MATLOCK.CA
70Articles
8Categories
2025-12-29Date
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-14847 MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability  This type of vulnerability is a …
KEVCISA.GOV — Mon, 29 Dec 25 1
πŸ›
Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed
KEVSH.ITJUST.WORKS — 29 Dec 2025
πŸ›
MongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847)
GBHACKERS.COM — 29 Dec 2025
πŸ›
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
THEHACKERNEWS.COM — 29 Dec 2025
πŸ›
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
CSOONLINE.COM — 29 Dec 2025
πŸ›
Fortinet Warns of New Attacks Exploiting Old Vulnerability
SECURITYWEEK.COM — 29 Dec 2025
πŸ›
AL25-021 - Vulnerability affecting MongoDB - CVE-2025-14847
CYBER.GC.CA — 2025-12-29
πŸ›
Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts
GBHACKERS.COM — 29 Dec 2025
πŸ›
New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones
GBHACKERS.COM — 29 Dec 2025
πŸ›
Ubisoft Confirms Rainbow Six Siege Server Intrusion Linked to MongoBleed
GBHACKERS.COM — 29 Dec 2025
πŸ›
CVE-2025-68972 In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
MSRC.MICROSOFT.COM — 29 Dec 2025
πŸ›
CVE-2025-14180 NULL Pointer Dereference in PDO quoting
MSRC.MICROSOFT.COM — 29 Dec 2025
πŸ›
CVE-2025-14177 Information Leak of Memory in getimagesize
MSRC.MICROSOFT.COM — 29 Dec 2025
πŸ›
CVE-2025-14178 Heap buffer overflow in array_merge()
MSRC.MICROSOFT.COM — 29 Dec 2025
⚠️
MongoDB - MongoBleed Vulnerability Exploit Reported On Christmas Day
CYBERSECURITYTODAY.LIBSYN.COM — 29 Dec 2025
⚠️
Top 5 real-world AI security threats revealed in 2025
KEVCSOONLINE.COM — 29 Dec 2025
⚠️
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
THEHACKERNEWS.COM — 29 Dec 2025
⚠️
Fresh MongoDB Vulnerability Exploited in Attacks
SECURITYWEEK.COM — 29 Dec 2025
⚠️
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
THEHACKERNEWS.COM — 29 Dec 2025
⚠️
Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439
YOUTUBE.COM — 2025-12-29
⚠️
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
BLEEPINGCOMPUTER.COM — 29 Dec 2025
⚠️
Coupang to Issue $1.17 Billion in Vouchers Over Data Breach
SECURITYWEEK.COM — 29 Dec 2025
⚠️
CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution
KEVSH.ITJUST.WORKS — 29 Dec 2025
⚠️
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
SH.ITJUST.WORKS — 29 Dec 2025
⚠️
Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed
SH.ITJUST.WORKS — 29 Dec 2025
⚠️
The Newest Junk Food: AI
YOUTUBE.COM — 2025-12-29
⚠️
Hacker Dumped MacBook in River in Attempt to Destroy Digital Evidence
GBHACKERS.COM — 29 Dec 2025
⚠️
Hackers Launch 2.5 Million+ Malicious Requests Targeting Adobe ColdFusion Servers
GBHACKERS.COM — 29 Dec 2025
⚠️
Hunting Windows LPE Flaws Through Kernel Drivers and Named Pipes
GBHACKERS.COM — 29 Dec 2025
⚠️
OpenAI Strengthens ChatGPT Atlas Security to Block Prompt Injection Attacks
GBHACKERS.COM — 29 Dec 2025
⚠️
Anton’s Security Blog Quarterly Q4 2025
KEVMEDIUM.COM — 29 Dec 2025
⚠️
Bugs that survive the heat of continuous fuzzing
GITHUB.BLOG — 29 Dec 2025
πŸ“’
Tipps fΓΌr CISOs, die die Branche wechseln wollen
CSOONLINE.COM — 29 Dec 2025
πŸ“’
Are We Ready to Be Governed by Artificial Intelligence?
SCHNEIER.COM — 2025-12-29
πŸ“’
VMware security advisory (AV25-864)
CYBER.GC.CA — 2025-12-29
πŸ“’
IBM security advisory (AV25-863)
CYBER.GC.CA — 2025-12-29
πŸ“’
Dell security advisory (AV25-865)
CYBER.GC.CA — 2025-12-29
πŸ”₯
22 Million Affected by Aflac Data Breach
SECURITYWEEK.COM — 29 Dec 2025
πŸ”₯
The 10 Biggest Data Breach Fines and Settlements of 2025 - Infosecurity Magazine
SH.ITJUST.WORKS — 29 Dec 2025
πŸ”₯
Massive Rainbow Six Siege breach gives players billions of credits
SH.ITJUST.WORKS — 29 Dec 2025
πŸ”₯
Korean Air data breach exposes data of thousands of employees
BLEEPINGCOMPUTER.COM — 29 Dec 2025
πŸ”₯
Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft
SH.ITJUST.WORKS — 29 Dec 2025
πŸ”₯
⚑ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
THEHACKERNEWS.COM — 29 Dec 2025
πŸ”₯
The Real-World Attacks Behind OWASP Agentic AI Top 10
BLEEPINGCOMPUTER.COM — 29 Dec 2025
πŸ”₯
Romanian energy provider hit by Gentlemen ransomware attack
BLEEPINGCOMPUTER.COM — 29 Dec 2025
πŸ”₯
Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000
SECURITYWEEK.COM — 29 Dec 2025
πŸ”₯
Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack
BLEEPINGCOMPUTER.COM — 29 Dec 2025
πŸ”₯
AI-Powered Phishing Kit Targets Microsoft Users for Credential Theft
GBHACKERS.COM — 29 Dec 2025
πŸ”₯
Operational Noise in Windows Event Logs During Advanced Cyberattacks
GBHACKERS.COM — 29 Dec 2025
πŸ”₯
Korean Air data breach exposes data of thousands of employees
SH.ITJUST.WORKS — 29 Dec 2025
πŸ”₯
Coupang to split $1.17 billion among 33.7 million data breach victims
BLEEPINGCOMPUTER.COM — 29 Dec 2025
πŸ•΅οΈ
Hacktivist Proxies and the Normalization of Cyber Pressure Campaigns
GBHACKERS.COM — 29 Dec 2025
πŸ•΅οΈ
Hacker Claims Theft of 40 Million CondΓ© Nast Records After Wired Data Leak
SECURITYWEEK.COM — 29 Dec 2025
πŸ•΅οΈ
Infostealer Malware Delivered in EmEditor Supply Chain Attack
SECURITYWEEK.COM — 29 Dec 2025
πŸ•΅οΈ
From AI to cyber risk, why IT leaders are anxious heading into 2026 - Help Net Security
SH.ITJUST.WORKS — 29 Dec 2025
πŸ•΅οΈ
Trust Wallet confirms extension hack led to $7 million crypto theft
SH.ITJUST.WORKS — 29 Dec 2025
πŸ•΅οΈ
Silver Fox Hackers Target Indian Entities Using Income Tax Phishing Lures
GBHACKERS.COM — 29 Dec 2025
πŸ•΅οΈ
Most Parked Domains Lead Users to Scams or Malware
KNOWBE4.COM — 29 Dec 2025
πŸ•΅οΈ
Meta's Hidden Debt in Data Centers
YOUTUBE.COM — 2025-12-29
πŸ•΅οΈ
Chinese state hackers use rootkit to hide ToneShell malware activity
BLEEPINGCOMPUTER.COM — 29 Dec 2025
🌐
You’ve been targeted by government spyware. Now what?
TECHCRUNCH.COM — 29 Dec 2025
🌐
Hacker arrested for KMSAuto malware campaign with 2.8 million downloads
BLEEPINGCOMPUTER.COM — 29 Dec 2025
🌐
Happy 16th Birthday, KrebsOnSecurity.com!
KREBSONSECURITY.COM — 29 Dec 2025
🌐
Get Executives on board with managing Cyber Risk
TRENDMICRO.COM — 29 Dec 2025
πŸ“‘
Sauron, the high-end home security startup for β€œsuper premium” customers, plucks a new CEO out of Sonos
TECHCRUNCH.COM — 29 Dec 2025
πŸ“‘
Microsoft Copilot is rolling out GPT 5.2 as "Smart Plus" mode
BLEEPINGCOMPUTER.COM — 29 Dec 2025
πŸ“‘
Former Coinbase support agent arrested for helping hackers
BLEEPINGCOMPUTER.COM — 29 Dec 2025
πŸ“‘
ChatGPT finally rolls out Thinking time toggle on mobile
BLEEPINGCOMPUTER.COM — 29 Dec 2025
πŸ“‘
This month in security with Tony Anscombe – December 2025 edition
WELIVESECURITY.COM — 29 Dec 2025
πŸ“‘
Trend Micro's Pivotal Role in INTERPOL's Operation Sentinel: Dismantling Digital Extortion Networks Across Africa
TRENDMICRO.COM — 29 Dec 2025