Critical Flaws in MongoDB & Medical Devices, alongside Major Supply Chain Breaches at Trust Wallet and Korean Air
Summary
This cybersecurity brief for December 31, 2025, covers a series of high-impact events, including the discovery of critical vulnerabilities in widely used technologies and significant data breaches stemming from supply chain compromises. Key incidents include 'MongoBleed,' a critical memory disclosure flaw in MongoDB, and a remote-hijacking vulnerability in WHILL electric wheelchairs. Supply chain attacks resulted in an $8.5 million theft from Trust Wallet users and the exposure of 30,000 Korean Air employee records. Additionally, a new malicious AI tool, 'DIG AI,' has emerged on the dark web, designed to automate cybercrime, and former cybersecurity professionals have pleaded guilty to conducting ransomware attacks, highlighting a severe insider threat.
Today New Articles
European Space Agency Probes Breach; Hacker Claims 200GB of Data for Sale
The European Space Agency (ESA) is investigating a security incident after a threat actor, using the alias "888," claimed to have breached its systems and stolen 200GB of data. The agency confirmed the breach was limited to external servers used for unclassifi...
Critical RCE in Xspeeder SXZOS Allows Unauthenticated Root Access
A critical remote code execution (RCE) vulnerability, CVE-2025-54322, has been discovered in Xspeeder SXZOS networking appliances. The flaw allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges. The vulnerability exists i...
Petco Data Breach Exposes Customer SSNs and Financial Info Due to Misconfiguration
Pet product retailer Petco has disclosed a data breach caused by a software misconfiguration that left highly sensitive customer files accessible on the internet. The exposed data includes full names, Social Security numbers, driver's license numbers, and fina...
Article Updates
2025: The Year Cybersecurity 'Crossed the AI Rubicon'
Update:A new fine-tuned Large Language Model (LLM) named 'DIG AI' has been discovered for sale on the dark web. This tool is explicitly designed to assist in cybercrime by generating malicious code, phishing kits, and ransomware, operating without the safety restrict...
Malicious Trust Wallet Chrome Extension Pushed via Leaked API Key, $7M Stolen
Update:Trust Wallet has released a post-mortem analysis of the Chrome extension supply chain attack, now dubbed 'Shai-Hulud'. The total financial impact has increased to $8.5 million. The company confirmed that the critical Chrome Web Store API key was compromised af...
Clop Ransomware Hits Korean Air in Supply Chain Attack, Exploiting Oracle Zero-Day
Update:A new report on the Korean Air data breach, affecting 30,000 employees via its subsidiary KC&D, provides further details on the supply chain attack. Unlike previous reports, this article does not attribute the incident to the Clop ransomware group or the explo...