Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-30 12:00 PST
- CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Hacker News • 2025-12-30 08:28 • thehackernews.com
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution.
The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any
https://thehackernews.com/2025/12/csa-issues-alert-on-critical.html - European Space Agency confirms breach of "external servers"
BleepingComputer • 2025-12-30 08:26 • www.bleepingcomputer.com
The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as “unclassified” information on collaborative engineering activities. […]
https://www.bleepingcomputer.com/news/security/european-space-agency-confirms-breach-of-external-servers/ - Zoom Stealer browser extensions harvest corporate meeting intelligence
BleepingComputer • 2025-12-30 07:41 • www.bleepingcomputer.com
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. […]
https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/ - US cybersecurity experts plead guilty to BlackCat ransomware attacks
BleepingComputer • 2025-12-30 07:25 • www.bleepingcomputer.com
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. […]
https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-plead-guilty-to-blackcat-alphv-ransomware-attacks/ - CISA orders feds to patch MongoBleed flaw exploited in attacks
BleepingComputer • 2025-12-30 06:40 • www.bleepingcomputer.com
CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. […]
https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-mongobleed-flaw-actively-exploited-in-attacks/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
