Dark Reading

Critical 'MongoBleed' Bug Under Attack, Patch Now

The memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.

Cybersecurity experts warn of increased risk at Pennsylvania Farm Show

With over 500,000 attendees, PennCyber highlights potential threats. Are your devices secure? Discover how to protect ...
CSO Online

Webrat turns GitHub PoCs into a malware trap

The known RAT aimed at gamers is now targeting security professionals searching GitHub for PoCs and exploit codes.

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
Security Boulevard

Best of 2025: LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

SafeBreach researchers developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows ...

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...
The Hacker News

âš¡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

First 2026 cyber recap covering IoT exploits, wallet breaches, malicious extensions, phishing, malware, and early AI abuse.

Browser extension malware infected 8.8M users in DarkSpectre attack

Browser extensions turned malicious after years of legitimate operation in DarkSpectre campaign affecting millions. The ...
CSO Online

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

VIPRE Security Group: AI-Native Malware, Deepfake Fraud-as-a-Service, and IoT Exploits to Drive Enterprise Risk in 2026 -- With Global AI Regulation Accelerating the Urgency of ...

LONDON, Jan. 5, 2026 /PRNewswire/ -- 2025 saw a surge in AI-enabled cyberthreats as adversaries weaponised generative models to produce polymorphic malware, insider-style phishing, and increasingly ...
ZAWYA

Kaspersky detected a fivefold surge in QR code phishing attacks in the second half of 2025

Example of a PDF attachment with a QR code. Malicious QR codes commonly appear in mass phishing campaigns as well as targeted ...
Security Boulevard

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.Key takeaways:MongoBleed is a ...