[email protected] (The Hacker News)

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

Dec 27, 2025Ravie LakshmananDatabase Security / Vulnerability A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has…

Trust Wallet Chrome Extension Breach Caused Million Crypto Loss via Malicious Code

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

Dec 26, 2025Ravie LakshmananCryptocurrency / Incident Response Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss…

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting…

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

Dec 26, 2025Ravie LakshmananAI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM)…

Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

Dec 25, 2025Ravie LakshmananCybersecurity / Hacking News It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted…

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

Dec 25, 2025Ravie LakshmananData Breach / Financial Crime The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and…

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Dec 25, 2025Ravie LakshmananVulnerability / Enterprise Security Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is…

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

Dec 25, 2025Ravie LakshmananVulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing…

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Dec 24, 2025Ravie LakshmananMalware / Endpoint Security Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of a digitally signed, notarized Swift application masquerading as a…

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media

Dec 24, 2025Ravie LakshmananOnline Fraud / Artificial Intelligence The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded beyond…