Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the…
NDSS 2025 – CounterSEVeillance: Performance-Counter Attacks On AMD SEV-SNP
Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Stefan Gast (Graz University of Technology), Hannes Weissteiner (Graz University of Technology), Robin Leander Schröder (Fraunhofer SIT, Darmstadt, Germany and Fraunhofer Austria, Vienna, Austria), Daniel Gruss (Graz University of Technology)…
FCC Tightens Rules on Foreign-Made Drones to Address U.S. Security Risks
The U.S. Federal Communications Commission has introduced new restrictions targeting drones and essential drone-related equipment manufactured outside the United States, citing concerns that such technology could pose serious national security and public safety risks. Under this decision, the FCC has…
700Credit Data Breach Exposes Personal Information of Over 5.6 Million Consumers
A massive breach at the credit reporting firm 700Credit has led to the leakage of private details of over 5.6 million people, throwing a new set of concerns on the risk of third-party security in the financial services value…
IT Security News Hourly Summary 2025-12-27 15h : 4 posts
4 posts were published in the last hour 14:2 : What “Verified Identity Data” Means for APIs — and How to Evaluate a Data Partner 13:32 : GhostPairing Attack Puts Millions of WhatsApp Users at Risk 13:31 : Askul Confirms…
What “Verified Identity Data” Means for APIs — and How to Evaluate a Data Partner
If you’re building fraud prevention, risk scoring, or identity enrichment into a product, your outcomes depend on one thing: the quality of your identity data. A lot of identity data on the market is broad but unverified: raw broker feeds,…
GhostPairing Attack Puts Millions of WhatsApp Users at Risk
An ongoing campaign that aims to seize control of WhatsApp accounts by manipulating WhatsApp’s own multi-device architecture has been revealed by cybersecurity experts in the wake of an ongoing, highly targeted attack designed to illustrate the increasing complexity of…
Askul Confirms RansomHouse Ransomware Breach Exposed 740,000 Records
Japanese e-commerce giant Askul Corporation confirmed that a ransomware attack carried out by the RansomHouse group led to the theft of about 740,000 customer records in October 2025. Askul, which is a major supplier of office supplies and logistics…
Inside the Hidden Market Where Your ChatGPT and Gemini Chats Are Sold for Profit
Millions of users may have unknowingly exposed their most private conversations with AI tools after cybersecurity researchers uncovered a network of browser extensions quietly harvesting and selling chat data.Here’s a reminder many people forget: an AI assistant is not…
Mongobleed PoC Exploit Tool Released for MongoDB Flaw that Exposes Sensitive Data
A proof-of-concept (PoC) exploit dubbed “mongobleed” for CVE-2025-14847, a critical unauthenticated memory leak vulnerability in MongoDB’s zlib decompression handling. Dubbed by its creator Joe Desimone as a way to bleed sensitive server memory, the flaw lets attackers remotely extract uninitialized…
The US Must Stop Underestimating Drone Warfare
The future of conflict is cheap, rapidly manufactured, and tough to defend against. This article has been indexed from Security Latest Read the original article: The US Must Stop Underestimating Drone Warfare
NPM package with 56,000 downloads compromises WhatsApp accounts
An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp Web API library and fork of ‘Baileys’, has been stealing users’ credentials…
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency,…
Why Windows File Copy Struggles With Large Files, and What Works Better
Windows’ built-in copy function works well enough for small files. Problems start when transfers involve tens or hundreds of gigabytes, or thousands of files. At that point, File Explorer often slows to […] Thank you for being a Ghacks reader.…
TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data
Multiple critical vulnerabilities in TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe), formerly part of 1E Client. Affecting Windows versions before 25.11 and select older branches, the flaws stem from improper input validation (CWE-20), potentially enabling attackers on the local network…
M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users
An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive document management systems. The flaw, tracked as CVE-2025-13008, affects multiple versions across different release branches…
Friday Squid Blogging: Squid Camouflage
New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies…
IT Security News Hourly Summary 2025-12-27 00h : 2 posts
2 posts were published in the last hour 22:56 : IT Security News Daily Summary 2025-12-26 22:31 : Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
IT Security News Daily Summary 2025-12-26
66 posts were published in the last hour 22:31 : Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data 21:31 : Romania’s Water Authority Targeted in Ransomware Attack 20:32 : NDSS 2025 – SCRUTINIZER: Towards Secure Forensics On…
Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Everest Ransomware Group…
Romania’s Water Authority Targeted in Ransomware Attack
A ransomware attack impacted over 1,000 IT systems at Romania’s water authority, highlighting growing risk to critical infrastructure. The post Romania’s Water Authority Targeted in Ransomware Attack appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
NDSS 2025 – SCRUTINIZER: Towards Secure Forensics On Compromised TrustZone
Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Yiming Zhang (Southern University of Science and Technology and The Hong Kong Polytechnic University), Fengwei Zhang (Southern University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University), Rui…
Randall Munroe’s XKCD ‘Bridge Clearance’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Bridge Clearance’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall Munroe’s…
NDSS 2025 – A Formal Approach To Multi-Layered Privileges For Enclaves
Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Ganxiana Yana (Shanghai Jiao Tona Universitv). Chenvana Liu (Shanghai Jiao Tong Universitv). Zhen Huana (Shanghai Jiao Tona Universitv). Guoxina Chen (Shanghail Ganxiang Yang (Shanghai Jiao Tong University), Chenyang Liu (Shanghai…