19Articles
5Categories
2025-12-26Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
26 DecCritical LangChain Vulnerability Allows Attackers to Steal Sensitive SecretsA critical security vulnerability in LangChain, one of the world’s most widely deployed AI frameworks, enables attackers to extract environment variable secrets and, through a serialization injection flaw, potentially achieve code execution. The vulnerability, identified as…GBHACKERS.COM
26 DecHigh severity flaw in MongoDB could allow memory leakageDocument database vendor MongoDB has advised customers to update immediately following the discovery of a flaw that could allow unauthenticated users to read uninitialized heap memory. Designated CVE-2025-14847 , the bug, mismatched length fields in zlib compressed protocol heade…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
26 DecThe Ransomware Ecosystem: An Encore Holiday EpisodeJim takes a break for some R&R during the holidays and shares his favorite podcast episodes from the year. He acknowledges that some listeners might have heard these episodes already, while others may find them new. The podcast's production is supported by Meter, a company pr…CYBERSECURITYTODAY.LIBSYN.COM
26 Dec7 SASE certifications to validate converged network and security skillsAs cyberattacks grow more sophisticated and AI-powered threats escalate, enterprises are under pressure to evolve beyond traditional perimeter-based network security. Many are turning to Secure Access Service Edge (SASE), a cloud-native framework that converges network and securi…CSOONLINE.COM
26 DecCritical LangChain Core Vulnerability Exposes Secrets via Serialization InjectionA critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection. LangChain Core (i.e., langchain-core) is a core Python package that's …THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 7[−]
26 DecUtair - 401,400 breached accountsIn August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year . The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth, passport numbers and lo…HAVEIBEENPWNED.COM
26 DecTrust Wallet Chrome extension hack tied to millions in lossesSeveral users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingCom…BLEEPINGCOMPUTER.COM
26 DecIoT HackSomeone hacked an Italian ferry . It looks like the malware was installed by someone on the ferry, and not remotely.SCHNEIER.COM
26 DecTrust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious CodeTrust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts ve…THEHACKERNEWS.COM
26 DecTrust Wallet confirms extension hack led to $7 million crypto theftSeveral users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingCom…BLEEPINGCOMPUTER.COM
26 DecHoliday Special Part 2: You’re Gonna Click the Link - Rob Allen - SWN #541You survived the click—but now the click has evolved. In Part 2, the crew follows phishing and ransomware down the rabbit hole into double extortion, initial access brokers, cyber insurance drama, and the unsettling rise of agentic AI that can click, run scripts, and make bad dec…YOUTUBE.COM
26 DecLayered Defense: Combining Detection & ControlsLearn why a multi-layered defense strategy is crucial for protecting your data. From access control lists to program-based ACLs, find out how to fortify your systems against unauthorized access. Subscribe to our podcasts: https://securityweekly.com/subscribe #DataProtection #Laye…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 5[−]
26 DecChina-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot MalwareA China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and In…THEHACKERNEWS.COM
26 DecUnderstanding Systems to Master the Art of BreakingMaster the art of cybersecurity by diving into the fundamentals! Learn how understanding systems like Linux equips you to handle the latest threats and vulnerabilities. Subscribe to our podcasts: https://securityweekly.com/subscribe #Linux #TechSkills #Innovation #SecurityWeekly …YOUTUBE.COM
26 DecGoogle Introduces Option to Change @gmail.com Email AddressesFor years, Google users have been stuck with the email addresses they created when they first signed up. If you picked an embarrassing username years ago or simply want a more professional handle, the only previous solution was to create a brand-new account and migrate your data …GBHACKERS.COM
26 DecFriday Squid Blogging: Squid CamouflageNew research : Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused …SCHNEIER.COM
26 DecZeroThreat Review: The Next-Gen Automated Pentesting s DAST PlatformAfter spending the past few weeks hands-on with ZeroThreat, it’s clear this platform represents a significant step forward in automated security testing. In an era where web applications, APIs, and microservices ship faster than ever, automated pentesting and DAST have become ess…GBHACKERS.COM
📡 INFOSEC NEWS 2[−]
26 DecThese are the cybersecurity stories we were jealous of in 2025The very best reporting and investigative journalism from our friends at other publications.TECHCRUNCH.COM
26 DecFake GrubHub emails promise tenfold return on sent cryptocurrencyGrubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. [...]BLEEPINGCOMPUTER.COM