CyberNews: 25/12/2025 Edition

Published by Dunateo on 2025-12-25

Today’s roundup

  • High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover
  • LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
  • Fake MAS Windows activation domain used to spread PowerShell malware
  • SEC Charges Crypto Firms in $14m Investment Scam
  • U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns
  • Microsoft Teams to let admins block external users via Defender portal
  • Coordinated Scams Target MENA Region With Fake Online Job Ads

    • Summary

    MongoDB issued an urgent warning regarding a high-severity remote code execution (RCE) vulnerability, CVE-2025-14847 (CVSS 8.7). This flaw allows unauthenticated remote attackers to execute arbitrary code through a client-side exploit in the server's zlib implementation. Users are advised to immediately upgrade to patched versions, such as 8.2.3 or 8.0.17, or to disable zlib compression to prevent server takeover.

    New findings from TRM Labs reveal that the 2022 LastPass data breach has led to years-long cryptocurrency thefts, continuing as recently as late 2025. Evidence points to Russian cybercriminal involvement, with threat actors exploiting weak master passwords to crack stolen encrypted vault backups and drain assets.

    A typosquatted domain, designed to impersonate the legitimate Microsoft Activation Scripts (MAS) tool, is actively being used to distribute malicious PowerShell scripts. These scripts infect Windows systems with a payload identified as 'Cosmali Loader' malware.

    The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple cryptocurrency platforms and associated investment clubs. The charges allege that these entities defrauded American investors, resulting in losses exceeding $14 million.

    The U.S. Federal Communications Commission (FCC) has banned drones and critical components manufactured in foreign countries, citing national security concerns. This decision, following an Executive Branch interagency review, adds these items to the FCC's Covered List, prohibiting new models from being imported, marketed, or sold in the United States.

    Microsoft is implementing new security capabilities in Teams, allowing security administrators to block external users from initiating communications. Through the Defender portal, admins will soon be able to prevent external individuals from sending messages, making calls, or inviting internal organization members to meetings.

    A coordinated campaign involving fake online job advertisements has been identified, primarily targeting individuals within the Middle East and North Africa (MENA) region. These scams exploit the increasing popularity of remote work opportunities.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-14847 High