The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...
InfoWorld

Possible software supply chain attack through AWS CodeBuild service blunted

Wiz researchers investigated and found the core of the flaw, a threat actor ID bypass due to unanchored regexes, and notified ...

CrowdStrike acquires browser security startup Seraphic Security for $400M

CrowdStrike plans to integrate Seraphic’s technology with its flagship Falcon cybersecurity platform. The development effort ...
Cybernews

AWS dodges massive cyber disaster: every account was in danger

Wiz Research discovered and responsibly disclosed a critical vulnerability in AWS CodeBuild that could have led to a massive platform-wide compromise.

DeepSeek V4 Leaked : Coding-First Model Aims at Devs with New Memory & Reasoning AI

Rumors suggest two DeepSeek V4 options, a flagship for long coding and a lighter build, so teams can ship multi-file updates ...
Bleeping Computer

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the ...
Indiatimes

Epic Games Store leak reveals 14 upcoming free games: Here's why it is likely not true

A massive leak suggests the Epic Games Store will offer 14 blockbuster titles for free this holiday season, including Red Dead Redemption 2 and Detroit: Become Human. This aggressive move aims to ...
The Hacker News

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old ...