Infostealer Malware Delivered in EmEditor Supply Chain Attack
The ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek.
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Overview of the attacks In mid-2025, we identified a malicious driver file on computer systems in Asia. The driver file is signed with an old, stolen, or leaked digital certificate and registers as a mini-filter driver on infected machines. Its end-goal is to inject a backdoor Trojan into the systemRead More »The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Fresh MongoDB Vulnerability Exploited in Attacks
Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers. The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek.
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. ItRead More »MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales andRead More »27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Hacker Claims Theft of 40 Million Condé Nast Records After Wired Data Leak
A hacker named Lovely made public 2.3 million records representing Wired subscriber information. The post Hacker Claims Theft of 40 Million Condé Nast Records After Wired Data Leak appeared first on SecurityWeek.
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 millionRead More »Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
Trend Micro’s Pivotal Role in INTERPOL’s Operation Sentinel: Dismantling Digital Extortion Networks Across Africa
Continuing a Legacy of Successful Collaboration
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenariosRead More »New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
Friday Squid Blogging: Squid Camouflage
New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the chromatophore system for communication.Read More »Friday Squid Blogging: Squid Camouflage