MongoDB warns admins to patch severe RCE flaw immediately

MongoDB has warned IT admins to immediately patch a high-severity vulnerability that can be exploited in remote code execution (RCE) attacks targeting vulnerable servers. Tracked as CVE-2025-14847, this security flaw affects multiple MongoDB and MongoDB Server versions and can be exploited by unauthenticated threat actors in low-complexity attacks that don’t require user interaction. CVE-2025-14847 is […]

FBI seizes domain storing bank credentials stolen from U.S. victims

The U.S. government has seized the ‘web3adspanels.org’ domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks. Cybercriminals collected the credentials in phishing campaigns targeting American citizens through fraudulent ads on Google and Bing search services that led to fake banking portals. The confirmed financial loss from […]

Microsoft rolls out hardware-accelerated BitLocker in Windows 11

Microsoft is rolling out hardware-accelerated BitLocker in Windows 11 to address growing performance and security concerns by leveraging the capabilities of system-on-a-chip and CPU. BitLocker is the native full-disk encryption feature in Windows that protects data from being readable without proper authentication. During normal device boot, it relies on the Trusted Platform Module (TPM) to securely […]

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software and cheats for games like Roblox, Counter Strike, and Rust, WebRAT is a backdoor with info-stealing capabilities that emerged at the beginning of the year. According to a report from Solar 4RAYS […]

Microsoft Teams strengthens messaging security by default in January

Microsoft announced that Teams will automatically enable messaging safety features by default to strengthen defenses against content tagged as malicious. The change will roll out starting January 12, 2026, to tenants still using the default configuration and who haven’t previously modified messaging safety settings. “We’re improving messaging security in Microsoft Teams by enabling key safety […]

Cyberattack knocks offline France’s postal, banking services

La Poste, the French national postal service, confirmed on Monday that all its information systems were knocked offline by “a major network incident,” disrupting digital banking and online services for millions of customers. On social media, La Poste announced that the disruption rendered multiple platforms temporarily inaccessible, including its main website, mobile app, digital identity […]

Italy fines Apple $116 million over App Store privacy policy issues

Italy’s competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. ATT requires developers to request consent to collect their data for targeted advertising before tracking them across websites, apps, and services owned by other companies. […]

New MacSync malware dropper evades macOS Gatekeeper checks

The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application. Security researchers at Apple device management platform Jamf say that the distribution method constitutes a significant evolution from past iterations that used less sophisticated “drag-to-Terminal” or ClickFix tactics. “Delivered as a code-signed and notarized Swift application within […]