Breach Breakdown Notepad++ Hijacked by Chinese Hackers for Six Months A Chinese state-sponsored group compromised Notepad++'s hosting infrastructure from June through December 2025, intercepting update traffic to push malicious installers to targeted users. Editorial Team • 3 min read
Westcon-Comstor, REAL Security (Photo: Security Land) cybersecurity Westcon-Comstor enters Balkans market with acquisition of specialist distributor REAL Security Strategic move gives Westcon-Comstor a presence in the region, providing a platform for accelerated growth and shared success. Editorial Team • 3 min read
Illustration - Cyber Resilience (Credit: iuriimotov) Business Shield The 24-Hour Recovery Myth: Why CISOs are Prioritizing Resilience New comprehensive research from Absolute Security exposes a "recovery reality gap." With 0% of organizations achieving sub-24-hour recovery, the industry is shifting focus from detecting threats to the speed of restoring business operations. Editorial Team • 2 min read
News 2025 Cyber Year in Review: AI Attacks, Data Breaches & Takedowns From React2Shell's perfect CVSS 10.0 score to the first autonomous AI cyberattack, 2025 pushed cybersecurity to its limits. This comprehensive analysis covers the top 10 breaches, critical vulnerabilities, why ransomware economics is slowly collapsing and big LEA operations against cybercriminals. Editorial Team • 17 min read
Photo by Daniil Komov Expert Decode The Critical Role of Human Expertise in Securing Machine-Generated Code Automated code generation introduces critical security gaps. Learn why human expertise remains essential for identifying vulnerabilities in machine-written code. Editorial Team • 6 min read
Photo: Security.land (Edit: AI) Cyber Watch MongoBleed Alert: CVE-2025-14847 Exploited in the Wild Dubbed "MongoBleed," CVE-2025-14847 allows unauthenticated attackers to exfiltrate sensitive data from MongoDB heap memory. With 87,000 instances exposed, active exploitation is now confirmed. Editorial Team • 3 min read
Illustration (Credit: Security.land) Threat Horizon Npm Registry Weaponized in Spearphishing Campaign Against Critical Infrastructure A five-month spearphishing operation has transformed the npm registry into a durable hosting layer for AiTM credential theft, specifically targeting sales teams in the manufacturing and healthcare industries. Editorial Team • 3 min read
Photo by Kenjiro Yagi Breach Breakdown Nissan Japan Data Breach Affects 21,000 Fukuoka Customers Nissan Motor Co. confirms a data breach affecting 21,000 customers in Japan following a security incident at third-party vendor Red Hat. No financial data was stolen. Editorial Team • 4 min read
Photo: Vadim Artyukhin Cyber Watch Crypto Theft Campaign Exploits NuGet Packages for Months Security researchers uncovered 14 malicious NuGet packages that impersonated legitimate cryptocurrency tools to steal funds and OAuth tokens. The campaign ran undetected from July through October 2025, using social engineering tactics. Editorial Team • 4 min read
Photo by Pankaj Patel Cyber Watch WhatsApp-Stealing Malware Lurked in NPM Package With 56,000 Downloads Researchers at Koi Security have uncovered a malicious npm package that stole WhatsApp credentials and messages while functioning perfectly as a legitimate API library. The lotusbail package accumulated over 56,000 downloads in six months. Editorial Team • 3 min read
Illustration - Hacking group with Iran flag GeoSphere Iranian Hacking Group Puts $30,000 Bounties on Israeli Defense Engineers The Handala hacking group claims to have exposed 14 Israeli engineers working on drone programs, offering $30,000 rewards for each. The threats follow attacks on politicians including Bennett, whose Telegram was compromised. Israeli security sources haven't verified the claims. Editorial Team • 3 min read
Illustration (Credit: Security.land) Threat Horizon Cybercriminals Impersonate Trend Micro in Multi-Sector Attack A sophisticated threat actor with possible links to Russian hybrid-threat groups impersonated Trend Micro security advisories to target defense contractors, energy companies, and cybersecurity firms. The attack chain was stopped before final payload deployment. Editorial Team • 5 min read
Watchguard Logo (Photo: Watchguard, Edit: Security.land) Cyber Watch Inside CVE-2025-14733: The Unauthenticated RCE Hitting WatchGuard Firewalls Analysis of CVE-2025-14733, a critical WatchGuard Firebox vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations. Editorial Team • 3 min read
Illustration of Threat Actor BlindEagle with Colombia flag in background Threat Horizon BlindEagle APT Deploys Dual Remote Access Trojans Against Colombian Government Infrastructure Zscaler documents BlindEagle APT's attack on Colombian government using steganography and dual RAT deployment in September 2025. Editorial Team • 5 min read
Red Hat Red Hat Strengthens AI Security Portfolio with Chatterbox Labs Acquisition Red Hat acquires Chatterbox Labs to integrate model-agnostic AI safety testing and guardrails into enterprise AI platform. Editorial Team • 4 min read
SAP Logo (Photo: SAP, Edit: Security.land) Cyber Watch SAP December Patches Address 15 Flaws Including Solution Manager RCE SAP's December 2025 patches fix 15 vulnerabilities including critical 9.9 CVSS Solution Manager code injection and Tomcat flaws in Commerce Cloud. Editorial Team • 9 min read
