New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
New research shows 64% of third‑party applications on websites access sensitive data without a clear business justification, up from 51% in 2024. Only 39% of security leaders have deployed dedicated web‑exposure solutions, despite 81% ranking web attacks as a top priority. Google Tag Manager, Shopify and Facebook Pixel account for the bulk of unjustified access, while government sites see malicious activity jump to 12.9%. The study highlights a widening governance gap between marketing and IT.
Critical Node.js Vulnerability Can Cause Server Crashes via Async_hooks Stack Overflow
Node.js released security updates fixing a critical vulnerability (CVE‑2025‑59466) that causes the runtime to terminate with exit code 7 when a stack overflow occurs while async_hooks is enabled. The bug affects all versions from 8.x through 18.x and impacts major frameworks...
![[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2N9qZuwkcslheNUOsWaTDrMYeXiBUfw1y-hItTvuGo71srarOm7AWzq3o7ro9E0x_CnC7XmJGXKl1tfkc6gTMK288y6M_zN6Yg1FATduXSQmMlp_jnHESxVYZDuJnNozO_Ff-r-lWIyG5AikC8AwrOckeYVYcCQv2RjeLof2bxV_TrcbvRvZqrTIcjD0/s2600/ai-agent.jpg)
[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl
The Hacker News webinar spotlights the emerging security gap as agentic AI tools like Copilot, Claude Code, and Codex move from code generation to full‑cycle software deployment. Central to the risk are Machine Control Protocols (MCPs), which dictate which tools,...
New Advanced Linux VoidLink Malware Targets Cloud and Container Environments
Check Point Research has uncovered VoidLink, a sophisticated, cloud‑native Linux malware framework designed for long‑term stealth in cloud and container environments. First seen in December 2025, the platform includes custom loaders, rootkits, and more than 30 plug‑in modules written in Zig,...
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
A China‑linked threat group identified as UAT‑7290 has been conducting espionage‑focused intrusions against telecom providers in South Asia and, more recently, organizations in southeastern Europe. The actor performs extensive reconnaissance before exploiting one‑day vulnerabilities and SSH brute‑force to compromise edge...
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
This week’s ThreatsDay bulletin highlighted a surge in cyber threats across multiple fronts. CISA expanded its KEV catalog by 245 high‑risk flaws, while a critical hard‑coded token in RustFS exposed clusters to remote takeover. OpenAI faced a court order to...
The State of Trusted Open Source
Chainguard’s quarterly “State of Trusted Open Source” report analyzes usage of over 1,800 container images across its customer base, revealing that Python is the most popular image and that the majority of production workloads rely on a long‑tail of less‑common...
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers disclosed eleven critical‑severity flaws in Coolify, an open‑source self‑hosting platform, that enable authenticated users to execute arbitrary commands as root and even escape containers. The vulnerabilities, catalogued as CVE‑2025‑66209 through CVE‑2025‑59158, carry CVSS scores from 9.4 to 10.0....
Critical N8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
Researchers disclosed CVE‑2026‑21858, a CVSS 10.0 flaw in n8n that lets unauthenticated attackers hijack any instance via a Content‑Type confusion in webhook handling. The vulnerability affects all versions up to 1.65.0 and was patched in version 1.121.0 released November 18, 2025. It joins three...
The Future of Cybersecurity Includes Non-Human Employees
Enterprises are witnessing a surge in non‑human identities (NHIs) such as bots, AI agents, and service accounts, now deemed as critical as human accounts—51% of respondents in ConductorOne's 2025 report affirm this shift. These machine identities often operate with standing,...
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A critical remote code execution flaw (CVE‑2026‑0625) has been discovered in legacy D‑Link DSL routers, exploiting the dnscfg.cgi endpoint via command injection. The vulnerability carries a CVSS score of 9.3 and is actively being leveraged in the wild, with attacks...
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats From 900,000 Users
Security researchers have identified two malicious Chrome extensions—"Chat GPT for Chrome with GPT‑5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude, and more"—that together have been installed by roughly 900,000 users. The extensions harvest OpenAI ChatGPT...
What Is Identity Dark Matter?
Identity dark matter describes the growing pool of unmanaged human and non‑human identities spread across SaaS, IaaS, on‑prem and shadow applications. Traditional IAM and IGA tools only cover the managed half, leaving bots, service accounts and orphaned users invisible. This...
VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX
AI‑powered forks of Microsoft VS Code such as Cursor, Windsurf, Google Antigravity and Trae have been found recommending extensions that do not exist in the Open VSX registry. Because the extension names are unclaimed, threat actors can publish malicious packages under those...
Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers
A critical path‑traversal flaw (CVE‑2026‑21440) in the @adonisjs/bodyparser npm package received a CVSS score of 9.2, allowing remote attackers to write arbitrary files when MultipartFile.move() is called without proper sanitization. The vulnerability affects versions up to 10.1.1 and 11.0.0‑next.5 and...
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia
Transparent Tribe, also known as APT36, has launched a new wave of remote‑access‑trojan (RAT) attacks against Indian government, academic and strategic organizations. The campaign delivers weaponized LNK files disguised as PDFs, which execute HTA scripts via mshta.exe and load a...
The ROI Problem in Attack Surface Management
Attack surface management (ASM) tools promise reduced risk by expanding visibility, yet most programs deliver only larger asset inventories and louder dashboards. Security teams see counts climb and alerts surge, but leadership still struggles to answer whether incidents actually decline....
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Treasury’s Office of Foreign Assets Control removed three individuals tied to the Intellexa Consortium—responsible for the Predator commercial spyware—from the Specially Designated Nationals list. The delisting followed petitions asserting the subjects had distanced themselves from the consortium, though...
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
Silver Fox, a China‑based cyber‑crime group, has shifted its phishing focus to India, using income‑tax‑themed emails to deliver the modular ValleyRAT remote‑access trojan. The campaign tricks recipients into opening a PDF that redirects to a malicious zip file, which contains...
How to Integrate AI Into Modern SOC Workflows
AI is rapidly entering security operations, yet many SOCs lack a structured integration strategy. The 2025 SANS SOC Survey shows 40% of teams use AI tools without defined processes and 42% deploy them out‑of‑the‑box, leading to inconsistent value. Effective adoption...
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
The weekly cyber recap highlights a wave of active exploits, most notably the MongoDB "MongoBleed" vulnerability (CVE‑2025‑14847) being leveraged against over 87,000 instances worldwide. High‑profile breaches include a Trust Wallet Chrome extension hack that cost users roughly $7 million and a...
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
MongoDB disclosed a critical vulnerability (CVE‑2025‑14847, CVSS 8.7) that allows unauthenticated attackers to read server memory via a flaw in zlib compression. Over 87,000 internet‑exposed instances have been identified, with 42% of cloud environments hosting at least one vulnerable deployment. The...
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
Kaspersky attributes a two‑year cyber‑espionage campaign to the China‑linked APT group Evasive Panda, which used DNS‑poisoning to deliver its MgBot backdoor. The attacks, observed from November 2022 to November 2024, targeted organizations in Turkey, China and India by hijacking DNS responses for...
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
In 2022 LastPass suffered a breach that exposed encrypted vault backups containing cryptocurrency private keys and seed phrases. TRM Labs now reports that weak master passwords allowed attackers to decrypt these vaults offline, siphoning roughly $35 million in crypto assets through...
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Fortinet disclosed that CVE‑2020‑12812, a case‑sensitivity flaw in its SSL VPN, is being actively exploited in the wild. The vulnerability lets attackers bypass two‑factor authentication when local users are linked to LDAP groups and usernames are entered with different casing....
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper
Researchers uncovered a new macOS stealer, MacSync, delivered via a digitally signed and notarized Swift application masquerading as a messenger installer. The signed DMG bypasses Apple Gatekeeper and XProtect, allowing the dropper to execute an encoded script after user interaction....
