Microsoft is investigating a bug in classic Outlook that prevents recipients from opening encrypted emails with "Encrypt Only" permissions after a recent update. Affected users see a message_v2.rpmsg attachment instead of readable content.

The number of cyberattacks on Taiwan's energy sector increased by 1,000% in 2025 compared to 2024, making it the most targeted sector among nine critical infrastructure categories.

A critical command injection vulnerability, identified as CVE-2026-0625, has been discovered in legacy D-Link DSL routers. This flaw allows unauthenticated attackers to execute arbitrary commands remotely.

AI-powered IDEs forked from Microsoft VSCode, such as Cursor, Windsurf, Google Antigravity, and Trae, are vulnerable to "recommended extension" attacks. These IDEs recommend extensions that are not present in the OpenVSX registry.

A threat actor known as Zestix is actively selling corporate data stolen from cloud file-sharing services such as ShareFile, Nextcloud, and OwnCloud. The data theft is facilitated by info-stealing malware like RedLine, Lumma, and Vidar.

Over 10,000 Fortinet firewalls are currently exposed to a critical two-factor authentication (2FA) bypass vulnerability, CVE-2020-12812. This flaw allows attackers to log in without the second factor of authentication by altering the username's case.

Ongoing cryptocurrency thefts have been traced back to the 2022 LastPass breach, where attackers stole encrypted vaults containing cryptocurrency wallet private keys and seed phrases.

MongoDB has issued an urgent advisory for IT administrators to patch a critical remote code execution (RCE) vulnerability, CVE-2025-14847. This flaw affects multiple versions of MongoDB and MongoDB Server.

The University of Phoenix (UoPX) experienced a data breach affecting 3,489,274 individuals, including students, staff, and suppliers. The breach was disclosed on the university's official website in early December.

A malicious npm package named lotusbail has been identified, posing as a legitimate WhatsApp Web API library. This package is a fork of the WhiskeySockets Baileys project and has been downloaded over 56,000 times.