4 posts were published in the last hour 19:32 : An early end to the holidays: ‘Heartbleed of MongoDB’ is now under active exploit 19:31 : Bluetooth Headphones Can Be Weaponized to Hack Phones 19:31 : Hackers Advertised VOID ‘AV…
An early end to the holidays: ‘Heartbleed of MongoDB’ is now under active exploit
You didn’t think you’d get to enjoy your time off without a major cybersecurity incident, did you? A high-severity MongoDB Server vulnerability, for which proofs of concept emerged over Christmas week, is now under active exploitation, according to the US…
Bluetooth Headphones Can Be Weaponized to Hack Phones
High-severity flaws in popular Bluetooth headphones can enable eavesdropping and smartphone hijacking, with many devices still unpatched. The post Bluetooth Headphones Can Be Weaponized to Hack Phones appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
Hackers Advertised VOID ‘AV Killer’ with Kernel-level Termination Claims
The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. This malicious software operates as a kernel-level antivirus and endpoint detection response (EDR) process killer, designed…
Massive Magecart with 50+ Malicious Scripts Hijacking Checkout and Account Creation Flows
A large-scale web skimming operation has emerged across the internet, targeting online shoppers and account holders with unprecedented scope. Security researchers have identified an over 50-script global campaign that intercepts sensitive information during checkout and account creation processes. The attack…
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
Threat actors used two malicious Chrome extensions that have 900,000 users to steal their chats with AI models like ChatGPT and DeepSeek and browser history. The incident is the latest in a growing string of attacks in which hackers weaponized…
ESET Warns AI-driven Malware Attack and Rapidly Growing Ransomware Economy
The cybersecurity landscape has reached a critical turning point as artificial intelligence moves from theoretical threat to operational reality. In their H2 2025 Threat Report, ESET researchers have documented a disturbing shift in how attackers operate, revealing that AI-powered malware…
Copilot Studio Feature Enables Silent AI Backdoors
Copilot Studio’s Connected Agents feature can be abused to create silent AI backdoors that bypass visibility and audit controls. The post Copilot Studio Feature Enables Silent AI Backdoors appeared first on eSecurity Planet. This article has been indexed from eSecurity…
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-364-01: WHILL C2 Wheelchairs ICSA-25-345-03: AzeoTech DAQFactory (Update A) CISA encourages users and administrators to review newly released…
Hackers Infiltrated Maven Central Masquerading as a Legitimate Jackson JSON Library
A new malware campaign has successfully infiltrated Maven Central, one of the most trusted repositories for Java developers, by masquerading as a legitimate Jackson JSON library extension. The malicious package, published under the org.fasterxml.jackson.core/jackson-databind namespace, represents one of the first…
European Space Agency Confirms Breach of Servers Outside the Corporate Network
The European Space Agency (ESA) has confirmed a cybersecurity breach affecting a limited number of external servers, marking a rare public admission of vulnerability in the continent’s premier space organization. In an official statement released Tuesday, ESA disclosed: “ESA is…
New Spear-Phishing Attack Targeting Security Individuals in Israel Region
Israel’s National Cyber Directorate recently issued an urgent alert about a targeted spear-phishing attack aimed at people working in security and defense-related areas. The campaign uses WhatsApp messages that pretend to come from trusted organizations, inviting targets to professional conferences.…
New Spear-Phishing Attack Targeting Security Individuals in the Israel Region
Israel’s National Cyber Directorate has issued an urgent alert warning of an active spear-phishing campaign specifically targeting individuals employed in security and defense-related sectors. The operation, linked to infrastructure associated with APT42 (also known as Charming Kitten), represents a deliberate…
Critical IBM API Connect Flaw Allows Attackers to Bypass Authentication
IBM has disclosed a critical authentication bypass vulnerability affecting its API Connect platform, assigning it a maximum CVSS severity score of 9.8. The flaw, tracked as CVE-2025-13915, represents a primary authentication weakness (CWE-305) that requires no user interaction or special…
ESET Flags Rising Threat of AI-Driven Malware and Ransomware
The cybersecurity landscape entered a critical new era in the second half of 2025 as AI-powered malware transitioned from theoretical threat to tangible reality, while the ransomware-as-a-service economy expanded at an unprecedented pace. According to ESET Research’s latest Threat Report,…
Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion
A threat actor operating under the handle Crypt4You has begun advertising a sophisticated new offensive tool on underground cybercrime forums, marketed as a “kernel-level” security neutralization utility. Dubbed VOID KILLER, the malware is designed explicitly to terminate antivirus (AV) and Endpoint Detection and…
Magecart Campaign Deploys 50+ Malicious Scripts to Hijack E-Commerce Transactions
A sophisticated and expansive Magecart campaign has been uncovered, marking a dangerous evolution in client-side attacks. Security researchers have identified a global operation utilizing over 50 distinct malicious scripts to hijack checkout and account creation flows across dozens of e-commerce…
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker within Bluetooth range to take control over the product. The following versions of WHILL Model C2 Electric Wheelchairs and Model F Power Chairs are affected: Model C2 Electric…
NDSS 2025 – Distributed Function Secret Sharing And Applications
Session 7C: Secure Protocols Authors, Creators & Presenters: Pengzhi Xing (University of Electronic Science and Technology of China), Hongwei Li (University of Electronic Science and Technology of China), Meng Hao (Singapore Management University), Hanxiao Chen (University of Electronic Science and…
Korean Air Confirms Employee Data Leak Linked to Third-Party Breach
Korean Air has confirmed that personal information belonging to thousands of its employees was exposed following a cyber incident at Korean Air Catering and Duty-Free, commonly referred to as KC&D. The company disclosed the issue after receiving notification from…
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score…
IT Security News Hourly Summary 2025-12-30 18h : 2 posts
2 posts were published in the last hour 16:32 : 2.5M Malicious Requests Hit Adobe ColdFusion and Others in Holiday Attack 16:31 : Azure Fundamentals Study Notes: Your Ultimate Guide to AZ-900
2.5M Malicious Requests Hit Adobe ColdFusion and Others in Holiday Attack
A holiday-timed campaign drove 2.5 million malicious requests targeting Adobe ColdFusion and other enterprise platforms. The post 2.5M Malicious Requests Hit Adobe ColdFusion and Others in Holiday Attack appeared first on eSecurity Planet. This article has been indexed from eSecurity…
Azure Fundamentals Study Notes: Your Ultimate Guide to AZ-900
A beginner-friendly AZ-900 guide covering cloud concepts, Azure services, architecture, governance, monitoring, and exam prep for Azure Fundamentals certification. This article has been indexed from CyberMaterial Read the original article: Azure Fundamentals Study Notes: Your Ultimate Guide to AZ-900