Menu

25 Latest Articles Current Articles | Archives | Search
29

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

Master Code Fu posted on December 29, 2025 23:11
Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
29

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

Master Code Fu posted on December 29, 2025 23:11
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. "A flaw

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
29

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Master Code Fu posted on December 29, 2025 23:11
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
29

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

Master Code Fu posted on December 29, 2025 23:11
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 million secrets were leaked through AI

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
29

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

Master Code Fu posted on December 29, 2025 23:11
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is inconsistent with the

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
Page 1 of 10First   Previous   [1]  2  3  4  5  6  7  8  9  10  Next   Last