Author: [email protected] (The Hacker News)

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is “@vietmoney/react-big-calendar,” which was uploaded to npm back in March 2021 by a user named … Read More “Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry  – The Hacker News” »

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. “IBM API Connect could … Read More “IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass  – The Hacker News” »

Can you trust your cybersecurity team? A recent federal case reveals how two US-based cybersecurity experts turned into affiliates for the BlackCat ransomware group, extorting over $1.2M in Bitcoin. Read the full story on their 2023 crime spree.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Korean Air confirms a major data leak affecting 30,000 staff members after the Cl0p gang targeted a catering partner. Learn what data was stolen and the airline’s response to secure its data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as follows – Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara … Read More “U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware  – The Hacker News” »

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code … Read More “CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution  – The Hacker News” »

OpenAI is warning that prompt injection, a technique that hides malicious instructions inside ordinary online content, is becoming a central security risk for AI agents designed to operate inside a web browser and carry out tasks for users. The company said it recently shipped a security update for ChatGPT Atlas after internal automated red-teaming uncovered … Read More “OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas  – CyberScoop” »

HoneyMyte (Mustang Panda) is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Warning for EmEditor users: A third-party breach tampered with the official download link between Dec 19–22, 2025. Learn how to identify the fake installer and protect your data from infostealer malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). “This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence,” CloudSEK researchers Prajwal Awasthi … Read More “Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware  – The Hacker News” »

Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams treat it as a shortcut for broken processes. Others attempt to apply machine learning … Read More “How to Integrate AI into Modern SOC Workflows  – The Hacker News” »

The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by … Read More “Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor  – The Hacker News” »

Artificial intelligence is evolving faster than regulators can keep up. In the absence of federal guidance, states have taken matters into their own hands. California’s S.B. 53 is only one example of a state attempting to shape how AI is built and used. Although these laws are well-intentioned and help protect consumers and promote transparency … Read More “AI doesn’t care if it’s in California or Texas. It just runs.  – CyberScoop” »

Cybersecurity professionals are closing out 2025 confronting yet another information-disclosure vulnerability, drawing widespread concern as threat hunters and researchers race to avoid impacts comparable to previous defects dubbed with a “bleed” suffix.  MongoBleed — CVE-2025-14847 — is a high-severity vulnerability affecting many versions of MongoDB with default configurations that allows unauthenticated attackers to leak server … Read More “MongoBleed defect swirls, stamping out hope of year-end respite  – CyberScoop” »

Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Crypto phishing scams surged 83% in 2025, targeting wallets with fake sites, approval tricks, and poisoned addresses. One click can drain your funds.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a … Read More “Happy 16th Birthday, KrebsOnSecurity.com!  – Krebs on Security” »

Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a … Read More “Happy 16th Birthday, KrebsOnSecurity.com!  – Krebs on Security” »

Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. … Read More “⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More  – The Hacker News” »

Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical  – … Read More “27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials  – The Hacker News” »

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 million secrets were leaked through AI  … Read More “Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors  – The Hacker News” »

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. “A … Read More “MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide  – The Hacker News” »

Risk fragmentation remains one of the most overlooked barriers to effective business performance. It doesn’t show up all…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A hacker using the alias “Lovely” has leaked what they claim is the personal data of over 2.3…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is … Read More “New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory  – The Hacker News” »

On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome … Read More “Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code  – The Hacker News” »

A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has … Read More “China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware  – The Hacker News” »

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection. LangChain Core (i.e., langchain-core) is a core Python package that’s part of the LangChain ecosystem, providing the core interfaces and model-agnostic abstractions for … Read More “Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection  – The Hacker News” »

Russian state has tolerated parallel probiv market for its convenience but now Ukrainian spies are exploiting it Russia is scrambling to rein in the country’s sprawling illicit market for leaked personal data, a shadowy ecosystem long exploited by investigative journalists, police and criminal groups. For more than a decade, Russia’s so-called probiv market – a … Read More “‘All brakes are off’: Russia’s attempt to rein in illicit market for leaked data backfires  – Data and computer security | The Guardian” »

It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use. This week’s … Read More “ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories  – The Hacker News” »

The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal … Read More “LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), relates to a case of command injection that allows post-authentication remote code  – Read More  … Read More “CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution  – The Hacker News” »

Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the … Read More “Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability  – The Hacker News” »