TeamViewer DEX bugs enable DoS attacks and local network exploitation. The post TeamViewer DEX Bugs Enable DoS and Local Network Attacks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: TeamViewer DEX…
Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks
Public reports about cyberattacks often present a polished picture—threat actors working methodically through a well-planned playbook with every action perfectly executed. This perception leads many to believe that modern attackers operate with machine-like precision, seamlessly moving from one objective to…
Question on Open Source Tools
I received a question recently, one I receive every now and again, asking if there are any updates to an open source tool I created a while back, called “RegRipper”. This time, the question came in this way: Is there any…
Threat Actors Exploiting Critical ‘MongoBleed’ MongoDB Flaw
A high-severity flaw in MongoDB instances could allow unauthenticated remote bad actors to leak sensitive data from MongoDB servers. Dubbed “MongoBleed,” the security flaw is being exploited in the wild after a PoC exploit and technical details were published. MongoDB…
NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs
NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Wenhao Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Linke Song (Key Laboratory of…
Silver Fox Hackers Target Indian Entities Using Income Tax Phishing Lures
Threat intelligence researchers at CloudSEK have uncovered a sophisticated phishing campaign targeting Indian entities using Income Tax-themed lures, attributed to the Chinese-aligned Silver Fox APT group. The campaign employs an advanced multi-stage malware chain delivering Valley RAT, a modular remote…
New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones
Security researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits. The three vulnerabilities CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 affect dozens of popular headphone models from Sony, Marshall, Jabra, Bose, and other…
Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts
A severe unauthenticated remote code execution vulnerability has been discovered in XSpeeder networking devices, potentially affecting more than 70,000 publicly accessible hosts worldwide. Tracked as CVE-2025-54322, the flaw allows attackers to gain root-level access without any authentication credentials. CVE ID…
Hackers Launch 2.5 Million+ Malicious Requests Targeting Adobe ColdFusion Servers
Security researchers have uncovered a massive coordinated exploitation campaign where threat actors launched over 2.5 million malicious requests against vulnerable systems during the Christmas 2025 holiday period. The campaign represents a sophisticated, multi-faceted initial access broker operation targeting Adobe ColdFusion…
Hacker Dumped MacBook in River in Attempt to Destroy Digital Evidence
A former employee of South Korean e-commerce giant Coupang attempted to destroy evidence of a massive data theft by throwing his MacBook Air into a river, investigators revealed this week. The desperate act failed spectacularly, with forensic experts recovering the…
87K MongoDB Instances Exposed by MongoBleed Vulnerability
MongoBleed exposes 87K MongoDB instances to unauthenticated memory leaks. The post 87K MongoDB Instances Exposed by MongoBleed Vulnerability appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: 87K MongoDB Instances Exposed by…
IT Security News Hourly Summary 2025-12-29 18h : 2 posts
2 posts were published in the last hour 16:31 : Why the Future Is Increasingly Pointing Toward Multi-Cloud Strategies 16:31 : 2.3M WIRED Subscriber Records Leaked in Condé Nast Data Breach
Why the Future Is Increasingly Pointing Toward Multi-Cloud Strategies
It is not surprising that the explosion in cloud technology over the last several decades has brought about a transformational shift across industries. Organizations are relying more than ever on multiple vendors for their cloud deployments — rather than relying…
2.3M WIRED Subscriber Records Leaked in Condé Nast Data Breach
Condé Nast breach exposes 2.3 million WIRED subscriber records. The post 2.3M WIRED Subscriber Records Leaked in Condé Nast Data Breach appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: 2.3M WIRED…
Get a Lifetime of 1TB Cloud Storage for Only $50 with FolderFort
Fast, affordable cloud storage isn’t always easy to find for businesses, but now you can have a massive amount with maximum security. The post Get a Lifetime of 1TB Cloud Storage for Only $50 with FolderFort appeared first on TechRepublic.…
Hacktivist Proxy Operations Emerge as a Repeatable Model of Geopolitical Cyber Pressure
A new form of cyber disruption is reshaping the landscape of modern conflict. Hacktivist groups are increasingly operating as strategic instruments of state pressure, launching coordinated attacks that align perfectly with geopolitical events such as sanctions announcements and military aid…
New Vulnerabilities in Bluetooth Headphones Let Hackers Hijack Connected Smartphone
Security researchers have disclosed critical vulnerabilities affecting widely used Bluetooth headphones and earbuds that could allow attackers to eavesdrop on conversations, steal sensitive data, and even hijack connected smartphones. The flaws, identified as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, impact devices powered…
2.5 Million+ Malicious Request From Hackers Attacking Adobe ColdFusion Servers
A coordinated exploitation campaign that generated more than 2.5 million malicious requests against Adobe ColdFusion servers and 47+ other technology platforms during the Christmas 2025 holiday period. The operation was attributed to a single threat actor operating from Japan-based infrastructure.…
Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000
It took Sax well over a year to complete its investigation after detecting hackers on its network. The post Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000 appeared first on SecurityWeek. This article has been indexed from…
2026 Kubernetes Playbook: AI at Scale, Self‑Healing Clusters, & Growth
In 2026, the question isn’t whether Kubernetes wins – it already has. And yet, many organizations are running mission-critical workloads on a platform they still treat as plumbing, not the operating layer that controls speed, security, and efficiency. Recent Cloud…
Best of 2025: CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding IngressNightmare. FAQ What is IngressNightmare?…
Cyber Briefing: 2025.12.29
Authorities and companies worldwide faced major cyber incidents and enforcement actions, including large-scale breaches, active exploitation of critical vulnerabilities This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2025.12.29
You’ve been targeted by government spyware. Now what?
Tech companies are increasingly warning their customers that they have been targeted by governments with advanced government spyware, such as NSO’s Pegasus or Paragon’s Graphite. What happens after receiving a threat notification? This article has been indexed from Security News…
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Korean Air employee discloses a data breach after a hack of its catering and duty-free supplier, KC&D, affecting thousands of staff. Korean Air suffered a data breach after its in-flight catering supplier Korean Air Catering & Duty-Free (KC&D) was hacked,…