Adnan Siddiqui

Author at AgentSOC

Published Posts

16 posts

CybersecurityDec 30, 2025

Silver Fox Targets Indian Users with Tax-Themed Phishing Emails to Deliver ValleyRAT Malware

The threat actor referred to as Silver Fox is now actively targeting India, using phishing emails themed around…

Database SecurityDec 29, 2025

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

A high-severity MongoDB vulnerability has been identified that enables unauthenticated clients to read uninitialized data from the server…

AI SecurityDec 29, 2025

Conventional Security Frameworks Leave Organizations Vulnerable to AI-Specific Attack Vectors

In December 2024, the popular Ultralytics AI library was compromised and used to deploy malicious code that hijacked…

CybersecurityDec 29, 2025

27 Malicious npm Packages Leveraged as Phishing Infrastructure to Steal Credentials

Cybersecurity researchers have outlined a “sustained and targeted” spear-phishing operation that weaponized more than two dozen npm packages…

CybersecurityDec 29, 2025

Worldwide Active Exploitation of MongoDB Vulnerability CVE-2025-14847

A newly disclosed MongoDB security bug is now being actively weaponized, with more than 87,000 internet-facing instances appearing…

CybersecurityDec 29, 2025

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime, and More

From a SOC lens, last week’s activity in 2025 wasn’t dominated by a single headline breach, but by…

CybersecurityDec 27, 2025

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws, Docker Hack, and 15 Additional Stories

From a SOC vantage point, the line between routine technology use and hostile activity is getting thinner. Adversaries…

CybersecurityDec 27, 2025

Critical LangChain Core Vulnerability Exposes Secrets Through Serialization Injection

A critical vulnerability has been identified in LangChain Core that an attacker could abuse to exfiltrate sensitive secrets…

Cyber Threat IntelligenceDec 27, 2025

China-Linked Evasive Panda Conducted DNS Poisoning Campaign to Deliver MgBot Malware

A China-based advanced persistent threat (APT) group has been tied to a focused cyber-espionage operation in which the…

CryptocurrencyDec 27, 2025

Trust Wallet Chrome Extension Breach Causes $7 Million Crypto Loss via Malicious Code

Trust Wallet is urging users to immediately update its Google Chrome extension to the latest release after identifying…

Database SecurityDec 27, 2025

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

A high-impact vulnerability has been identified in MongoDB that enables unauthenticated clients to read uninitialized heap memory from…

Endpoint SecurityDec 26, 2025

New MacSync macOS Stealer Bypasses Apple Gatekeeper Using a Signed, Notarized Swift App

Security analysts have identified a new variant of the macOS information-stealing malware MacSync, delivered via a digitally signed…

Endpoint SecurityDec 26, 2025

CISA Flags Digiever NVR Vulnerability Actively Exploited, Allowing Remote Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability affecting Digiever DS-2105 Pro network video recorders…

Enterprise SecurityDec 26, 2025

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass (CVE-2020-12812)

Fortinet on Wednesday said it has observed “recent abuse” of a five-year-old FortiOS SSL VPN vulnerability being exploited…

Data BreachDec 26, 2025

TRM Labs Finds LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts

Encrypted vault backups stolen during the 2022 LastPass incident are still being successfully attacked, with threat actors leveraging…

CybersecurityDec 26, 2025

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws and AI Exploits, Docker Hack, and 15 More Stories

From a SOC perspective, the line between routine technology use and active abuse keeps narrowing. Intrusions increasingly look…

Adnan Siddiqui

Published Posts

Silver Fox Targets Indian Users with Tax-Themed Phishing Emails to Deliver ValleyRAT Malware

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

Conventional Security Frameworks Leave Organizations Vulnerable to AI-Specific Attack Vectors

27 Malicious npm Packages Leveraged as Phishing Infrastructure to Steal Credentials

Worldwide Active Exploitation of MongoDB Vulnerability CVE-2025-14847

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime, and More

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws, Docker Hack, and 15 Additional Stories

Critical LangChain Core Vulnerability Exposes Secrets Through Serialization Injection

China-Linked Evasive Panda Conducted DNS Poisoning Campaign to Deliver MgBot Malware

Trust Wallet Chrome Extension Breach Causes $7 Million Crypto Loss via Malicious Code

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

New MacSync macOS Stealer Bypasses Apple Gatekeeper Using a Signed, Notarized Swift App

CISA Flags Digiever NVR Vulnerability Actively Exploited, Allowing Remote Code Execution

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass (CVE-2020-12812)

TRM Labs Finds LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws and AI Exploits, Docker Hack, and 15 More Stories

AgentSOC

Resources

Legal

Follow Us

Adnan Siddiqui

Published Posts

Silver Fox Targets Indian Users with Tax-Themed Phishing Emails to Deliver ValleyRAT Malware

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

Conventional Security Frameworks Leave Organizations Vulnerable to AI-Specific Attack Vectors

27 Malicious npm Packages Leveraged as Phishing Infrastructure to Steal Credentials

Worldwide Active Exploitation of MongoDB Vulnerability CVE-2025-14847

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime, and More

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws, Docker Hack, and 15 Additional Stories

Critical LangChain Core Vulnerability Exposes Secrets Through Serialization Injection

China-Linked Evasive Panda Conducted DNS Poisoning Campaign to Deliver MgBot Malware

Trust Wallet Chrome Extension Breach Causes $7 Million Crypto Loss via Malicious Code

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Heap Memory

New MacSync macOS Stealer Bypasses Apple Gatekeeper Using a Signed, Notarized Swift App

CISA Flags Digiever NVR Vulnerability Actively Exploited, Allowing Remote Code Execution

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass (CVE-2020-12812)

TRM Labs Finds LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws and AI Exploits, Docker Hack, and 15 More Stories