🔐 CYBERSECURITY
Software Security & Vulnerabilities
React2Shell (CVE-2025-55182) Critical Vulnerability - A critical CVSS 10.0 vulnerability in React Server Components allows unauthenticated attackers to execute remote code. Actively exploited by multiple hacker groups. Deadline for patching: December 12, 2025. Source: PurpleOps
WinRAR Path Traversal Vulnerability CVE-2025-6218 - CISA added a critical WinRAR path traversal vulnerability to its list of actively exploited vulnerabilities. Immediate patching recommended. Source: Hoplon InfoSec
Apple Patches Two WebKit Zero-Days - Apple released emergency patches for two sophisticated zero-day vulnerabilities (CVE-2025-14174), with WebKit flaws potentially causing memory corruption. Source: PCMag
Google Chromium Eighth Zero-Day of 2025 - Google issued high-severity alert for CVE-2025-14174, marking the eighth Chromium zero-day exploited in 2025. Source: Cyber Press
React Server Components Denial of Service - CVE-2025-55184 enables unauthenticated attackers to crash servers via DDoS attacks against React Server Components. Source: LinkedIn Security Post
Windows Cloud Files Mini Filter 0-Day Exploited - CISA warned of exploitation of Windows Cloud Files Mini Filter driver zero-day, added to KEV catalog with December 30, 2025 remediation deadline. Source: Cybersecurity News
Network Security
Sierra Wireless Router Critical RCE Flaw - Sierra Wireless AirLink ALEOS routers contain high-severity RCE vulnerability (CVE-2018-4063) currently being actively exploited. Source: WIU Cybersecurity Center
Data Security & Privacy
Askul Reports 740,000 Data Sets Breached - Japanese company Askul disclosed breach affecting 740,000 customer records in recent cyberattack. Major customer and employee data impacted. Source: DataBreaches.net
Coupang Breach Traced to Ex-Employee Access - Coupang data breach traced to former employee who retained system access after departure. Highlights critical IAM vulnerability. Source: InfoSec Industry
University of Phoenix Oracle EBS Zero-Day Breach - University of Phoenix confirmed data breach from Oracle EBS zero-day exploitation. Student and employee personal information affected. Source: CyberInsider
FBI Confirms 630 Million Stolen Passwords - FBI confirmed that 630 million stolen passwords were found on devices belonging to a single hacker. Critical password security alert. Source: Forbes
Threat Intelligence & Incident Response
Microsoft December 2025 Patch Tuesday - Microsoft's December 2025 Patch Tuesday addressed 57 vulnerabilities, including three critical zero-days with active exploitation. Source: Security Affairs
Windows 11 December 2025 Update - 57 Flaws Fixed - Windows 11 December 2025 update addresses 57 security flaws, including multiple zero-days. Immediate installation recommended. Source: CyberInsider
iOS 26.2 Security Update Released - Apple's iOS 26.2 fixes multiple vulnerabilities including iPhone Kernel flaw (CVE-2025-46285) allowing root privilege escalation. Source: Forbes
Ransomware Surge 34% in 2025 - Ransomware attacks surged 34% globally in the first three quarters of 2025, with criminals hitting businesses faster and harder. Source: Instagram
2026 Will Be Year of AI-Based Cyberattacks - Security researchers warn that malware can be hidden inside AI models, with 2026 expected to see significant increase in AI-powered attacks. Source: Security Boulevard
Rust-Based Luca Stealer Targets Linux and Windows - A new Rust-based Luca Stealer malware has been launched targeting both Linux and Windows systems, showing evolution of cross-platform threats. Source: GBHackers
Jaguar Land Rover Faces Major Cyber Attack - Jaguar Land Rover reported major cyber attack with attackers claiming to have stolen payroll data. Investigation ongoing. Source: News4Hackers
Cybersecurity Tools & Platforms
MITRE Releases Top 25 Most Dangerous Software Weaknesses 2025 - MITRE published its annual Top 25 Most Dangerous Software Weaknesses of 2025, highlighting recurring coding errors exploited by adversaries. Source: Cybersecurity News
Kali Linux 2025.4 Released - Kali Linux 2025.4 released with latest security testing and penetration testing tools for professionals. Source: Cybersecurity News
Portugal Updates Cybercrime Law for Security Researchers - Portugal updated its cybercrime law to exempt security researchers, encouraging responsible disclosure and vulnerability research. Source: Publish0x
No comments:
Post a Comment