Millions of users may have unknowingly exposed their most private conversations with AI tools after cybersecurity researchers uncovered a network of browser extensions quietly harvesting and selling chat data.Here’s a reminder many people forget: an AI assistant is not…
Mongobleed PoC Exploit Tool Released for MongoDB Flaw that Exposes Sensitive Data
A proof-of-concept (PoC) exploit dubbed “mongobleed” for CVE-2025-14847, a critical unauthenticated memory leak vulnerability in MongoDB’s zlib decompression handling. Dubbed by its creator Joe Desimone as a way to bleed sensitive server memory, the flaw lets attackers remotely extract uninitialized…
The US Must Stop Underestimating Drone Warfare
The future of conflict is cheap, rapidly manufactured, and tough to defend against. This article has been indexed from Security Latest Read the original article: The US Must Stop Underestimating Drone Warfare
NPM package with 56,000 downloads compromises WhatsApp accounts
An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp Web API library and fork of ‘Baileys’, has been stealing users’ credentials…
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency,…
Why Windows File Copy Struggles With Large Files, and What Works Better
Windows’ built-in copy function works well enough for small files. Problems start when transfers involve tens or hundreds of gigabytes, or thousands of files. At that point, File Explorer often slows to […] Thank you for being a Ghacks reader.…
TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data
Multiple critical vulnerabilities in TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe), formerly part of 1E Client. Affecting Windows versions before 25.11 and select older branches, the flaws stem from improper input validation (CWE-20), potentially enabling attackers on the local network…
M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users
An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive document management systems. The flaw, tracked as CVE-2025-13008, affects multiple versions across different release branches…
Friday Squid Blogging: Squid Camouflage
New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies…
IT Security News Hourly Summary 2025-12-27 00h : 2 posts
2 posts were published in the last hour 22:56 : IT Security News Daily Summary 2025-12-26 22:31 : Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
IT Security News Daily Summary 2025-12-26
66 posts were published in the last hour 22:31 : Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data 21:31 : Romania’s Water Authority Targeted in Ransomware Attack 20:32 : NDSS 2025 – SCRUTINIZER: Towards Secure Forensics On…
Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Everest Ransomware Group…
Romania’s Water Authority Targeted in Ransomware Attack
A ransomware attack impacted over 1,000 IT systems at Romania’s water authority, highlighting growing risk to critical infrastructure. The post Romania’s Water Authority Targeted in Ransomware Attack appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
NDSS 2025 – SCRUTINIZER: Towards Secure Forensics On Compromised TrustZone
Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Yiming Zhang (Southern University of Science and Technology and The Hong Kong Polytechnic University), Fengwei Zhang (Southern University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University), Rui…
Randall Munroe’s XKCD ‘Bridge Clearance’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Bridge Clearance’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall Munroe’s…
NDSS 2025 – A Formal Approach To Multi-Layered Privileges For Enclaves
Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Ganxiana Yana (Shanghai Jiao Tona Universitv). Chenvana Liu (Shanghai Jiao Tong Universitv). Zhen Huana (Shanghai Jiao Tona Universitv). Guoxina Chen (Shanghail Ganxiang Yang (Shanghai Jiao Tong University), Chenyang Liu (Shanghai…
IT Security News Hourly Summary 2025-12-26 21h : 2 posts
2 posts were published in the last hour 20:2 : Trust Wallet warns users to update Chrome extension after $7M security loss 19:31 : 500+ Cybercrime Arrests in INTERPOL’s Operation Sentinel
Trust Wallet warns users to update Chrome extension after $7M security loss
Trust Wallet urged users to update its Chrome extension after a security incident caused about $7 million in losses. Trust Wallet warned users to update its Google Chrome extension after a security incident that resulted in about $7 million in…
500+ Cybercrime Arrests in INTERPOL’s Operation Sentinel
INTERPOL’s Operation Sentinel resulted in 574 arrests across Africa, disrupting major BEC, ransomware, and extortion campaigns. The post 500+ Cybercrime Arrests in INTERPOL’s Operation Sentinel appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Shift-Left Strategies for Cloud-Native and Serverless Architectures
The growth observed in modern-day cloud applications is staggering to say the least. Applications are being built faster and deployed at a faster pace. However, there can be several obstacles on this journey toward proactive security, as security and compliance…
Google Introduces Option to Change @gmail.com Email Addresses
For years, Google users have been stuck with the email addresses they created when they first signed up. If you picked an embarrassing username years ago or simply want a more professional handle, the only previous solution was to create…
59K Servers Hacked in 48 Hours: Inside Operation PCPcat
Operation PCPcat shows how unpatched Next.js vulnerabilities can be exploited to harvest cloud credentials at massive scale. The post 59K Servers Hacked in 48 Hours: Inside Operation PCPcat appeared first on eSecurity Planet. This article has been indexed from eSecurity…
Pro-Russian group Noname057 claims cyberattack on La Poste services
Pro-Russian hacking group Noname057 claimed responsibility for the cyberattack that recently disrupted La Poste’s digital banking and online services. This week, the French national postal service La Poste confirmed a major cyber incident had knocked its information systems offline, disrupting…
Webrat Malware Targets Students and Junior Security Researchers Through Fake Exploits
In early 2025, security researchers uncovered a new malware family dubbed Webrat, which at that time was predominantly targeting ordinary users through fake distribution methods. The first propagation involved masking malware as cheats for online games-like Rust, Counter-Strike, and…