Dozens of Major Data Breaches Linked to Single Threat Actor
Several major data breaches are linked to a threat actor who relies on stolen credentials to compromise enterprise networks, Hudson Rock reports. Operating under the moniker 'Zestix' but also linked to the online persona 'Sentap', the threat actor is an initial access broker (IAB) who was also seen exfiltrating victim data and selling it on hacker forums. According to Hudson Rock, Zestix emerged as a distinct entity in late 2024, but its activities can be linked to operations since 2021. READ MORE...
Crypto wallet shop Ledger confirms customer data lifted in Global-e snafu
Blockchain security biz Ledger says customer information was accessed in a breach at its ecommerce payment partner Global-e, and is warning that other brands using the platform may also be affected. The number of customers impacted is not confirmed, but Ledger said basic personal information - name and contact data - was exposed, as were order details including products and prices. READ MORE...
Coinbase insider who sold customer data to criminals arrested in India
Police in India have arrested a former Coinbase customer service agent who is believed to have been bribed by cybercriminal gangs to access sensitive customer information. Coinbase CEO Brian Armstrong announced the arrest on Twitter. "We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice," tweeted Armstrong. "Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested." READ MORE...
Sophisticated ClickFix Campaign Targeting Hospitality Sector
Securonix warns of a stealthy and sophisticated ClickFix campaign targeting the hospitality sector for remote access trojan (RAT) deployment. The attacks start with a phishing email containing a fake Booking.com reservation cancellation lure, with a link to an impersonating website that displays a fake CAPTCHA. Once the victim clicks on the phishing link and lands on the fake website, they are served a deceptive CAPTCHA-style browser error that leads to a fake Blue Screen of Death animation. READ MORE...
Critical 'MongoBleed' Bug Under Attack, Patch Now
Attackers are actively exploiting a critical vulnerability in MongoDB to steal sensitive information directly from an affected server's memory. The attacks appear to have started on Dec. 29, barely three days after proof-of-concept exploit code (PoC) for the vulnerability became publicly available. The security flaw, designated CVE-2025-14847 and dubbed "MongoBleed," allows remote attackers to extract cleartext credentials, authentication tokens, and sensitive customer data. READ MORE...
Are Copilot prompt injection flaws vulnerabilities or AI limits?
Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. "Last month, I discovered 4 vulnerabilities in Microsoft Copilot. They've since closed my cases stating they do not qualify for serviceability," posted engineer John Russell on LinkedIn. READ MORE...
Thousands of firewalls at risk as legacy flaw in Fortinet faces renewed threat
Researchers warn that thousands of Fortinet instances are at risk of exploitation after the company disclosed that a legacy flaw is under renewed attack. The vulnerability, tracked as CVE-2020-12812, has been exploited in the wild in recent weeks when operating under certain configurations, according to a blog from Fortinet released on Christmas Eve. The original flaw related to an improper authentication vulnerability in SSL VPN in FortiOS. READ MORE...
- ...in 1838, Samuel Morse first demonstrates the telegraph.
- ...in 1907, Maria Montessori opens her first school and daycare center in Rome, Italy.
- ...in 1912, German geophysicist Alfred Wegener first presents his theory of continental drift at a lecture in Frankfurt.
- ...in 1936, Porky Pig makes his world debut in a Warner Brothers cartoon, "Gold Diggers of '49."
