Cybersecurity Updates: New Attacks, Legislation, and Data Breaches

Researchers from Datadog have discovered that attackers exploiting the React to Shell vulnerability in late December 2024 are now targeting EngineX configurations. The attack unfolds in multiple stages through scripts that enumerate servers, overwrite management panel configuration files, target containerized configurations, and generate reports of EngineX traffic to C2 servers. In France, legislators voted 130 to 21 to ban social media for those under 15, a measure that President Macron wants to expedite. Slovenia is preparing similar legislation. The offices of X were raided by French authorities. Regarding OpenClaw, Security Scorecard identified nearly 42,000 exposed IP instances and almost 50,000 instances vulnerable to remote code execution. Whiz Security discovered 1.5 million exposed API authentication tokens, 35,000 user emails, and over 4,000 compromised private messages on Moltbook. In December 2024, Cloudflare mitigated a DDoS attack from the Kimwolf botnet reaching 31.4 terabits per second.