Today’s roundup
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
Coupang to split $1.17 billion among 33.7 million data breach victims
Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems
Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack
The Real-World Attacks Behind OWASP Agentic AI Top 10
Romania’s Oltenia Energy Complex suffers major ransomware attack
Former Coinbase support agent arrested for helping hackers
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Bugs that survive the heat of continuous fuzzing
Summary
The Chinese APT group Mustang Panda is employing a new kernel-mode rootkit to deliver the TONESHELL backdoor. This advanced technique hides malware activities in cyber espionage campaigns targeting Asian government systems, as reported by Kaspersky.
South Korean retailer Coupang will issue $1.17 billion (1.685 trillion Won) in compensation to 33.7 million customers affected by a data breach discovered last month.
A Lithuanian national was arrested and extradited to South Korea for a KMSAuto malware campaign. This clipboard-stealing malware, disguised as a Windows activator, infected 2.8 million systems globally from 2020-2023, stealing ~₩1.7 billion in cryptocurrency.
Trust Wallet confirmed a $7 million cryptocurrency theft from 2,596 wallets. Attackers compromised its browser extension just before Christmas to drain funds.
OWASP released its Agentic AI Top 10, detailing real-world attacks targeting autonomous AI systems, including goal hijacking. This new framework offers critical insights into emerging AI security risks.
Romania's Oltenia Energy Complex, a major energy producer, suffered a "Gentlemen" ransomware attack on December 26, 2025. While IT systems were disrupted, national energy supply was not affected. Investigations are ongoing.
A former Coinbase customer service agent was arrested in India for allegedly assisting hackers in stealing sensitive customer information from the cryptocurrency exchange's database.
The Silver Fox threat actor is conducting phishing campaigns using tax-themed emails to deliver ValleyRAT (Winos 4.0), a modular remote access trojan, specifically targeting Indian users with DLL hijacking techniques.
Korean Air reported a data breach impacting ~30,000 employees' data following a hack of its supplier, KC&D. The Clop ransomware group claimed responsibility, linking the attack to exploitation of the Oracle EBS zero-day CVE-2025-61882.
GitHub Security Lab research outlines why vulnerabilities persist in fuzzed open-source projects due to factors like human oversight and external dependencies. It proposes a "five-step fuzzing workflow" focusing on comprehensive code, context-sensitive, and value coverage to find complex bugs.
Want to dig deeper?
Vulnerabilities
Cyber Groups
Malware Families