Listen to this Post
The digital world never rests, and neither do cybercriminals. Every week brings a fresh wave of hacks, malware campaigns, and security vulnerabilities that can threaten businesses, governments, and everyday users. From sophisticated state-sponsored attacks to the re-emergence of classic hacking tactics, the cybersecurity landscape is evolving faster than most can keep up. This week’s roundup reveals the clever tricks, overlooked risks, and high-stakes exploits that are shaping the threat environment—and why staying vigilant is no longer optional.
Honeypot Traps Hackers
Cybersecurity firm Resecurity exposed a fascinating case of counter-hacking. After being targeted by a group claiming affiliation with Scattered LAPSUS$ Hunters (SLH), Resecurity set up a honeytrap filled with fake corporate data. Over a two-week period, the attackers made more than 188,000 attempts to extract the synthetic information, revealing their tactics and digital footprints. By tracing one Gmail account to a U.S. phone number and a Yahoo account, Resecurity gained actionable intelligence on the threat actor. Meanwhile, the loosely connected SLH collective continues recruiting insiders and credential brokers, often inflating their reputation by invoking historic hacker brands like LizardSquad.
Crypto Miner Exploits GeoServer Vulnerabilities
Attackers are exploiting CVE-2024-36401 in GeoServer to deploy XMRig cryptocurrency miners via PowerShell. AhnLab reported that vulnerable servers, including WegLogic systems, are being targeted for additional malware installation, including AnyDesk and custom loaders like “systemd.” NetCat is also being deployed alongside miners to enable broader exploitation, illustrating the increasing sophistication of cryptocurrency-based attacks.
KEV Catalog Expands Dramatically
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, bringing the total to 1,484 high-risk flaws. This 20% annual increase highlights the persistent threat landscape, with Microsoft, Apple, Cisco, and other major vendors among the most affected. Notably, the oldest vulnerabilities—dating back to 2002—are still actively exploited, underscoring how unpatched legacy systems remain a lucrative target.
AI Copyright Dispute Intensifies
OpenAI faces pressure to release 20 million anonymized ChatGPT logs in a landmark copyright case filed by major news publishers. The suit alleges that copyrighted material was used in AI training without consent, while OpenAI maintains fair-use defenses and emphasizes privacy safeguards. The legal battle brings AI training practices under the spotlight, potentially reshaping the intersection of artificial intelligence and intellectual property law.
Surge in Attacks Targeting Taiwan
Taiwan experienced a tenfold increase in cyberattacks on its energy sector in 2025, reportedly from Chinese state-linked actors. The National Security Bureau recorded over 960 million intrusion attempts across nine critical sectors, including healthcare, finance, and transportation. Attackers exploited both technical vulnerabilities and strategic targeting of industrial control systems, reflecting highly integrated cyberwarfare capabilities.
Microsoft Suspends Exchange Rate Limit Plans
Microsoft delayed enforcement of its Exchange Online external recipient limit, originally intended to combat bulk spam. The 2,000-recipient cap per 24 hours will remain unimplemented for the foreseeable future, leaving organizations reliant on other security measures to prevent email abuse.
Stalkerware Founder Pleads Guilty
Bryan Fleming, founder of pcTattletale, admitted guilt for running spy software that covertly monitored users, including spouses and hotel bookings. The breach exposed over 138,000 users, marking a rare U.S. criminal prosecution of stalkerware operators.
RustFS Hardcoded Token Vulnerability
RustFS revealed a severe flaw in its gRPC authentication, stemming from a hardcoded static token with universal validity. Exploitable by anyone with network access, the vulnerability could allow full system control, from data deletion to cluster reconfiguration. A patch was released in version 1.0.0-alpha.78.
pkr_mtsi Malware Loader Targets Windows Users
The pkr_mtsi loader, employed in malvertising campaigns, distributes trojanized installers for software like PuTTY, Rufus, and Microsoft Teams. Its flexibility enables deployment of multiple malware families, illustrating the ongoing evolution of malware-as-a-service ecosystems.
Open WebUI RCE Risk
A critical vulnerability in Open WebUI could allow attackers to take over user accounts through malicious AI model servers. By exploiting Direct Connections and browser trust flaws, attackers could gain full access to chats, documents, and API keys, highlighting the growing risks of integrating AI systems into user environments.
MuddyWater Expands Iranian Cyber Operations
The MuddyWater group is increasingly using custom backdoors such as Phoenix and UDPGangster for targeted phishing campaigns. By disguising attacks as PDFs or DOC files with macro code, the group demonstrates an adaptive approach that minimizes reliance on ready-made remote management tools.
Multi-Factor Authentication Alert for ownCloud
ownCloud warned users about Zestix attacks exploiting missing MFA. Threat actors accessed corporate file-sharing portals using stolen credentials, selling the information on darknet forums. This reinforces the vital role of multi-factor authentication in defending against straightforward but effective attacks.
GravityRAT Cross-Platform RAT Analysis
GravityRAT, a multi-platform remote access trojan, continues targeting organizations globally. With advanced anti-analysis features and modular architecture, it can harvest sensitive data on Android and Windows systems, emphasizing persistent threats from long-running malware campaigns.
Prince Group Scam Kingpin Arrested
Chen Zhi, leader of the Prince Group, was extradited from Cambodia to China for orchestrating large-scale online scams, including crypto fraud and forced-labor operations. UNODC estimates $18–37 billion lost globally in 2023 due to such networks, which continue to evolve despite international crackdowns.
Phishing-as-a-Service Tools Double
The use of phishing-as-a-service kits surged in 2025, with 90% of high-volume campaigns leveraging these tools. Advanced features include MFA bypass, QR-code attacks, and obfuscated URLs, making even novice attackers capable of sophisticated social engineering schemes.
Zed IDE Security Flaws
Two high-severity vulnerabilities in Zed IDE could allow arbitrary code execution via malicious source code repositories. Patches were issued in November 2025, emphasizing the need for developers to maintain vigilance over the security of their development environments.
What Undercode Says:
Rapid Evolution of Threat Tactics
The events of this week underline how cyber threats continuously adapt. From state-backed attacks on Taiwan to DIY malware campaigns like GravityRAT and pkr_mtsi, attackers are exploiting both technical flaws and human errors. Small oversights, such as missing MFA or outdated software, are increasingly catastrophic.
Financially Motivated Cybercrime
The surge in phishing kits, crypto miners, and the Prince Group scam operation underscores the growing financial incentives driving cybercrime. Attackers are leveraging automation, malware loaders, and social engineering to monetize stolen data at unprecedented scales.
The Role of AI and Automation
AI systems like Open WebUI and ChatGPT, while transformative, are introducing novel attack surfaces. Vulnerabilities in AI integration and copyright disputes highlight the double-edged nature of AI deployment, where innovation creates new risks alongside benefits.
State-Sponsored and Geopolitical Threats
The sharp increase in cyberattacks targeting Taiwan illustrates the modern cyber battlefield’s intersection with national security. Integrated military-cyber campaigns now exploit both technological weaknesses and critical infrastructure, signaling a higher level of sophistication than typical cybercrime.
Importance of Proactive Security Measures
Honeypots, patches, and MFA serve as frontline defenses. Organizations must adopt a proactive posture, regularly auditing systems, monitoring logs, and simulating attacks to anticipate threats rather than merely reacting to breaches.
Legacy Systems as a Weak Link
The addition of decades-old vulnerabilities to the KEV catalog proves that legacy systems remain prime targets. Organizations relying on outdated infrastructure are effectively inviting attacks. Regular updates and decommissioning obsolete systems are critical.
Malware Sophistication and Modularity
The evolution of loaders like pkr_mtsi and RATs like GravityRAT shows attackers increasingly rely on modular, multi-stage frameworks. This trend makes malware more resilient, adaptive, and harder to trace, requiring advanced detection techniques beyond signature-based antivirus solutions.
Multi-Factor Authentication as a Critical Barrier
The ownCloud and Zestix incidents highlight that even simple defenses like MFA can drastically reduce attack surfaces. Security hygiene, user training, and policy enforcement remain low-cost, high-impact measures in a world of increasingly complex threats.
🔍 Fact Checker Results
✅ Resecurity honeytrap story and SLH activity are corroborated by multiple cybersecurity reports.
✅ CISA’s KEV catalog statistics match publicly available federal data.
❌ No evidence found that OpenAI deliberately deleted ChatGPT logs to avoid litigation; this remains an allegation in the court case.
📊 Prediction
Expect continued growth in multi-stage malware attacks and phishing-as-a-service kits, with AI-targeted vulnerabilities emerging as the next major battleground. Financially motivated cybercrime will likely merge further with geopolitical campaigns, exploiting both human and system weaknesses. Organizations that ignore MFA, patching, or employee training will face the most significant risk, while proactive threat hunting and honeytrap simulations may become industry standard in 2026.
If you want, I can also create a visually engaging infographic summarizing all the attacks, vulnerabilities, and threats mentioned in this article for easier consumption by readers. This could increase shareability and impact. Do you want me to do that?
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: thehackernews.com
Extra Source Hub (Possible Sources for article):
https://www.instagram.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
