CyberNews: 22/12/2025 Edition

Published by Dunateo on 2025-12-22

Today’s roundup

  • Ukrainian hacker admits affiliate role in Nefilim ransomware gang
  • Critical RCE flaw impacts over 115,000 WatchGuard firewalls
  • Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
  • UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected
  • Scripted Sparrow Sends Millions of BEC Emails Each Month
  • Infy Returns: Iran-linked hacking group shows renewed activity
  • University of Sydney discloses a data breach impacting 27,000 people

    • Summary

    A Ukrainian national has pleaded guilty to charges related to conducting Nefilim ransomware attacks. These attacks specifically targeted high-revenue businesses across the United States and other countries. The individual's admission highlights ongoing efforts by law enforcement to dismantle ransomware operations.


    Over 115,000 WatchGuard Firebox devices that are exposed online remain unpatched against a critical remote code execution (RCE) vulnerability. This flaw is reportedly being actively exploited in ongoing attacks, posing a significant risk to affected organizations. Users are urged to patch immediately to mitigate potential compromise.


    Threat actors are employing malicious dropper applications, masquerading as legitimate software, to deliver the Wonderland Android SMS stealer in mobile attacks. These advanced operations, primarily targeting users in Uzbekistan, demonstrate an evolution in mobile malware tactics, merging droppers, SMS theft, and Remote Access Trojan (RAT) capabilities at scale.


    DXS International, an official partner of NHS England, confirmed that it has been subjected to a cyber-attack. The company stated that the breach has not impacted its operations or the services it provides to the NHS, ensuring continuity of essential health services.


    Fortra researchers have identified a prolific business email compromise (BEC) group, dubbed “Scripted Sparrow,” which is responsible for sending millions of BEC emails on a monthly basis. The group's extensive operations span across three continents and at least five countries, indicating a broad and highly active threat.


    SafeBreach researchers have reported a significant resurgence and expanded activity from the Iran-linked APT group Infy, also known as Prince of Persia, after nearly five years of relative silence. The group has updated its malware toolset, including new Foudre v34 and Tonnerre v50 variants with novel Domain Generation Algorithms (DGA), and has integrated Telegram bots for command and control. Victims have been identified in Iran, Europe, Iraq, Turkey, India, and Canada.


    The University of Sydney has disclosed a data breach affecting approximately 27,500 individuals. Hackers gained unauthorized access to an online code library, from which they exfiltrated personal information belonging to current and former staff, affiliates, students, and alumni. The compromised data, mostly from 2010-2019, includes names, dates of birth, phone numbers, home addresses, and basic job information. There is currently no evidence the data has been misused.

    Want to dig deeper?

    Cyber Groups

    Silence Whisper Spider