Enterprise Security Tech

A wave of LinkedIn phishing attacks is exploiting the platform’s own public comment sections, blurring the line between legitimate support messages and outright fraud in a way that security researchers say marks a new phase in social engineering. The campaign surfaced earlier this week when researchers and targeted users began warning that bot-like accounts were replying directly to posts while impersonating LinkedIn itself. The fake comments claim the recipient has violated

A flood of unexpected Instagram password reset emails has left millions of users wondering whether their accounts were quietly compromised or if something else is unfolding behind the scenes. Meta insists there was no breach of Instagram’s systems and that accounts remain secure. Security researchers are not so quick to dismiss the risks. The confusion stems from reports that a dataset tied to roughly 17.5 million Instagram users is circulating on cybercrime forums. Malwareby

As the cybersecurity industry closes the books on 2025, the year is already solidifying around a familiar but unsettling conclusion: attackers didn’t need radically new malware to cause outsized damage. They needed people, timing, and a growing catalog of quietly catastrophic infrastructure flaws. That’s the throughline emerging from a year-end review by incident response specialists at LevelBlue , which absorbed digital forensics heavyweight Stroz Friedberg earlier this year

For a brief moment last week, the internet appeared to relive a familiar panic: headlines warning that cybercriminals had walked away with data from millions of Instagram users. Security vendor Malwarebytes  said attackers had stolen sensitive information tied to roughly 17.5 million accounts. Instagram pushed back just as forcefully, insisting there was no breach of its systems at all. Both claims can technically coexist — and that uneasy overlap says more about the modern d

A newly disclosed flaw in MongoDB dubbed 'MongoBleed' is exposing a subtle but dangerous reality of modern cloud infrastructure: sometimes the most sensitive data does not need to be stolen from a database table at all. It can simply leak out of memory. Tracked as CVE-2025-14847 , the vulnerability affects how MongoDB  processes zlib-compressed network traffic. Under specific conditions, a remote attacker can trigger the database server to return fragments of its own uniniti

Every December, the internet dresses itself up for the holidays. Social feeds fill with lights and nostalgia, inboxes clog with end of year reminders, and millions of people quietly reset their passwords. According to a new analysis of breached credentials, that seasonal spirit is leaking straight into login security in ways attackers already understand all too well. Security researchers at Specops Software examined roughly 800 million compromised passwords and found that ho