🔒CYBERSECURITY
Network Security
CISA Adds Digiever Authorization Flaw to Known Exploited Vulnerabilities - CVE-2023-52163 missing authorization vulnerability in DigiEver DS-2105 Pro devices now flagged as actively exploited. Allows attackers to execute unauthorized commands. Source: CyberPress
Server Security & Infrastructure
WatchGuard Firebox Critical RCE Vulnerability - CVE-2025-14733: Critical out-of-bounds write vulnerability in WatchGuard Fireware OS affecting 125,000+ firewalls. Active exploitation confirmed. Urgent patches released. Source: Secure ISS
HPE OneView Critical RCE (CVE-2025-37164, CVSS 10.0) - Critical unauthenticated RCE in HPE OneView Software exposes infrastructure control plane. HPE released patches and emergency hotfixes Dec 17-18. Source: Field Effect
Critical n8n RCE Vulnerability (CVE-2025-68613, CVSS 9.9) - Critical RCE in n8n enabling full server compromise via workflow expression injection. Versions 0.211.0–1.120.4 affected. Patch immediately. Source: The Hacker News
User/Identity & Access Management (IAM)
NIST and CISA Interagency Report on Token Security - Draft report covering controls for IAM systems relying on digitally signed assertions and tokens. Open for public comment. Source: Primary News Source
Illinois Draft AI Employment Discrimination Rules - Employers required to provide notice when AI is used "to influence or facilitate" employment decisions ahead of broader discrimination ban. Source: Ogletree Dekins
Data Security & Privacy
Nissan Confirms Impact From Red Hat Data Breach - Personal information of 21,000 Nissan customers stolen after hackers compromised Red Hat's GitLab instances. Source: SecurityWeek
700Credit Data Breach - 5.6M+ auto dealership customer records exposed in major breach affecting auto industry. Source: Dev.to Tech Pulse
PornHub via Mixpanel Data Breach - 200M+ Premium user records exposed via Mixpanel analytics platform breach. Source: Dev.to Tech Pulse
Software Security & Vulnerabilities
WordPress Calendar Plugin XSS Vulnerability - CVE-2025-14548: Stored Cross-Site Scripting via 'event_desc' parameter in Calendar plugin affecting all versions up to and including recent releases. Source: NVD
WordPress Membership Plugin Restriction Bypass - CVE-2025-14000: Stored XSS in Membership Plugin – Restrict Content via register_form and restrict parameters. Source: NVD
Microsoft January 2025 Patch Tuesday - Microsoft addresses 157 CVEs in largest Patch Tuesday update ever with three CVEs actively exploited in the wild. Source: Security Boulevard
Cloud Security
AWS SaaS Architecture Patterns on Amazon EKS - Case study of secure SaaS implementation using AWS SaaS architecture patterns on Amazon EKS. Source: AWS Blog
Endpoint Security
CISO 3.0: Security Leaders in 2026's Agentic Era - Analysis finds organizations using autonomous security agents saw 43% rise in unexpected AI-driven security incidents from over-permissioned agents. Source: Cyble
Inside Fidelis EDR: Advanced Endpoint Detection - Fidelis EDR combines behavioral analytics, automation, and forensics for faster threat detection and response. Source: Fidelis Security
Threat Intelligence & Incident Response
BRICKSTORM Backdoor Update - CISA, NSA, and Canadian Cyber Security Centre release updated IOCs and detection signatures for Rust-based BRICKSTORM with encrypted WebSocket C2. Source: Dev.to Tech Pulse
ATM Jackpotting Scheme: $40.73M in Losses - DOJ charges 54 individuals in ATM jackpotting scheme using Ploutus malware linked to Tren de Aragua gang, causing $40.73M in US losses since 2021. Source: Dev.to Tech Pulse
North Korean Cryptocurrency Theft Increases 51% - North Korean hackers stole at least $2.02 billion in cryptocurrency in 2025, a 51% increase year-over-year. Source: Dev.to Tech Pulse
SantaStealer: New Cyber Threat Emerges - New cyber threat SantaStealer identified in week of Dec 16-22. Osiris Ransomware also remains active threat vector. Source: Red Piranha
Cybersecurity Tools & Platforms
CISA Known Exploited Vulnerabilities Catalog - CISA maintains comprehensive catalog of known exploited vulnerabilities with active monitoring and updated IOCs daily. Source: CISA
Trend Micro Threat Intelligence Platform - Trend Micro provides unified platform to hunt, detect, investigate, and respond to threats with broader perspective and context. Source: Trend Micro
Free Cybersecurity Courses & Certifications
Google Cybersecurity Certificate Program - Get job-ready and certified with Google's Cybersecurity Professional Certificate. Source: Google Cybersecurity
Women in Cybersecurity (WiCyS) Events - December 2025 events including Google Cybersecurity Certificate Program mentorship and ISC2 Certification preparation. Source: WiCyS
No comments:
Post a Comment