5 Threats That Defined Security in 2025 – Dark Reading
2025 included a number of monumental threats, from the global attacks of Salt Typhoon to dangerous vulnerabilities like React2Shell. – Read More
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More – The Hacker News
Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in…
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web – CSO Online
The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger…
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials – The Hacker News
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate…
Merger madness: Why are so many law firms joining forces? – Legal Cheek
The Legal Cheek team discusses Big Law tie-ups — listen now Big Law is no stranger to major mergers — many of the most prestigious City firms were formed through…
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide – The Hacker News
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is…
The CSO guide to top security conferences – CSO Online
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on…
Top 5 real-world AI security threats revealed in 2025 – CSO Online
The year of agentic AI came with promises of massive productivity gains for businesses, but the rush to adopt new tools and services also opened new attack paths in enterprise…
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors – The Hacker News
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud,…
Tipps für CISOs, die die Branche wechseln wollen – CSO Online
Tipps für CISOs mit “Vertical-Switch-Ambitionen”. FotoDax | shutterstock.com In der Außenperspektive sollte es für Menschen, die es zum Chief Information Security Officer gebracht haben, eigentlich kein Problem sein, die Branche…
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory – The Hacker News
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described…
High severity flaw in MongoDB could allow memory leakage – CSO Online
Document database vendor MongoDB has advised customers to update immediately following the discovery of a flaw that could allow unauthenticated users to read uninitialized heap memory. Designated CVE-2025-14847, the bug,…
Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code – The Hacker News
Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss of approximately…
Mentorship and Diversity: Shaping the Next Generation of Cyber Experts – Dark Reading
Patricia Voight, CISO at Webster Bank, shares her expertise on advancing cybersecurity careers, combating financial crimes, and championing diversity in a rapidly changing industry. – Read More
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware – The Hacker News
A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature…