December 2025 - Page 3 of 41 -

APT36’s Sophisticated LNK Malware Campaign Targeting Indian Government Entities

Latest Cyber Attack

CyberDefenderDecember 31, 2025December 31, 20259 mins0

A highly targeted and technically advanced malware campaign has been identified targeting Indian government and strategic institutions.…

U.S. Treasury Removes Sanctions on Three Figures Tied to Predator Spyware

Latest Cyber Attack

CyberDefenderDecember 31, 2025December 31, 20253 mins0

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has removed three individuals from…

New Spear-Phishing Wave Hits Israeli Security Professionals

Latest Cyber Attack

CyberDefenderDecember 31, 2025December 31, 20254 mins0

A targeted spear-phishing attack campaign is actively being observed, focused specifically on individuals in security, defense, and…

Inside the ESA Breach: How External Servers Became the Weak Link in Europe’s Space Infrastructure

Cyber Threat Intelligence

AegironDecember 30, 2025December 30, 20259 mins0

Executive Summary The European Space Agency confirmed that it experienced a cybersecurity breach affecting a small number…

The Kill Switch Phase: How Attackers Disable EDR—and How to Catch Them in Time

Cyber Threat Intelligence

AegironDecember 30, 2025December 30, 202551 mins1

Executive Summary EDR-disabling toolkits like NtKiller represent a critical pre-attack phase in modern intrusion campaigns. These tools…

NtKiller: The Underground Tool Designed to Kill EDR Before Attacks Even Begin

Cyber Threat Intelligence

AegironDecember 30, 2025December 30, 20259 mins0

In late 2025, references to a Windows tool called NtKiller began circulating on underground forums. It is…

CVE-2025-13592: One Shortcode Away from Full Server Compromise in WordPress

Threat Advisories

AegironDecember 30, 2025December 30, 20258 mins0

Executive Summary (Quick Facts) What Is CVE-2025-13592? CVE-2025-13592 is a Remote Code Execution vulnerability in the Advanced…

CVE-2025-68861: When “Logged-In” Is Enough — Plugin Optimizer Breaks WordPress Access Control

Threat Advisories

AegironDecember 30, 2025December 30, 20259 mins0

Executive Summary (Quick View) What Is CVE-2025-68861? CVE-2025-68861 is a missing authorization vulnerability in the WordPress plugin…

CVE-2024-30855: Silent Admin Takeover Risk in DedeCMS via CSRF

Uncategorized

AegironDecember 30, 2025December 30, 202510 mins0

Executive Summary (At a Glance) Vulnerability Overview CVE-2024-30855 is a Cross-Site Request Forgery (CSRF) vulnerability affecting DedeCMS…

CVE-2025-68706 – One Malicious Web Request Can Crash or Compromise KuWFi Routers

Threat Advisories

AegironDecember 30, 2025December 30, 20258 mins0

CVE ID: CVE-2025-68706Vulnerability Type: Stack-based Buffer OverflowAffected Component: GoAhead-Webs HTTP daemonAffected Product: KuWFi 4G LTE AC900 RouterAffected…