Latest Internet & Cybersecurity News
Dozens of Chrome Extensions Hacked, Exposing Millions to Data Theft
Dozens of popular Chrome extensions were compromised, potentially exposing millions of users to data theft through malicious updates. The breaches occurred over the weekend, highlighting risks in browser extension ecosystems.
Users are urged to review and update extensions immediately.
MongoBleed Vulnerability (CVE-2025-14847) Under Active Exploitation
A critical MongoDB flaw allowing unauthenticated data leaks from heap memory is being actively exploited worldwide. Over 87,000 vulnerable servers are exposed, mainly in the US, China, Germany, and India.
MongoDB issued urgent patching advisories amid public PoC exploits.
Historic Mega Leak of 16 Billion Credentials Exposed
A massive dataset aggregating 16 billion login credentials from Google, Apple, Facebook, and GitHub was disclosed, marking the largest password exposure ever. Threat actors quickly began exploiting it for attacks.
Organizations must urgently review and reset affected credentials.
Trust Wallet Extension Hack Leads to $7 Million Crypto Theft
Trust Wallet confirmed a hack on its browser extension, resulting in $7 million in cryptocurrency stolen from users. The incident underscores vulnerabilities in crypto wallet extensions.
Affected users should monitor accounts and enable enhanced security.
WatchGuard Firebox Critical RCE Vulnerability Exploited
Over 115,000 WatchGuard Firebox devices remain unpatched against CVE-2025-14733, enabling unauthenticated remote code execution via IKEv2 VPN. CISA added it to KEV catalog, mandating federal patches by Dec 26.
Global exposures persist into the holidays.
Coupang Pays $1.18 Billion Compensation for Data Leak
South Korean e-commerce giant Coupang announced $1.18 billion in compensation to users affected by a major data leak. The breach exposed sensitive customer information.
This highlights ongoing accountability pressures post-incidents.
FortiGate Authentication Bypass Threats Emerge
New FortiGate vulnerabilities enable authentication bypass, urging audits of logs and management interfaces. Professionals must restrict exposures to prevent unauthorized access.
The flaws pose risks to network perimeters.
MENA Region Targeted by Coordinated Fake Job Scams
A campaign impersonating recruiters targets MENA professionals at energy and finance firms like Aramco via LinkedIn ads. Victims install infostealer malware stealing VPN credentials.
It bypasses defenses through social engineering.
Hacker Claims Theft of 40 Million Condé Nast Records
A hacker leaked Wired records and threatens to release 40 million more from Condé Nast after a data breach. The incident follows initial Wired exposure.
Publishers face rising data theft risks.
Goldman Sachs Warns Clients of Outside Law Firm Breach
Goldman Sachs alerted clients about a data breach at an external law firm, potentially exposing sensitive information. The warning emphasizes third-party risks.
Clients should enhance monitoring and security.
AI Supply Chain Poisoning and Credential Theft Rise in 2025
Malware hidden in Hugging Face AI models and trojanized PyPI packages targeted developers using Pickle serialization. LLMjacking steals credentials for unauthorized AI access, with Microsoft suing offenders.
Vetting sources is critical for AI security.