I added hover over text, it messed up some of the formatting. But whatever, I gotta go write my TPS report.<h2>Krebs on Security</h2><h2>Dark Reading</h2><h2>The Hacker News [ THN ] - Best Security Blog</h2>2025-12-29 - <a href="https://thehackernews.com/2025/12/weekly-recap-mongodb-attacks-wallet.html" title="Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately.
A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not">⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More</a><br>2025-12-29 - <a href="https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html" title="A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world.
The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed.
"A flaw">MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide</a><br>2025-12-29 - <a href="https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html" title="Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft.
The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical">27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials</a><br>2025-12-29 - <a href="https://thehackernews.com/2025/12/traditional-security-frameworks-leave.html" title="In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory.
The result: 23.77 million secrets were leaked through AI">Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors</a><br>2025-12-27 - <a href="https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html" title="A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory.
The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is inconsistent with the">New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory</a><br>2025-12-26 - <a href="https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html" title="Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million.
The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised to">Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code</a><br>2025-12-26 - <a href="https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html" title="A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India.
The activity, Kaspersky said, was observed between November 2022 and November 2024. It has been linked to a">China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware</a><br>2025-12-26 - <a href="https://thehackernews.com/2025/12/critical-langchain-core-vulnerability.html" title="A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection.
LangChain Core (i.e., langchain-core) is a core Python package that's part of the LangChain ecosystem, providing the core interfaces and model-agnostic abstractions for building">Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection</a><br>2025-12-25 - <a href="https://thehackernews.com/2025/12/threatsday-bulletin-stealth-loaders-ai.html" title="It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use.
This week’s findings show a pattern: precision, patience, and persuasion. The">ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories</a><br>2025-12-25 - <a href="https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html" title="The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs.
The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors in the activity, with one of the">LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds</a><br>2025-12-25 - <a href="https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html" title="Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations.
The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the">Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability</a><br>2025-12-25 - <a href="https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html" title="The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), relates to a case of command injection that allows post-authentication remote code">CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution</a><br><h2>Schneier on Security</h2>2025-12-26 - <a href="https://www.schneier.com/blog/archives/2025/12/are-we-ready-to-be-governed-by-artificial-intelligence.html" title="<p>Artificial Intelligence (AI) overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are <a href="https://mitpress.mit.edu/9780262049948/rewiring-democracy/?ref=merionwest.com">already pervading</a> many aspects of democratic government, affecting our lives in ways both large and small. This has occurred largely without our notice or consent. The result is a government incrementally transformed by AI rather than the singular technological overlord of the big screen.</p>
<p>Let us begin with the executive branch. One of the most important functions of this branch of government is to administer the law, including the human services on which so many Americans rely. Many of these programs have long been operated by a mix of humans and machines, even if not previously using modern AI tools such as ...</p>">Are We Ready to Be Governed by Artificial Intelligence?</a><br>2025-12-25 - <a href="https://www.schneier.com/blog/archives/2025/12/urban-vpn-proxy-surreptitiously-intercepts-ai-chats.html" title="<p>This is <a href="https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection">pretty scary</a>:</p>
<blockquote><p>Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), Meta AI.</p>
<p>For each platform, the extension includes a dedicated &#8220;executor&#8221; script designed to intercept and capture conversations. The harvesting is enabled by default through hardcoded flags in the extension&#8217;s configuration.</p>
<p>There is no user-facing toggle to disable this. The only way to stop the data collection is to uninstall the extension entirely.</p>
<p>[&#8230;]</p>
<p>The data collection operates independently of the VPN functionality. Whether the VPN is connected or not, the harvesting runs continuously in the background...</p></blockquote>">Urban VPN Proxy Surreptitiously Intercepts AI Chats</a><br><h2>ThreatPost</h2><h2>Sydney Morning Herald</h2><h2>New York Times</h2>2025-12-26 - <a href="https://www.nytimes.com/2025/12/26/technology/california-wealth-tax-page-thiel.html" title="It’s uncertain whether the proposal will reach the statewide ballot in November, but some billionaires like Peter Thiel and Larry Page may be unwilling to take the risk.">A Wealth Tax Floated in California Has Billionaires Thinking of Leaving</a><br>2025-12-25 - <a href="https://www.nytimes.com/2025/12/24/business/media/larry-david-ellison-warner-bros-discovery-cbs.html" title="Larry and David Ellison didn’t always have a close relationship. Now they’re one of the most intriguing partnerships in business.">A Father and Son’s $108 Billion Hostile Bid for Warner Bros. Discovery</a><br>2025-12-26 - <a href="https://www.nytimes.com/2025/12/26/travel/airpods-live-translation-japan.html" title="A non-Japanese-speaking first-time visitor used Apple’s new in-ear translation feature to connect with locals at bars, sushi classes and even a fire ritual.">How Well Does Apple’s Live Translation Work for Japanese? I Tested It in Tokyo.</a><br>2025-12-29 - <a href="https://www.nytimes.com/2025/12/29/business/energy-environment/rare-earth-processing-phoenix-tailings.html" title="Companies like Phoenix Tailings, which recently began producing metal in New Hampshire, are using new processing methods to compete with Chinese suppliers.">Meet a U.S. Start-Up Trying to Break China’s Rare-Earth Monopoly</a><br>2025-12-28 - <a href="https://www.nytimes.com/2025/12/28/technology/gmail-change-address-email.html" title="Under the shift, which Google said would eventually be rolled out to all users, old addresses would remain active. Messages and services would not be lost.">Gmail to Let Users Change Their Addresses While Keeping Data</a><br>2025-12-28 - <a href="https://www.nytimes.com/2025/12/28/technology/tech-trump.html" title="The president has backed policies that allow the industry to grow unfettered. The mutually beneficial alliance is causing concern among some conservatives.">From A.I. to Chips, Big Tech Is Getting What It Wants From Trump</a><br>2025-12-28 - <a href="https://www.nytimes.com/2025/12/28/science/eric-matthew-gilbertson-mountains.html" title="Two brothers, both mechanical engineers, are climbing many of the world’s tall peaks to prove they have been measured incorrectly.">Twins’ Peaks: The Gilbertson Brothers Want to Rewrite Your Country’s Map</a><br>2025-12-27 - <a href="https://www.nytimes.com/2025/12/27/business/electric-vehicles-poilitics-republicans-conservatives.html" title="The political polarization of battery-powered cars may have started when Toyota released its first hybrid model 25 years ago.">Before Electric Vehicles Became Political, There Was the Toyota Prius</a><br>2025-12-27 - <a href="https://www.nytimes.com/2025/12/27/world/australia/australia-social-media-ban.html" title="After the country barred children under 16 from using social media, many parents have been asking whether similarly tough action is needed in their own countries.">Worn Down by Worry, Parents Look Longingly at Australia’s Social Media Ban</a><br>2025-12-26 - <a href="https://www.nytimes.com/2025/12/26/podcasts/hardfork-ai-science.html" title="A tech C.E.O. explains why A.I. probably won’t cure diseases anytime soon. Hint: You still need humans.">Where Is All the A.I.-Driven Scientific Progress?</a><br>2025-12-25 - <a href="https://www.nytimes.com/2025/12/25/technology/brown-university-shooting-disinformation-politicians.html" title="Prominent business and government figures spread rumors about the attack on Brown University’s campus this month, reigniting questions about accountability in online discourse.">Prominent Leaders Amplify Disinformation About Brown University Shooting</a><br>2025-12-26 - <a href="https://www.nytimes.com/2025/12/25/business/tesla-robotaxis-austin-waymo.html" title="Shares of Tesla have hit new highs on optimism about the company’s self-driving taxis. But experts say Tesla is far behind Waymo, which has a big head start.">Tesla Robotaxis Are Big on Wall St. but Lagging on Roads</a><br>2025-12-26 - <a href="https://www.nytimes.com/2025/12/24/business/europe-us-online-censorship-free-speech.html" title="The Trump administration said five regulators and researchers who work to tackle disinformation and abuse on the internet had been barred from entering the United States.">They Seek to Curb Online Hate. The U.S. Accuses Them of Censorship.</a><br><h2>Wall Street Journal</h2><h2>BBC</h2>2025-12-29 - <a href="https://www.bbc.com/news/articles/c1lrlm9ydgno?at_medium=RSS&at_campaign=rss" title="Dexter Original Sin actor Patrick Gibson will star as the British spy when the game releases on 27 May.">James Bond game 007 First Light delayed to May 2026</a><br>2025-12-29 - <a href="https://www.bbc.com/news/articles/cjrjpzdzeddo?at_medium=RSS&at_campaign=rss" title="The Civil Aviation Authority reckons up to half a million people in the UK may be impacted by its new requirements.">Many new UK drone users must take theory test before flying outside</a><br><h2>SecurityBrief AU</h2><h2>ITNews AU</h2><h2>BleepingComputer</h2>2025-12-29 - <a href="https://www.bleepingcomputer.com/news/security/the-real-world-attacks-behind-owasp-agentic-ai-top-10/" title="OWASP's new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to malicious MCP servers. Koi Security breaks down real-world incidents behind multiple categories, including two cases cited by OWASP, showing how agent tools and runtime behavior are being abused. [...]">The Real-World Attacks Behind OWASP Agentic AI Top 10</a><br>2025-12-29 - <a href="https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-finally-rolls-out-thinking-time-toggle-on-mobile/" title="OpenAI is rolling out an update to ChatGPT on mobile that finally allows you to select the Thinking time toggle, also called "juice" of the model. [...]">ChatGPT finally rolls out Thinking time toggle on mobile</a><br>2025-12-29 - <a href="https://www.bleepingcomputer.com/news/security/romanian-energy-provider-hit-by-gentlemen-ransomware-attack/" title="A ransomware attack hit Oltenia Energy Complex (Complexul Energetic Oltenia), Romania's largest coal-based energy producer, on the second day of Christmas, taking down its IT infrastructure. [...]">Romanian energy provider hit by Gentlemen ransomware attack</a><br>2025-12-29 - <a href="https://www.bleepingcomputer.com/news/security/former-coinbase-support-agent-arrested-for-helping-hackers/" title="A former Coinbase customer service agent was arrested in India for helping hackers earlier this year steal sensitive customer information from a company database. [...]">Former Coinbase support agent arrested for helping hackers</a><br>2025-12-29 - <a href="https://www.bleepingcomputer.com/news/security/korean-air-data-breach-exposes-data-of-thousands-of-employees/" title="Korean Air experienced a data breach affecting thousands of employees after Korean Air Catering & Duty-Free (KC&amp;D), its in-flight catering supplier and former subsidiary, was recently hacked. [...]">Korean Air data breach exposes data of thousands of employees</a><br>2025-12-29 - <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-copilot-is-rolling-out-gpt-52-as-smart-plus-mode/" title="Microsoft is rolling out GPT 5.2 to Copilot on the web, Windows, and mobile as a free upgrade, and it'll coexist with the GPT 5.1 model. [...]">Microsoft Copilot is rolling out GPT 5.2 as "Smart Plus" mode</a><br>2025-12-29 - <a href="https://www.bleepingcomputer.com/news/security/fortinet-warns-of-5-year-old-fortios-2fa-bypass-still-exploited-in-attacks/" title="Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. [...]">Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks</a><br>2025-12-28 - <a href="https://www.bleepingcomputer.com/news/security/exploited-mongobleed-flaw-leaks-mongodb-secrets-87k-servers-exposed/" title="A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. [...]">Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed</a><br>2025-12-28 - <a href="https://www.bleepingcomputer.com/news/security/hacker-claims-to-leak-wired-database-with-23-million-records/" title="A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. [...]">Hacker claims to leak WIRED database with 2.3 million records</a><br>2025-12-28 - <a href="https://www.bleepingcomputer.com/news/security/massive-rainbow-six-siege-breach-gives-players-billions-of-credits/" title="Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide. [...]">Massive Rainbow Six Siege breach gives players billions of credits</a><br>2025-12-27 - <a href="https://www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-ads-will-allegedly-prioritize-sponsored-content-in-answers/" title="OpenAI is reportedly mulling a new form of ads on ChatGPT called "sponsored content," which could influence your buying decisions. [...]">OpenAI's ChatGPT ads will allegedly prioritize sponsored content in answers</a><br>2025-12-26 - <a href="https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/" title="Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. [...]">Fake Grubhub emails promise tenfold return on sent cryptocurrency</a><br><h2>/r/NetSec</h2>2025-12-29 - <a href="https://www.reddit.com/r/netsec/comments/1pyngz1/detecting_unknown_mcps_in_local_dev_environments/" title="<!-- SC_OFF --><div class="md"><p>Working with a CTO on visibility into what's actually running locally across a 70-engineer org. (For the context, there's no ZTNA implementation, <strong>At the moment</strong>, if there's a way to approach it from ZTNA angle, I'd love to know)</p> <p>Engineers use cursor heavily, started adopting MCPs, and now there's a mix of verified, open source, and basically untrusted github repos running locally. </p> <p>Customer creds are accessible from these environments. We want visibility first - detect what MCPs exist, where they're installed, track usage. </p> <p>That part feels tractable. But from a detection/monitoring angle, once you know what's there - what's worth actually watching? </p> <p>Some MCPs legitimately need local execution so you can't just block them. Full network proxying feels unrealistic for dev workflows. </p> <p>How you approached it? what can implement after visibility? </p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/Ok-Guide-4239"> /u/Ok-Guide-4239 </a> <br /> <span><a href="https://example.com">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/netsec/comments/1pyngz1/detecting_unknown_mcps_in_local_dev_environments/">[comments]</a></span>">Detecting unknown MCPs in local dev environments</a><br>2025-12-27 - <a href="https://www.reddit.com/r/netsec/comments/1px7jzx/petlibro_your_pet_feeder_is_feeding_data_to/" title="&#32; submitted by &#32; <a href="https://www.reddit.com/user/AlmondOffSec"> /u/AlmondOffSec </a> <br /> <span><a href="https://bobdahacker.com/blog/petlibro">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/netsec/comments/1px7jzx/petlibro_your_pet_feeder_is_feeding_data_to/">[comments]</a></span>">Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks</a><br>2025-12-27 - <a href="https://www.reddit.com/r/netsec/comments/1pwxku1/mongobleed_cve202514847/" title="&#32; submitted by &#32; <a href="https://www.reddit.com/user/depierre"> /u/depierre </a> <br /> <span><a href="https://doublepulsar.com/merry-christmas-day-have-a-mongodb-security-incident-9537f54289eb">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/netsec/comments/1pwxku1/mongobleed_cve202514847/">[comments]</a></span>">Mongobleed - CVE-2025-14847</a><br>2025-12-27 - <a href="https://www.reddit.com/r/netsec/comments/1px42f4/implicit_execution_authority_is_the_real_failure/" title="<!-- SC_OFF --><div class="md"><p>I’m approaching prompt injection less as an input sanitization issue and more as an authority and trust-boundary problem.</p> <p>In many systems, model output is implicitly authorized to cause side effects, for example by triggering tool calls or function execution. Once generation is treated as execution-capable, sanitization and guardrails become reactive defenses around an actor that already holds authority.</p> <p>I’m exploring an architecture where the model never has execution rights at all. It produces proposals only. A separate, non-generative control plane is the sole component allowed to execute actions, based on fixed policy and system state. If the gate says no, nothing runs. From this perspective, prompt injection fails because generation no longer implies authority. There’s no privileged path from text to side effects.</p> <p>I’m curious whether people here see this as a meaningful shift in the trust model, or just a restatement of existing capability-based or mediation patterns in security systems.</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/anima-core"> /u/anima-core </a> <br /> <span><a href="https://zenodo.org/records/18067959">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/netsec/comments/1px42f4/implicit_execution_authority_is_the_real_failure/">[comments]</a></span>">Implicit execution authority is the real failure mode behind prompt injection</a><br>2025-12-26 - <a href="https://www.reddit.com/r/netsec/comments/1pw1doh/langgrinch_a_bug_in_the_library_a_lesson_for_the/" title="&#32; submitted by &#32; <a href="https://www.reddit.com/user/hfti"> /u/hfti </a> <br /> <span><a href="https://amlalabs.com/blog/langgrinch-cve-2025-68664/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/netsec/comments/1pw1doh/langgrinch_a_bug_in_the_library_a_lesson_for_the/">[comments]</a></span>">LangGrinch: A Bug in the Library, A Lesson for the Architecture</a><br>2025-12-25 - <a href="https://www.reddit.com/r/netsec/comments/1pvb12k/csrf_protection_without_tokens_or_hidden_form/" title="&#32; submitted by &#32; <a href="https://www.reddit.com/user/AlmondOffSec"> /u/AlmondOffSec </a> <br /> <span><a href="https://blog.miguelgrinberg.com/post/csrf-protection-without-tokens-or-hidden-form-fields">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/netsec/comments/1pvb12k/csrf_protection_without_tokens_or_hidden_form/">[comments]</a></span>">CSRF Protection without Tokens or Hidden Form Fields</a><br><h2>/r/InfoSecNews</h2>2025-12-29 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyl8xc/critical_0day_flaw_exposes_70000_xspeeder_devices/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyl8xc/critical_0day_flaw_exposes_70000_xspeeder_devices/"> <img alt="Critical 0day flaw Exposes 70,000 XSpeeder Devices as Vendor Ignores Alert" src="https://external-preview.redd.it/TSWd27KJIKRlQMnuKxBlJN4qygQnYsdGJBvTdada3QM.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=dbb875259440bb33c9bfb3d7e9013aa8e2ea1bea" title="Critical 0day flaw Exposes 70,000 XSpeeder Devices as Vendor Ignores Alert" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/jamessonnycrockett"> /u/jamessonnycrockett </a> <br /> <span><a href="https://hackread.com/xspeeder-0day-flaw-devices-vendor-ignores-alert/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pyl8xc/critical_0day_flaw_exposes_70000_xspeeder_devices/">[comments]</a></span> </td></tr></table>">Critical 0day flaw Exposes 70,000 XSpeeder Devices as Vendor Ignores Alert</a><br>2025-12-29 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyoova/27_malicious_npm_packages_used_as_phishing/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyoova/27_malicious_npm_packages_used_as_phishing/"> <img alt="27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials" src="https://external-preview.redd.it/Rhfo94V_8QEr2tPX8peSUg8XIoLvqoRqsqPM4oBM844.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=197026adb5483a87f67ed1e8cf0f2c476bd1dfe5" title="27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pyoova/27_malicious_npm_packages_used_as_phishing/">[comments]</a></span> </td></tr></table>">27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials</a><br>2025-12-29 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyooax/korean_air_data_breach_exposes_data_of_thousands/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyooax/korean_air_data_breach_exposes_data_of_thousands/"> <img alt="Korean Air data breach exposes data of thousands of employees" src="https://external-preview.redd.it/i0fUQLO0oEymOZVZUohP36k5fZG6qpCFlmi9bVX6VWE.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=bb0ba54aa23d0b7c52cc815d0759bdc1331895c0" title="Korean Air data breach exposes data of thousands of employees" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.bleepingcomputer.com/news/security/korean-air-data-breach-exposes-data-of-thousands-of-employees/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pyooax/korean_air_data_breach_exposes_data_of_thousands/">[comments]</a></span> </td></tr></table>">Korean Air data breach exposes data of thousands of employees</a><br>2025-12-29 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyib0l/evasive_panda_cyberespionage_campaign_uses_dns/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyib0l/evasive_panda_cyberespionage_campaign_uses_dns/"> <img alt="Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor" src="https://external-preview.redd.it/IBCsH05F-VDClhM3-229CP7nM0zfmeE_bWhaOpmTAao.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=00174debb7cfc8958aad2ac15ff84aeb9bbf7d89" title="Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://securityaffairs.com/186213/apt/evasive-panda-cyberespionage-campaign-uses-dns-poisoning-to-install-mgbot-backdoor.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pyib0l/evasive_panda_cyberespionage_campaign_uses_dns/">[comments]</a></span> </td></tr></table>">Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor</a><br>2025-12-29 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyibg8/mongodb_vulnerability_cve202514847_under_active/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pyibg8/mongodb_vulnerability_cve202514847_under_active/"> <img alt="MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide" src="https://external-preview.redd.it/RawwzWA8ByavVcke0VmCrINkmskWiOIjUPRH5sAqXbA.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=fa1a0adae6f0c2bbf9e2c33807a18fef488c2d19" title="MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pyibg8/mongodb_vulnerability_cve202514847_under_active/">[comments]</a></span> </td></tr></table>">MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide</a><br>2025-12-28 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1py3pe5/stolen_lastpass_backups_enable_crypto_theft/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1py3pe5/stolen_lastpass_backups_enable_crypto_theft/"> <img alt="Stolen LastPass backups enable crypto theft through 2025" src="https://external-preview.redd.it/R0P7NPmoJaMmqls50Yt53g-Qu7wOX593ZcPWjDEjI34.png?width=640&amp;crop=smart&amp;auto=webp&amp;s=9072d40afb7a132e8db683f058a347acc09daa62" title="Stolen LastPass backups enable crypto theft through 2025" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://securityaffairs.com/186191/digital-id/stolen-lastpass-backups-enable-crypto-theft-through-2025.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1py3pe5/stolen_lastpass_backups_enable_crypto_theft/">[comments]</a></span> </td></tr></table>">Stolen LastPass backups enable crypto theft through 2025</a><br>2025-12-28 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1py3p0e/hacker_claims_to_leak_wired_database_with_23/" title="&#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.bleepingcomputer.com/news/security/hacker-claims-to-leak-wired-database-with-23-million-records/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1py3p0e/hacker_claims_to_leak_wired_database_with_23/">[comments]</a></span>">Hacker claims to leak WIRED database with 2.3 million records</a><br>2025-12-28 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1py4anm/exploited_mongobleed_flaw_leaks_mongodb_secrets/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1py4anm/exploited_mongobleed_flaw_leaks_mongodb_secrets/"> <img alt="Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed" src="https://external-preview.redd.it/BYQpEcQrtlmS4s4Gujqkj6FM4VKwTxij8PcP3GQ9e20.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=a2a3754fb12975d45ab82d61f4eed50e6e1157f9" title="Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.bleepingcomputer.com/news/security/exploited-mongobleed-flaw-leaks-mongodb-secrets-87k-servers-exposed/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1py4anm/exploited_mongobleed_flaw_leaks_mongodb_secrets/">[comments]</a></span> </td></tr></table>">Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed</a><br>2025-12-28 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1py3okk/condé_nast_faces_major_data_breach_23m_wired/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1py3okk/condé_nast_faces_major_data_breach_23m_wired/"> <img alt="Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk" src="https://external-preview.redd.it/AOusfKeJCzY1fQFHZzSl0zKXqQak9NCgLZlOh75tzg8.png?width=640&amp;crop=smart&amp;auto=webp&amp;s=b3ed000ba7f6634465ead80581e3346de2bea9c9" title="Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://securityaffairs.com/186224/data-breach/conde-nast-faces-major-data-breach-2-3m-wired-records-leaked-40m-more-at-risk.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1py3okk/condé_nast_faces_major_data_breach_23m_wired/">[comments]</a></span> </td></tr></table>">Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk</a><br>2025-12-28 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pxx718/microsoft_introduces_hardwareaccelerated/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pxx718/microsoft_introduces_hardwareaccelerated/"> <img alt="Microsoft Introduces Hardware-Accelerated BitLocker - hack3d.news" src="https://external-preview.redd.it/EqpciF6lZZNxuLCeinsenfoVJa-zmQsRhBjF6njrM6w.png?width=640&amp;crop=smart&amp;auto=webp&amp;s=c10853c639e42e4dc00832c646d7d4b027bdbd10" title="Microsoft Introduces Hardware-Accelerated BitLocker - hack3d.news" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/MI6MrBond"> /u/MI6MrBond </a> <br /> <span><a href="https://hack3d.news/2025/12/27/microsoft-introduces-hardware-accelerated-bitlocker/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pxx718/microsoft_introduces_hardwareaccelerated/">[comments]</a></span> </td></tr></table>">Microsoft Introduces Hardware-Accelerated BitLocker - hack3d.news</a><br>2025-12-28 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pxnr0l/massive_rainbow_six_siege_breach_gives_players/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pxnr0l/massive_rainbow_six_siege_breach_gives_players/"> <img alt="Massive Rainbow Six Siege breach gives players billions of credits" src="https://external-preview.redd.it/t4mBnKBtFoYz9wwXh2thhEidAkZqTvSvR3AjVJ91Cvg.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=5d98ac65045695d16e3d579e0a79993bdf6e618d" title="Massive Rainbow Six Siege breach gives players billions of credits" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.bleepingcomputer.com/news/security/massive-rainbow-six-siege-breach-gives-players-billions-of-credits/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pxnr0l/massive_rainbow_six_siege_breach_gives_players/">[comments]</a></span> </td></tr></table>">Massive Rainbow Six Siege breach gives players billions of credits</a><br>2025-12-27 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1px4eub/hacker_leaks_23_million_wiredcom_user_records/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1px4eub/hacker_leaks_23_million_wiredcom_user_records/"> <img alt="Hacker Leaks 2.3 Million Wired.com User Records, Claims 40 Million-User Condé Nast Breach" src="https://external-preview.redd.it/7gFMxnqq0ig1hDbpUZSWwywXs0ev0GuY7DwZjGFiHN0.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=cffe8dac6cbfd120e8fd490735c4168ba2b74ad3" title="Hacker Leaks 2.3 Million Wired.com User Records, Claims 40 Million-User Condé Nast Breach" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/jamessonnycrockett"> /u/jamessonnycrockett </a> <br /> <span><a href="https://hackread.com/hacker-leak-wired-com-records-conde-nast-breach/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1px4eub/hacker_leaks_23_million_wiredcom_user_records/">[comments]</a></span> </td></tr></table>">Hacker Leaks 2.3 Million Wired.com User Records, Claims 40 Million-User Condé Nast Breach</a><br>2025-12-27 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1px5866/local_communities_are_winning_against_alpr/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1px5866/local_communities_are_winning_against_alpr/"> <img alt="Local Communities Are Winning Against ALPR Surveillance—Here’s How: 2025 in Review" src="https://external-preview.redd.it/SvZUtkhmOUIHW3T5Wc2zZL34yG42PL7eG1C0IUjg4Vk.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=883e4d0a46b60f8d4ca22794a8fbfbbf87fff663" title="Local Communities Are Winning Against ALPR Surveillance—Here’s How: 2025 in Review" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.eff.org/deeplinks/2025/12/local-communities-are-winning-against-alpr-surveillance-heres-how-2025-review">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1px5866/local_communities_are_winning_against_alpr/">[comments]</a></span> </td></tr></table>">Local Communities Are Winning Against ALPR Surveillance—Here’s How: 2025 in Review</a><br>2025-12-27 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1px7rau/langchain_core_vulnerability_allows_prompt/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1px7rau/langchain_core_vulnerability_allows_prompt/"> <img alt="LangChain core vulnerability allows prompt injection and data exposure" src="https://external-preview.redd.it/r9KSFq5ayGyBYKmRfgl4wpdg9efH4sp2NFAHkRqw4oQ.png?width=640&amp;crop=smart&amp;auto=webp&amp;s=a09b1809665523655f839a0d090d0ae6be0c4092" title="LangChain core vulnerability allows prompt injection and data exposure" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://securityaffairs.com/186185/hacking/langchain-core-vulnerability-allows-prompt-injection-and-data-exposure.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1px7rau/langchain_core_vulnerability_allows_prompt/">[comments]</a></span> </td></tr></table>">LangChain core vulnerability allows prompt injection and data exposure</a><br>2025-12-27 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwul2b/openais_chatgpt_ads_will_allegedly_prioritize/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwul2b/openais_chatgpt_ads_will_allegedly_prioritize/"> <img alt="OpenAI's ChatGPT ads will allegedly prioritize sponsored content in answers" src="https://external-preview.redd.it/3eeKlqyQKOZBxccyamJs3jmJ0pmw7YfqjzgTMNl2Zzg.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=8763643d66e2f1eacb6e710428111b1abc6d1983" title="OpenAI's ChatGPT ads will allegedly prioritize sponsored content in answers" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-ads-will-allegedly-prioritize-sponsored-content-in-answers/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pwul2b/openais_chatgpt_ads_will_allegedly_prioritize/">[comments]</a></span> </td></tr></table>">OpenAI's ChatGPT ads will allegedly prioritize sponsored content in answers</a><br>2025-12-27 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwul8c/new_mongodb_flaw_lets_unauthenticated_attackers/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwul8c/new_mongodb_flaw_lets_unauthenticated_attackers/"> <img alt="New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory" src="https://external-preview.redd.it/CHAXyGBuX__e-wnfk4DqKfYwF79y9QXVYzwpJiIsbgU.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=a887b22943992afca8180645e34194fafe8fa2da" title="New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pwul8c/new_mongodb_flaw_lets_unauthenticated_attackers/">[comments]</a></span> </td></tr></table>">New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwgvys/everest_ransomware_group_claims_theft_of_over_1tb/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwgvys/everest_ransomware_group_claims_theft_of_over_1tb/"> <img alt="Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data" src="https://external-preview.redd.it/1a4H_nDugaYEhjuDof4BwBhOFx49DHA6fuUcMHUOEH4.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=6873d88afbf35fd211380761d0f3d31cd47dedfb" title="Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/jamessonnycrockett"> /u/jamessonnycrockett </a> <br /> <span><a href="https://hackread.com/everest-ransomware-group-chrysler-data-breach/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pwgvys/everest_ransomware_group_claims_theft_of_over_1tb/">[comments]</a></span> </td></tr></table>">Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pweslx/chinalinked_evasive_panda_ran_dns_poisoning/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pweslx/chinalinked_evasive_panda_ran_dns_poisoning/"> <img alt="China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware" src="https://external-preview.redd.it/LvqOHtygMClcgFylJbLwhxZlSBfoiRpJIj7bHBnsTBc.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=8a94bd247eb272109db80315ebbddc20c39773e0" title="China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pweslx/chinalinked_evasive_panda_ran_dns_poisoning/">[comments]</a></span> </td></tr></table>">China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwerzt/prorussian_group_noname057_claims_cyberattack_on/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwerzt/prorussian_group_noname057_claims_cyberattack_on/"> <img alt="Pro-Russian group Noname057 claims cyberattack on La Poste services" src="https://external-preview.redd.it/KiTaQ-sYra99yFy0-N3z-mPkJci2dT29mYV3ylKEcu0.png?width=640&amp;crop=smart&amp;auto=webp&amp;s=7f7357e444edd77e97207dfdd95c7624bcbaf1bf" title="Pro-Russian group Noname057 claims cyberattack on La Poste services" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://securityaffairs.com/186157/hacktivism/pro-russian-group-noname057-claims-cyberattack-on-la-poste-services.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pwerzt/prorussian_group_noname057_claims_cyberattack_on/">[comments]</a></span> </td></tr></table>">Pro-Russian group Noname057 claims cyberattack on La Poste services</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwerjj/fake_grubhub_emails_promise_tenfold_return_on/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pwerjj/fake_grubhub_emails_promise_tenfold_return_on/"> <img alt="Fake GrubHub emails promise tenfold return on sent cryptocurrency" src="https://external-preview.redd.it/CIcDxPoKTGQSOBxwfLzcqAZyazoiJLXnPmo9lAqZuNA.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=a32ad826bf302c677c872d62c5de8f01dc2b2db5" title="Fake GrubHub emails promise tenfold return on sent cryptocurrency" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pwerjj/fake_grubhub_emails_promise_tenfold_return_on/">[comments]</a></span> </td></tr></table>">Fake GrubHub emails promise tenfold return on sent cryptocurrency</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw3vvj/ferry_iot_hack/" title="&#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.schneier.com/blog/archives/2025/12/iot-hack.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pw3vvj/ferry_iot_hack/">[comments]</a></span>">Ferry IoT Hack</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2thz/trust_wallet_chrome_extension_hack_tied_to/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2thz/trust_wallet_chrome_extension_hack_tied_to/"> <img alt="Trust Wallet Chrome extension hack tied to millions in losses" src="https://external-preview.redd.it/u18xD41gFQ0Tcz3LX2gN_Irw4rclEj_1xjdRUiktOlA.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=a93fa60f916a2f67c81964db2518b31d94eb0058" title="Trust Wallet Chrome extension hack tied to millions in losses" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://www.bleepingcomputer.com/news/security/trust-wallet-chrome-extension-hack-tied-to-millions-in-losses/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2thz/trust_wallet_chrome_extension_hack_tied_to/">[comments]</a></span> </td></tr></table>">Trust Wallet Chrome extension hack tied to millions in losses</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2tq2/critical_langchain_core_vulnerability_exposes/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2tq2/critical_langchain_core_vulnerability_exposes/"> <img alt="Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection" src="https://external-preview.redd.it/4PEGDJzySaZbrspINSxjerixzAkyXHvQryV_me6zqPA.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=97f6604fb4594e69a728178a882ab6796dcecd4e" title="Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://thehackernews.com/2025/12/critical-langchain-core-vulnerability.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2tq2/critical_langchain_core_vulnerability_exposes/">[comments]</a></span> </td></tr></table>">Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2t80/spotify_cracks_down_on_unlawful_scraping_of_86/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2t80/spotify_cracks_down_on_unlawful_scraping_of_86/"> <img alt="Spotify cracks down on unlawful scraping of 86 million songs" src="https://external-preview.redd.it/dmtS8q3rtJMDPSythCRPF_U-mWZyXloI5JMT4aty8Lk.png?width=640&amp;crop=smart&amp;auto=webp&amp;s=f024a56e6aef1044976a62d3f1ede5bf3a955125" title="Spotify cracks down on unlawful scraping of 86 million songs" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://securityaffairs.com/186136/data-breach/spotify-cracks-down-on-unlawful-scraping-of-86-million-songs.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pw2t80/spotify_cracks_down_on_unlawful_scraping_of_86/">[comments]</a></span> </td></tr></table>">Spotify cracks down on unlawful scraping of 86 million songs</a><br>2025-12-26 - <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw15z7/fiveyearold_fortinet_fortios_ssl_vpn_flaw/" title="<table> <tr><td> <a href="https://www.reddit.com/r/InfoSecNews/comments/1pw15z7/fiveyearold_fortinet_fortios_ssl_vpn_flaw/"> <img alt="Five-year-old Fortinet FortiOS SSL VPN flaw actively exploited" src="https://external-preview.redd.it/HUY3mr3WK4g_a9KIEcoyKHPOlfCoc4G29CkZ-Ld8fVg.jpeg?width=640&amp;crop=smart&amp;auto=webp&amp;s=60dd390b3467c4b9e1c1b6e9b858867ad1a364a6" title="Five-year-old Fortinet FortiOS SSL VPN flaw actively exploited" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/quellaman"> /u/quellaman </a> <br /> <span><a href="https://securityaffairs.com/186117/security/five-year-old-fortinet-fortios-ssl-vpn-flaw-actively-exploited.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/InfoSecNews/comments/1pw15z7/fiveyearold_fortinet_fortios_ssl_vpn_flaw/">[comments]</a></span> </td></tr></table>">Five-year-old Fortinet FortiOS SSL VPN flaw actively exploited</a><br><h2>
</h2>