Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Critical 0day flaw Exposes 70k XSpeeder Devices as Vendor Ignores Alert

Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed.

HackRead
Open in Source
#vulnerability#zero_day
The Worst Hacks of 2025

From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year.

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. "A flaw

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 million secrets were leaked through AI

When Risk Is Fragmented, Strategy Suffers

Risk fragmentation remains one of the most overlooked barriers to effective business performance. It doesn’t show up all…

Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach

A hacker using the alias “Lovely” has leaked what they claim is the personal data of over 2.3…

GHSA-43h9-hc38-qph5: SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.

The US Must Stop Underestimating Drone Warfare

The future of conflict is cheap, rapidly manufactured, and tough to defend against.

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is inconsistent with the

GHSA-9fjq-45qv-pcm7: ruint affected by unsoundness of safe `reciprocal_mg10`

The function `reciprocal_mg10` is marked as safe but can trigger undefined behavior (out-of-bounds access) because it relies on `debug_assert!` for safety checks instead of `assert!`. When compiled in release mode, the `debug_assert!` is optimized out, potentially allowing invalid inputs to cause memory corruption.