Critical vulnerability in IBM API Connect could allow authentication bypass
CSO Online 01.01.2026 01:55
IBM is urging customers to quickly patch a critical vulnerability in its API Connect platform that could allow remote attackers to bypass authentication.
The company describes API Connect as a full lifecycle application programming interface (API) gateway used “to create, test, manage, secure, analyze, and socialize APIs.”
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
The Hacker News 31.12.2025 16:29
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets.
"Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
The Hacker News 31.12.2025 13:37
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
"IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain
MongoBleed: Mehr als 11.500 verwundbare MongoDB-Instanzen in Deutschland
Heise Security 31.12.2025 12:47
IT-Sicherheitsforscher haben die Verbreitung von für MongoBleed anfällige Instanzen untersucht. In Deutschland stehen über 11.500.