A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.Key takeaways:MongoBleed is...

Privacy may be dead, but civilians are turning conventional wisdom on its head by surveilling the cops as much as the cops surveil them.

From Donald Trump to DOGE to Chinese hackers, this year the internet's chaos caused outsized real-world harm.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year

Countries that banded together to challenge Boeing in the air try to do the same to AWS, Microsoft, and Google on the ground Feature More than half a century ago, a consortium of European...

The activity of the Oltenia Energy Complex (CEO) was partially affected following a ransomware cyber attack, called "Gentlemen", without endangering the functioning of the National Energy System,...

Former staffer of Korean e-tailer Coupang accessed 33 million records but may have done less damage than feared Korean e-tailer Coupang claims a former employee has admitted to improperly...

Newton Gitonga reports: South Korea has successfully extradited a 29-year-old Lithuanian national accused of stealing approximately $1.8 million in digital assets through sophisticated malware....

The human harms of cyberattacks piled up this year, and violence expected to increase The knock-on, and often unintentional, impacts of a cyberattack are so rarely discussed. As an industry, the...

Kris Olson reports on what sounds like a real mess: The questionable relationship between Steward Health Care and its in-house malpractice insurer is proving to be an unrelenting source of misery...

It’s been a while since we’ve seen one of these types of reports, and yet….. Imani Williams reports: Thousands of medical records containing sensitive patient information were discovered in a...

Another example of the insider threat, as reported by Opeyemi Sule: According to the latest report, a former Coinbase customer service contractor has been arrested in India for their role in a...

Mezha reports: As reported in the court’s verdict: In Khmelnytskyi, a court sentenced a 16-year-old girl for transmitting data about military facilities to a Russian intelligence officer who paid...

A press release from Columbia Pacific CCO left me a bit puzzled. A statement from Columbia Pacific CCO relates to a breach affecting members of CareOregon and Health Share Oregon. Their notice is...

Detect and mitigate CVE-2025-14847, an unauthenticated information leak vulnerability in MongoDB. Exploitation has been observed in the wild. Organizations should patch urgently.

In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and...

Caton Deuso reports: An orthopedic center with several locations in the Capital Region faces a $500,000 fine for failing to protect patient information. The New York Attorney General, Letitia...

A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score:...

The future of conflict is cheap, rapidly manufactured, and tough to defend against.

New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have...

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The...

A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver...

Practice makes perfect It's the most wonderful time of the year … for corporate security bosses to run tabletop exercises, simulating a hypothetical cyberattack or other emergency, running through...

Somebody from Elastic Security decided to post an exploit for CVE-2025–14847 on Christmas Day.Here’s said exploit:GitHub - joe-desimone/mongobleedThe vuln, which dropped just before Christmas, in...

In supercharged AI race, defenders need to keep up interview According to Remedio CEO Tal Kollender, the only way to beat the bad guys hacking into corporate networks is to "think like a hacker,"...

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through...

With the New Year just around the corner, SentinelOne highlights and reflects on the most formative cyber news stories from 2025.

A year of bold quotes, big lessons, and insights for practitioners looking ahead to 2026

Someone hacked an Italian ferry. It looks like the malware was installed by someone on the ferry, and not remotely.