In a desperate attempt to cover his tracks, the hacker behind Coupang’s massive personal data leak hurled his MacBook Air into a nearby river, only for company investigators to fish it out days later. This cinematic twist emerged as South…
Category: Cyber Security News
Windows LPE Vulnerabilities via Kernel Drivers and Named Pipes Allows Privilege Escalation
Security researchers are increasingly focusing on privilege escalation attacks through two primary Windows attack surfaces: kernel drivers and named pipes. These vectors exploit fundamental trust boundary weaknesses between the user and kernel modes. Enabling attackers to escalate from standard user…
MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)
An open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting MongoDB databases. The vulnerability allows attackers to extract sensitive information, including credentials, session tokens, and personally identifiable information, directly from server…
OpenAI Hardened ChatGPT Atlas Against Prompt Injection Attacks
OpenAI has rolled out a critical security update to ChatGPT Atlas, its browser-based AI agent, introducing advanced defenses against prompt injection attacks. The update marks a significant step in protecting users from emerging adversarial threats targeting agentic AI systems. What…
Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records
Hackers have leaked a database containing over 2.3 million WIRED subscriber records, marking a major breach at Condé Nast, the parent company. The threat actor “Lovely” claims this is just the start, promising to release up to 40 million more…
MongoBleed (CVE-2025-14847) Now Exploited in the Wild: MongoDB Servers at Critical Risk
A high-severity unauthenticated information-leak vulnerability in MongoDB Server, dubbed MongoBleed after the infamous Heartbleed bug, is now being actively exploited in real-world attacks. MongoDB has disclosed CVE-2025-14847, a critical flaw affecting multiple supported and legacy server versions that allows unauthenticated…
Ubisoft Rainbow Six Siege Servers Breach linked to MongoBleed Vulnerability
The chaos surrounding Ubisoft escalated significantly today as the first group of hackers, previously known for silent exploits, initiated a highly visible and disruptive takeover of Rainbow Six Siege servers. Players worldwide are reporting a massive influx of in-game currency,…
87,000+ MongoDB Instances Vulnerable to MongoBleed Flaw Exposed Online – PoC Exploit Released
A high-severity vulnerability in MongoDB Server that allows unauthenticated remote attackers to siphon sensitive data from database memory. Dubbed “MongoBleed” due to its automated similarities to the infamous Heartbleed bug, the flaw tracks as CVE-2025-14847 and carries a CVSS score…
Mongobleed PoC Exploit Tool Released for MongoDB Flaw that Exposes Sensitive Data
A proof-of-concept (PoC) exploit dubbed “mongobleed” for CVE-2025-14847, a critical unauthenticated memory leak vulnerability in MongoDB’s zlib decompression handling. Dubbed by its creator Joe Desimone as a way to bleed sensitive server memory, the flaw lets attackers remotely extract uninitialized…
TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data
Multiple critical vulnerabilities in TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe), formerly part of 1E Client. Affecting Windows versions before 25.11 and select older branches, the flaws stem from improper input validation (CWE-20), potentially enabling attackers on the local network…
M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users
An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive document management systems. The flaw, tracked as CVE-2025-13008, affects multiple versions across different release branches…
TrustWallet Chrome Extension Hacked – Users Reporting Millions in Losses
Many Trust Wallet users saw their wallets drained of over $7 million after a security breach in the Chrome browser extension version 2.68.0, released on December 24, 2025. Blockchain investigator ZachXBT first flagged the incident on X, noting a surge…
Parrot 7.0 Released with New Penetration Testing and AI Tools
Parrot OS 7.0, codenamed Echo, launches as a complete system rewrite based on Debian 13, bringing KDE Plasma 6, Wayland by default, and fresh penetration testing tools, including a dedicated AI category. This release emphasizes lightweight theming and community-driven spins,…
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
A critical vulnerability in LangChain’s core library (CVE-2025-68664) allows attackers to exfiltrate sensitive environment variables and potentially execute code through deserialization flaws. Discovered by a Cyata researcher and patched just before Christmas 2025, the issue affects one of the most…
Google Now Allows Users to Change Their @gmail.com Email Address
For years, one of the most persistent frustrations for Google users has been the inability to alter their primary email address without creating an entirely new account. Whether you are stuck with an unprofessional handle created in high school or…
100+ Cybersecurity Predictions 2026 for Industry Experts as the AI Adapted in the Wild
As artificial intelligence becomes deeply embedded in enterprise operations and cybercriminal arsenals alike, the Cybersecurity Predictions 2026 landscape reveals an unprecedented convergence of autonomous threats, identity-centric attacks, and accelerated digital transformation risks. Industry experts across leading security firms, government agencies, and research…
Net-SNMP Vulnerability Enables Buffer Overflow and the Daemon to Crash
A new critical vulnerability affecting the Net-SNMP software suite has been disclosed, posing a significant risk to network infrastructure worldwide. Tracked as CVE-2025-68615, this security flaw allows remote attackers to trigger a buffer overflow, leading to a service crash or potentially…
Hackers Exploiting Three-Year-Old FortiGate Vulnerability to Bypass 2FA on Firewalls
Cybercriminals are actively abusing a long-patched Fortinet FortiGate flaw from July 2020, slipping past two-factor authentication (2FA) on firewalls and potentially granting unauthorized access to VPNs and admin consoles. Fortinet’s PSIRT team detailed the in-the-wild attacks in a recent blog…
Microsoft Unveils Hardware-Accelerated BitLocker to Enhance Performance and Security
Microsoft has announced hardware-accelerated BitLocker, a significant security enhancement designed to eliminate performance bottlenecks caused by encryption on modern high-speed NVMe drives. The new technology addresses growing concerns about CPU overhead as storage devices become faster, particularly for users running…
Evasive Panda APT Using AitM Attack and DNS Poisoning to Deliver Malware
The Evasive Panda APT group, also known as Bronze Highland, Daggerfly, and StormBamboo, has been running targeted campaigns since November 2022, using advanced techniques to deliver the MgBot malware. The group employs adversary-in-the-middle attacks combined with DNS poisoning to compromise…