Cybersecurity
Software Security & Vulnerabilities
Microsoft Patch Tuesday December 2025: 57 Vulnerabilities - Microsoft released patches for 57 security vulnerabilities in December 2025, including one actively exploited zero-day and two publicly disclosed vulnerabilities. This completes 2025 with 1,139 total CVEs patched. Source: Krebs on Security
CVE-2025-62221: Windows Cloud Files UAF Vulnerability - Windows Cloud Files Mini Filter contains a 7.8-CVSS Use-After-Free vulnerability (CVE-2025-62221) that requires immediate patching. This was one of the critical issues in December Patch Tuesday. Source: CrowdStrike
WinRAR CVE-2025-6218: Directory Traversal RCE Under Active Attack - CISA warns that WinRAR vulnerability CVE-2025-6218 (directory traversal leading to RCE) is under active attack by multiple threat groups. Federal agencies must patch by December 30, 2025. Source: The Hacker News
CVE-2025-6218: Multiple Active Attack Campaigns Confirmed - CVE-2025-6218 exploitation has been confirmed across multiple threat groups, making it a critical priority for all WinRAR users. Original disclosure came from Trend Micro Zero Day Initiative. Source: Cybersecurity News
Network Security
CISA Alert: Pro-Russia Hacktivists Conduct Opportunistic Attacks - CISA and Australian cyber agencies released advisory on pro-Russia hacktivist groups conducting opportunistic attacks on critical infrastructure. Organizations should heighten network monitoring. Source: CISA
NVD CVE Database: December 2025 Critical Updates - NVD records show critical vulnerabilities including NETGEAR Nighthawk router command injection (CVE-2025-12945) and speedtest feature RCE (CVE-2025-12946) due to improper input validation. Source: NVD - NIST
User/Identity & Access Management (IAM)
Ivanti Endpoint Manager Multiple Vulnerabilities - Ivanti Endpoint Manager prior to 2024 SU4 SR1 contains improper cryptographic signature verification in patch management (CVE-2025-13662) and path traversal issues (CVE-2025-13661). Updates are critical. Source: NVD
Cloud Security
WinRAR Patch Required by December 30, 2025 - Both Microsoft Windows (CVE-2025-62221) and WinRAR (CVE-2025-6218) flaws have been added to CISA's Known Exploited Vulnerabilities catalog with mandatory federal patching deadlines. Source: Security Affairs
Threat Intelligence & Incident Response
Hacker News: Active Threat Intelligence Updates - The Hacker News continues to track emerging threats with detailed analysis of WinRAR exploitation campaigns, Microsoft zero-day exploits, and industry best practices for incident response. Source: The Hacker News
No comments:
Post a Comment