ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The pace at which exploitable flaws are being catalogued is accelerating. CISA’s Known Exploited Vulnerabilities (KEV) list grew by 20 % in 2025, adding 245 high‑risk items that span Microsoft, Apple, Cisco and the Linux kernel. Enterprises that rely on legacy software now face a shrinking window to apply patches before attackers weaponize these weaknesses. A vivid example is the RustFS hard‑coded gRPC token, which earned a near‑critical 9.8 CVSS rating until a rapid patch was issued in December. Meanwhile, threat actors continue to abuse public‑facing services such as GeoServer to drop XMRig miners, showing that even known bugs remain lucrative entry points.

State‑sponsored activity is reshaping the threat landscape in Asia. Taiwan’s National Security Bureau disclosed a tenfold rise in Chinese‑linked intrusions against its energy grid and hospitals, with groups like APT41 and BlackTech probing industrial control systems. Over 960 million attempts in 2025 highlight the need for segmented networks, continuous monitoring, and robust incident‑response playbooks. As adversaries shift from opportunistic ransomware to strategic espionage, supply‑chain hygiene and secure firmware updates become essential defenses for utilities and critical‑infrastructure operators worldwide.

Legal and market pressures are converging on emerging technologies. A U.S. judge ordered OpenAI to produce 20 million anonymized ChatGPT logs, intensifying the debate over data ownership and fair‑use defenses for AI training. At the same time, phishing‑as‑a‑service ecosystems doubled, equipping low‑skill actors with MFA‑bypass modules and sophisticated obfuscation. Organizations must reinforce identity‑centric controls—mandatory multi‑factor authentication on cloud file‑sharing platforms like ownCloud—and invest in threat‑intel feeds that can flag emerging PhaaS toolkits before they reach victims.