OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server.
The post Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers appeared first on SecurityWeek.
SecurityWeek – Read More
Noteworthy stories that might have slipped under the radar: Black Basta ransomware chat logs leaked, SEC launches new cyber unit, DOGE website hacked.
The post In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked appeared first on SecurityWeek.
SecurityWeek – Read More
A researcher dives into Chinese reports attributing cyberattacks on Northwestern Polytechnical University to the NSA’s TAO division.
The post How China Pinned University Cyberattacks on NSA Hackers appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity researchers are analyzing about 200,000 messages from inside the high-profile Black Basta ransomware operation that were leaked recently.
The Record from Recorded Future News – Read More
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it’s said, ‘The first casualty is the truth.’
While these forms of communication
The Hacker News – Read More
Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks.
The post Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls appeared first on SecurityWeek.
SecurityWeek – Read More
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
The Hacker News – Read More
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies.
“The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
The Hacker News – Read More
A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said.
The Record from Recorded Future News – Read More