The final weeks of 2025 highlighted a cybersecurity landscape defined not by a single headline incident, but by multiple simultaneous threats exploiting both new and longstanding vulnerabilities. From database leaks to insider fraud, attackers continued to outpace defenses, leaving lasting impacts on businesses and individuals worldwide.
MongoDB “MongoBleed” Under Active Attack
A critical vulnerability in MongoDB (CVE-2025-14847, CVSS 8.7), dubbed MongoBleed, has been actively exploited across the globe. The flaw allows unauthenticated attackers to remotely access sensitive server memory. Censys data reveals over 87,000 potentially vulnerable instances, predominantly in the U.S., China, Germany, India, and France. Cloud environments are particularly exposed, with Wiz reporting that 42% of cloud setups contain at least one affected MongoDB instance. Users are urged to upgrade immediately to patched versions, including 8.2.3 and 8.0.17.
Major Wallet Breach Impacts $7M
Trust Wallet warned users after a Chrome extension vulnerability led to an estimated $7 million in losses. The breach affected version 2.68 of the extension, likely published using a leaked Chrome Web Store API key. Trust Wallet has released version 2.69 and is processing reimbursements for impacted users. Mobile app users and other browser versions remain unaffected.
Targeted Malware Campaigns
- Evasive Panda: This China-linked APT used DNS poisoning to distribute its MgBot backdoor to victims in Türkiye, China, and India. By trojanizing popular software updates, the group gained extensive surveillance capabilities.
- LANDFALL Android Spyware: Exploiting a patched Samsung zero-day (CVE-2025-21042), this campaign targeted devices in the Middle East through malicious image files delivered via WhatsApp.
- ResidentBat: Belarusian authorities reportedly deploy this spyware on journalists’ phones to capture calls, messages, and app data, often via physical device access.
Old Vulnerabilities, New Exploits
Even years-old flaws continue to pose risks:
- Fortinet SSL VPN (CVE-2020-12812): Attackers bypassed two-factor authentication in certain configurations.
- Livewire (CVE-2025-54068): A critical vulnerability in the Laravel framework enabled remote command execution via application hydration flaws.
Cybercrime and Insider Threats
Several cases underscored the human factor in cybercrime:
- LastPass 2022 Breach: Stolen vault backups enabled attackers to steal $35 million in cryptocurrency as recently as late 2025. Weak master passwords facilitated the theft.
- Coinbase Insider Arrest: A former customer service agent in India was arrested for selling sensitive user data to hackers. The breach impacted 69,461 individuals and involved multiple contractors.
- Former Ransomware Responders Guilty: Two ex-cybersecurity professionals pleaded guilty to conducting BlackCat ransomware attacks while employed to defend companies against such threats.
Emerging Threats and AI Exploits
- DIG AI Misuse: Malicious actors are leveraging this dark AI LLM via Tor to generate phishing emails and illegal instructions.
- ChimeraWire Malware: Designed to boost website search rankings, it performs automated clicks and CAPTCHA solving on infected Windows devices.
- BlackHawk Loader: A new AI-assisted MSIL loader delivering Agent Tesla and other malware in Romania.
Global Cybersecurity Highlights
- Cloud Atlas Attacks: Targeting Russia and Belarus, the threat actor delivered VBShower and associated malware through malicious Word documents.
- Cobalt Strike Server Surge: Over 150 IPs were flagged as hosting Cobalt Strike servers in December 2025, showing rapid deployment and removal patterns.
- China and U.S. Research Exploitation: Congressional reports reveal China accessed U.S. DOE-funded nuclear research, including technologies linked to defense and aerospace.
- Moscow Treason Case: Russian scientist Artyom Khoroshilov sentenced to 21 years for alleged sabotage and collaboration with the Ukrainian IT army.
Cybersecurity Tools and Resources
- GhidraGPT: AI plugin for reverse engineering, offering code explanations and security insights.
- Chameleon: Open-source honeypot monitoring attacker activity across networks.
Docker has also made its Hardened Images free, providing secure, production-ready base images to improve software supply chain security.
Conclusion
As 2025 closes, the cybersecurity landscape shows a persistent trend: attackers exploit both new and old vulnerabilities faster than organizations can respond. From database leaks to insider threats and AI-enabled exploits, businesses and individuals must stay vigilant. The threats highlighted here underscore the need for continuous monitoring, patching, and robust security practices heading into 2026.
