![\"Weekly](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrlyxi5CiR5jY-vAJtPcjpGz_L8q6_hbThbQ6ZRXd0HLNpNxG4_KNwle_7EXt_ecUGABpDmjxO2bLwLPfjUmWKfTwuP0Lh910lNr4TE6q2MAm44XQzS2k0b9RJTr1aA74Q_aNkz9frFFNZjlGuafhIChvMiOpQhzD7OfEpXZZhh_GRntRLqmRtmsdrW1NX/s790-rw-e365/recap.jpg\" "\\"Weekly")
Last week\’s cyber news in 2025 was characterized by a series of small incidents rather than one major event. There was a common theme of attackers moving faster than security fixes, resulting in ongoing threats and vulnerabilities. This recap brings together the key stories from the cybersecurity landscape at the end of 2025.
One significant threat highlighted in this recap is the exploitation of a newly disclosed MongoDB vulnerability (CVE-2025-14847) dubbed MongoBleed, which allows attackers to remotely leak sensitive data from MongoDB servers. Users are urged to update to secure versions to prevent exploitation.
Other notable news includes a hack on the Trust Wallet Chrome extension leading to a $7 million loss, a sophisticated DNS poisoning attack by the Evasive Panda group to deploy the MgBot malware, and the exploitation of encrypted vault backups from the 2022 LastPass data breach to steal cryptocurrency assets.
Furthermore, warnings were issued by Fortinet about renewed exploitation of a five-year-old security flaw in FortiOS SSL VPN, the discovery of a fake WhatsApp API npm package that intercepts messages, and the presence of a new MSIL loader named BlackHawk in the wild.
The recap also delves into the discovery of a new Android spyware campaign called LANDFALL, the deployment of spyware ResidentBat on journalists’ phones in Belarus, and the sentencing of a Russian scientist to 21 years for treason.
Additionally, the report reveals how China leverages U.S.-funded research for military gain, the increase in malicious actors using the DIG AI tool for illicit activities, and the seizure of cryptocurrency assets by the U.S. from a Chinese firm.
Finally, the recap highlights upcoming cybersecurity webinars and tools like GhidraGPT and Chameleon for enhanced security measures, emphasizing the importance of responsible use and compliance with laws.
As 2025 draws to a close, these stories underscore the evolving nature of cyber threats and the critical need for vigilance and proactive security measures in the digital landscape.
Disclaimer: The tools mentioned are intended for educational and research purposes only. Users are advised to exercise caution, adhere to ethical guidelines, and comply with legal regulations when utilizing these tools.
