The Apache Software Foundation has released Apache HTTP Server 2.4.66 to address multiple vulnerabilities in the Apache HTTP Server 2.4 series.

On December 19, 2025, MongoDB disclosed information regarding a vulnerability (CVE-2025-14847) in MongoDB involving information disclosure from uninitialized heap memory. If exploited, an unauthenticated remote third party could send specially crafted communications to read information remaining in uninitialized heap memory, potentially leading to the leakage of confidential information (such as API keys and credentials) stored within MongoDB.

The state of cybersecurity in Japan as of January 11, 2026.

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms also being used on Windows, where they are user-writable locations. To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.

Vulnerability Summary: CVE-2025-68615This is a critical vulnerability in the Net-SNMP trap reception daemon (snmptrapd), disclosed in late December 2025.

Caught a cold

Overview OpenBlocks series provided by Plat'Home Co.,Ltd. contains an authentication bypass vulnerability. Products Affected OpenBlocks IoT DX1 (FW5.0.x) all versions prior to FW5.0.8 OpenBlocks IoT EX/BX models (FW5.0.x) all versions prior to FW5.0.8 OpenBlocks IX9 models with FW (FW5.0.x) all versions prior to FW5.0.8 OpenBlocks IoT VX2 (FW5.0.x) all versions prior to FW5.0.8 OpenBlocks IDM RX1 (FW5.0.x) all versions prior to FW5.0.8 OpenBlocks IoT FX1 (FW5.0.x) all versions prior to FW5.0.8