle Zero-Day

Updated: December 29, 2025

Clop Ransomware Exploits Oracle E-Business Suite Zero-Day to Steal Patient and Staff Data from Barts Health NHS Trust

Update:

The ongoing Clop ransomware campaign, which exploits a critical zero-day vulnerability in Oracle E-Business Suite, has claimed another victim: Korean Air. The airline announced on December 29, 2025, that a supply chain attack targeting its former subsidiary, KC&D Service, led to the compromise of approximately 30,000 employee records, including names and bank account numbers. The vulnerability has been identified as CVE-2025-61882, an unauthenticated remote code execution flaw with a CVSS score of 9.8 in the BI Publisher Integration component. This incident confirms the widespread nature of Clop's campaign, which is specifically targeting the aviation industry's supply chain, as evidenced by a similar attack on Asiana Airlines.

December 7, 2025