Cybersecurity

638 articles in this category (Page 17 of 27)

AI NewsCybersecurityDatabases

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation

A critical MongoDB flaw, CVE-2025-14847, is under active exploitation, impacting over 87,000 servers globally.

Dec 29, 2025

AI NewsCybersecuritySoftware Supply Chain

SBOMs in 2026: Acknowledging the Gap Between Theory and Practice

Despite a US government mandate and EU regulations, widespread SBOM adoption remains hampered by inaccuracies and a lack of actionable data.

Dec 29, 2025

AI NewsCybersecurityRisk Management

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

AI-driven attacks leaked 23.77 million secrets in 2024, highlighting critical gaps in traditional security frameworks like NIST, ISO, and CIS.

Dec 29, 2025

AI NewsCybersecurityThreat Intelligence

Weekly Cyber Recap: MongoDB Attacks, Wallet Breaches & Rising AI-Powered Threats

Weekly 2025 cyber recap: MongoBleed impacts 87,000 instances, Trust Wallet suffers a $7M loss, and malicious actors increasingly leverage AI tools.

Dec 29, 2025

AI NewsCybersecurityRisk Management

Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats

Cybersecurity experts predict a surge in AI-driven threats in 2026, prompting a shift toward resilience and recovery over traditional prevention strategies.

Dec 29, 2025

AI NewsCybersecurityDatabases

MongoDB Vulnerability (CVE-2025-14847) Enables Unauthenticated Memory Read

CVE-2025-14847, a high-severity flaw in MongoDB, allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive data.

Dec 27, 2025

AI NewsCybersecuritySoftware Supply Chain

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Researchers identified 27 malicious npm packages used over five months to host phishing pages, resulting in credential theft from targeted organizations.

Dec 27, 2025

AI NewsCybersecuritySoftware Vulnerability

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe serialization.

Dec 26, 2025

AI NewsApplication SecurityCybersecurity

Dark Reading Launches 2025 State of Application Security Survey

Dark Reading's new survey aims to uncover trends in application security, with 44% of respondents citing a lack of skills as the biggest obstacle.

Dec 26, 2025

AI NewsCybersecurityCareer Development

Mentorship & Diversity: Shaping the Next Gen of Cyber Experts

Webster Bank CISO Patricia Voight emphasizes the importance of mentorship, diversity, and adapting to the evolving cybersecurity landscape.

Dec 26, 2025

AI NewsCybersecurityBlockchain

Trust Wallet Chrome Extension Hack Results in $7 Million Crypto Loss

Trust Wallet suffered a security breach in its Chrome extension v2.68, resulting in approximately $7 million in cryptocurrency losses for users.

Dec 26, 2025

AI NewsCybersecurityIoT Security

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

CISA added CVE-2023-52163, a Digiever NVR vulnerability, to its KEV catalog due to active exploitation leading to botnet infections.

Dec 25, 2025

AI NewsCybersecurityVulnerability Management

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet reports active attacks exploiting CVE-2020-12812, potentially bypassing two-factor authentication for admin and VPN users.

Dec 25, 2025

AI NewsCybersecurityData Breaches

LastPass 2022 Breach Enabled $35M in Crypto Theft Through 2025

Stolen LastPass vaults from the 2022 breach enabled about $35M in cryptocurrency thefts through 2025, according to TRM Labs.

Dec 25, 2025

AI NewsCybersecurityData Privacy

SMBs Became the Prime Target: Cybersecurity Lessons from 2025 Data Breaches

In 2025, small and mid-sized businesses accounted for 70.5% of data breaches, highlighting a shift in cybercriminal tactics towards easier targets.

Dec 24, 2025

AI NewsCybersecurityFraud

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media

ESET reports a 62% rise in the Nomani investment scam, leveraging AI deepfakes on social media platforms like YouTube and Facebook.

Dec 24, 2025

AI NewsCybersecurityFinance

SEC Charges Operators of $14 Million Crypto Scam Leveraging Fake AI Investment Tips

The SEC filed charges against multiple entities for a $14 million cryptocurrency scam that used AI-themed investment tips and fake trading platforms to defraud U.S. investors.

Dec 24, 2025

AI NewsCybersecurityFraud

Amazon Blocks 1,800 Suspected North Korean IT Job Scammers

Amazon has prevented over 1,800 suspected North Korean IT job scammers from being hired since April 2024, highlighting the increasing sophistication of state-sponsored fraud.

Dec 23, 2025

AI NewsCybersecuritySoftware Vulnerability

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution

A critical n8n vulnerability (CVE-2025-68613, CVSS 9.9) allows authenticated users to execute arbitrary code, impacting over 100,000 instances.

Dec 23, 2025

AI NewsCybersecurityLaw Enforcement

INTERPOL Operation Sentinel Nets 574 Arrests & $3M in Recovered Funds

INTERPOL’s Operation Sentinel resulted in 574 arrests and $3 million recovered, targeting ransomware and cyber fraud across 19 African countries.

Dec 23, 2025

AI NewsCybersecurityProductivity

Passwd: A Google Workspace-Focused Password Manager

Passwd offers a zero-knowledge AES-256 encrypted password manager designed exclusively for Google Workspace, featuring scalable team pricing.

Dec 23, 2025

AI NewsCybersecurityMergers & Acquisitions

ServiceNow Acquires Armis for $7.75B to Enhance AI-Powered Cybersecurity

ServiceNow’s $7.75 billion acquisition of Armis will integrate cyber-physical security into its AI Control Tower, bolstering proactive risk management.

Dec 23, 2025

AI NewsCybersecurityFraud

US DoJ Seizes Domain Used in $14.6 Million Bank Account Takeover Scheme

The US Justice Department seized web3adspanels[.]org, a domain used to steal bank logins, resulting in $14.6 million in losses for 19 US victims.

Dec 23, 2025

AI NewsCybersecurityMobile Security

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Android attackers are increasingly using sophisticated droppers to deliver malware like Wonderland, resulting in widespread SMS theft and financial fraud, particularly in Uzbekistan.

Dec 22, 2025