Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). “This sophisticated attack…

How to Integrate AI into Modern SOC Workflows

Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional…

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Dec 30, 2026Ravie LakshmananMalware / Cyber Espionage The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber…

MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

Dec 29, 2026Ravie LakshmananHacking News / Cybersecurity Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day…

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which…

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

Dec 29, 2026Ravie LakshmananDatabase Security / Vulnerability A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in…

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024,…

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

Dec 27, 2025Ravie LakshmananDatabase Security / Vulnerability A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has…

Trust Wallet Chrome Extension Breach Caused Million Crypto Loss via Malicious Code

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

Dec 26, 2025Ravie LakshmananCryptocurrency / Incident Response Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss…

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting…

« Previous
1
…
4
5
6
7
8
…
430
Next »