A critical security vulnerability, tracked as CVE-2025-14847, that could allow attackers to extract uninitialized heap memory from database servers without authentication. The flaw resides in MongoDB’s zlib compression implementation and affects multiple versions of the database platform. The vulnerability enables client-side…
SEC Files Charges Over $14 Million Crypto Scam Using Fake AI-Themed Investment Tips
The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million from retail investors. The complaint charged crypto asset trading platforms Morocoin Tech…
Consumer Cyber Risks in 2026 Focus on AI-Driven Scams, Not Hacks
The most serious cyber risks consumers face in 2026 are less about technical break-ins and more about manipulation. Criminals increasingly rely on realistic AI-generated media and social engineering to pressure people into […] Thank you for being a Ghacks reader.…
ServiceNow to acquire Armis for $7.75 billion
ServiceNow entered into an agreement to acquire Armis for $7.75 billion in cash. The acquisition will expand ServiceNow’s security workflow offerings and advance AI-native, proactive cybersecurity and vulnerability response across all connected devices. Together, ServiceNow and Armis will create a…
La Poste Still Offline After Major DDoS Attack
French postal service warns of “major network incident” just before Christmas This article has been indexed from www.infosecurity-magazine.com Read the original article: La Poste Still Offline After Major DDoS Attack
WebRAT Malware via GitHub Repositories Claim as Proof-of-concept Exploits to Attack Users
A new malware campaign has surfaced that uses GitHub repositories to spread the WebRAT malware by disguising it as proof-of-concept exploits and gaming utilities. The malware targets users searching for game cheats, pirated software, and application patches, particularly for popular…
Five identity-driven shifts reshaping enterprise security in 2026
2026 marks the tipping point when artificial intelligence begins to fundamentally reshape cyber risk. After several years of widespread adoption, AI moves beyond influencing how we work and starts transforming the enterprise itself. AI is now embedded at every layer…
Cyberattack Knocks La Poste Offline, Disrupting Postal and Banking Services Across France
La Poste described the situation as “a major network incident” that affected all of its information systems. The post Cyberattack Knocks La Poste Offline, Disrupting Postal and Banking Services Across France appeared first on TechRepublic. This article has been indexed…
ServiceNow to acquire cybersecurity startup Armis, MacSync Stealer adopts quieter installation, Nissan customer data stolen in Red Hat raid
ServiceNow to acquire cybersecurity startup Armis MacSync Stealer adopts quieter installation Nissan customer data stolen in Red Hat raid Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that…
IT Security News Hourly Summary 2025-12-24 09h : 3 posts
3 posts were published in the last hour 8:2 : The End of AI Theatre: What Business-Ready Technology Looks Like in 2026 8:2 : Stockton Hospital Gets Robotic Operating Theatre 7:31 : Italy Fines Apple €98.6 Million Over ATT Rules…
The End of AI Theatre: What Business-Ready Technology Looks Like in 2026
Tech predictions for 2026 reveal a shift from AI hype to accountability, with focus on real value, human skills, governance, cybersecurity and trust. This article has been indexed from Silicon UK Read the original article: The End of AI Theatre:…
Stockton Hospital Gets Robotic Operating Theatre
University Hospital of North Tees completes £6.5 million project, including robotic theatre for less-invasive surgery This article has been indexed from Silicon UK Read the original article: Stockton Hospital Gets Robotic Operating Theatre
Italy Fines Apple €98.6 Million Over ATT Rules Limiting App Store Competition
Apple has been fined €98.6 million ($116 million) by Italy’s antitrust authority after finding that the company’s App Tracking Transparency (ATT) privacy framework restricted App Store competition. The Italian Competition Authority (Autorità Garante della Concorrenza e del Mercato, or AGCM)…
Evasive Panda APT poisons DNS requests to deliver MgBot
Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant. This article has been indexed from Securelist Read the original article: Evasive Panda APT poisons DNS requests…
Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours
A massive credential-theft campaign dubbed PCPcat compromised 59,128 Next.js servers in under 48 hours. The operation exploits critical vulnerabilities CVE-2025-29927 and CVE-2025-66478, achieving a 64.6% success rate across 91,505 scanned targets. PCPCat scanners, distributed via react.py malware, probe public Next.js…
Interpol Taken Down 6 Ransomware Variants and Arrested 500+ Suspects
Law enforcement agencies across 19 African nations have achieved a landmark victory against cybercrime. Arresting 574 suspects and dismantling six ransomware variants during Operation Sentinel, a month-long coordinated crackdown that concluded on November 27. The operation, which ran from October…
Ransomware Attack on Romanian Waters Authority – 1,000+ IT Systems Compromised
Romania’s National Administration “Apele Române” (Romanian Waters) disclosed a severe ransomware attack on December 20, 2025. That compromised approximately 1,000 IT systems across the agency and 10 of its 11 regional water basin administrations. The incident affected critical infrastructure responsible…
Conjur: Open-source secrets management and application identity
Conjur is an open-source secrets management project designed for environments built around containers, automation, and dynamic infrastructure. It focuses on controlling access to credentials such as database passwords, API keys, and tokens that applications need at runtime. The project is…
What if your face could say “don’t record me”? Researchers think it’s possible
Phones, smart glasses, and other camera-equipped devices capture scenes that include people who never agreed to be recorded. A newly published study examines what it would take for bystanders to signal their privacy choices directly to nearby cameras. BLINDSPOT system…
Governance maturity defines enterprise AI confidence
AI security has reached a point where enthusiasm alone no longer carries organizations forward. New Cloud Security Alliance research shows that governance has become the main factor separating teams that feel prepared from those that do not. Governance separates confidence…
Critical MongoDB Flaw Leaks Sensitive Data Through zlib Compression
MongoDB has disclosed a critical security vulnerability tracked as CVE-2025-14847 that could allow attackers to extract uninitialized heap memory from database servers without authentication. The flaw, affecting multiple MongoDB versions dating back to v3.6, stems from a client-side exploit in…
WebRAT Malware Campaign Leveraging GitHub-Hosted Proof-of-Concept Code
Cybersecurity specialists from the Solar 4RAYS cyberthreat research center, a division of the Solar Group, have uncovered a dangerous new malware strain dubbed “Webrat.” This sophisticated threat has been identified as a multi-functional remote access tool (RAT) and information stealer…
Operation PCPcat Exploits Next.js and React, Impacting 59,000+ Servers
A sophisticated credential-stealing campaign named “Operation PCPcat” has compromised over 59,000 Next.js servers worldwide, exploiting critical vulnerabilities in the popular React framework to harvest sensitive authentication data at industrial scale. Security researchers discovered the campaign through honeypot monitoring and gained…
“Purifying” photons: Scientists found a way to clean light itself
A new discovery shows that messy, stray light can be used to clean up quantum systems instead of disrupting them. University of Iowa researchers found that unwanted photons produced by lasers can be canceled out by carefully tuning the light…