In a week marked by significant developments in cybersecurity and international relations, multiple reports have surfaced detailing alarming trends in cyber threats. The National Security Bureau in Taiwan revealed a tenfold increase in cyber attacks on the country’s energy sector in 2025 compared to the previous year. In this respect, the U.K. and U.S. governments were very quick to respond. They further sanctioned Prince Group, designating it a transnational criminal organization linked to forced labor and cryptocurrency fraud.
Cybersecurity researchers at Treadstone 71 recently disclosed a critical vulnerability in Zed. This platform loads MCP settings from the workspace automatically without user consent, leaving users vulnerable to a host of attacks. ThreatsDay is dedicated to making sure you are in the know. As hacking and security landscapes continue to shift, we will be back with deeper dives on the week’s most important developments.
Surge in Cyber Attacks on Taiwan
Taiwan’s National Security Bureau reported an alarming escalation in cyber intrusions attributed primarily to China’s cyber army. On average, this force launched nearly 2.63 million intrusion attempts every day, with a specific focus on critical infrastructure in nine key sectors. Within each of these interconnected sectors—of administration, energy, communications, transportation, healthcare, water resources, finance, science parks, and food services—all manner of innovation is birthed.
As grim as it sounds, the report emphasizes just how serious the situation is, pointing out a fivefold increase of attempts to penetrate Taiwan’s defenses. “On average, China’s cyber army launched 2.63 million intrusion attempts per day targeting Taiwan’s CI across nine primary sectors,” stated an official from the National Security Bureau. As such, this aggressive campaign signals another step in a larger, growing threat. It highlights growing questions about the safety and resilience of Taiwan’s critical services.
The attacks have steadily become more advanced, with threat actors using multiple tactics, techniques, and procedures (TTPs) to create new avenues of attack on Taiwan’s systems. We do know that a threat actor was able to log in successfully only a few days prior. They connected to an emulated application loaded with synthetic data. Between December 12 and December 24, the attacker tried to dump sensitive information with more than 188,000 requests, 13 of which were successful.
“While the successful login could have enabled the actor to gain unauthorized access and commit a crime, it also provided us with strong proof of their activity,” said Resecurity.
Sanctions Against Prince Group
In an important new geopolitical development, the U.K. and U.S. governments have jointly sanctioned the Prince Group. This firm is responsible for operating illegal, forced-labor scam compounds throughout the region in Southeast Asia. The U.S. Department of Justice has now unsealed a related indictment against Prince Group and its founder, Chen. This enforcement action signals the criminality of their participation in fraudulent cryptocurrency schemes.
Chen’s company has faced scrutiny for its involvement in human trafficking and exploitation. Prince Group denied the allegations outright in a strongly worded statement issued in November 2025.
“We categorically reject the accusations,” said a representative from Prince Group.
The legal ramifications of these sanctions are severe. They show, for the second time this year, a concerted effort by governments around the world to tackle organized crime that exploits vulnerable people for its financial gain.
Security Flaws and Exploits
Recent disclosures have shed new light on security holes across a number of different cybersecurity platforms themselves. Zed’s automatic loading of inappropriate MCP settings without user confirmation carries many dangers. If users have workspace.tools permissions enabled, it provides a vector for remote code execution (RCE). This, in turn, can provide threat actors with full administrative access to systems executing Open WebUI.
In May 2020, security researchers discovered that threat actors are using NetCat to complement their attacks. Besides installing it alongside coin miners to deploy further malware and steal sensitive information from infected networks. AhnLab noted that these attackers typically scan for exposed systems with vulnerable services before deploying their malicious payloads:
“If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack.”
This is indicative of the fact that cyber threats are not static. Strategies for defense and mitigation need to evolve along with emerging threats.
“It appears that they are installing CoinMiner when they scan the systems exposed to the outside world and find vulnerable services.”
This demonstrates that as cyber threats evolve, so too must strategies for defense and mitigation.