incident

2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates

Two cybersecurity professionals, Ryan Goldberg and Kevin Martin, pleaded guilty to being affiliates of the BlackCat ransomware gang. They extorted at least five U.S. companies, including a medical device maker, earning $1 million. Both men, along with a third unnamed co-conspirator, used their expertise to commit these attacks while employed at cybersecurity firms.

https://www.databreachtoday.com/2-cyber-pros-admit-to-being-blackcat-ransomware-affiliates-a-30415

US, Australia Say ‘MongoBleed’ Bug Being Exploited

US and Australian cyber agencies confirmed hackers are exploiting the “MongoBleed” vulnerability in MongoDB systems, first revealed on December 25. CISA added it to their exploited vulnerabilities catalog, requiring federal agencies to patch by January 19. The bug affects many MongoDB versions, enabling unauthorized access to sensitive data. Experts warn about widespread exposure, estimating 42% of cloud environments have vulnerable instances, potentially impacting thousands globally.

https://therecord.media/us-australia-bug-exploitation

NIST Warns of NTP Inaccuracy After Blackouts Across Colorado

NIST faced issues with NTP servers after a power outage in Boulder caused atomic clock drift. A staffer contemplated shutting down servers to prevent spreading incorrect time, but a generator failure complicated efforts. Despite the outage, NIST maintained operations using backup power, reporting minimal time deviation. Users dependent on Boulder’s time were advised to use alternate sources. By December 21, services were restored, showing stability with only slight clock errors, emphasizing the importance of using multiple time sources.

https://www.theregister.com/2025/12/21/nist_ntp_outage_warning/

Trust Wallet Confirms Extension Hack Led to $7 Million Crypto Theft

Trust Wallet's Chrome extension was hacked on December 24, leading to $7 million in stolen cryptocurrency. Users reported wallet drain incidents post-update. Trust Wallet confirmed the issue and released a security patch (version 2.69) to resolve it, advising users to update immediately. A phishing campaign targeting affected users also emerged, prompting Trust Wallet to warn about compromised domains. Users should refrain from using version 2.68 and secure their funds by moving them to new wallets.

https://www.bleepingcomputer.com/news/security/trust-wallet-confirms-extension-hack-led-to-7-million-crypto-theft/

Amazon Caught North Korean IT Worker By Tracing Keystroke Data

Amazon’s Chief Security Officer, Stephen Schmidt, revealed that the company thwarted over 1,800 attempts by North Korean impostors to gain employment since April 2024. These impostors, often hired by contractors, aim to raise funds for the DPRK, including its weapons programs. Schmidt emphasized the importance of thorough background checks and advanced security software to detect such fraudulent activities.

https://www.bloomberg.com/news/newsletters/2025-12-17/amazon-caught-north-korean-it-worker-by-tracing-keystroke-data

Cloudflare Outage on December 5, 2025

Cloudflare experienced a service outage on December 5, 2025, from 08:47 to 09:12 UTC, affecting 28% of HTTP traffic due to internal changes while addressing a security vulnerability in React. The incident was not caused by a cyber attack. The issue arose from configuration changes that led to HTTP 500 errors, impacting customers using specific setups with the older FL1 proxy. Cloudflare is implementing measures to prevent future incidents, including enhanced rollout protocols and improved error handling. An apology was issued acknowledging the disruption caused.

https://blog.cloudflare.com/5-december-2025-outage/

Cloudflare Blames Today’s Outage on Emergency React2Shell Patch

Cloudflare's recent outage was caused by emergency mitigations for a critical vulnerability (CVE-2025-55182) in React Server Components, allowing unauthorized remote code execution. The incident affected about 28% of Cloudflare's HTTP traffic but was not due to a cyber attack. The flaw is being actively exploited by hacking groups, primarily linked to China.

https://www.bleepingcomputer.com/news/security/cloudflare-blames-todays-outage-on-emergency-react2shell-patch/

Cloudflare Outage on November 18, 2025

On November 18, 2025, Cloudflare experienced a significant outage affecting core network traffic after a database permission change caused a feature file to double in size, leading to system failures. Initial suspicions of a DDoS attack were disproved as the issue was traced to bad configurations propagated throughout the network. The outage, which resulted in numerous HTTP 5xx error codes and impacted various services, was resolved by reverting to a stable configuration and restarting core proxies. Cloudflare acknowledged the unacceptable nature of the incident and committed to implementing measures to prevent future occurrences.

https://blog.cloudflare.com/18-november-2025-outage/

A Single DNS Race Condition Brought AWS to Its Knees

A race condition in Amazon's DynamoDB DNS management caused a major outage, disrupting services and estimated damage in the hundreds of billions. The error began on October 19, 2025, when the system left an empty DNS record due to a timing conflict between DNS planners and enactors. This led to widespread failures, impacting EC2 launches and other AWS services. Amazon has suspended the affected automation until fixes are implemented.

https://www.theregister.com/2025/10/23/amazon_outage_postmortem/

Summary of the Amazon DynamoDB Service Disruption in the Northern Virginia (US-EAST-1) Region

DynamoDB Incident Summary (Oct 19-20, 2025): Service disruption occurred in N. Virginia (us-east-1) due to DNS failures affecting API, EC2, NLB, and other services. Latent defect in DNS management led to failed connections and increased errors across multiple AWS services. Recovery actions taken included engineering interventions and system restarts, with full services restored by Oct 20. Improvements planned to prevent recurrence and enhance reliability.

https://aws.amazon.com/message/101925/

F5 Security Incident

F5 reported a security incident involving a nation-state threat actor accessing and exfiltrating files from their BIG-IP product development environment in August 2025. They confirmed some BIG-IP source code was taken, but no critical vulnerabilities were disclosed or exploited. F5 is updating their software, engaging cybersecurity experts, and implementing security measures. They advise customers to update systems, enhance monitoring, and utilize available resources to strengthen security. Ongoing efforts aim to improve the overall security posture and regain customer trust.

https://my.f5.com/manage/s/article/K000154696

Scroll to Top