Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hackers. Show all posts
Vulnerability
Critical Flaw Hackers MongoDB Exposure Vulnerabilities and Exploits Vulnerability

Critical MongoDB Flaw Allows Unauthenticated Memory Data Leaks

 


A critical security flaw in MongoDB could allow unauthenticated attackers to extract sensitive data directly from server memory, prompting urgent patching warnings from security researchers and the database vendor. 

The vulnerability, tracked as CVE-2025-14847, affects MongoDB’s implementation of zlib compression and exposes uninitialized heap memory to remote attackers without requiring login credentials. 

Researchers say the issue significantly lowers the barrier for exploitation and could lead to large scale data leaks if left unaddressed. According to security analyses published this week, the flaw exists in MongoDB’s network message decompression logic. By sending specially crafted network packets, an attacker can trigger MongoDB servers to return fragments of memory that were never intended to be shared. 

This memory may contain sensitive information such as user data, credentials, cryptographic material or internal application secrets. The vulnerability impacts a broad range of MongoDB versions across several major releases. 

Affected versions include MongoDB 8.2.0 through 8.2.2, 8.0.0 through 8.0.16, 7.0.0 through 7.0.27, 6.0.0 through 6.0.26, 5.0.0 through 5.0.31 and 4.4.0 through 4.4.29. Older branches including versions 4.2, 4.0 and 3.6 are also affected and do not have backported fixes. 

MongoDB has released patched versions to address the issue, including 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32 and 4.4.30. Security teams are being urged to upgrade immediately, particularly for servers exposed to the internet or reachable through internal network movement. 

For organizations unable to patch right away, MongoDB has recommended temporary mitigations. These include disabling zlib compression in the database configuration or switching to alternative compression algorithms such as Snappy or Zstandard. 

Administrators are also advised to close unused ports and restrict network access to MongoDB instances wherever possible. Technical reviews of the fix show that the vulnerability stemmed from incorrect handling of buffer sizes during decompression. 

The original code returned the size of allocated memory rather than the actual length of decompressed data, leading to unintended memory disclosure. 

The patch corrects this behavior by ensuring only valid data lengths are returned. Security researchers warn that while exploiting the flaw to extract large volumes of meaningful data may require repeated requests over time, the risk increases the longer a vulnerable server remains exposed. Any MongoDB deployment handling sensitive or regulated data is considered at elevated risk.
Read more »
Hackers
crypto theft 2025 cryptocurrency theft cyber attack Cyber Attacks Hackers

Crypto Thefts Hit Record $2.7 Billion in 2025

 

Hackers stole more than $2.7 billion in cryptocurrency in 2025, setting a new annual record for crypto-related thefts, according to data from multiple blockchain monitoring firms. 

The losses were driven by dozens of attacks on cryptocurrency exchanges and decentralized finance projects during the year. The largest incident was a breach at Dubai-based exchange Bybit, where attackers made off with about $1.4 billion worth of digital assets. 

Blockchain analysis firms and the FBI have attributed the attack to North Korean state-backed hackers, who have become the most prolific crypto thieves in recent years. 

The Bybit breach was the biggest known cryptocurrency theft to date and ranks among the largest financial heists on record. Previous major crypto hacks include the 2022 attacks on Ronin Network and Poly Network, which resulted in losses of $624 million and $611 million, respectively. 

Blockchain analytics firms Chainalysis and TRM Labs both estimated total crypto thefts at around $2.7 billion in 2025. Chainalysis said it also tracked an additional $700,000 stolen from individual crypto wallets. 

Web3 security firm De.Fi, which maintains the REKT database of crypto exploits, reported a similar total. North Korean hackers accounted for the majority of losses, stealing at least $2 billion during the year, according to Chainalysis and Elliptic. 

Elliptic estimates that North Korean-linked groups have stolen roughly $6 billion in cryptocurrency since 2017, funds that analysts say are used to support the country’s sanctioned nuclear weapons program. 

Other significant incidents in 2025 included a $223 million hack of decentralized exchange Cetus, a $128 million breach at Ethereum-based protocol Balancer, and a theft of more than $73 million from crypto exchange Phemex. 

Crypto-related cybercrime has continued to rise in recent years. Hackers stole about $2.2 billion in digital assets in 2024 and roughly $2 billion in 2023, underscoring persistent security challenges across the cryptocurrency ecosystem.
Read more »
Hacking Attack
Asus Cyber Defence Cyber Security Cybersecurity Breach Everest Ransomware Hackers Hacking Attack

Asus Supplier Breach Sparks Security Concerns After Everest Ransomware Claims Data Theft

 

Asus has confirmed a security breach via one of its third-party suppliers after the Everest ransomware group claimed it had accessed internal materials belonging to the company. In its statement, Asus confirmed that a supply chain vendor "was hacked," and the intrusion impacted portions of the source code relating to cameras for Asus smartphones. The company emphasized that no internal systems, products, or customer data were impacted. It refused to name the breached supplier or detail exactly what was accessed, but it said it is shoring up supply chain defenses to align with cybersecurity best practices. 

The disclosure comes amid brazen claims from the Everest ransomware gang, an established extortion outfit that has traditionally targeted major technology firms. Everest claimed it had pilfered around 1 TB of data related to Asus, ArcSoft, and Qualcomm, leaking screenshots online as evidence of the breach. The group said on its dark-web leak site that it was offering an array of deep technical assets, from segmentation modules to source code, RAM dumps, firmware tools, AI model weights, image datasets, crash logs, and test applications. The cache supposedly also contained calibration files, dual-camera data, internal test videos, and performance evaluation reports, the gang said. 

As it is, Asus hasn't verified the broader claims of Everest and has called the incident isolated to a single external supplier that holds camera-related resources. The company hasn't provided an explanation of whether material that was supposedly exfiltrated by the attackers included its proprietary code or information from the other organizations named by the group. Requests for additional comment from the manufacturer went unreturned, thus leaving various aspects of the breach unexplained. The timing is problematic for Asus, coming just weeks after new research highlighted yet another security issue with the company's consumer networking hardware. Analysts in recent weeks said about 50,000 Asus routers were compromised in what observers believe is a China-linked operation. 

That campaign involved attackers exploiting firmware vulnerabilities to build a relatively large botnet that's able to manipulate traffic and facilitate secondary infections. Although the router exploitation campaign and the supplier breach seem unrelated, taken together the two incidents raise the temperature on Asus' overall security posture. With attackers already targeting its networking devices en masse, the discovery of a supply chain intrusion-one that may have entailed access to source code-only adds to the questions about the robustness of the company's development environments. 

As supply chain compromises remain one of the biggest risks facing the tech sector, the incident serves as a reminder of the need for far better oversight, vetting of vendors, and continuous monitoring to ensure malicious actors do not penetrate upstream partners. For Asus, the breach raises pressure on the company to reassure customers and partners that its software and hardware ecosystems remain secure amid unrelenting global cyberthreat activity.
Read more »
university of Pennsylvania
Data Breach Emails Hackers Private Data Student Data university of Pennsylvania

University of Pennsylvania Hit by Hackers: Fake Emails, Data Leak Threats, and Political Backlash

 



The University of Pennsylvania is investigating a cybersecurity incident after unknown hackers gained access to internal email accounts and sent thousands of misleading messages to students, alumni, and staff on Friday morning. The fraudulent emails, which appeared to come from the university’s Graduate School of Education (GSE), contained inflammatory and false statements aimed at discrediting the institution.

The messages, distributed through multiple legitimate @upenn.edu accounts, mocked the university’s data protection standards and included offensive remarks about its internal policies. Some messages falsely claimed the university violated the Family Educational Rights and Privacy Act (FERPA) and threatened to release private student data. Several recipients reported receiving the same message multiple times from different Penn-affiliated senders.

In a statement to media outlets, Penn spokesperson Ron Ozio confirmed that the university’s incident response team is actively handling the situation. He described the email as “fraudulent,” adding that the content “does not reflect the mission or actions of Penn or Penn GSE.” The university emphasized that it is coordinating with cybersecurity specialists to contain the breach and determine the extent of access obtained by the attackers.

Preliminary findings suggest the threat actors may have compromised university email accounts, likely through credential theft or phishing, and used them to send the mass messages. According to reports, the attackers claim to have obtained extensive data including donor, student, and alumni records, and have threatened to leak it online. However, Penn has not verified these claims and continues to assess which systems were affected.

The timing and tone of the hackers’ messages suggest that their motive may extend beyond simple disruption. The emails referenced university fundraising efforts and included statements like “please stop giving us money,” implying an intent to undermine donor confidence. Analysts also noted that the incident followed Penn’s public rejection of a White House initiative known as the “Compact for Academic Excellence in Higher Education.”

That proposal, which several universities declined to sign, sought to impose federal funding conditions that included banning affirmative action in admissions and hiring, freezing tuition for five years, capping international enrollment, and enforcing policies that critics say would marginalize LGBTQ+ and gender-nonconforming students. In response, Penn President J. Larry Jameson had stated that such conditions “conflict with the viewpoint diversity and freedom of expression central to higher education.”

The university has advised all recipients to disregard the fake messages and avoid clicking on any embedded links or attachments. Anyone concerned about personal information exposure has been urged to monitor their accounts and report suspicious activity. Penn has promised to issue direct notifications if any verified data exposure is confirmed.

The growing risk of reputational and data threats faced by universities, which hold vast troves of academic and financial records cannot be more critical. As investigations take place, cybersecurity experts stress that academic institutions must adopt continuous monitoring, strict credential management, and transparent communication with affected communities when such attacks occur.




Read more »
Phishing and Spam
Customer Data Customer Data Exposed Dark Web Data Breach Data exposed data security Hackers identity theft risk Phishing and Spam

Toys “R” Us Canada Data Breach Exposes Customer Information, Raising Phishing and Identity Theft Concerns

 

Toys “R” Us Canada has confirmed a data breach that exposed sensitive customer information, including names, postal addresses, email addresses, and phone numbers. Although the company assured that no passwords or payment details were compromised, cybersecurity experts warn that the exposed data could still be exploited for phishing and identity theft schemes. 

The company discovered the breach after hackers leaked stolen information on the dark web, prompting an immediate investigation. Toys “R” Us engaged a third-party cybersecurity firm to conduct forensic analysis and confirm the scope of the incident. Early findings revealed that a “subset of customer records” had been stolen. The retailer began notifying affected customers through official communications, with letters quickly circulating on social media after being shared by recipients.  

According to the company’s statement, the breach did not involve financial information or account credentials, but the exposure of valid contact details still presents significant risk. Cybercriminals often use such data to create convincing phishing emails or impersonate legitimate companies to deceive victims into revealing sensitive information. 

Toys “R” Us stated that its IT systems were already protected by strong security protocols but have since been reinforced with additional defensive measures. The company has not disclosed how the attackers infiltrated its network or how many individuals were impacted. It also confirmed that, to date, there is no evidence suggesting the stolen data has been misused. 

In the aftermath of the incident, Toys “R” Us reported the breach to relevant authorities and advised customers to remain vigilant against phishing attempts. The company urged users not to share personal information with unverified senders, avoid clicking on suspicious links or attachments, and closely monitor any unusual communications that appear to come from the retailer.  

While no hacking group has claimed responsibility for the breach, cybersecurity analysts emphasize that exposed names, emails, and phone numbers can easily be weaponized in future scams. The incident underscores how even non-financial data can lead to significant cybersecurity risks when mishandled or leaked. 

Despite the company’s reassurances and strengthened defenses, the breach highlights the ongoing threat businesses face from cyberattacks that target customer trust and data privacy.
Read more »
Identity Theft
Airline Customer Data Cyber Attacks cyberattacks on airline Data Breaches Data Leak data security Hackers Identity Theft

Qantas Data Leak Highlights Rising Airline Cyberattacks and Identity Theft Risks

 

Airlines continue to attract the attention of cybercriminals due to the vast amounts of personal data they collect, with passports and government IDs among the most valuable targets. According to privacy firm Incogni, the exposure of such documents poses a “severe, long-term identity theft risk” since they are difficult to replace and can be exploited for years in fraud schemes involving fake identities, counterfeit documents, and impersonation scams. 

The recent Qantas Airways data breach, claimed by the Scattered LAPSUS$ Hunters group, underscores the sector’s growing vulnerability. The stolen data included names, email addresses, Frequent Flyer details, and limited personal information such as phone numbers and birth dates. Fortunately, Qantas confirmed that no passport details, financial information, or credit card data were compromised. 

However, experts warn that even limited leaks can have serious consequences. “Attackers often combine personal identifiers like names and loyalty program details from multiple breaches to build complete identity profiles,” said Darius Belejevas, Head of Incogni. Such composite records can enable large-scale fraud even without financial data exposure. 

The Qantas incident also highlights the danger of third-party compromises. The breach reportedly stemmed from Salesforce social engineering and vendor vulnerabilities, illustrating how a single compromised supplier can have ripple effects across industries. Belejevas emphasized that “one compromised partner can expose millions of records in a single incident.” 

Data breaches in the airline industry are escalating rapidly. According to Cyble’s threat intelligence database, more than 20 airline-related breaches have been reported on the dark web in 2025 — a 50% increase from 2024. Much of this surge is attributed to coordinated attacks by Scattered Spider and the broader Scattered LAPSUS$ Hunters alliance, although other groups have also begun targeting the aviation sector. 

In a separate incident, the CL0P ransomware group claimed to have breached Envoy Air, a regional carrier of American Airlines. Envoy confirmed the intrusion but stated that no customer data was affected, only limited business information. In contrast, WestJet, which suffered a breach in June 2025, had passports and government-issued IDs exposed, prompting it to offer two years of free identity monitoring to affected customers. Incogni, however, warned that identity theft risks from such documents can persist well beyond two years. 

Experts urge travelers to take preventive security measures. Incogni recommends enrolling in identity theft monitoring, reporting phishing attempts to national anti-fraud agencies, using strong passwords with multi-factor authentication, and removing personal data from data broker sites. 

“Individuals and organizations must do more to safeguard sensitive data,” said Ron Zayas, CEO of Incogni. “In today’s world, data isn’t just being stolen by hackers — it’s also being misused by legitimate entities to manipulate outcomes.”
Read more »
Payroll Company
Data Breach Email Hackers HR MFA Microsoft Payroll Company

Payroll Hackers Target U.S. Universities, Microsoft Warns

 



Microsoft researchers have surfaced a new phishing campaign where cybercriminals are stealing university employees’ salaries by redirecting their payroll deposits to accounts under their control. The group behind the attacks has been named “Storm-2657” by Microsoft.

The hackers have been carrying out these attacks since March 2025, targeting staff at multiple U.S. universities and organizations that use third-party HR and payroll platforms, including Workday.

According to Microsoft’s report, at least 11 employee accounts across three universities were compromised and later used to send phishing emails to nearly 6,000 individuals in 25 universities. The scale of the attack suggests a coordinated attempt to infiltrate university payroll systems through deception and stolen credentials.


How the Attack Works

The attackers send phishing emails that appear to come from legitimate university sources or human resources departments. These emails often carry urgent subjects like “COVID-Like Case Reported — Check Your Contact Status” or “Faculty Compliance Notice – Classroom Misconduct Report.”

When recipients click on the embedded links, they are redirected to fake login pages designed to steal their login details and multifactor authentication (MFA) codes. With these details, the hackers gain full access to the victim’s Workday or HR accounts.

Once inside, the criminals create inbox rules that automatically delete emails from Workday, particularly notifications about payroll or bank account changes, ensuring victims remain unaware of any tampering. They also register their own devices for MFA, allowing them to retain access even if the victim later changes their password.

This enables the attackers to quietly change the employee’s bank account information, diverting salary payments into accounts they control.


Broader Pattern of Business Email Compromise

Experts classify this as a variant of Business Email Compromise (BEC), a fraud method where attackers infiltrate or impersonate legitimate business accounts to redirect payments or steal sensitive data.

According to the FBI’s 2024 Internet Crime Report, BEC scams caused over $2 billion in losses last year alone. Many victims include corporations, suppliers, and even schools that handle large financial transactions through wire transfers or automated clearing house (ACH) systems.

In one notable 2024 case, cybercriminals stole $60 million from a major carbon products supplier, while a Tennessee school district also lost millions through similar fraudulent transfers.


Microsoft and Workday Respond

Microsoft said it has alerted affected institutions and shared recommendations to contain the threat. The company advised organizations to adopt phishing-resistant MFA options, monitor for suspicious inbox rules, and require extra verification for any changes to payroll details.

A Workday spokesperson also encouraged clients to strengthen their MFA policies and implement additional review steps before processing sensitive updates like salary or banking information.


Protecting Employees and Institutions

Cybersecurity experts emphasize the importance of employee awareness and vigilant reporting. Staff should avoid clicking on unsolicited HR emails and instead confirm any urgent requests directly with their university’s payroll or IT department.

With education institutions increasingly targeted by financially motivated hackers, proactive defenses and real-time verification remain the most effective safeguards against salary diversion scams.



Read more »
Radware
ChatGPT ChatGPT risks Cyber Security Data Leak Data protection data security Gmail Hackers OpenAI Radware

OpenAI Patches ChatGPT Gmail Flaw Exploited by Hackers in Deep Research Attacks

 

OpenAI has fixed a security vulnerability that could have allowed hackers to manipulate ChatGPT into leaking sensitive data from a victim’s Gmail inbox. The flaw, uncovered by cybersecurity company Radware and reported by Bloomberg, involved ChatGPT’s “deep research” feature. This function enables the AI to carry out advanced tasks such as web browsing and analyzing files or emails stored in services like Gmail, Google Drive, and Microsoft OneDrive. While useful, the tool also created a potential entry point for attackers to exploit.  

Radware discovered that if a user requested ChatGPT to perform a deep research task on their Gmail inbox, hackers could trigger the AI into executing malicious instructions hidden inside a carefully designed email. These hidden commands could manipulate the chatbot into scanning private messages, extracting information such as names or email addresses, and sending it to a hacker-controlled server. The vulnerability worked by embedding secret instructions within an email disguised as a legitimate message, such as one about human resources processes. 

The proof-of-concept attack was challenging to develop, requiring a detailed phishing email crafted specifically to bypass safeguards. However, if triggered under the right conditions, the vulnerability acted like a digital landmine. Once ChatGPT began analyzing the inbox, it would unknowingly carry out the malicious code and exfiltrate data “without user confirmation and without rendering anything in the user interface,” Radware explained. 

This type of exploit is particularly difficult for conventional security tools to catch. Since the data transfer originates from OpenAI’s own infrastructure rather than the victim’s device or browser, standard defenses like secure web gateways, endpoint monitoring, or browser policies are unable to detect or block it. This highlights the growing challenge of AI-driven attacks that bypass traditional cybersecurity protections. 

In response to the discovery, OpenAI stated that developing safe AI systems remains a top priority. A spokesperson told PCMag that the company continues to implement safeguards against malicious use and values external research that helps strengthen its defenses. According to Radware, the flaw was patched in August, with OpenAI acknowledging the fix in September.

The findings emphasize the broader risk of prompt injection attacks, where hackers insert hidden commands into web content or messages to manipulate AI systems. Both Anthropic and Brave Software recently warned that similar vulnerabilities could affect AI-enabled browsers and extensions. Radware recommends protective measures such as sanitizing emails to remove potential hidden instructions and enhancing monitoring of chatbot activities to reduce exploitation risks.
Read more »
Subscribe to: Comments (Atom)