Vulnerabilities
- All I Want For Christmas Is Your Secrets: LangGrinch Hits LangChain Core (CVE-2025-68664)
"Earlier this year, my research focused on breaking secret managers in our “Vault Fault” work – systems that are explicitly designed to be the security boundary around your most sensitive credentials. One takeaway kept repeating: when a platform accidentally treats attacker-shaped data as trusted structure, that boundary collapses fast. This time, the system that “breaks” isn’t your secret manager. It’s the agent framework that may use them."
https://cyata.ai/blog/langgrinch-langchain-core-cve-2025-68664/
https://thehackernews.com/2025/12/critical-langchain-core-vulnerability.html
https://securityaffairs.com/186185/hacking/langchain-core-vulnerability-allows-prompt-injection-and-data-exposure.html - CVE-2025-54322 (ZERODAY) - Unauthenticated Root RCE Affecting ~70,000+ Hosts
"Xspeeder is a Chinese networking vendor known for edge devices like routers, SD-WAN appliances, and smart TV controllers. Their core firmware, SXZOS, powers a line of SD-WAN devices that are especially prevalent across remote industrial and branch environments. According to Fofa and other more advanced fingerprinting services, there are tens of thousands of publicly accessible SXZOS-based systems globally in various geographic regions, making this firmware and any potential vulnerability it exposes, a widespread risk surface. This was one of the devices that made it into our office over a 8 month ago for research purposes."
https://pwn.ai/blog/cve-2025-54322-zeroday-unauthenticated-root-rce-affecting-70-000-hosts
Malware
- Exploited MongoBleed Flaw Leaks MongoDB Secrets, 87K Servers Exposed
"A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. A public exploit and accompanying technical details are available, showing how attackers can trigger the flaw to remotely extract secrets, credentials, and other sensitive data from an exposed MongoDB server. The vulnerability was assigned a severity score of 8.7 and has been handled as a “critical fix,” with a patch available for self-hosting instances since December 19."
https://www.bleepingcomputer.com/news/security/exploited-mongobleed-flaw-leaks-mongodb-secrets-87k-servers-exposed/ - Fake GrubHub Emails Promise Tenfold Return On Sent Cryptocurrency
"Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. The emails claimed to be part of a ‘Holiday Crypto Promotion’ and came from an email address on ‘b.grubhub.com’, which is a legitimate subdomain that Grubhub uses to communicate with its merchant partners and restaurants."
https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/ - Trust Wallet Confirms Extension Hack Led To $7 Million Crypto Theft
"Trust Wallet confirmed that a compromised Chrome extension update released on December 24 led to $7 million in stolen cryptocurrency after users reported their wallets drained. "So far, $7m affected by this hack. TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused," posted Binance founder Changpeng "CZ" Zhao on X. "The team is still investigating how hackers were able to submit a new version.""
https://www.bleepingcomputer.com/news/security/trust-wallet-confirms-extension-hack-led-to-7-million-crypto-theft/
https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html
https://securityaffairs.com/186163/cyber-crime/trust-wallet-warns-users-to-update-chrome-extension-after-7m-security-loss.html
Breaches/Hacks/Leaks
- Everest Ransomware Group Claims Theft Of Over 1TB Of Chrysler Data
"On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new post on its dark web leak site claiming it had breached Chrysler systems, an American automaker. The group says it exfiltrated 1088 GB (over 1 TB) of data, describing it as a full database linked to Chrysler operations. According to the threat actors, the stolen data spans from 2021 through 2025 and includes more than 105 GB of Salesforce related information. Everest claims the data contains extensive personal and operational records tied to customers, dealers, and internal agents."
https://hackread.com/everest-ransomware-group-chrysler-data-breach/ - Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach
"A hacker using the alias “Lovely” has leaked what they claim is the personal data of over 2.3 million Wired.com users, a prominent American magazine and website. The leak was posted on December 20, 2025, on a newly launched hacking forum called Breach Stars. Along with a download link and file hash, the hacker issued a statement accusing Condé Nast, Wired’s parent company, of ignoring repeated warnings:"
https://hackread.com/hacker-leak-wired-com-records-conde-nast-breach/
https://databreaches.net/2025/12/25/conde-nast-gets-hacked-and-databreaches-gets-played-christmas-lump-of-coal-edition/
https://www.bleepingcomputer.com/news/security/hacker-claims-to-leak-wired-database-with-23-million-records/
https://securityaffairs.com/186224/data-breach/conde-nast-faces-major-data-breach-2-3m-wired-records-leaked-40m-more-at-risk.html - Massive Rainbow Six Siege Breach Gives Players Billions Of Credits
"Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide."
https://www.bleepingcomputer.com/news/security/massive-rainbow-six-siege-breach-gives-players-billions-of-credits/
General News
- Mentorship And Diversity: Shaping The Next Generation Of Cyber Experts
"Welcome to Dark Reading's Heard It From a CISO video series, showcasing advice on breaking into and advancing within the cybersecurity field from those who have been there. In this latest installment, Dark Reading associate editor Kristina Beek interviews Patricia Voight, CISO at Webster Bank."
https://www.darkreading.com/cybersecurity-careers/mentorship-and-diversity-shaping-the-next-generation-of-cyber-experts - As More Coders Adopt AI Agents, Security Pitfalls Lurk In 2026
"Software may be eating the world — to paraphrase one tech luminary — but in 2025, AI ate software development. The vast majority of professional programmers now use large language models (LLMs) for code suggestions, debugging, and even vibe coding. Yet, challenges remain: Even as developers start to use AI agents to build applications and integrate AI services into the development and production pipeline, the quality of the code — especially the security of the code — varies significantly. Greenfield projects may see better productivity and security results than rewriting current code, especially if vulnerabilities in the older code are propagated. Some companies see few productivity gains, others see significant benefits."
https://www.darkreading.com/application-security/coders-adopt-ai-agents-security-pitfalls-lurk-2026 - LLMs Can Assist With Vulnerability Scoring, But Context Still Matters
"Every new vulnerability disclosure adds another decision point for already stretched security teams. A recent study explores whether LLMs can take on part of that burden by scoring vulnerabilities at scale. While the results show promise in specific areas, consistent weaknesses continue to hold back fully automated scoring. More than 40,000 CVEs were published in 2024, and the study notes that this surge has put strain on programs that score these entries. Without timely severity ratings, teams cannot tell which risks to handle first."
https://www.helpnetsecurity.com/2025/12/26/llms-automated-vulnerability-assessment/ - From AI To Cyber Risk, Why IT Leaders Are Anxious Heading Into 2026
"Cybersecurity threats are shaping IT planning for 2026, with AI maturity and regulation emerging as another major source of disruption, according to a global survey from Veeam. Veeam surveyed 250 senior IT and business decision-makers worldwide to understand how they view risks, readiness, and priorities. When respondents ranked expected disruptors for 2026, cybersecurity threats placed first. Nearly half selected security incidents as their top concern. AI maturity and regulation followed at just over 20%. Workforce shortages and cloud complexity ranked lower."
https://www.helpnetsecurity.com/2025/12/26/it-planning-cybersecurity-threats-2026/ - The Next Big IT Security Battle Is All About Privileged Access
"Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in 2026 driven by new realities of cybersecurity, hybridization, AI, and more. In 2026, passwordless authentication will shift from isolated pilots to full-scale enterprise adoption within privileged environments. Hardware keys, passkeys, and biometric verification will replace traditional credentials, reducing reliance on shared passwords and vaults. This transition will be driven by compliance mandates and the operational cost of credential sprawl."
https://www.helpnetsecurity.com/2025/12/26/it-privileged-access-security-trends/ - From AI To Analog, Cybersecurity Tabletop Exercises Look a Little Different This Year
"It's the most wonderful time of the year … for corporate security bosses to run tabletop exercises, simulating a hypothetical cyberattack or other emergency, running through incident processes, and practicing responses to ensure preparedness if when a digital disaster occurs. "We're ultimately testing how resilient is the organization," said Palo Alto Networks Chief Security Intelligence Officer Wendi Whitmore in an interview with The Register. "It's not if we get attacked, it's: How quickly do we respond and contain these attacks.""
https://www.theregister.com/2025/12/26/end_of_year_tabletop_exercises/ - From Video Games To Cyber Defense: If You Don't Think Like a Hacker, You Won't Win
"According to Remedio CEO Tal Kollender, the only way to beat the bad guys hacking into corporate networks is to "think like a hacker," and because not everyone is a teenage hacker turned cybersecurity startup chief executive, she built an AI to do this. "My thought was: if I have a hacker mindset, why not adapt it into defense," Kollender told The Register. "Because if you don't think like a hacker, you won't be able to beat them, right?""
https://www.theregister.com/2025/12/26/video_game_hacker_turned_ceo/ - Death, Torture, And Amputation: How Cybercrime Shook The World In 2025
"The knock-on, and often unintentional, impacts of a cyberattack are so rarely discussed. As an industry, the focus is almost always placed on the economic damage: the ransom payment; the cost of business downtime; and goodness, don't forget those poor shareholders. But, in recent years, the toll on human life has become increasingly apparent."
https://www.theregister.com/2025/12/28/death_torture_and_amputation_how/
อ้างอิง
Electronic Transactions Development Agency (ETDA) 
️ ThaiCERT ได้ติดตามสถานการณ์ภัยคุกคามทางไซเบอร์ และพบข้อมูลการเปิดเผยช่องโหว่ระดับร้ายแรงในแพลตฟอร์ม n8n
รายละเอียดช่องโหว่
ผลิตภัณฑ์และเวอร์ชันที่ได้รับผลกระทบ
แนวทางการตรวจสอบและการป้องกัน
อ้างอิง