Threat intelligence researchers at CloudSEK have uncovered a sophisticated phishing campaign targeting Indian entities using Income Tax-themed lures, attributed to the Chinese-aligned Silver Fox APT group. The campaign employs an advanced multi-stage malware chain delivering Valley RAT, a modular remote…
New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones
Security researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits. The three vulnerabilities CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 affect dozens of popular headphone models from Sony, Marshall, Jabra, Bose, and other…
Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts
A severe unauthenticated remote code execution vulnerability has been discovered in XSpeeder networking devices, potentially affecting more than 70,000 publicly accessible hosts worldwide. Tracked as CVE-2025-54322, the flaw allows attackers to gain root-level access without any authentication credentials. CVE ID…
Hackers Launch 2.5 Million+ Malicious Requests Targeting Adobe ColdFusion Servers
Security researchers have uncovered a massive coordinated exploitation campaign where threat actors launched over 2.5 million malicious requests against vulnerable systems during the Christmas 2025 holiday period. The campaign represents a sophisticated, multi-faceted initial access broker operation targeting Adobe ColdFusion…
Hacker Dumped MacBook in River in Attempt to Destroy Digital Evidence
A former employee of South Korean e-commerce giant Coupang attempted to destroy evidence of a massive data theft by throwing his MacBook Air into a river, investigators revealed this week. The desperate act failed spectacularly, with forensic experts recovering the…
87K MongoDB Instances Exposed by MongoBleed Vulnerability
MongoBleed exposes 87K MongoDB instances to unauthenticated memory leaks. The post 87K MongoDB Instances Exposed by MongoBleed Vulnerability appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: 87K MongoDB Instances Exposed by…
IT Security News Hourly Summary 2025-12-29 18h : 2 posts
2 posts were published in the last hour 16:31 : Why the Future Is Increasingly Pointing Toward Multi-Cloud Strategies 16:31 : 2.3M WIRED Subscriber Records Leaked in Condé Nast Data Breach
Why the Future Is Increasingly Pointing Toward Multi-Cloud Strategies
It is not surprising that the explosion in cloud technology over the last several decades has brought about a transformational shift across industries. Organizations are relying more than ever on multiple vendors for their cloud deployments — rather than relying…
2.3M WIRED Subscriber Records Leaked in Condé Nast Data Breach
Condé Nast breach exposes 2.3 million WIRED subscriber records. The post 2.3M WIRED Subscriber Records Leaked in Condé Nast Data Breach appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: 2.3M WIRED…
Get a Lifetime of 1TB Cloud Storage for Only $50 with FolderFort
Fast, affordable cloud storage isn’t always easy to find for businesses, but now you can have a massive amount with maximum security. The post Get a Lifetime of 1TB Cloud Storage for Only $50 with FolderFort appeared first on TechRepublic.…
Hacktivist Proxy Operations Emerge as a Repeatable Model of Geopolitical Cyber Pressure
A new form of cyber disruption is reshaping the landscape of modern conflict. Hacktivist groups are increasingly operating as strategic instruments of state pressure, launching coordinated attacks that align perfectly with geopolitical events such as sanctions announcements and military aid…
New Vulnerabilities in Bluetooth Headphones Let Hackers Hijack Connected Smartphone
Security researchers have disclosed critical vulnerabilities affecting widely used Bluetooth headphones and earbuds that could allow attackers to eavesdrop on conversations, steal sensitive data, and even hijack connected smartphones. The flaws, identified as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, impact devices powered…
2.5 Million+ Malicious Request From Hackers Attacking Adobe ColdFusion Servers
A coordinated exploitation campaign that generated more than 2.5 million malicious requests against Adobe ColdFusion servers and 47+ other technology platforms during the Christmas 2025 holiday period. The operation was attributed to a single threat actor operating from Japan-based infrastructure.…
Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000
It took Sax well over a year to complete its investigation after detecting hackers on its network. The post Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000 appeared first on SecurityWeek. This article has been indexed from…
2026 Kubernetes Playbook: AI at Scale, Self‑Healing Clusters, & Growth
In 2026, the question isn’t whether Kubernetes wins – it already has. And yet, many organizations are running mission-critical workloads on a platform they still treat as plumbing, not the operating layer that controls speed, security, and efficiency. Recent Cloud…
Best of 2025: CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding IngressNightmare. FAQ What is IngressNightmare?…
Cyber Briefing: 2025.12.29
Authorities and companies worldwide faced major cyber incidents and enforcement actions, including large-scale breaches, active exploitation of critical vulnerabilities This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2025.12.29
You’ve been targeted by government spyware. Now what?
Tech companies are increasingly warning their customers that they have been targeted by governments with advanced government spyware, such as NSO’s Pegasus or Paragon’s Graphite. What happens after receiving a threat notification? This article has been indexed from Security News…
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Korean Air employee discloses a data breach after a hack of its catering and duty-free supplier, KC&D, affecting thousands of staff. Korean Air suffered a data breach after its in-flight catering supplier Korean Air Catering & Duty-Free (KC&D) was hacked,…
Hacker Threw MacBook in River to Erase Evidence in Coupang Data Breach
In a desperate attempt to cover his tracks, the hacker behind Coupang’s massive personal data leak hurled his MacBook Air into a nearby river, only for company investigators to fish it out days later. This cinematic twist emerged as South…
âš¡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost…
Rainbow Six Siege Breach Gives Free Credits
The security breach became evident when players noticed a surge of unusual activity, including unauthorized bans and unbans alongside falsified messages appearing on the official in-game moderation ticker. This article has been indexed from CyberMaterial Read the original article: Rainbow…
Pro Russian Hackers Claim French Post Attack
A pro-Russian hacking group named Noname057 claimed responsibility for a major cyberattack that disrupted France’s national postal service, La Poste, during the peak Christmas delivery season. This article has been indexed from CyberMaterial Read the original article: Pro Russian Hackers…
LastPass 2022 Breach Tied To Crypto Thefts
Recent investigations by TRM Labs reveal that encrypted vault backups stolen during the 2022 LastPass breach are still being exploited by Russian cybercriminals to drain cryptocurrency wallets as late as 2025. By targeting vaults protected by weak master passwords, these…