MongoBleed (CVE-2025-14847) allows unauthenticated MongoDB memory leaks. With Joe Desimone's PoC released, upgrade to v8.0.17 or v7.0.28 now!

Joseph Goydish uncovers a critical integer overflow in iOS 26.2’s WebKit. Proof of Concept shows how attackers can crash browsers or trigger RCE.

The most damaging cyber incidents across ASEAN this year did not start with malware, zero-days, or system breaches.

A China-linked APT used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India.

Experts refer to these periods as the Global Commerce Vulnerability Window, marked by intense transaction volumes and limited human oversight.

Weeks after the devastating "Second Coming" campaign crippled thousands of development environments, the threat actor behind the Shai-Hulud worm has returned.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

The Grigol Liluashvili arrest follows earlier reporting on scam call centers in Tbilisi, including the Scam Empire investigation.

Dubbed "MongoBleed" and tracked as CVE-2025-14847, the flaw represents a catastrophic breakdown in how MongoDB handles compressed data.

Korean Air employee discloses a data breach after a hack of its catering and duty-free supplier, KC&D, affecting thousands of staff.

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark…

A former employee behind the recent Coupang breach tried to cover his tracks by smashing his MacBook Air and throwing it into a river, the company said.

The high-severity vulnerability is under active exploitation and affects many versions of MongoDB, a nearly ubiquitous open-source database.

The accelerated expansion of state-level regulation highlights a growing urgency. Policy and security leaders are navigating a fast-paced regulatory landscape without a clear, unified direction.

Apple appeals a £1.5bn UK ruling that labeled its 30% App Store fee "unfair." Over 19 million users could receive payouts if the $2bn fine is upheld.

Samsung’s Exynos 5410 modem enables 5G satellite video calls for the Galaxy S26, shifting mobile tech from emergency texts to global broadband connectivity.

NVIDIA folds DGX Cloud into its engineering arm to focus on internal R&D. Is the AI "arms dealer" quitting the cloud war to protect its chip monopoly?

Ubisoft takes Rainbow Six Siege offline after a massive backend breach. Hackers gifted 2 billion credits to players and hijacked the game's ban system.

IBM issues a 9.8 critical alert for API Connect! CVE-2025-13915 allows unauthenticated remote access. Update to v10.0.11 or apply iFixes now.

SmarterMail hits a 10/10 CVSS severity! CVE-2025-52691 allows unauthenticated RCE via arbitrary file uploads. Update to Build 9413 immediately!

CISA adds MongoBleed (CVE-2025-14847) to its KEV Catalog after confirming active exploitation. 80,000+ MongoDB servers are at risk. Patch by Jan 19!