Enterprise Security Tech

A newly disclosed flaw in MongoDB dubbed 'MongoBleed' is exposing a subtle but dangerous reality of modern cloud infrastructure: sometimes the most sensitive data does not need to be stolen from a database table at all. It can simply leak out of memory. Tracked as CVE-2025-14847 , the vulnerability affects how MongoDB  processes zlib-compressed network traffic. Under specific conditions, a remote attacker can trigger the database server to return fragments of its own uniniti

Every December, the internet dresses itself up for the holidays. Social feeds fill with lights and nostalgia, inboxes clog with end of year reminders, and millions of people quietly reset their passwords. According to a new analysis of breached credentials, that seasonal spirit is leaking straight into login security in ways attackers already understand all too well. Security researchers at Specops Software examined roughly 800 million compromised passwords and found that ho

South Korea’s dominant e-commerce engine, Coupang, has confirmed a sprawling data breach that exposed the personal information of nearly 34 million customers —a staggering incident that appears to have unfolded quietly for more than five months before being detected. The company initially believed that only a few thousand users had been affected when anomalous access was spotted on November 18. But as investigators dug deeper, a far broader compromise emerged: names, emails,

Salesforce has pulled the emergency brake on a swath of Gainsight-published applications after uncovering suspicious activity tied to the integrations — a move that instantly set off alarm bells across the SaaS security world and reignited concerns about the increasingly fragile state of OAuth-based trust models. Shortly after 8:00 p.m. on November 19, Salesforce issued a security advisory confirming that unusual activity linked to Gainsight applications could have enabled un

Anthropic’s revelation that hackers linked to China allegedly used its Claude AI system to automate attacks against roughly 30 organizations has ignited one of cybersecurity’s most polarizing debates yet: can artificial intelligence truly orchestrate espionage on its own—or is this another case of overhyped “AI panic” masking a deeper failure of model governance? The Rise of the AI Operator According to Anthropic, the attackers disguised themselves as cybersecurity researcher