Blog - RH-ISAC

Summary Securonix researchers have identified a new malware campaign, dubbed PHALT#BLYX, actively targeting the hospitality sector with a multi-stage infection chain. Threat actors leverage a “ClickFix” social engineering tactic, using fake reservation emails and deceptive “Blue Screen of Death” (BSOD) pages to deceive victims into executing malicious PowerShell commands. This campaign notably bypasses defenses by…

Summary A critical unauthenticated vulnerability dubbed MongoBleed (CVE-2025-14847) has been disclosed in MongoDB’s zlib message compression, allowing remote attackers to extract sensitive data from uninitialized memory. This flaw affects nearly all versions released since 2017, enabling the exfiltration of credentials, PII, and session tokens without requiring authentication. While MongoDB released patches for supported versions in late December…

Summary A  vulnerability with a CVSS score of 10.0, tracked as CVE-2025-55182 in React and CVE-2025-66478 in Next.js, has been publicly disclosed, enabling unauthenticated remote code execution (RCE). The flaw resides in how React Server Components (RSC) decode payloads sent to Server Function endpoints, allowing attackers to execute arbitrary JavaScript on the server via specially crafted HTTP requests. Sector Impact…

Retail and hospitality organizations are facing a surge in distributed denial-of-service (DDoS) attacks. As adversaries adopt new tools, leverage APIs, and exploit transactional endpoints, layered defenses and edge-based mitigation have become critical to maintaining uptime and customer trust through the peak holiday season. What We’re Seeing In the past year, DDoS activity targeting retail and…

Summary A financially motivated threat cluster has been actively targeting the freight and logistics industry since at least June 2025 in a cyber-enabled cargo theft campaign, according to a new report from Proofpoint. The primary goal of the campaign is to gain remote access to logistics networks to steal high-value physical goods, mainly food and beverage…