Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-14847, nicknamed MongoBleed, is a high-severity (CVSS 7.5–8.7) unauthenticated information disclosure vulnerability in MongoDB Server. It allows remote attackers to leak uninitialized heap memory containing sensitive data—such as credentials, API keys, session tokens, and PII—without authentication. Exploitation occurs pre-authentication via malformed zlib-compressed network packets on port 27017.

In the quiet corners of the darknet, threat actors aren’t always looking for a way to break through your front door. Instead, they’re hunting for the “side door”—the niche cloud provider you use for analytics, the marketing firm with access to your customer data, or the logistics partner with a direct line into your ERP. As we move into 2026, Third-Party Risk Management(TPRM) has evolved from a periodic compliance exercise into a high-stakes game of digital chess.

Remote Access Trojans (RATs) continue to be one of the most actively traded malware categories across dark web forums. Their appeal lies in flexibility: a single framework can support espionage, credential theft, ransomware staging, or long-term persistence. Recently our team Identified a dark web actor advertised a tool called“noobsaiBOT”, claiming it to be a fully custom, stealth- focused RAT with source code included, priced at$20,000 and offered as a one-time exclusive sale.

The cybersecurity landscape isn’t just shifting; it’s undergoing a radical metamorphosis. As we look toward 2026, the era of the “script kiddie” is officially over. Today, we face sophisticated AI-driven syndicates and automated botnets that probe vulnerabilities at machine speed. For modern enterprises, the question has shifted from“if” an attack will happen to“how much” of your D igital footprint is already sitting on a dark web forum.

Forget the old-school spreadsheets. In the Agentic Era, a cybersecurity risk assessment is no longer a “once-a-year” event you do for the auditors. It is now a living, breathing strategy of Continuous Exposure Management (CEM). Think of it as a high-tech health check for your company’s digital life. It identifies where you’re bleeding data, who’s trying to cut you, and how to build a digital immune system that fights back.

Remote Access Trojans (RATs) continue to be one of the most actively traded malware categories across dark web forums. Their appeal lies in flexibility: a single framework can support espionage, credential theft, ransomware staging, or long-term persistence. Recently our team Identified a dark web actor advertised a tool called“noobsaiBOT”, claiming it to be a fully custom, stealth-focused RAT with source code included, priced at$20,000 and offered as a one-time exclusive sale.

During routine threat research and monitoring of Chinese-language underground distribution channels, our team identified a malicious RAR archive. Specifically, this archive abuses a critical WinRAR directory traversal vulnerability to achieve arbitrary file write and persistence on Windows systems. To accomplish this, the archive leverages a combination of NTFS Alternate Data Streams (ADS) and directory traversal logic.

The digital threats facing critical infrastructure—from energy grids and water treatment plants to hospitals and financial systems—are no longer theoretical. Nation-state actors and organized cybercrime are relentlessly targeting these essential services. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded with the updated Cybersecurity Performance Goals (CPG) 2.0, moving the industry beyond simple compliance toward verifiable cybersecurity resilience.

On December 3, 2025, CVE-2025-55182, a critical remote code execution (RCE) vulnerability in React Server Components (RSC), dubbed “React2Shell.” This flaw, carrying a maximum CVSS v3.1 score of 10.0 (Attack Vector: Network; Attack Complexity: Low; Privileges Required: None; User Interaction: None; Scope: Unchanged; Confidentiality/Integrity/Availability: High), stems from unsafe deserialization in the RSC “Flight” protocol.

Stealc, an information-stealing malware operating as Malware-as-a-Service (MaaS), has emerged as a potent tool in the cybercriminal arsenal since its debut in early 2023. Advertised on Russian-speaking underground forums. Established stealers such as Vidar, Raccoon, Mars, and RedLine, offering customizable data exfiltration for browsers, cryptocurrency wallets, and applications. Its non-resident design minimizes footprints, enabling stealthy theft of credentials, cookies, autofill data, and files.

The Mirai botnet, first unleashed in 2016, continues to evolve into increasingly sophisticated variants, posing severe risks to the Internet of Things(IoT) ecosystem. This report examines the Jackskid Botnet—a newly identified Mirai derivative—characterized by its aggressive propagation via zero-day exploits and brute-force attacks, resulting in daily active bot IPs surpassing 40,000 as of late November 2025.

In the digital age, where a smartphone holds the keys to our lives—messages, photos, locations, secrets—few threats loom as insidiously as Pegasus. Developed by Israel’s NSO Group, this zero-click spyware doesn’t need you to tap a link or download a file. Instead, it slips in silently via a missed iMessage, a WhatsApp call you ignore, or a system notification you never see.

The software supply chain has come under assault once again with the resurgence of the Shai-Hulud npm worm—now significantly more advanced, more destructive, and far more widespread. Consequently, what is quickly being described as one of the most serious active threats to the npm ecosystem, the second wave of the Shai-Hulud campaign has compromised at least 600 npm packages, collectively downloaded more than 100 million times. One of the most alarming aspects of this campaign is its origin point.