In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction…
Category: EN
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to…
LLMs are automating the human part of romance scams
Romance scams succeed because they feel human. New research shows that feeling no longer requires a person on the other side of the chat. The three stages of a romance-baiting scam Romance scams depend on scripted conversation Romance baiting scams…
Security chaos engineering matters when nothing is broken
In this Help Net Security video, Brian Blakley, CISO at Bellini Capital, explains why security chaos engineering matters beyond theory. He shares lessons from real organizations where systems did not fail outright, but uncertainty slowed the business. Login delays, certificate…
Superagent: Open-source framework for guardrails around agentic AI
Superagent is an open-source framework for building, running, and controlling AI agents with safety built into the workflow. The project focuses on giving developers and security teams tools to manage what agents can do, what they can access, and how…
Automation forces a reset in security strategy
Enterprise security teams are working under the assumption that disruption is constant. A global study by Trellix shows that resilience has moved from a long term goal to a structural requirement for CISOs. Infrastructure design, operational integration, and the use…
MongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847)
Security researchers have released an open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting multiple MongoDB versions. The MongoBleed Detector, developed by Neo23x0, provides incident responders with an offline analysis capability…
Hacktivist Proxies and the Normalization of Cyber Pressure Campaigns
A significant shift in the cyber threat landscape has been identified in a new research report, distinguishing modern “Hacktivist Proxy Operations” from traditional digital protests or criminal schemes. The findings suggest that hacktivism has evolved into a repeatable, model-driven instrument…
MongoDB – MongoBleed Vulnerability Exploit Reported On Christmas Day
Cybersecurity Today: MongoDB Vulnerability ‘Mongo Bleed’ Exploited, Rainbow Six Siege Hacked, Trust Wallet Compromise, and GrubHub Crypto Scams In this episode of Cybersecurity Today, David Shipley covers significant cybersecurity incidents that occurred over the holiday period. The major topics include…
CISOs are managing risk in survival mode
CISOs carry expanding responsibility as cybersecurity budgets rise, AI adoption spreads, and board expectations grow. Risk management now depends on faster decisions, stronger coordination, and better communication across leadership teams. This article shows how CISOs are responding to growing pressure,…
Accused data thief threw MacBook into a river to destroy evidence
Former staffer of Korean e-tailer Coupang accessed 33 million records but may have done less damage than feared Korean e-tailer Coupang claims a former employee has admitted to improperly accessing data describing 33 million of its customers, but says the…
Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records
Hackers have leaked a database containing over 2.3 million WIRED subscriber records, marking a major breach at Condé Nast, the parent company. The threat actor “Lovely” claims this is just the start, promising to release up to 40 million more…
Sauron, the high-end home security startup for “super premium” customers, plucks a new CEO out of Sonos
Sauron is appearing on the scene as concerns rise about crime among the most wealthy. This article has been indexed from Security News | TechCrunch Read the original article: Sauron, the high-end home security startup for “super premium” customers, plucks…
What are Auth Tokens? Complete Guide to Token-Based Authentication & Implementation
Learn about auth tokens, token-based authentication, JWTs, and implementation strategies. Enhance security and user experience in enterprise SSO and CIAM. The post What are Auth Tokens? Complete Guide to Token-Based Authentication & Implementation appeared first on Security Boulevard. This article…
How can businesses trust AI to handle sensitive data
Are Businesses Ready to Trust AI with Their Most Sensitive Data? The discussion around trusting AI with sensitive data is both inevitable and essential. With AI systems increasingly integrated into business processes, the question now revolves around how businesses can…
Can AI-driven cloud security assure full data protection
Are You Effectively Managing Non-Human Identities in AI-Driven Cloud Security? Where technology underpins every business function, the security of machine identities—known as Non-Human Identities (NHIs)—has become paramount. But how well are organizations managing these NHIs, especially in AI-driven cloud security?…
What support is available for implementing Agentic AI systems
How Do Machine Identities Shape Cloud Security? What role do machine identities play, particularly within cloud environments? When organizations continue to transform digitally, the focus on securing machine identities, known as Non-Human Identities (NHIs), becomes increasingly paramount. NHIs consist of…
Is the security for Non-Human Identities getting better
How Can Organizations Effectively Manage Non-Human Identities? Have you ever considered how the digital backbone of your organization is secured when it comes to managing the vast array of Non-Human Identities (NHIs)? With technology continues to evolve at a rapid…
NDSS 2025 – Automated Data Protection For Embedded Systems Via Data Flow Based Compartmentalization
NDSS 2025 – Automated Data Protection For Embedded Systems Via Data Flow Based Compartmentalization Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Zelun Kong (University of Texas at Dallas), Minkyung Park (University of Texas at Dallas), Le Guan…
Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk
Hacker claims Condé Nast breach, leaking 2.3M WIRED subscriber records and threatening to expose up to 40M more from other brands. A hacker known as “Lovely” claims to have leaked personal data of over 2.3 million Wired.com users. The data…