Saturday, December 13, 2025

🔐 Cybersecurity [13-Dec-2025]


🔐 Cybersecurity

Network Security

React2Shell Exploitation Escalates into Global Attacks - CISA warns that attackers are actively exploiting React2Shell vulnerability CVE-2025-55182 in large-scale global attacks. Organizations urged to patch vulnerable systems immediately. Source: The Hacker News

Server Security & Infrastructure

Gogs Zero-Day Vulnerability Actively Exploited - 700+ Instances Compromised - Wiz disclosed CVE-2025-8110, a bypass for Gogs RCE vulnerability exploited for months. Over 700 instances compromised by early December 2025. No official patch available yet. Source: Dark Reading

Microsoft December 2025 Patch Tuesday - 57 Vulnerabilities Addressed - Microsoft released its December 2025 security update addressing 57 vulnerabilities including 3 critical issues and 2 actively exploited zero-days: CVE-2025-62221 and CVE-2025-54100. Source: SOC Prime

Software Security & Vulnerabilities

Critical GitLab Vulnerabilities Expose DevOps Pipelines - GitLab released urgent security patches addressing 10 vulnerabilities - 4 high-severity - that could allow XSS attacks and expose DevOps pipelines to threats. Source: eSecurityPlanet

CVE-2025-55184 & CVE-2025-55183: Next.js Critical Security Vulnerabilities - React and Next.js communities faced critical security vulnerabilities affecting React Server Components and Next.js. Multiple CVEs discovered in December 2025. Source: Cyber AR

Cloud Security

Tenable Partners with GSA for FedRAMP-Authorized Cloud Security - Tenable partnered with GSA to offer FedRAMP-authorized cloud security solution to US federal agencies on December 12, 2025. Source: Industrial Cyber

Palo Alto Networks Prisma Browser Leads Zero Trust Browser Security - Prisma Browser is identified as Frost Radar leader for ZTBS (Zero Trust Browser Security). Precision AI-powered security transforms browser from attack vector to defense. Source: Palo Alto Networks

User/Identity & Access Management (IAM)

ISC2 Announces Cloud Security Architecture Strategy Certificate - ISC2 launched cloud security certification focusing on zero trust architecture in cloud environments with advanced proficiency level training. Source: ISC2

Threat Intelligence & Incident Response

MITRE Releases 2025 Top 25 Most Dangerous Software Vulnerabilities - MITRE published its 2025 list of the top 25 most dangerous software vulnerabilities, with multiple major patches from Microsoft, Adobe, and SAP announced. Source: SecurityWeek

OWASP Releases Agentic AI Top 10 Risks - OWASP ranked top 10 risks for agentic AI applications. Part of broader cybersecurity snapshot released December 12, 2025. Source: Tenable

Free Cybersecurity Courses & Certifications

Pluralsight Certified Kubernetes Security Specialist (CKS) Training - Pluralsight offers Certified Kubernetes Security Specialist (CKS) courses with labs on secrets management and network policies. Updated December 11, 2025. Source: Pluralsight

Other Cybersecurity Topics

OpenPLC_v3 CSRF Vulnerability Fixed - OpenPLC GitHub PR #310 titled 'Fixed CSRF vulnerability' was merged in December 2025. ICS security improved with this critical fix. Source: Windows Forum

Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)