MongoDB servers are under active exploitation via CVE-2025-14847, a pre-auth memory leak.

Censys found 87,000 exposed instances. The default zlib compression flaw can leak passwords and API keys over time.

🔗 Read → https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html

⚠️ Attackers turned npm into phishing infrastructure over five months.

27 npm packages were used as CDN-hosted lures mimicking document sharing and Microsoft sign-in pages, targeting sales staff at 25 industrial and healthcare firms.

🔗 Read → https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html

⚡ Cyber attacks did not slow down at the end of 2025.

⚠️ Bugs were used fast
🔓 Trusted software was misused
💸 Old breaches caused new losses
📱 Cloud, crypto, mobile, insiders all showed up

This weekly recap breaks down what mattered in the final week of 2025 and what carries into 2026.

Read: https://thehackernews.com/2025/12/weekly-recap-mongodb-attacks-wallet.html

🛑 Mustang Panda is deploying TONESHELL via a kernel-mode rootkit driver.

The signed driver loads before antivirus tools, injects the backdoor into system processes, and blocks security visibility.

🔗 Read → https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html

New push to Github

chore(deps): bump zip from 7.1.0 to 7.2.0 in the crates group (#75)

Bumps the crates group with 1 update: [zip](https://github.com/zip-rs/zip2).


Updates `zip` from 7.1.0 to 7.2.0
- [Release notes](https://github.com/zip-rs/zip2/releases)
- [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zip-rs/zip2/compare/v7.1.0...v7.2.0)

---
updated-dependencies:
- dependency-name: zip
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

See commit detail here
#ci_416