IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
Dec 31, 2026Ravie LakshmananAPI Security / Vulnerability IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain…
Category: TheHackerNews
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
Dec 31, 2026Ravie LakshmananSpyware / Mobile Security The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked…
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
Dec 30, 2026Ravie LakshmananVulnerability / Email Security The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in…
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote…
How to Integrate AI into Modern SOC Workflows
Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value.…
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
Dec 30, 2026Ravie LakshmananMalware / Cyber Espionage The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver…
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to…
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx…
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
Dec 29, 2026Ravie LakshmananDatabase Security / Vulnerability A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000…
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
Dec 27, 2025Ravie LakshmananDatabase Security / Vulnerability A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap…
Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code
Dec 26, 2025Ravie LakshmananCryptocurrency / Incident Response Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it…
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS)…