CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-14847 MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability This type of vulnerability is a frequent attack vector for…
Category: EN
NDSS 2025 – Rondo: Scalable And Reconfiguration-Friendly Randomness Beacon
Session 7C: Secure Protocols Authors, Creators & Presenters: Xuanji Meng (Tsinghua University), Xiao Sui (Shandong University), Zhaoxin Yang (Tsinghua University), Kang Rong (Blockchain Platform Division,Ant Group), Wenbo Xu (Blockchain Platform Division,Ant Group), Shenglong Chen (Blockchain Platform Division,Ant Group), Ying Yan…
New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations
Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report. This article has been indexed from Hackread – Cybersecurity News, Data…
Top web app security vulnerabilities and how to mitigate them
<p>The list of top web application security vulnerabilities and risks has remained largely unchanged for the past decade, and the attack vectors are well-known to security practitioners and developers alike. Yet these problems persist, despite their solutions being readily available…
Happy 16th Birthday, KrebsOnSecurity.com!
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark…
New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins
A Spanish-speaking phishing operation targeting Microsoft Outlook users has been active since March 2025, using a sophisticated kit that shows clear indicators of AI-assisted development. The campaign, tracked through a unique signature of four mushroom emojis embedded in the string…
Silver Fox Hackers Attacking Indian Entities with Income Tax Phishing Lures
Chinese threat actors operating under the name Silver Fox are targeting Indian organizations through sophisticated phishing campaigns that impersonate legitimate income tax documents. The attack campaign uses authentic-looking Income Tax Department emails to trick users into downloading a malicious executable…
How to Spot the Most Common Crypto Phishing Scams
Crypto phishing scams surged 83% in 2025, targeting wallets with fake sites, approval tricks, and poisoned addresses. One click can drain your funds. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the…
Coupang to Pay $1.1 Billion in Compensation to Users After Data Breach
Coupang will spend $1.1 billion to compensate millions of users after a major data breach, aiming to rebuild trust following widespread concerns over data security. The post Coupang to Pay $1.1 Billion in Compensation to Users After Data Breach appeared…
OpenAI Hardens ChatGPT Atlas Against Prompt Injection Attacks
OpenAI updated ChatGPT Atlas to strengthen defenses against prompt injection. The post OpenAI Hardens ChatGPT Atlas Against Prompt Injection Attacks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: OpenAI Hardens ChatGPT…
Vulnerability Summary for the Week of December 22, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 9786–phpok3w A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads…
Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players
Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data. This article has been indexed from Hackread – Cybersecurity…
Crims disconnect Wired subscribers from their privacy, publish deets online
Extortion group Lovely claims to have stolen 40 million pieces of info from publisher Conde Nast A criminal group is beating Conde Nast over the head for not responding sooner to its extortion attempt by posting stolen subscribers’ email and…
Google to Finally Let Users Change Their Gmail Address. Here’s How It Works
Google is rolling out a way to add a new Gmail address without losing data, with a strict limit, and new phishing risks as scammers exploit the change. The post Google to Finally Let Users Change Their Gmail Address. Here’s…
TeamViewer DEX Bugs Enable DoS and Local Network Attacks
TeamViewer DEX bugs enable DoS attacks and local network exploitation. The post TeamViewer DEX Bugs Enable DoS and Local Network Attacks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: TeamViewer DEX…
Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks
Public reports about cyberattacks often present a polished picture—threat actors working methodically through a well-planned playbook with every action perfectly executed. This perception leads many to believe that modern attackers operate with machine-like precision, seamlessly moving from one objective to…
Question on Open Source Tools
I received a question recently, one I receive every now and again, asking if there are any updates to an open source tool I created a while back, called “RegRipper”. This time, the question came in this way: Is there any…
Threat Actors Exploiting Critical ‘MongoBleed’ MongoDB Flaw
A high-severity flaw in MongoDB instances could allow unauthenticated remote bad actors to leak sensitive data from MongoDB servers. Dubbed “MongoBleed,” the security flaw is being exploited in the wild after a PoC exploit and technical details were published. MongoDB…
NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs
NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Wenhao Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Linke Song (Key Laboratory of…
Silver Fox Hackers Target Indian Entities Using Income Tax Phishing Lures
Threat intelligence researchers at CloudSEK have uncovered a sophisticated phishing campaign targeting Indian entities using Income Tax-themed lures, attributed to the Chinese-aligned Silver Fox APT group. The campaign employs an advanced multi-stage malware chain delivering Valley RAT, a modular remote…