An open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting MongoDB databases. The vulnerability allows attackers to extract sensitive information, including credentials, session tokens, and personally identifiable information, directly from server…
OpenAI Hardened ChatGPT Atlas Against Prompt Injection Attacks
OpenAI has rolled out a critical security update to ChatGPT Atlas, its browser-based AI agent, introducing advanced defenses against prompt injection attacks. The update marks a significant step in protecting users from emerging adversarial threats targeting agentic AI systems. What…
A week in security (December 22 – December 28)
A list of topics we covered in the week of December 22 to December 28 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (December 22 – December 28)
Rainbow Six Siege breach, backup generators for AI, LastPass reverberations
Rainbow Six Siege suffers breach, gamers go shopping Diesel generators and aircraft engines in high demand to power AI LastPass 2022 breach reverberates through crypto world Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust…
IT Security News Hourly Summary 2025-12-29 09h : 3 posts
3 posts were published in the last hour 8:2 : Thames Valley Police Begin Facial Recognition Deployment 8:2 : Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors 8:2 : MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
Thames Valley Police Begin Facial Recognition Deployment
Police begin deploying live facial recognition vans in Oxford city centre, as police seek to replicate success elsewhere This article has been indexed from Silicon UK Read the original article: Thames Valley Police Begin Facial Recognition Deployment
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction…
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to…
LLMs are automating the human part of romance scams
Romance scams succeed because they feel human. New research shows that feeling no longer requires a person on the other side of the chat. The three stages of a romance-baiting scam Romance scams depend on scripted conversation Romance baiting scams…
Security chaos engineering matters when nothing is broken
In this Help Net Security video, Brian Blakley, CISO at Bellini Capital, explains why security chaos engineering matters beyond theory. He shares lessons from real organizations where systems did not fail outright, but uncertainty slowed the business. Login delays, certificate…
Superagent: Open-source framework for guardrails around agentic AI
Superagent is an open-source framework for building, running, and controlling AI agents with safety built into the workflow. The project focuses on giving developers and security teams tools to manage what agents can do, what they can access, and how…
Automation forces a reset in security strategy
Enterprise security teams are working under the assumption that disruption is constant. A global study by Trellix shows that resilience has moved from a long term goal to a structural requirement for CISOs. Infrastructure design, operational integration, and the use…
MongoBleed Detector Launched to Identify Critical MongoDB Flaw (CVE-2025-14847)
Security researchers have released an open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting multiple MongoDB versions. The MongoBleed Detector, developed by Neo23x0, provides incident responders with an offline analysis capability…
Hacktivist Proxies and the Normalization of Cyber Pressure Campaigns
A significant shift in the cyber threat landscape has been identified in a new research report, distinguishing modern “Hacktivist Proxy Operations” from traditional digital protests or criminal schemes. The findings suggest that hacktivism has evolved into a repeatable, model-driven instrument…
MongoDB – MongoBleed Vulnerability Exploit Reported On Christmas Day
Cybersecurity Today: MongoDB Vulnerability ‘Mongo Bleed’ Exploited, Rainbow Six Siege Hacked, Trust Wallet Compromise, and GrubHub Crypto Scams In this episode of Cybersecurity Today, David Shipley covers significant cybersecurity incidents that occurred over the holiday period. The major topics include…
IT Security News Hourly Summary 2025-12-29 06h : 2 posts
2 posts were published in the last hour 5:2 : CISOs are managing risk in survival mode 4:31 : Accused data thief threw MacBook into a river to destroy evidence
CISOs are managing risk in survival mode
CISOs carry expanding responsibility as cybersecurity budgets rise, AI adoption spreads, and board expectations grow. Risk management now depends on faster decisions, stronger coordination, and better communication across leadership teams. This article shows how CISOs are responding to growing pressure,…
Accused data thief threw MacBook into a river to destroy evidence
Former staffer of Korean e-tailer Coupang accessed 33 million records but may have done less damage than feared Korean e-tailer Coupang claims a former employee has admitted to improperly accessing data describing 33 million of its customers, but says the…
Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records
Hackers have leaked a database containing over 2.3 million WIRED subscriber records, marking a major breach at Condé Nast, the parent company. The threat actor “Lovely” claims this is just the start, promising to release up to 40 million more…
Sauron, the high-end home security startup for “super premium” customers, plucks a new CEO out of Sonos
Sauron is appearing on the scene as concerns rise about crime among the most wealthy. This article has been indexed from Security News | TechCrunch Read the original article: Sauron, the high-end home security startup for “super premium” customers, plucks…
IT Security News Hourly Summary 2025-12-29 03h : 1 posts
1 posts were published in the last hour 2:2 : What are Auth Tokens? Complete Guide to Token-Based Authentication & Implementation
What are Auth Tokens? Complete Guide to Token-Based Authentication & Implementation
Learn about auth tokens, token-based authentication, JWTs, and implementation strategies. Enhance security and user experience in enterprise SSO and CIAM. The post What are Auth Tokens? Complete Guide to Token-Based Authentication & Implementation appeared first on Security Boulevard. This article…
How can businesses trust AI to handle sensitive data
Are Businesses Ready to Trust AI with Their Most Sensitive Data? The discussion around trusting AI with sensitive data is both inevitable and essential. With AI systems increasingly integrated into business processes, the question now revolves around how businesses can…
Can AI-driven cloud security assure full data protection
Are You Effectively Managing Non-Human Identities in AI-Driven Cloud Security? Where technology underpins every business function, the security of machine identities—known as Non-Human Identities (NHIs)—has become paramount. But how well are organizations managing these NHIs, especially in AI-driven cloud security?…