The Hacker News

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

A critical MongoDB flaw, CVE-2025-14847, is under active exploitation, allowing unauthenticated data leaks from 87,000+ ...

Cyera researchers detail critical ‘Ni8mare’ vulnerability allowing full takeover of n8n instances

Cyera researchers detail critical 'Ni8mare' vulnerability allowing full takeover of n8n instances - SiliconANGLE ...
Nextgov

NIST’s vulnerability database logjam is still growing despite attempts to clear it

Get the latest federal technology news delivered to your inbox. Despite goals set last year by the National Institute of Standards and Technology to process a backlog of unanalyzed cybersecurity ...
Dark Reading

Critical 'MongoBleed' Bug Under Attack, Patch Now

The memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.
City & State New York

NYPD officer database had security flaws that could have let hackers covertly modify officer data

A database used to track NYPD officer profiles contained security flaws that would have allowed a skilled-enough hacker to add, remove or modify data entries and insert potentially malicious files ...
Dark Reading

New Vulnerability Database Catalogs Cloud Security Issues

Organizations traditionally have struggled to track vulnerabilities in public cloud platforms and services because of the lack of a common vulnerability enumeration (CVE) program like the one that ...
Nextgov

NIST may not resolve vulnerability database backlog until early 2025, analysis shows

A leading U.S.-managed database of cybersecurity vulnerabilities has a processing backlog so extensive that, at current rates, it likely won’t be cleared up until early 2025, a new analysis shows. The ...
CRN

Wiz: Vulnerability In Microsoft Azure Database Allowed Access To Sensitive Customer Data

The flaw ‘broke one of the fundamental things about the cloud – that you can’t access another person’s data,’ says security provider Wiz. Cloud security provider Wiz disclosed Thursday that earlier ...
CSOonline

New EU vulnerability database will complement CVE program, not compete with it, says ENISA

After the CVE’s program’s near-death experience in April, might the Europeans be looking for a more reliable long-term system? From this week, the global technology industry has a new database to ...

Dr. Ansay: Security vulnerability allowed access to 1.7 million prescriptions

The telemedicine provider Dr. Ansay has experienced another security vulnerability. This endangered hundreds of thousands of ...
MacRumors

Security Database Used by Apple Goes Independent After Funding Cut [Updated]

Update: Following the CVE Foundation's announcement (below), CISA has said the U.S. government is extending funding to ensure no continuity issues with the critical Common Vulnerabilities and ...
AppleInsider

Global security vulnerability database gets 11 more months of funding [u]

After the U.S. government initially cut its funding of the CVE database, used to track security vulnerabilities in operating systems and software, CISA has said it will continue to be funded for ...