Cyber Security – Page 49 – Simply Secure Group

New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins

A Spanish-speaking phishing operation targeting Microsoft Outlook users has been active since March 2025, using a sophisticated kit that shows clear indicators of AI-assisted development. The campaign, tracked through a unique signature of four mushroom emojis embedded in the string “OUTL,” has been observed in over 75 distinct deployments. The operation captures email credentials along […]

2.5 Million+ Malicious Request From Hackers Attacking Adobe ColdFusion Servers

A coordinated exploitation campaign that generated more than 2.5 million malicious requests against Adobe ColdFusion servers and 47+ other technology platforms during the Christmas 2025 holiday period. The operation was attributed to a single threat actor operating from Japan-based infrastructure. This indicates an advanced scanning effort by attackers seeking both legacy and new vulnerabilities dating […]

OpenAI Hardened ChatGPT Atlas Against Prompt Injection Attacks

OpenAI has rolled out a critical security update to ChatGPT Atlas, its browser-based AI agent, introducing advanced defenses against prompt injection attacks. The update marks a significant step in protecting users from emerging adversarial threats targeting agentic AI systems. Prompt injection attacks exploit AI agents by embedding malicious instructions into the web content the agent […]

MongoBleed (CVE-2025-14847) Now Exploited in the Wild: MongoDB Servers at Critical Risk

A high-severity unauthenticated information-leak vulnerability in MongoDB Server, dubbed MongoBleed after the infamous Heartbleed bug, is now being actively exploited in real-world attacks. MongoDB has disclosed CVE-2025-14847, a critical flaw affecting multiple supported and legacy server versions that allows unauthenticated remote attackers to exfiltrate sensitive data and authentication credentials from vulnerable instances. MongoBleed stems from […]

Ubisoft Rainbow Six Siege Servers Breach linked to MongoBleed Vulnerability

The chaos surrounding Ubisoft escalated significantly today as the first group of hackers, previously known for silent exploits, initiated a highly visible and disruptive takeover of Rainbow Six Siege servers. Players worldwide are reporting a massive influx of in-game currency, unwarranted bans, and taunting messages broadcast directly through the game’s administrative feeds. Starting early this […]

87,000+ MongoDB Instances Vulnerable to MongoBleed Flaw Exposed Online PoC Exploit Released

A high-severity vulnerability in MongoDB Server that allows unauthenticated remote attackers to siphon sensitive data from database memory. Dubbed “MongoBleed” due to its automated similarities to the infamous Heartbleed bug, the flaw tracks as CVE-2025-14847 and carries a CVSS score of 7.5. The vulnerability resides in the MongoDB Server’s zlib message decompression implementation. According to […]

Mongobleed PoC Exploit Tool Released for MongoDB Flaw that Exposes Sensitive Data

A proof-of-concept (PoC) exploit dubbed “mongobleed” for CVE-2025-14847, a critical unauthenticated memory leak vulnerability in MongoDB’s zlib decompression handling. Dubbed by its creator Joe Desimone as a way to bleed sensitive server memory, the flaw lets attackers remotely extract uninitialized data without credentials, potentially exposing internal logs, system stats, and more. The vulnerability stems from […]

TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data

Multiple critical vulnerabilities in TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe), formerly part of 1E Client. Affecting Windows versions before 25.11 and select older branches, the flaws stem from improper input validation (CWE-20), potentially enabling attackers on the local network to execute code, crash the service, or leak sensitive data. The most severe issue, CVE-2025-44016 […]

M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users

An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive document management systems. The flaw, tracked as CVE-2025-13008, affects multiple versions across different release branches and carries a high-severity CVSS 4.0 base score of 8.6. The vulnerability exists within M-Files […]

TrustWallet Chrome Extension Hacked Users Reporting Millions in Losses

Many Trust Wallet users saw their wallets drained of over $7 million after a security breach in the Chrome browser extension version 2.68.0, released on December 24, 2025. Blockchain investigator ZachXBT first flagged the incident on X, noting a surge in unauthorized outflows from affected addresses shortly after users interacted with the extension. Reports emerged […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.