Critical Flaws in MongoDB &amp; Medical Devices, alongside Major Supply Chain Breaches at Trust Wallet and Korean Air

data breachspace securityesacyber espionagesource code leak

Hacker "888" Claims Theft of 200GB of Unclassified Data from European Space Agency External Servers

The European Space Agency (ESA) is investigating a security incident after a threat actor, using the alias "888," claimed to have breached its systems and stolen 200GB of data. The agency confirmed the breach was limited to external servers used for unclassified collaborative engineering work and that its primary corporate network remains secure. The hacker is attempting to sell the stolen data, which reportedly includes source code, project documentation, and API keys, on a cybercrime forum, raising concerns about potential intelligence gathering and future supply chain attacks.

December 31, 2025

6 min read

European Space Agency Probes Breach; Hacker Claims 200GB of Data for Sale

Cyberattack

Threat Actor

Critical RCE in Xspeeder SXZOS Allows Unauthenticated Root Access

CRITICAL

Unauthenticated RCE Vulnerability (CVE-2025-54322) in Xspeeder SXZOS Allows Root-Level Command Execution

A critical remote code execution (RCE) vulnerability, CVE-2025-54322, has been discovered in Xspeeder SXZOS networking appliances. The flaw allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges. The vulnerability exists in the '/vLogin' API endpoint, which improperly processes base64-encoded Python payloads, leading to complete device compromise. Administrators are urged to patch immediately due to the ease of exploitation and the severity of the flaw.

December 31, 2025

rcevulnerabilityunauthenticatedroot accessnetwork security +1 more

Critical RCE in Xspeeder SXZOS Allows Unauthenticated Root Access

Vulnerability

Patch Management

Petco Data Breach Exposes Customer SSNs and Financial Info Due to Misconfiguration

Petco Discloses Data Breach Due to Software Misconfiguration Exposing Sensitive Customer PII

Pet product retailer Petco has disclosed a data breach caused by a software misconfiguration that left highly sensitive customer files accessible on the internet. The exposed data includes full names, Social Security numbers, driver's license numbers, and financial account details, including credit and debit card numbers. The company discovered the issue internally and has since corrected the misconfiguration. Filings with state attorneys general indicate at least 500 California residents are affected, with an unknown number of victims in other states.

December 31, 2025

data breachmisconfigurationcloud securitypiissn +1 more

Cloud Security

Regulatory

Updated Articles (3)

Malicious Trust Wallet Chrome Extension Pushed via Leaked API Key, $7M Stolen

Updated: December 31, 2025

Trust Wallet Confirms Supply Chain Breach Led to $7 Million Cryptocurrency Theft via Malicious Chrome Extension

Update:

Trust Wallet has released a post-mortem analysis of the Chrome extension supply chain attack, now dubbed 'Shai-Hulud'. The total financial impact has increased to $8.5 million. The company confirmed that the critical Chrome Web Store API key was compromised after threat actors accessed a developer's GitHub secrets. This allowed the attackers to bypass internal security and directly upload the malicious extension. The detailed analysis provides a clearer picture of the initial compromise vector and the full extent of the financial losses, emphasizing the role of unsecured credentials in the attack.

December 27, 2025

Trust WalletSupply Chain AttackCryptocurrencyChrome ExtensionMalware +1 more

Malicious Trust Wallet Chrome Extension Pushed via Leaked API Key, $7M Stolen

Supply Chain Attack

Malware

Updated: December 31, 2025

2025: The Year Cybersecurity 'Crossed the AI Rubicon'

INFORMATIONAL

Analysis: 2025 Marks a Paradigm Shift as AI Redefines Cyberattacks and Defense

Update:

A new fine-tuned Large Language Model (LLM) named 'DIG AI' has been discovered for sale on the dark web. This tool is explicitly designed to assist in cybercrime by generating malicious code, phishing kits, and ransomware, operating without the safety restrictions of commercial models. Available via a subscription model, DIG AI significantly lowers the technical barrier for less-skilled threat actors, enabling them to create custom malware and orchestrate complex attacks with simple natural language prompts. This development represents a critical, real-world manifestation of the 'AI Rubicon' being crossed in offensive cyber, increasing the volume and sophistication of potential attacks.

December 14, 2025

4 min read

AIartificial intelligencegenerative AILLMthreat landscape +2 more

2025: The Year Cybersecurity 'Crossed the AI Rubicon'

Threat Intelligence

Other

Clop Ransomware Hits Korean Air in Supply Chain Attack, Exploiting Oracle Zero-Day

Updated: December 31, 2025

Korean Air Discloses Employee Data Breach After Supply Chain Attack on Subsidiary; Clop Ransomware and Oracle Zero-Day (CVE-2025-61882) Implicated

Update:

A new report on the Korean Air data breach, affecting 30,000 employees via its subsidiary KC&D, provides further details on the supply chain attack. Unlike previous reports, this article does not attribute the incident to the Clop ransomware group or the exploitation of an Oracle E-Business Suite zero-day (CVE-2025-61882). Instead, it highlights general supply chain attack vectors such as trusted relationship exploitation (T1199), valid accounts (T1078), and potential phishing (T1566) as likely initial access methods. The report emphasizes the exfiltration of sensitive PII, including names and bank account numbers, and the critical need for robust third-party risk management. The specific threat actor and initial access vector remain undisclosed in this new account.

December 29, 2025

ClopRansomwareSupply Chain AttackKorean AirOracle +3 more

Supply Chain Attack

Ransomware