The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS…
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To…
Ivanti EPM Update Patches Critical Remote Code Execution Flaw
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Crimes Extorting Ransoms by Manipulating Online Photos
It is estimated that there are more than 1,000 sophisticated virtual kidnapping scams being perpetrated right now, prompting fresh warnings from the FBI, as criminals are increasingly using facial recognition software to create photos, videos, and sound files designed…
01flip: Multi-Platform Ransomware Written in Rust
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42. This article has been indexed from…
Australia Begins Enforcing Child Social Media Ban
Australia’s social media ban for under-16s comes into force, as major platforms obliged to ensure children do not hold accounts This article has been indexed from Silicon UK Read the original article: Australia Begins Enforcing Child Social Media Ban
FortiSandbox OS command injection Vulnerability Let Attackers execute Malicious code
Fortinet has released a critical security update for its FortiSandbox analysis appliances to fix a dangerous vulnerability. If left unpatched, this flaw could allow attackers to take control of the underlying system. The vulnerability, tracked as CVE-2025-53949, was officially published on…
North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT
A novel, highly sophisticated malware strain targeting vulnerable React Server Components, signaling a significant evolution in how state-sponsored threat actors are exploiting the critical React2Shell vulnerability disclosed just days earlier. On December 5, 2025, just two days after the disclosure…
SAP Patches Critical Vulnerabilities With December 2025 Security Updates
Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek. This article has been indexed from…
IT Security News Hourly Summary 2025-12-10 12h : 6 posts
6 posts were published in the last hour 11:2 : Backslash secures MCP servers from data leakage, prompt injection, and privilege abuse 11:2 : Log4Shell Downloaded 40 Million Times in 2025 10:32 : Introducing Saved Searches in Google Threat Intelligence…
Backslash secures MCP servers from data leakage, prompt injection, and privilege abuse
Backslash Security announced the launch of its end-to-end solution for the secure use of Model Context Protocol (MCP) servers across software development environments. As organizations increasingly adopt AI-native coding agents and integrated development environments (IDEs), the Backslash platform is designed…
Log4Shell Downloaded 40 Million Times in 2025
Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug This article has been indexed from www.infosecurity-magazine.com Read the original article: Log4Shell Downloaded 40 Million Times in 2025
Introducing Saved Searches in Google Threat Intelligence (GTI) and VirusTotal (VT): Enhance Collaboration and Efficiency
We are excited to announce the launch of Saved Searches in Google Threat Intelligence (GTI) and VirusTotal (VT), a powerful new feature designed to streamline your threat hunting workflows and foster seamless collaboration across your security team. From Campaign to…
Pebble Founder Launches $75 Smart Ring For Taking Notes
Pebble founder Eric Migicovsky launches smart ring that can record reminders, notes at touch of button and has battery that lasts years This article has been indexed from Silicon UK Read the original article: Pebble Founder Launches $75 Smart Ring…
China Said To Seek Ways Of Limiting Nvidia’s H200
Chinese regulators reportedly discussing ways to limit domestic companies’ access to Nvidia H200 AI chip, as White House pushes exports This article has been indexed from Silicon UK Read the original article: China Said To Seek Ways Of Limiting Nvidia’s…
Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group
Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More…
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day
Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server,…
U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below…
Gemini Zero-Click Vulnerability Let Attackers Access Gmail, Calendar, and Docs
A critical zero-click vulnerability dubbed “GeminiJack” in Google Gemini Enterprise and previously Vertex AI Search that let attackers steal sensitive corporate data from Gmail, Calendar, and Docs with minimal effort. According to Noma Labs, it was considered an architectural flaw…
CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks
A high-priority warning regarding a critical security flaw in WinRAR, the popular file compression tool used by millions of Windows users. The vulnerability, tracked as CVE-2025-6218, is currently being exploited by attackers to compromise systems and execute malicious code. The specific…
Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code
Security update addressing a dangerous Windows PowerShell vulnerability that allows attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-54100, was publicly disclosed on December 9, 2025, and represents a significant security risk for organizations worldwide. The…
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider
Dozens of vulnerabilities have been patched by the industrial giants across their products. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: ICS…
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated…
Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025
December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025