The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.
-
Honeypot Traps Hackers
Cybersecurity company Resecurity revealed that it deliberately lured threat actors who claimed to be associated with Scattered LAPSUS$ Hunters (SLH) into a trap, after the group claimed on Telegram that it had hacked the company and stolen internal and client data. The company said it set up a honeytrap account populated with fake data designed to resemble real-world business data and planted a fake account on an underground marketplace for compromised credentials after it uncovered a threat actor attempting to conduct malicious activity targeting its resources in November 2025 by probing various publicly facing services and applications. The threat actor is also said to have targeted one of its employees who had no sensitive data or privileged access. “This led to a successful login by the threat actor to one of the emulated applications containing synthetic data,” it said. “While the successful login could have enabled the actor to gain unauthorized access and commit a crime, it also provided us with strong proof of their activity. Between December 12 and December 24, the threat actor made over 188,000 requests attempting to dump synthetic data.” As of January 4, 2025, the group removed the post announcing the hack from their Telegram channel. Resecurity said the exercise also allowed them to identify the threat actor and link one of their active Gmail accounts to a U.S.-based phone number and a Yahoo account. Regardless of the setback, new findings from CYFIRMA indicate that the loose-knit collective has resurfaced with scaled-up recruitment activity, seeking initial access brokers, insider collaborators, and corporate credentials. “Chatroom discussions repeatedly reference legacy threat brands such as LizardSquad, though these mentions remain unverified and are likely part of an intimidation or reputation-inflation strategy rather than proof of a formal alliance,” it said.
-
Crypto Miner via GeoServer
Threat actors are exploiting a known flaw in GeoServer, CVE-2024-36401, to distribute an XMRig cryptocurrency miner by means of PowerShell commands. “Additionally, the same threat actor is also distributing a coin miner to WegLogic servers,” AhnLab said. “It appears that they are installing CoinMiner when they scan the systems exposed to the outside world and find vulnerable services.” Two other threat actors have also benefited from abusing the flaw to deliver the miner, AnyDesk for remote access, and a custom-made downloader malware dubbed “systemd” from an external server whose exact function remains unknown. “Threat actors are targeting environments where GeoServer is installed and are installing various coin miners,” the company said. “The threat actor can then use NetCat, which is installed together with the coin miner, to install other malware or steal information from the system.”
-
KEV Catalog Expansion
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, as the database grew to 1,484 software and hardware flaws at high risk of cyber attacks – an increase of about 20% from the previous year. In comparison, 187 vulnerabilities were added in 2023 and 185 in
Categories: News
Latest Posts
- Drones to Diplomas: Russia’s University Linked to $25M Essay Mill
- The Kimwolf Botnet is Stalking Your Local Network
- Who Benefited from the Aisuru and Kimwolf Botnets?
- Windows 11 PCs may fail to shut down after January update: Microsoft confirms
- Cisco Patches AsyncOS Zero-Day Exploited Since November 2025
