Cybersecurity
Network Security
FortiCloud SSO Authentication Bypass - Critical CVE-2025-59718 and CVE-2025-59719 in FortiCloud SSO actively exploited in the wild. Over 25,000 FortiCloud SSO devices exposed. Source: Secure Blink
WatchGuard Fireware OS Vulnerability - WatchGuard warns of critical CVE-2025-14733 (CVSS 9.3) with active real-world exploitation in VPN devices. Released fixes December 19, 2025. Source: Western Illinois University
Server Security & Infrastructure
Cisco Email Security Zero-Day - Exploited zero-day discovered in Cisco email security appliances. Critical security flaw impacting enterprise email infrastructure. Source: Help Net Security
Software Security & Vulnerabilities
December 2025 Android Security Bulletin - Google released security bulletin addressing 100+ vulnerabilities including zero-days CVE-2025-48633 and CVE-2025-48572. Framework and system vulnerabilities covered. Source: SocRadar
Apple WebKit Zero-Day Fixes - Apple issued security updates for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) exploited as zero-days. Urgent patching recommended. Source: Help Net Security
Microsoft Partner Center Authorization Bypass - Critical CVE-2025-65041 enables privilege escalation through authorization check bypass. Remote exploitation possible. Source: The Hacker Wire
React RSC Vulnerabilities - React team released fixes for two new vulnerability types enabling DoS and source code exposure in RSC (React Server Components). Source: Western Illinois University
Threat Intelligence & Incident Response
Iranian Infy APT Resurgence - Iranian APT Infy resurfaced after years of silence with updated Foudre & Tonnerre malware, phishing delivery, and resilient C2 infrastructure worldwide. Source: The Hacker News
CISA KEV Catalog Updates - CISA added CVE-2025-14733 to Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. Source: Open Text Cybersecurity
Q4 2025 Criminal AI Usage Surge - Resecurity reports Q4 2025 surge in criminal use of DIG AI on Tor enabling scalable illicit activity ahead of major 2026 events. Source: Security Affairs
Ransomware Trends Update - Sophisticated phishing onslaught and ransomware resurgence (LockBit, Clop) dominating December 2025. Year-end recap of 2025 threat landscape. Source: Rod Trent Substack
Free Cybersecurity Courses & Certifications
Kali Linux 2025.4 Release - Offensive Security released Kali Linux 2025.4 with updated desktop environments, Wayland support, and Halloween mode. Essential for penetration testing and security auditing. Source: EkamDasha Blog
TryHackMe Advent of Cyber 2025 - TryHackMe's Advent of Cyber 2025 offers free holiday-themed cybersecurity learning. No experience needed, badge/certificate upon completion. Source: Instagram TryHackMe
Purdue University Cybersecurity Training - Purdue University Northwest Center for Cybersecurity provides free training for accepted applicants. Tracks in AI literacy and cybersecurity administration available. Source: WIMS Radio
Cybersecurity Tools & Platforms
VulnCheck CVE Analysis - VulnCheck analyzed 432 exploited CVEs in first half of 2025, with nearly one-third exploited on or before disclosure. Critical metric for prioritization. Source: VulnCheck
Reactive Shell Vulnerability Impact - Critical Reactive Shell vulnerability (CVE-2025-512) hit Nexus deployments with near 100% exploit success rate. Patch immediately if affected. Source: YouTube
No comments:
Post a Comment