Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding IngressNightmare. FAQ What is IngressNightmare?…
Cyber Briefing: 2025.12.29
Authorities and companies worldwide faced major cyber incidents and enforcement actions, including large-scale breaches, active exploitation of critical vulnerabilities This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2025.12.29
You’ve been targeted by government spyware. Now what?
Tech companies are increasingly warning their customers that they have been targeted by governments with advanced government spyware, such as NSO’s Pegasus or Paragon’s Graphite. What happens after receiving a threat notification? This article has been indexed from Security News…
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Korean Air employee discloses a data breach after a hack of its catering and duty-free supplier, KC&D, affecting thousands of staff. Korean Air suffered a data breach after its in-flight catering supplier Korean Air Catering & Duty-Free (KC&D) was hacked,…
Hacker Threw MacBook in River to Erase Evidence in Coupang Data Breach
In a desperate attempt to cover his tracks, the hacker behind Coupang’s massive personal data leak hurled his MacBook Air into a nearby river, only for company investigators to fish it out days later. This cinematic twist emerged as South…
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost…
Rainbow Six Siege Breach Gives Free Credits
The security breach became evident when players noticed a surge of unusual activity, including unauthorized bans and unbans alongside falsified messages appearing on the official in-game moderation ticker. This article has been indexed from CyberMaterial Read the original article: Rainbow…
Pro Russian Hackers Claim French Post Attack
A pro-Russian hacking group named Noname057 claimed responsibility for a major cyberattack that disrupted France’s national postal service, La Poste, during the peak Christmas delivery season. This article has been indexed from CyberMaterial Read the original article: Pro Russian Hackers…
LastPass 2022 Breach Tied To Crypto Thefts
Recent investigations by TRM Labs reveal that encrypted vault backups stolen during the 2022 LastPass breach are still being exploited by Russian cybercriminals to drain cryptocurrency wallets as late as 2025. By targeting vaults protected by weak master passwords, these…
Italy Fines Apple Over App Store Rules
Italy’s antitrust authority has fined Apple 98.6 million euros after concluding that the company’s App Tracking Transparency framework unfairly restricted competition within the App Store. The regulator found that while the privacy goals were valid, the implementation forced third-party developers…
Africa Cybercrime Operation Nets 574 Arrests
Authorities across 19 countries arrested 574 suspects and seized approximately 3 million dollars during a month-long operation targeting cybercrime throughout Africa. The initiative successfully dismantled over 6,000 malicious links and recovered millions in stolen funds by focusing on business email…
Best of 2025: Indirect prompt injection attacks target common LLM data sources
While the shortest distance between two points is a straight line, a straight-line attack on a large language model isn’t always the most efficient — and least noisy — way to get the LLM to do bad things. That’s why…
India Warns on ‘Silent Calls’ as Telecom Firms Roll Out Verified Caller Names to Curb Fraud
India’s telecom authorities have issued a fresh advisory highlighting how ordinary phone calls are increasingly being used as entry points for scams, even as a long-discussed caller identity system begins to take shape as a countermeasure. For many users,…
Karnataka’s Cybercrime Losses Soar as Scam Recoveries Plunge
Recoveries in Karnataka’s cybercrime prosecutions are falling even as authorities ramp up specialized policing capability, reflecting how criminals are changing tactics faster than enforcement can counteract. Data from the State Legislature show that citizens lost ₹5,473.97 crore in 57,733…
IT Security News Hourly Summary 2025-12-29 15h : 3 posts
3 posts were published in the last hour 14:2 : Check Point Celebrates 2025 with Top Analyst and Research Lab Recognitions 14:2 : MongoBleed flaw actively exploited in attacks in the wild 14:2 : Swiss Startup Soverli Introduces a Sovereign…
Check Point Celebrates 2025 with Top Analyst and Research Lab Recognitions
As a global leader in cyber security, Check Point proudly highlights its 2025 recognition from leading analyst firms and research labs. Check Point believes these honors highlight the company’s commitment to protecting AI-driven environments and securing distributed networks that underpin…
MongoBleed flaw actively exploited in attacks in the wild
A recently disclosed MongoDB flaw (MongoBleed) is under active exploitation, with over 87,000 potentially vulnerable instances exposed worldwide. A newly disclosed MongoDB vulnerability, tracked as CVE-2025-14847 (aka MongoBleed, CVSS score of 8.7), is being actively exploited, with more than 87,000 potentially…
Swiss Startup Soverli Introduces a Sovereign OS Layer to Secure Smartphones Beyond Android and iOS
A Swiss cybersecurity startup, Soverli, has introduced a new approach to mobile security that challenges how smartphones are traditionally protected. Instead of relying solely on Android or iOS, the company has developed a fully auditable sovereign operating system layer…
Fortinet Warns of New Attacks Exploiting Old Vulnerability
Tracked as CVE-2020-12812, the exploited FortiOS flaw allows threat actors to bypass two-factor authentication. The post Fortinet Warns of New Attacks Exploiting Old Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fortinet…
When One Vulnerability Breaks the Internet and Millions of Devices Join In
The final weeks of 2025 did not arrive quietly. A single software flaw rippled across the internet, healthcare providers disclosed deeply personal data exposures, and millions of everyday devices quietly joined large scale attacks. As we step into 2026, the ColorTokens Threat Advisory brief captures the…
Critical 0day flaw Exposes 70k XSpeeder Devices as Vendor Ignores Alert
Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original…
The Worst Hacks of 2025
From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year. This article has been indexed from Security Latest Read the original article: The Worst Hacks of 2025
Coupang to Issue $1.17 Billion in Vouchers Over Data Breach
The ecommerce giant will provide purchase vouchers to the 33.7 million individuals impacted by the incident. The post Coupang to Issue $1.17 Billion in Vouchers Over Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Why Passwordless Authentication Matters for External Vendor and Partner Access
Learn why passwordless authentication is crucial for external vendors & partners. Reduce breaches, stop password sharing, improve UX & strengthen security. The post Why Passwordless Authentication Matters for External Vendor and Partner Access appeared first on Security Boulevard. This article…