Amazon has announced that its threat intelligence division has intervened in ongoing cyber operations attributed to hackers associated with Russia’s foreign military intelligence service, the GRU. The activity targeted organizations using Amazon’s cloud infrastructure, with attackers attempting to gain…
Tag: EN
MongoBleed (CVE-2025-14847) Now Exploited in the Wild: MongoDB Servers at Critical Risk
A high-severity unauthenticated information-leak vulnerability in MongoDB Server, dubbed MongoBleed after the infamous Heartbleed bug, is now being actively exploited in real-world attacks. MongoDB has disclosed CVE-2025-14847, a critical flaw affecting multiple supported and legacy server versions that allows unauthenticated…
Hypervisor Ransomware Attacks Surge as Threat Actors Shift Focus to Virtual Infrastructure
Hypervisors have emerged as a highly important, yet insecure, component in modern infrastructural networks, and attackers have understood this to expand the reach of their ransomware attacks. It has been observed by the security community that the modes of…
Death, torture, and amputation: How cybercrime shook the world in 2025
The human harms of cyberattacks piled up this year, and violence expected to increase The knock-on, and often unintentional, impacts of a cyberattack are so rarely discussed. As an industry, the focus is almost always placed on the economic damage:…
The Top 26 Security Predictions for 2026 (Part 2)
Welcome to the second installment of this comprehensive annual look at global cybersecurity industry prediction reports from the top security vendors, publications and thought leaders. The post The Top 26 Security Predictions for 2026 (Part 2) appeared first on Security…
UK Report Finds Rising Reliance on AI for Emotional Wellbeing
Artificial intelligence (AI) is being used to make more accurate predictions about the future and its effects on these predictions are being documented in new research from the United Kingdom’s AI Security Institute. These findings reveal an extraordinary evolution…
Microsoft Users Warned as Hackers Use Typosquatting to Steal Login Credentials
Microsoft account holders are being urged to stay vigilant as cybercriminals increasingly target them through a deceptive tactic known as typosquatting. Attackers are registering look-alike websites and email addresses that closely resemble legitimate Microsoft domains, with the goal of…
Cellik Android Spyware Exploits Play Store Trust to Steal Data
Recently found in the Android platform, remote access trojan named Cellik has been recognized as a serious mobile threat, using the Google Play integration feature to mask itself within legitimate applications to evade detection by security solutions. Cellik is…
Stolen LastPass backups enable crypto theft through 2025
Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault backups stolen in the 2022 LastPass breach are still…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan From Linear to Complex:…
When Risk Is Fragmented, Strategy Suffers
Risk fragmentation remains one of the most overlooked barriers to effective business performance. It doesn’t show up all… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: When Risk Is…
Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. LangChain…
Ubisoft Rainbow Six Siege Servers Breach linked to MongoBleed Vulnerability
The chaos surrounding Ubisoft escalated significantly today as the first group of hackers, previously known for silent exploits, initiated a highly visible and disruptive takeover of Rainbow Six Siege servers. Players worldwide are reporting a massive influx of in-game currency,…
Week in review: WatchGuard Firebox firewalls attacked, infosec enthusiasts targeted with fake PoCs
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building cyber talent through competition, residency, and real-world immersion In this Help Net Security interview, Chrisma Jackson, Director of Cybersecurity & Mission Computing Center and…
A Hacker Tells His Story
This is an interview with former hacker Brian Black. Brian is now on the right side of the battle and bringing his skills to to the fight against hackers. He finds the weaknesses in corporate security so that it can…
87,000+ MongoDB Instances Vulnerable to MongoBleed Flaw Exposed Online – PoC Exploit Released
A high-severity vulnerability in MongoDB Server that allows unauthenticated remote attackers to siphon sensitive data from database memory. Dubbed “MongoBleed” due to its automated similarities to the infamous Heartbleed bug, the flaw tracks as CVE-2025-14847 and carries a CVSS score…
WIRED – 2,364,431 breached accounts
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for…
ISC Stormcast For Sunday, December 28th, 2025 https://isc.sans.edu/podcastdetail/9750, (Sun, Dec 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Sunday, December 28th, 2025…
How impenetrable are secrets vaulting solutions
How Are Non-Human Identities Changing the Cybersecurity Landscape? What if the biggest vulnerability in your cybersecurity strategy was not a human error but a machine identity left unchecked? Secrets vaulting solutions are increasingly seen as critical components of impenetrable security…
Are current PAM solutions capable of handling NHIs
How Secure Are Your Non-Human Identities? Have you ever wondered how well your organization handles Non-Human Identities (NHIs) within your cybersecurity framework? With technology progresses, so does the complexity of managing machine identities and their associated secrets. These NHIs are…