Today’s roundup
Portugal updates cybercrime law to exempt security researchers
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
‘Broadside’ Mirai Variant Targets Maritime Logistics Sector
Barts Health Seeks High Court Ban After Oracle EBS Breach
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog
Summary
Portugal has updated its cybercrime law to establish a legal safe harbor for good-faith security research. The amendment ensures that ethical hacking, when conducted under strict conditions, is not punishable, thereby protecting security researchers from legal prosecution for discovering and reporting vulnerabilities.
Cybersecurity researchers have identified new Android malware families, FvncBot and SeedSnatcher, and an upgraded ClayRat variant, all exhibiting advanced data theft capabilities. FvncBot specifically targets mobile banking users in Poland by masquerading as a security application from mBank, while the other variants also focus on enhanced data exfiltration.
A critical remote code execution vulnerability (CVE-2025-6389, CVSS 9.8) in the Sneeit Framework plugin for WordPress is under active exploitation. The flaw impacts all versions of the plugin prior to and including 8.3, though it was patched in version 8.4 on August 5, 2025. Over 1,700 active plugin instances reportedly remain vulnerable.
The Iranian hacking group MuddyWater has been observed deploying a new backdoor, dubbed UDPGangster, which utilizes the User Datagram Protocol (UDP) for command-and-control operations. This cyber espionage campaign is specifically targeting entities and users within Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs.
A new Mirai variant, named 'Broadside,' has emerged, actively targeting the maritime logistics sector. This variant exploits a critical vulnerability in DVR systems to perform command injection attacks, enabling threat actors to hijack devices, establish persistence, and facilitate lateral movement within compromised networks.
Barts Health NHS Trust has disclosed it was impacted by the Cl0p ransomware group's campaign that exploited vulnerabilities in Oracle EBS. The Trust is pursuing legal action, seeking a High Court ban in response to the significant data breach.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Meta React Server Components pre-authentication remote code execution flaw (CVE-2025-55182, CVSS 10.0) to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, affecting React Server Components versions 19.0.0 through 19.2.0, stems from unsafe deserialization of HTTP request payloads. China-linked threat groups were observed exploiting this flaw within hours of its December 3 disclosure, with federal agencies mandated to apply patches by December 26, 2025.
Want to dig deeper?
Vulnerabilities
Cyber Groups
| MuddyWater | Earth Vetala, MERCURY, Static Kitten, Seedworm, TEMP.Zagros, Mango Sandstorm, TA450 |