Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-29 02:00 PST
- MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
The Hacker News • 2025-12-29 01:46 • thehackernews.com
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world.
The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed.
“A flaw
https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html - 27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
The Hacker News • 2025-12-29 01:44 • thehackernews.com
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft.
The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical
https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html - Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
The Hacker News • 2025-12-28 22:34 • thehackernews.com
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory.
The result: 23.77 million secrets were leaked through AI
https://thehackernews.com/2025/12/traditional-security-frameworks-leave.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
