MATLOCK.CA
117Articles
9Categories
2025-12-03Date
๐Ÿšจ
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2021-26828 OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability  This type of vulnerability is a frequent attackโ€ฆ
KEVCISA.GOV — Wed, 03 Dec 25 1
๐Ÿ›
CISA Alerts on Iskra iHUB Authentication Flaw Allowing Remote Device Reconfiguration
GBHACKERS.COM — 03 Dec 2025
๐Ÿ›
Critical Elementor Plugin Flaw Allows Attackers to Seize WordPress Admin Control
GBHACKERS.COM — 03 Dec 2025
๐Ÿ›
Angular Platform Vulnerability Lets Attackers Execute Code Through Malicious SVG Animations
GBHACKERS.COM — 03 Dec 2025
๐Ÿ›
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
THEHACKERNEWS.COM — 03 Dec 2025
๐Ÿ›
CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability
KEVGBHACKERS.COM — 03 Dec 2025
๐Ÿ›
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
THEHACKERNEWS.COM — 03 Dec 2025
๐Ÿ›
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
THEHACKERNEWS.COM — 03 Dec 2025
๐Ÿ›
Critical flaw in WordPress add-on for Elementor exploited in attacks
BLEEPINGCOMPUTER.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-38659 gfs2: No more self recovery
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-38626 f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-38643 wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-38615 fs/ntfs3: cancle set bad inode after removing name fails
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-38597 drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-11494 GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2022-24736 A Malformed Lua script can crash Redis
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-11932 Timing Side-Channel in PSK Binder Verification
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-11936 Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-12889 TLS 1.2 Client Can Downgrade Digest Used
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-64505 LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-64506 LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-66221 Werkzeug safe_join() allows Windows special device names
MSRC.MICROSOFT.COM — 03 Dec 2025
๐Ÿ›
CVE-2025-12638 Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()
MSRC.MICROSOFT.COM — 03 Dec 2025
โš ๏ธ
News alert: Report warns AI is acting as an ungoverned identity with scant data oversight
LASTWATCHDOG.COM — 03 Dec 2025
โš ๏ธ
Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race
LASTWATCHDOG.COM — 03 Dec 2025
โš ๏ธ
How CISOs can prepare for the new era of short-lived TLS certificates
CSOONLINE.COM — 03 Dec 2025
โš ๏ธ
Water Saci Hackers Exploit AI Tools to Target WhatsApp Web Users
GBHACKERS.COM — 03 Dec 2025
โš ๏ธ
Multiple Django Vulnerability Expose Applications to SQL Injection and DoS Attacks
GBHACKERS.COM — 03 Dec 2025
โš ๏ธ
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
THEHACKERNEWS.COM — 03 Dec 2025
โš ๏ธ
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
THEHACKERNEWS.COM — 03 Dec 2025
โš ๏ธ
Authorities Seize Domains Linked to Tai Chang Cryptocurrency Investment Scam
GBHACKERS.COM — 03 Dec 2025
โš ๏ธ
New โ€œExecutive Awardโ€ Scam Exploits ClickFix to Deliver Stealerium Malware
GBHACKERS.COM — 03 Dec 2025
โš ๏ธ
Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - BSW #424
YOUTUBE.COM — 2025-12-03
โš ๏ธ
AI, automation, and integration: The foundation for cyber protection in 2026
CSOONLINE.COM — 03 Dec 2025
โš ๏ธ
Microsoft Silently Mitigated Exploited LNK Vulnerability
SECURITYWEEK.COM — 03 Dec 2025
โš ๏ธ
Letโ€™s Encrypt Cutting Certificate Lifespan from 90 Days to 45 Days
GBHACKERS.COM — 03 Dec 2025
โš ๏ธ
Longwatch RCE Flaw Allows Attackers to Run Remote Code with Elevated Privileges
GBHACKERS.COM — 03 Dec 2025
โš ๏ธ
Massive Phishing Attack Uses Parking Ticket and Medical Test Themes, Attributed to Storm-0900
GBHACKERS.COM — 03 Dec 2025
โš ๏ธ
Critical King Addons Vulnerability Exploited to Hack WordPress Sites
SECURITYWEEK.COM — 03 Dec 2025
โš ๏ธ
Neue bรถsartige Browser-Erweiterungen entdeckt
CSOONLINE.COM — 03 Dec 2025
โš ๏ธ
Two Android 0-day bugs patched, plus 105 more fixes โ€ข The Register
SH.ITJUST.WORKS — 3 Dec 2025
โš ๏ธ
Deep dive into DragonForce ransomware and its Scattered Spider connection
BLEEPINGCOMPUTER.COM — 03 Dec 2025
โš ๏ธ
Get poetic in prompts and AI will break its guardrails
CSOONLINE.COM — 03 Dec 2025
โš ๏ธ
CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology
CISA.GOV — Wed, 03 Dec 25 1
โš ๏ธ
Microsoft "mitigates" Windows LNK flaw exploited as zero-day
BLEEPINGCOMPUTER.COM — 03 Dec 2025
โš ๏ธ
Android expands pilot for in-call scam protection for financial apps
SECURITY.GOOGLEBLOG.COM — 2025-12-03
โš ๏ธ
Freedom Mobile discloses data breach exposing customer data
BLEEPINGCOMPUTER.COM — 03 Dec 2025
โš ๏ธ
RCE flaw in OpenAIโ€™s Codex CLI highlights new risks to dev environments
CSOONLINE.COM — 03 Dec 2025
โš ๏ธ
BRICKSTORM Backdoor
CISA.GOV — 03 Dec 2025
๐Ÿ“‹
Risky Business #817 -- Less carnage than your usual Thanksgiving
RISKY.BIZ — 03 Dec 2025
๐Ÿ“ข
After intense backlash, India pulls mandate to pre-install government app on smartphones
TECHCRUNCH.COM — 03 Dec 2025
๐Ÿ“ข
GitHub security advisory (AV25-803)
CYBER.GC.CA — 2025-12-03
๐Ÿ“ข
Google Chrome security advisory (AV25-802)
CYBER.GC.CA — 2025-12-03
๐Ÿ“ข
Splunk security advisory (AV25-805)
CYBER.GC.CA — 2025-12-03
๐Ÿ”ฅ
Living off the Land Attacks and Emerging Cyber Threats
CYBERSECURITYTODAY.LIBSYN.COM — 03 Dec 2025
๐Ÿ”ฅ
Researchers Catch Lazarus Groupโ€™s Recruitment Workflow on Camera via Honeypot
GBHACKERS.COM — 03 Dec 2025
๐Ÿ”ฅ
Threat Actors Using Matanbuchus Downloader to Deliver Ransomware and Maintain Persistence
GBHACKERS.COM — 03 Dec 2025
๐Ÿ”ฅ
MuddyWater Targets Critical Infrastructure With Custom Malware and Evolving Tactics
GBHACKERS.COM — 03 Dec 2025
๐Ÿ”ฅ
Penn and Phoenix Universities Disclose Data Breach After Oracle Hack
SECURITYWEEK.COM — 03 Dec 2025
๐Ÿ”ฅ
Shai-Hulud 2.0 Cyberattack Compromises 30,000 Repos and Exposes 500 GitHub Accounts
GBHACKERS.COM — 03 Dec 2025
๐Ÿ”ฅ
University of Phoenix discloses data breach after Oracle hack
BLEEPINGCOMPUTER.COM — 03 Dec 2025
๐Ÿ”ฅ
Everest Ransomware Claims ASUS Breach and 1TB Data Theft โ€“ Hackread โ€“ Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
SH.ITJUST.WORKS — 3 Dec 2025
๐Ÿ”ฅ
The State of Ransomware in Manufacturing and Production 2025
SOPHOS.COM — 03 Dec 2025
๐Ÿ”ฅ
Hybrid 2FA phishing kits are making attacks harder to detect
CSOONLINE.COM — 03 Dec 2025
๐Ÿ”ฅ
Examining the Risk of AI-Assisted MedusaLocker Ransomware Attacks
GBHACKERS.COM — 03 Dec 2025
๐Ÿ”ฅ
Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack
TECHCRUNCH.COM — 03 Dec 2025
๐Ÿ”ฅ
French DIY retail giant Leroy Merlin discloses a data breach
BLEEPINGCOMPUTER.COM — 03 Dec 2025
๐Ÿ”ฅ
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
TRENDMICRO.COM — 03 Dec 2025
๐Ÿ”ฅ
Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack
INFOSEC.PUB — 3 Dec 2025
๐Ÿ”ฅ
Marquis data breach impacts over 74 US banks, credit unions
BLEEPINGCOMPUTER.COM — 03 Dec 2025
๐Ÿ”ฅ
Why Does Have I Been Pwned Contain "Fake" Email Addresses?
TROYHUNT.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
ISC Stormcast For Wednesday, December 3rd, 2025 https://isc.sans.edu/podcastdetail/9722, (Wed, Dec 3rd)
ISC.SANS.EDU — 03 Dec 2025
๐Ÿ•ต๏ธ
BPFDoor and Symbiote: Advanced eBPF-Based Rootkits Target Linux Systems
GBHACKERS.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Chrome 143 Update Patches 13 Security Vulnerabilities Allowing Arbitrary Code Execution
GBHACKERS.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Cybersicherheit fรผr viele Nebensache
CSOONLINE.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Glassworm's resurgence - Secure Annex
INFOSEC.PUB — 3 Dec 2025
๐Ÿ•ต๏ธ
Chrome 143 Patches High-Severity Vulnerabilities
SECURITYWEEK.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
New Stealth K.G.B RAT Marketed by Threat Actors on Underground Forums
GBHACKERS.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities
SECURITYWEEK.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
ServiceNow to Acquire Identity Security Firm Veza in Reported $1 Billion Deal
SECURITYWEEK.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
AI: A Research Assistant, Not a Replacement
YOUTUBE.COM — 2025-12-03
๐Ÿ•ต๏ธ
Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims
SECURITYWEEK.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
New Calendly-Inspired Phishing Attack Aims to Steal Google Workspace Credentials
GBHACKERS.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Malicious Rust โ€œevm-unitsโ€ Impersonator Deploys OS-Specific Payloads
GBHACKERS.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Niobium Raises $23 Million for FHE Hardware Acceleration
SECURITYWEEK.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
SH.ITJUST.WORKS — 3 Dec 2025
๐Ÿ•ต๏ธ
Critical PickleScan Vulnerabilities Expose AI Model Supply Chains - Infosecurity Magazine
SH.ITJUST.WORKS — 3 Dec 2025
๐Ÿ•ต๏ธ
Fake Calendly invites spoof top brands to hijack ad manager accounts
SH.ITJUST.WORKS — 3 Dec 2025
๐Ÿ•ต๏ธ
OBR WordPress plugin blunder caused UK budget leak| Cybernews
SH.ITJUST.WORKS — 3 Dec 2025
๐Ÿ•ต๏ธ
KnowBe4 Is a Leader In the Gartnerยฎ Magic Quadrantโ„ข for Email Security For the Second Consecutive Year
KNOWBE4.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
What are You Working on Wednesday
INFOSEC.PUB — 3 Dec 2025
๐Ÿ•ต๏ธ
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
THEHACKERNEWS.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Microsoft Confirms Windows 11 25H2 UI Features Broken also Along With 24H2 Following Update
GBHACKERS.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Beware of the New 'Executive Award' Campaign That Uses ClickFix to Deliver Stealerium Malware
SH.ITJUST.WORKS — 3 Dec 2025
๐Ÿ•ต๏ธ
AI Browsers: New Attack Surface
YOUTUBE.COM — 2025-12-03
๐Ÿ•ต๏ธ
New Criminal Toolkit Abuses Browser Push Notifications
KNOWBE4.COM — 03 Dec 2025
๐Ÿ•ต๏ธ
Incentivizing Change in OT Communities
YOUTUBE.COM — 2025-12-03
๐Ÿ•ต๏ธ
The Maturity Gap: The Next Frontier in Threat Intelligence
RECORDEDFUTURE.COM — 03 Dec 2025
๐ŸŒ
Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack
BLEEPINGCOMPUTER.COM — 03 Dec 2025
๐ŸŒ
Intellexaโ€™s Global Corporate Web
RECORDEDFUTURE.COM — 03 Dec 2025
๐Ÿ“ก
Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
THEHACKERNEWS.COM — 03 Dec 2025
๐Ÿ“ก
Discover the AI Tools Fueling the Next Cybercrime Wave โ€” Watch the Webinar
THEHACKERNEWS.COM — 03 Dec 2025
๐Ÿ“ก
New Joint Guide Advances Secure Integration of Artificial Intelligence in Operational Technology
CISA.GOV — Wed, 03 Dec 25 1
๐Ÿ“ก
FBI warns of surge in account takeover (ATO) fraud schemes โ€“ what you need to know
FORTRA.COM — 03 Dec 2025
๐Ÿ“ก
Google expands Android scam protection feature to Chase, Cash App in U.S.
BLEEPINGCOMPUTER.COM — 03 Dec 2025
๐Ÿ“ก
Russia blocks Roblox over distribution of LGBT "propaganda"
BLEEPINGCOMPUTER.COM — 03 Dec 2025
๐Ÿ“ก
Joint guidance on principles for the secure integration of artificial intelligence in operational technology
CYBER.GC.CA — 2025-12-03
๐Ÿ“ก
Attempts to Bypass CDNs, (Wed, Dec 3rd)
ISC.SANS.EDU — 03 Dec 2025
๐Ÿ“ก
โ€˜End-to-end encryptedโ€™ smart toilet camera is not actually end-to-end encrypted
TECHCRUNCH.COM — 03 Dec 2025
๐Ÿ“ก
React security advisories (AV25-804)
CYBER.GC.CA — 2025-12-03
๐Ÿ“ก
[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
EXPLOIT-DB.COM — 03 Dec 2025