70Articles
8Categories
2025-12-29Date
🚨 CISA KEV 1[−]
29 Dec KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-14847 MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability  This type of vulnerability is a …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
29 Dec KEVExploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposedsubmitted by BrikoX to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/exploited-mongobleed-flaw-leaks-mongodb-secrets-87k-servers-exposed/ A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being …SH.ITJUST.WORKS
29 DecMongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847)Security researchers have released an open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting multiple MongoDB versions. The MongoBleed Detector, developed by Neo23x0, pr…GBHACKERS.COM
29 DecMongoDB Vulnerability CVE-2025-14847 Under Active Exploitation WorldwideA recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticate…THEHACKERNEWS.COM
29 DecReact2Shell: Anatomy of a max-severity flaw that sent shockwaves through the webThe React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture gradually unravels. The vulnerability enables unauthenticated remote code execu…CSOONLINE.COM
29 DecFortinet Warns of New Attacks Exploiting Old VulnerabilityTracked as CVE-2020-12812, the exploited FortiOS flaw allows threat actors to bypass two-factor authentication. The post Fortinet Warns of New Attacks Exploiting Old Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
29 DecCritical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 HostsA severe unauthenticated remote code execution vulnerability has been discovered in XSpeeder networking devices, potentially affecting more than 70,000 publicly accessible hosts worldwide. Tracked as CVE-2025-54322, the flaw allows attackers to gain root-level access without any …GBHACKERS.COM
29 DecNew Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected SmartphonesSecurity researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits. The three vulnerabilities CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 affect dozens of popu…GBHACKERS.COM
29 DecUbisoft Confirms Rainbow Six Siege Server Intrusion Linked to MongoBleedUbisoft faced a coordinated security crisis today as hackers exploited the critical MongoBleed vulnerability (CVE-2025-14847) to infiltrate Rainbow Six Siege servers, causing widespread account tampering and service disruptions. In-Game Chaos Unfolds According to CSN, Players wor…GBHACKERS.COM
29 DecCVE-2025-14180 NULL Pointer Dereference in PDO quotingInformation published.MSRC.MICROSOFT.COM
29 DecCVE-2025-14177 Information Leak of Memory in getimagesizeInformation published.MSRC.MICROSOFT.COM
29 DecCVE-2025-14178 Heap buffer overflow in array_merge()Information published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
29 DecMongoDB - MongoBleed Vulnerability Exploit Reported On Christmas DayCybersecurity Today: MongoDB Vulnerability 'Mongo Bleed' Exploited, Rainbow Six Siege Hacked, Trust Wallet Compromise, and GrubHub Crypto Scams In this episode of Cybersecurity Today, David Shipley covers significant cybersecurity incidents that occurred over the holiday period. …CYBERSECURITYTODAY.LIBSYN.COM
29 Dec KEVTop 5 real-world AI security threats revealed in 2025The year of agentic AI came with promises of massive productivity gains for businesses, but the rush to adopt new tools and services also opened new attack paths in enterprise environments. Here are some of the top security risks to the AI ecosystem that were revealed this year b…CSOONLINE.COM
29 DecTraditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack VectorsIn December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities…THEHACKERNEWS.COM
29 DecFresh MongoDB Vulnerability Exploited in AttacksDubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
29 Dec27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login CredentialsCybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages …THEHACKERNEWS.COM
29 DecHoliday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439For this week's episode of Enterprise Security Weekly, there wasn't a lot of time to prepare. I had to do 5 podcasts in about 8 days leading up to the holiday break, so I decided to just roll with a general chat and see how it went. Also, apologies, for any audio quality issues, …YOUTUBE.COM
29 DecFortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacksFortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. [...]BLEEPINGCOMPUTER.COM
29 DecCoupang to Issue $1.17 Billion in Vouchers Over Data BreachThe ecommerce giant will provide purchase vouchers to the 33.7 million individuals impacted by the incident. The post Coupang to Issue $1.17 Billion in Vouchers Over Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
29 Dec KEVCISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Executionsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.htmlSH.ITJUST.WORKS
29 DecCritical LangChain Core Vulnerability Exposes Secrets via Serialization Injectionsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/12/critical-langchain-core-vulnerability.htmlSH.ITJUST.WORKS
29 DecExploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposedsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/exploited-mongobleed-flaw-leaks-mongodb-secrets-87k-servers-exposed/SH.ITJUST.WORKS
29 DecThe Newest Junk Food: AIWe live in a world where AI is often seen as the new "junk food," cybersecurity expert Adrian Sanabria explores the growing trend of "No AI" labels. Discover how companies like Salesforce are taking a stand, and why authenticity is becoming the new currency in digital media. Subs…YOUTUBE.COM
29 DecHacker Dumped MacBook in River in Attempt to Destroy Digital EvidenceA former employee of South Korean e-commerce giant Coupang attempted to destroy evidence of a massive data theft by throwing his MacBook Air into a river, investigators revealed this week. The desperate act failed spectacularly, with forensic experts recovering the device and usi…GBHACKERS.COM
29 DecHackers Launch 2.5 Million+ Malicious Requests Targeting Adobe ColdFusion ServersSecurity researchers have uncovered a massive coordinated exploitation campaign where threat actors launched over 2.5 million malicious requests against vulnerable systems during the Christmas 2025 holiday period. The campaign represents a sophisticated, multi-faceted initial acc…GBHACKERS.COM
29 DecHunting Windows LPE Flaws Through Kernel Drivers and Named PipesSecurity researchers from the Whitehat School recently completed an intensive bug-hunting project focused on identifying privilege escalation (LPE) flaws in Windows systems. The findings reveal critical vulnerabilities in two major attack surfaces: kernel drivers and named pipes …GBHACKERS.COM
29 DecOpenAI Strengthens ChatGPT Atlas Security to Block Prompt Injection AttacksOpenAI has deployed a significant security update to ChatGPT Atlas, its browser-based AI agent, implementing advanced defenses against prompt injection attacks. The update introduces an adversarially trained model combined with strengthened safeguards designed to protect users fr…GBHACKERS.COM
29 Dec KEVAnton’s Security Blog Quarterly Q4 2025Amazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog , Google Cloud community blog , and our Cloud Security Podcast ( subscribe on Spotify). Top 10 posts with the mo…MEDIUM.COM
29 DecBugs that survive the heat of continuous fuzzingLearn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them. The post Bugs that survive the heat of continuous fuzzing appeared first on The GitHub Blog .GITHUB.BLOG
📢 SECURITY ADVISORIES 5[−]
29 DecTipps für CISOs, die die Branche wechseln wollenTipps für CISOs mit “Vertical-Switch-Ambitionen”. FotoDax | shutterstock.com In der Außenperspektive sollte es für Menschen, die es zum Chief Information Security Officer gebracht haben, eigentlich kein Problem sein, die Branche zu wechseln . In der Realität stellen viele Sicherh…CSOONLINE.COM
29 DecAre We Ready to Be Governed by Artificial Intelligence?Artificial Intelligence (AI) overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are already pervading many aspects of democratic government, affecting our lives in ways both large and sma…SCHNEIER.COM
🔥 INCIDENT REPORTING 14[−]
29 Dec22 Million Affected by Aflac Data BreachHackers stole names, addresses, Social Security numbers, ID numbers, and medical and health insurance information from Aflac’s systems. The post 22 Million Affected by Aflac Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
29 DecThe 10 Biggest Data Breach Fines and Settlements of 2025 - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news-features/top-10-data-breach-fines-2025/SH.ITJUST.WORKS
29 DecMassive Rainbow Six Siege breach gives players billions of creditssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/massive-rainbow-six-siege-breach-gives-players-billions-of-credits/SH.ITJUST.WORKS
29 DecKorean Air data breach exposes data of thousands of employeesKorean Air experienced a data breach affecting thousands of employees after Korean Air Catering & Duty-Free (KC&D), its in-flight catering supplier and former subsidiary, was recently hacked. [...]BLEEPINGCOMPUTER.COM
29 DecDozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theftsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.htmlSH.ITJUST.WORKS
29 Dec⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & MoreLast week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. …THEHACKERNEWS.COM
29 DecThe Real-World Attacks Behind OWASP Agentic AI Top 10OWASP's new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to malicious MCP servers. Koi Security breaks down real-world incidents behind multiple categories, including two cases cited by OWASP, showing how agent tools…BLEEPINGCOMPUTER.COM
29 DecRomanian energy provider hit by Gentlemen ransomware attackA ransomware attack hit Oltenia Energy Complex (Complexul Energetic Oltenia), Romania's largest coal-based energy producer, on the second day of Christmas, taking down its IT infrastructure. [...]BLEEPINGCOMPUTER.COM
29 DecTop US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000It took Sax well over a year to complete its investigation after detecting hackers on its network. The post Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000 appeared first on SecurityWeek .SECURITYWEEK.COM
29 DecTrust Wallet says 2,596 wallets drained in $7 million crypto theft attackTrust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses. [...]BLEEPINGCOMPUTER.COM
29 DecAI-Powered Phishing Kit Targets Microsoft Users for Credential TheftSecurity researchers have uncovered a sophisticated Spanish-language phishing kit targeting Microsoft Outlook users, revealing what appears to be a coordinated credential-theft operation with potential AI-assisted code development. The toolkit, tracked under the operational coden…GBHACKERS.COM
29 DecOperational Noise in Windows Event Logs During Advanced Cyberattacks“Threat actors are becoming more advanced, sophisticated, and are constantly changing their tactics.” This mantra has dominated cybersecurity discourse as organizations grapple with escalating breach volumes. Industry reports typically portray attackers as methodical …GBHACKERS.COM
29 DecKorean Air data breach exposes data of thousands of employeessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/korean-air-data-breach-exposes-data-of-thousands-of-employees/amp/SH.ITJUST.WORKS
29 DecCoupang to split $1.17 billion among 33.7 million data breach victimsCoupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 9[−]
29 DecHacktivist Proxies and the Normalization of Cyber Pressure CampaignsA significant shift in the cyber threat landscape has been identified in a new research report, distinguishing modern “Hacktivist Proxy Operations” from traditional digital protests or criminal schemes. The findings suggest that hacktivism has evolved into a repeatabl…GBHACKERS.COM
29 DecHacker Claims Theft of 40 Million Condé Nast Records After Wired Data LeakA hacker named Lovely made public 2.3 million records representing Wired subscriber information. The post Hacker Claims Theft of 40 Million Condé Nast Records After Wired Data Leak appeared first on SecurityWeek .SECURITYWEEK.COM
29 DecInfostealer Malware Delivered in EmEditor Supply Chain AttackThe ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
29 DecFrom AI to cyber risk, why IT leaders are anxious heading into 2026 - Help Net Securitysubmitted by kid to cybersecurity 2 points | 0 comments https://www.helpnetsecurity.com/2025/12/26/it-planning-cybersecurity-threats-2026/SH.ITJUST.WORKS
29 DecTrust Wallet confirms extension hack led to $7 million crypto theftsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/trust-wallet-confirms-extension-hack-led-to-7-million-crypto-theft/SH.ITJUST.WORKS
29 DecSilver Fox Hackers Target Indian Entities Using Income Tax Phishing LuresThreat intelligence researchers at CloudSEK have uncovered a sophisticated phishing campaign targeting Indian entities using Income Tax-themed lures, attributed to the Chinese-aligned Silver Fox APT group. The campaign employs an advanced multi-stage malware chain delivering Vall…GBHACKERS.COM
29 DecMost Parked Domains Lead Users to Scams or MalwareOver 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox.KNOWBE4.COM
29 DecMeta's Hidden Debt in Data CentersMeta's strategic move to acquire a 20% stake in an LLC, with Blue Owl spearheading data center operations, highlights the intricate dance between equity investments and securitized debt. As Blue Owl shoulders billions in debt, the balance sheets of tech giants like Meta, Amazon, …YOUTUBE.COM
29 DecChinese state hackers use rootkit to hide ToneShell malware activityA new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
29 DecYou’ve been targeted by government spyware. Now what?Tech companies are increasingly warning their customers that they have been targeted by governments with advanced government spyware, such as NSO's Pegasus or Paragon's Graphite. What happens after receiving a threat notification?TECHCRUNCH.COM
29 DecHacker arrested for KMSAuto malware campaign with 2.8 million downloadsA Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. [...]BLEEPINGCOMPUTER.COM
29 DecHappy 16th Birthday, KrebsOnSecurity.com!KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was …KREBSONSECURITY.COM
29 DecGet Executives on board with managing Cyber RiskLearn how the 2025 Trend Micro Defenders Survey Report helps paint a clear picture of how security teams are looking to work with executive leaders to manage cyber risk.TRENDMICRO.COM
📡 INFOSEC NEWS 6[−]
29 DecSauron, the high-end home security startup for “super premium” customers, plucks a new CEO out of SonosSauron is appearing on the scene as concerns rise about crime among the most wealthy.TECHCRUNCH.COM
29 DecMicrosoft Copilot is rolling out GPT 5.2 as "Smart Plus" modeMicrosoft is rolling out GPT 5.2 to Copilot on the web, Windows, and mobile as a free upgrade, and it'll coexist with the GPT 5.1 model. [...]BLEEPINGCOMPUTER.COM
29 DecFormer Coinbase support agent arrested for helping hackersA former Coinbase customer service agent was arrested in India for helping hackers earlier this year steal sensitive customer information from a company database. [...]BLEEPINGCOMPUTER.COM
29 DecChatGPT finally rolls out Thinking time toggle on mobileOpenAI is rolling out an update to ChatGPT on mobile that finally allows you to select the Thinking time toggle, also called "juice" of the model. [...]BLEEPINGCOMPUTER.COM
29 DecThis month in security with Tony Anscombe – December 2025 editionAs 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this yearWELIVESECURITY.COM