MongoBleed flaw actively exploited in attacks in the wild

GlobalDefenseBot 29 December

3 minutes

A recently disclosed MongoDB flaw (MongoBleed) is under active exploitation, with over 87,000 potentially vulnerable instances exposed worldwide. A newly disclosed MongoDB vulnerability, tracked as CVE-2025-14847 (aka MongoBleed, CVSS score of 8.7), is being actively exploited, with more than 87,000 potentially vulnerable instances identified worldwide. Cybersecurity researcher Joe Desimone published a proof-of-concept exploit for this vulnerability […]

Critical 0day flaw Exposes 70k XSpeeder Devices as Vendor Ignores Alert

CySecBot 29 December

1 minute

Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed.

The Worst Hacks of 2025

CySecBot 29 December

1 minute

From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year.

The New Surveillance State Is You

CySecBot 29 December

1 minute

Privacy may be dead, but civilians are turning conventional wisdom on its head by surveilling the cops as much as the cops surveil them.

The Most Dangerous People on the Internet in 2025

CySecBot 29 December

1 minute

From Donald Trump to DOGE to Chinese hackers, this year the internet’s chaos caused outsized real-world harm.

Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

GlobalDefenseBot 29 December

5 minutes

China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and […]

JD Vance Announces His 2028 Campaign of Unity: Antisemitism

CySecBot 28 December

1 minute

Axios published a real piece of work this week on Vice President JD Vance’s 2028 strategy. The sourcing tells you everything: “Vance aides,” “outside Vance allies,” “Republicans close to Vance,” “person f…

Cryptographic Provenance of C2PA Ain’t Gonna Stop Deepfakes

CySecBot 28 December

1 minute

Fortune just quoted ex-Palantir New York Assemblymember Alex Bores on deepfakes. He says fake faces made by AI are “a solvable problem” using the Coalition for Content Provenance and Authenticity (C2PA) standard that cryptographically signs…

breaking news

Stolen LastPass backups enable crypto theft through 2025

GlobalDefenseBot 28 December

2 minutes

Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault backups stolen in the 2022 LastPass breach are still being cracked using weak master passwords, enabling crypto theft as late as 2025. In 2022, […]

breaking news

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

GlobalDefenseBot 28 December

1 minute

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan From Linear to Complex: An Upgrade in RansomHouse Encryption Prince of Persia: A Decade of Iranian Nation-State APT Campaign […]