Daily Digest

CISA Orders Emergency Patch for Actively Exploited 'MongoBleed' Flaw as Insider Threats and Supply Chain Attacks Rattle Industries

CISA Orders Emergency Patch for Actively Exploited 'MongoBleed' Flaw as Insider Threats and Supply Chain Attacks Rattle Industries

December 30, 2025
7 articles (5 new, 2 updated)
21 min read

Summary

This cybersecurity brief for December 30, 2025, covers a series of critical incidents. The most prominent is the active exploitation of 'MongoBleed' (CVE-2025-14847), a severe memory leak vulnerability in MongoDB, which prompted an emergency directive from CISA. Other major events include the disclosure of a 10.0 CVSS RCE flaw in SmarterMail (CVE-2025-52691), the guilty pleas of two cybersecurity insiders who deployed ALPHV/BlackCat ransomware, and a massive data breach at the University of Phoenix affecting nearly 3.5 million individuals due to a Clop ransomware attack exploiting an Oracle zero-day. These events highlight escalating threats from unpatched vulnerabilities, insider risks, and sophisticated ransomware operations.

Filter by Category

New Articles (5)

Maximum Severity RCE Flaw in SmarterMail Puts Mail Servers at Risk

CRITICAL

Critical Unauthenticated RCE Vulnerability (CVE-2025-52691) in SmarterMail Receives 10.0 CVSS Score

A critical, unauthenticated arbitrary file upload vulnerability in SmarterMail, tracked as CVE-2025-52691, has been disclosed, earning the maximum possible CVSS score of 10.0. The flaw allows a remote attacker to upload malicious files, such as a web shell, to any location on an affected server without needing credentials. This can lead to remote code execution (RCE), enabling a complete takeover of the mail server. The vulnerability affects SmarterMail builds 9406 and earlier. Although a patch was released in October 2025 (Build 9413), the public disclosure was delayed until late December. The Cyber Security Agency of Singapore (CSA) has issued an alert, urging administrators to update immediately due to the high risk of exploitation, especially for internet-facing mail servers.

December 30, 2025
5 min read
SmarterMailRCEArbitrary File UploadUnauthenticatedCVSS 10.0 +2 more
Maximum Severity RCE Flaw in SmarterMail Puts Mail Servers at Risk
Vulnerability
Cyberattack

Insider Threat: Cybersecurity Pros Plead Guilty to ALPHV/BlackCat Ransomware Attacks

HIGH

Two U.S. Cybersecurity Professionals Plead Guilty to Deploying ALPHV/BlackCat Ransomware Against American Companies

In a significant insider threat case, two American cybersecurity professionals, Ryan Goldberg and Kevin Martin, have pleaded guilty to conspiracy to commit extortion. The pair admitted to using their expert knowledge and access gained from their roles in incident response and ransomware negotiation to conduct ransomware attacks against U.S. companies using the ALPHV/BlackCat ransomware variant. Operating as affiliates for the Ransomware-as-a-Service (RaaS) group, they targeted organizations in the healthcare, engineering, and technology sectors, extorting $1.2 million in one case. The Department of Justice announced the pleas on December 30, 2025, highlighting the danger of trusted insiders turning to cybercrime. Both individuals face up to 20 years in prison.

December 30, 2025
5 min read
Insider ThreatALPHVBlackCatRansomwareExtortion +2 more
Insider Threat: Cybersecurity Pros Plead Guilty to ALPHV/BlackCat Ransomware Attacks
Threat Actor
Ransomware
Cyberattack

Rainbow Six Siege Hacked: Attackers Flood Game with $13M in Currency, Disrupting Economy

HIGH

Ubisoft's Rainbow Six Siege Suffers Major Breach; Hackers Distribute Billions in Premium Currency and Hijack Moderation Tools

Over the weekend of December 27-28, 2025, Ubisoft's popular online shooter, Rainbow Six Siege, was hit by a major security breach. Attackers infiltrated the game's backend systems, distributing approximately 2 billion 'R6 Credits'—the game's premium currency, valued at over $13 million—to every player. The hackers also took control of moderation systems, issuing random bans and unbans, causing widespread chaos. In response, Ubisoft was forced to take the game completely offline to perform a full data rollback. While unconfirmed, some hacker groups have claimed responsibility, alleging they used the recently disclosed 'MongoBleed' exploit to gain access and may have stolen over 900GB of development data.

December 30, 2025
6 min read
UbisoftRainbow Six SiegeGamingCyberattackIn-Game Economy +2 more
Rainbow Six Siege Hacked: Attackers Flood Game with $13M in Currency, Disrupting Economy
Cyberattack
Data Breach
Threat Intelligence

Fallout from 2022 LastPass Breach Continues: Over $35M in Crypto Stolen

HIGH

LastPass 2022 Breach: Stolen Vaults Lead to $35 Million in Cryptocurrency Theft Through 2025

The 2022 data breach at password manager LastPass is continuing to enable widespread financial theft, with researchers tracing over $35 million in stolen cryptocurrency to the incident. A report by blockchain intelligence firm TRM Labs reveals that threat actors are systematically cracking the encrypted password vaults stolen in the breach, with thefts observed as recently as October 2025. By brute-forcing weak master passwords, attackers gain access to stored crypto private keys and seed phrases. The stolen funds are being laundered through a sophisticated network involving privacy mixers and high-risk Russian exchanges, pointing to an organized cybercriminal operation. This long-tail exploitation highlights the severe and prolonged risks associated with password manager breaches.

December 30, 2025
6 min read
LastPassData BreachCryptocurrencyPassword ManagerBrute Force +2 more
Fallout from 2022 LastPass Breach Continues: Over $35M in Crypto Stolen
Data Breach
Threat Actor
Malware

Hacker Leaks 2.3M WIRED Subscriber Records, Threatens 40M More from Condé Nast

HIGH

WIRED Magazine Suffers Data Leak of 2.3 Million Subscribers; Hacker Blames Ignored Vulnerability Reports

A threat actor named 'Lovely' has leaked a database containing over 2.3 million records of WIRED magazine subscribers on a hacking forum. The leaked data includes email addresses, internal IDs, and in some cases, full names, phone numbers, and physical addresses. The hacker claims the leak is retaliation against WIRED's parent company, Condé Nast, for ignoring vulnerability disclosure reports for a month. 'Lovely' has threatened to release a much larger dataset of 40 million records from other Condé Nast brands like The New Yorker and Vogue. The data, which has been added to Have I Been Pwned, appears to have been exfiltrated by exploiting web application vulnerabilities such as IDOR or broken access control.

December 30, 2025
5 min read
Data LeakHackerWIREDCondé NastVulnerability Disclosure +2 more
Hacker Leaks 2.3M WIRED Subscriber Records, Threatens 40M More from Condé Nast
Data Breach
Threat Actor
Vulnerability

Updated Articles (2)

Cl0p Implicated in Oracle Zero-Day Attacks, Breaching UPenn and University of Phoenix

HIGH

Universities of Pennsylvania and Phoenix Disclose Data Breaches After Oracle E-Business Suite Zero-Day Exploitation, Cl0p Ransomware Gang Suspected

Update:

The University of Phoenix has confirmed its data breach, previously reported as affecting an unspecified large number, now impacts 3,489,274 individuals. The attack, attributed to the Clop gang, exploited CVE-2025-61882 in Oracle E-Business Suite between August 13-22, 2025. Compromised data includes highly sensitive information such as Social Security numbers and bank account details. The breach went undetected for three months until November 2025, significantly increasing the severity and scope of the incident.

December 8, 2025
Updated: December 30, 2025
5 min read
Cl0pData BreachZero-DayOracleOracle E-Business Suite +3 more
Cl0p Implicated in Oracle Zero-Day Attacks, Breaching UPenn and University of Phoenix
Data Breach
Threat Actor
Vulnerability

Hyperjacking: Ransomware Attacks on Hypervisors Skyrocket by 700%

HIGH

Hypervisor Ransomware Attacks Surge Over 700%, Akira Gang Leads the Charge

Update:

The RansomHouse group (Jolly Scorpius) has upgraded its capabilities, deploying a new ransomware variant named 'Mario' with a sophisticated dual-key encryption scheme. This makes data recovery significantly harder without paying the ransom. RansomHouse continues its double-extortion model and frequently targets VMware ESXi hypervisors, reinforcing the trend of hypervisor-focused attacks. This evolution increases the overall threat level and complexity for defenders.

December 10, 2025
Updated: December 30, 2025
6 min read
RansomwareAkiraHypervisorVMwareESXi +2 more
Hyperjacking: Ransomware Attacks on Hypervisors Skyrocket by 700%
Ransomware
Cyberattack
Threat Actor

📢 Share This Publication

Help others stay informed about cybersecurity threats