Skip to content
hacking news Page 10

hacking news

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which… 

Read More »27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

Dec 29, 2026Ravie LakshmananDatabase Security / Vulnerability A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in… 

Read More »MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024,… 

Read More »Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

Dec 27, 2025Ravie LakshmananDatabase Security / Vulnerability A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has… 

Read More »New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
Trust Wallet Chrome Extension Breach Caused Million Crypto Loss via Malicious Code

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

Dec 26, 2025Ravie LakshmananCryptocurrency / Incident Response Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss… 

Read More »Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting… 

Read More »China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

Dec 26, 2025Ravie LakshmananAI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM)… 

Read More »Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

Dec 25, 2025Ravie LakshmananCybersecurity / Hacking News It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted… 

Read More »Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories