Attackers are actively exploiting a critical MongoDB vulnerability dubbed “MongoBleed” to steal sensitive data from server memory. The flaw, which requires no authentication, affects a wide range of versions and has a functional exploit tool with a GUI already in use.
Palo Alto Networks is in advanced talks to acquire Israeli cybersecurity company Koi Security for roughly $400 million. The deal would be a significant win for a startup that has raised only $48 million and focuses on AI-driven detection of malicious code in developer tools.
The New Zealand government is launching a review after a cybersecurity breach at the private medical portal Manage My Health. The incident, occurring on December 30, potentially compromised health documents for 6-7% of its 1.8 million registered users, with reports of a $60,000 ransom demand.
New data shows a massive surge in cyber extortion, with phishing gangs tripling since 2020. The real story is how AI and new tactics like deepfakes and QR codes are making these attacks terrifyingly effective. Here’s what’s changing and why old defenses are failing.
A new Forbes piece offers some blunt New Year’s resolution advice for enterprise security teams. It’s less about buying the next shiny tool and more about a fundamental mindset shift to survive the grind.
A new article details how the pressure to adopt AI is leading companies to skip crucial security and legal due diligence. The confusion starts with vendors redefining fundamental security terms, creating dangerous gaps in understanding.
A major security failure at Korea Telecom (KT) involved thousands of femtocells using a single, plaintext certificate. This allowed a criminal gang to clone the devices, leading to $169,000 in micropayment fraud and, more alarmingly, years of potential surveillance on customer communications.
Sam Altman is publicly recruiting a new Head of Preparedness for OpenAI, offering a $555,000 base salary plus equity. The role focuses on mitigating risks from rapidly improving AI models, but previous leaders haven’t lasted long in the high-stress position.
France’s national postal service, La Poste, suffered a major cyberattack just before Christmas. The pro-Russian group Noname057 claimed responsibility, disrupting deliveries for a company that handles 2.6 billion packages a year.
The old model of infosec as a rigid rule-enforcer is dead. Driven by cloud, mobile, and interconnected systems, the job now demands collaboration and constant judgment to enable innovation, not block it.
