The high-severity vulnerability is under active exploitation and affects many versions of MongoDB, a nearly ubiquitous open-source database. The post MongoBleed defect swirls, stamping out hope of...
There's more where that came from, CEO says Rogue insiders suspected of taking bribes to hand over Coinbase customer records to criminals are beginning to face justice, according to CEO Brian Armstrong.…
Extortion group Lovely claims to have stolen 40 million pieces of info from publisher Conde Nast A criminal group is beating Conde Nast over the head for not responding sooner to its extortion...
Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws...
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to...
Lim Hui Jie reports: South Korean online retail giant Coupang said it will offer 1.69 trillion South Korean won ($1.17 billion) in compensation to 34 million users affected by a massive data...
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The...
Artificial Intelligence (AI) overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are already pervading...
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages...
Chris Dolmetsch and Bob Van Voris report: Goldman Sachs Group Inc. warned investors in some of its alternative investment funds that their data may have been exposed in a breach at one of the...
From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year.
A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.Key takeaways:MongoBleed is...
Privacy may be dead, but civilians are turning conventional wisdom on its head by surveilling the cops as much as the cops surveil them.
From Donald Trump to DOGE to Chinese hackers, this year the internet's chaos caused outsized real-world harm.
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year
Countries that banded together to challenge Boeing in the air try to do the same to AWS, Microsoft, and Google on the ground Feature More than half a century ago, a consortium of European...
The activity of the Oltenia Energy Complex (CEO) was partially affected following a ransomware cyber attack, called "Gentlemen", without endangering the functioning of the National Energy System,...
Former staffer of Korean e-tailer Coupang accessed 33 million records but may have done less damage than feared Korean e-tailer Coupang claims a former employee has admitted to improperly...
Newton Gitonga reports: South Korea has successfully extradited a 29-year-old Lithuanian national accused of stealing approximately $1.8 million in digital assets through sophisticated malware....
The human harms of cyberattacks piled up this year, and violence expected to increase The knock-on, and often unintentional, impacts of a cyberattack are so rarely discussed. As an industry, the...
Kris Olson reports on what sounds like a real mess: The questionable relationship between Steward Health Care and its in-house malpractice insurer is proving to be an unrelenting source of misery...
It’s been a while since we’ve seen one of these types of reports, and yet….. Imani Williams reports: Thousands of medical records containing sensitive patient information were discovered in a...
Another example of the insider threat, as reported by Opeyemi Sule: According to the latest report, a former Coinbase customer service contractor has been arrested in India for their role in a...
Mezha reports: As reported in the court’s verdict: In Khmelnytskyi, a court sentenced a 16-year-old girl for transmitting data about military facilities to a Russian intelligence officer who paid...
A press release from Columbia Pacific CCO left me a bit puzzled. A statement from Columbia Pacific CCO relates to a breach affecting members of CareOregon and Health Share Oregon. Their notice is...
Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild. Organizations should patch urgently.
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and...
Caton Deuso reports: An orthopedic center with several locations in the Capital Region faces a $500,000 fine for failing to protect patient information. The New York Attorney General, Letitia...
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score:...