matlock.ca // THREAT INTELLIGENCE

113Articles

7Categories

2025-12-04Date

🐛

Developers urged to immediately upgrade React, Next.js

KEVCSOONLINE.COM — 04 Dec 2025

🐛

CVE-2025-39829 trace/fgraph: Fix the warning caused by missing unregister notifier

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

CVE-2022-50266 kprobes: Fix check for probe enabled in kill_kprobe()

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

CVE-2023-53261 coresight: Fix memory leak in acpi_buffer->pointer

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

CVE-2023-53292 blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

SECURITYWEEK.COM — 04 Dec 2025

🐛

New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)

GBHACKERS.COM — 04 Dec 2025

🐛

Vim for Windows Flaw Lets Attackers Execute Arbitrary Code

GBHACKERS.COM — 04 Dec 2025

🐛

Akamai Fixes HTTP Request Smuggling Flaw in Edge Servers

GBHACKERS.COM — 04 Dec 2025

🐛

K7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level Privileges

GBHACKERS.COM — 04 Dec 2025

🐛

Windows shortcuts’ use as a vector for malware may be cut short

CSOONLINE.COM — 04 Dec 2025

🐛

AL25-018 - Vulnerability affecting React Server Components - CVE-2025-55182

CYBER.GC.CA — 2025-12-04

🐛

CVE-2025-55182 vulnerability in React and Next.js | Kaspersky official blog

KASPERSKY.COM — 04 Dec 2025

🐛

CVE-2025-12977 CVE-2025-12977

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

CVE-2025-66030 node-forge ASN.1 OID Integer Truncation

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

CVE-2025-12969 CVE-2025-12969

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

CVE-2025-12816 CVE-2025-12816

MSRC.MICROSOFT.COM — 04 Dec 2025

🐛

CVE-2025-66031 node-forge ASN.1 Unbounded Recursion

MSRC.MICROSOFT.COM — 04 Dec 2025

⚠️

Hackers Actively Exploit New Windows LNK 0-Day Vulnerability

GBHACKERS.COM — 04 Dec 2025

⚠️

Maximum-severity vulnerability threatens 6% of all websites

INFOSEC.PUB — 4 Dec 2025

⚠️

Coach or mentor: What you need depends on where you are as a cyber leader

CSOONLINE.COM — 04 Dec 2025

⚠️

Admins and defenders gird themselves against maximum-severity server vuln

SH.ITJUST.WORKS — 4 Dec 2025

⚠️

5 Threats That Reshaped Web Security This Year [2025]

THEHACKERNEWS.COM — 04 Dec 2025

⚠️

Deep dive into DragonForce ransomware and its Scattered Spider connection

SH.ITJUST.WORKS — 4 Dec 2025

⚠️

Yearn Finance yETH Pool Hit by $9M Exploit - Infosecurity Magazine

SH.ITJUST.WORKS — 4 Dec 2025

⚠️

PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models

GBHACKERS.COM — 04 Dec 2025

⚠️

Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment

GBHACKERS.COM — 04 Dec 2025

⚠️

WordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code Execution

GBHACKERS.COM — 04 Dec 2025

⚠️

CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits

GBHACKERS.COM — 04 Dec 2025

⚠️

Third-Party App Risks in Salesforce

YOUTUBE.COM — 2025-12-04

⚠️

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

THEHACKERNEWS.COM — 04 Dec 2025

⚠️

Critical flaw in WordPress add-on for Elementor exploited in attacks

SH.ITJUST.WORKS — 4 Dec 2025

⚠️

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

SH.ITJUST.WORKS — 4 Dec 2025

⚠️

Critical React, Next.js flaw lets hackers execute code on servers

BLEEPINGCOMPUTER.COM — 04 Dec 2025

⚠️

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

CISA.GOV — Thu, 04 Dec 25 1

⚠️

Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets

INFOSEC.PUB — 4 Dec 2025

⚠️

From feeds to flows: Using a unified linkage model to operationalize threat intelligence

CSOONLINE.COM — 04 Dec 2025

⚠️

Google fixes two Android zero days exploited in attacks, 107 flaws

SH.ITJUST.WORKS — 4 Dec 2025

⚠️

CISA Releases Nine Industrial Control Systems Advisories

CISA.GOV — Thu, 04 Dec 25 1

⚠️

Microsoft "mitigates" Windows LNK flaw exploited as zero-day

SH.ITJUST.WORKS — 4 Dec 2025

⚠️

AI creates new security risks for OT networks, warns NSA

CSOONLINE.COM — 04 Dec 2025

⚠️

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells

BLEEPINGCOMPUTER.COM — 04 Dec 2025

⚠️

SMS Phishers Pivot to Points, Taxes, Fake Retailers

KREBSONSECURITY.COM — 04 Dec 2025

⚠️

Threat Actors Exploit Foxit PDF Reader to Seize System Access and Steal Data

GBHACKERS.COM — 04 Dec 2025

⚠️

New Phishing Campaign Impersonates India’s Income Tax Department to Distribute AsyncRAT

GBHACKERS.COM — 04 Dec 2025

⚠️

Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit

GBHACKERS.COM — 04 Dec 2025

⚠️

New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware

GBHACKERS.COM — 04 Dec 2025

⚠️

Evilginx Attack Campaigns: Session Cookie Theft and MFA Bypass Tactics

GBHACKERS.COM — 04 Dec 2025

📢

Submarine cable cybersecurity: protecting critical infrastructure

CSOONLINE.COM — 04 Dec 2025

📢

HPE security advisory (AV25-807)

CYBER.GC.CA — 2025-12-04

📢

Drupal security advisory (AV25-806)

CYBER.GC.CA — 2025-12-04

📢

CISA, NSA and Cyber Centre Warn Critical Infrastructure of BRICKSTORM Malware Used by People’s Republic of China State-Sponsored Actors

CISA.GOV — Thu, 04 Dec 25 1

📢

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

BLEEPINGCOMPUTER.COM — 04 Dec 2025

📢

India Rolls Back Order to Preinstall Cybersecurity App on Smartphones

SECURITYWEEK.COM — 04 Dec 2025

📢

CISA Launches New Platform to Strengthen Industry Engagement and Collaboration

CISA.GOV — Thu, 04 Dec 25 1

📢

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

SH.ITJUST.WORKS — 4 Dec 2025

📢

Samsung mobile security advisory (AV25-808)

CYBER.GC.CA — 2025-12-04

📢

NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices

BLEEPINGCOMPUTER.COM — 04 Dec 2025

🔥

Smashing Security podcast #446: A hacker doxxes himself, and social engineering-as-a-service

GRAHAMCLULEY.COM — 04 Dec 2025

🔥

Nation-State Attack or Compromised Government? [Guest Diary], (Thu, Dec 4th)

ISC.SANS.EDU — 04 Dec 2025

🔥

Marquis Data Breach Impacts Over 780,000 People

SECURITYWEEK.COM — 04 Dec 2025

🔥

Personal Information Compromised in Freedom Mobile Data Breach

SECURITYWEEK.COM — 04 Dec 2025

🔥

Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections

GBHACKERS.COM — 04 Dec 2025

🔥

Marquis Data Breach Exposes Dozens of U.S. Banks and Credit Unions

GBHACKERS.COM — 04 Dec 2025

🔥

UK Ransomware Payment Ban to Come with Exemptions - Infosecurity Magazine

SH.ITJUST.WORKS — 4 Dec 2025

🔥

AI Bolsters Python Variant of Brazilian WhatsApp Attack

SH.ITJUST.WORKS — 4 Dec 2025

🔥

Marquis data breach impacts over 74 US banks, credit unions

SH.ITJUST.WORKS — 4 Dec 2025

🔥

Freedom Mobile discloses data breach exposing customer data

SH.ITJUST.WORKS — 4 Dec 2025

🔥

French DIY retail giant Leroy Merlin discloses a data breach

SH.ITJUST.WORKS — 4 Dec 2025

🔥

Inotiv Says Personal Information Stolen in Ransomware Attack

SECURITYWEEK.COM — 04 Dec 2025

🔥

How strong password policies secure OT systems against cyber threats

BLEEPINGCOMPUTER.COM — 04 Dec 2025

🔥

Penn and Phoenix Universities Disclose Data Breach After Oracle Hack - SecurityWeek

SH.ITJUST.WORKS — 4 Dec 2025

🔥

Fake ChatGPT Atlas Browser Used in ClickFix Attack to Steal Passwords – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

SH.ITJUST.WORKS — 4 Dec 2025

🔥

Predator spyware uses new infection vector for zero-click attacks

BLEEPINGCOMPUTER.COM — 04 Dec 2025

🕵️

ISC Stormcast For Thursday, December 4th, 2025 https://isc.sans.edu/podcastdetail/9724, (Thu, Dec 4th)

ISC.SANS.EDU — 04 Dec 2025

🕵️

News alert: New AI blind spot emerges in the cloud; Salt Security blocks rogue agents on AWS

LASTWATCHDOG.COM — 04 Dec 2025

🕵️

Wie Unternehmen sich gegen neue KI-Gefahren wappnen

CSOONLINE.COM — 04 Dec 2025

🕵️

Malicious VSCode Extension Deploys Anivia Loader and OctoRAT

GBHACKERS.COM — 04 Dec 2025

🕵️

SHARED INTEL Q&A: API gaps expose AI fault lines — an urgent call for hygiene, active monitoring

LASTWATCHDOG.COM — 04 Dec 2025

🕵️

The Ghost in the Machine: How a Multi-Stage Phishing Campaign Evades Security to Steal Microsoft 365 Credentials

KNOWBE4.COM — 04 Dec 2025

🕵️

Global Cyber Agencies Issue AI Security Guidance for Critical Infrastructure OT

SECURITYWEEK.COM — 04 Dec 2025

🕵️

CISOs are questioning what a crisis framework should look like - Help Net Security

SH.ITJUST.WORKS — 4 Dec 2025

🕵️

Reporters Without Borders Targeted by Russian Hackers

SECURITYWEEK.COM — 04 Dec 2025

🕵️

Securing the AI Frontier

PALOALTONETWORKS.COM — 04 Dec 2025

🕵️

Momberger: Betrug-E-Mails an Kunden im Umlauf

CSOONLINE.COM — 04 Dec 2025

🕵️

Insuretech firm leaks millions of personal records, future travel data | Cybernews

SH.ITJUST.WORKS — 4 Dec 2025

🕵️

Agentic Security Firm 7AI Raises $130 Million

SECURITYWEEK.COM — 04 Dec 2025

🕵️

News alert: SpyCloud study — Phishing attacks surge 400% as corporate identities become top target

LASTWATCHDOG.COM — 04 Dec 2025

🕵️

Critical React and Next.js Flaw Lets Remote Attackers Run Malicious Code

SH.ITJUST.WORKS — 4 Dec 2025

🕵️

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

SH.ITJUST.WORKS — 4 Dec 2025

🕵️

29.7 Tbps DDoS Attack Via Aisuru botnet Breaks Internet With New World Record

SH.ITJUST.WORKS — 4 Dec 2025

🕵️

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

THEHACKERNEWS.COM — 04 Dec 2025

🕵️

Cybersecurity M&A Roundup: 30 Deals Announced in November 2025

SECURITYWEEK.COM — 04 Dec 2025

🕵️

Cybersecurity strategies to prioritize now

MICROSOFT.COM — 04 Dec 2025

🕵️

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say

TECHCRUNCH.COM — 04 Dec 2025

🕵️

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading | Trend Micro (US)

SH.ITJUST.WORKS — 4 Dec 2025

🕵️

Malicious Rust packages targeted Web3 developers - Help Net Security

SH.ITJUST.WORKS — 4 Dec 2025

🕵️

Joint malware analysis report on Brickstorm backdoor

CYBER.GC.CA — 2025-12-04

🕵️

Report: Sophisticated Fraud Attacks Are on the Rise

KNOWBE4.COM — 04 Dec 2025

🕵️

Holiday Hack Challenge, AI, Internet of Trash - Ed Skoudis - PSW #903

YOUTUBE.COM — 2025-12-04

🕵️

SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

GBHACKERS.COM — 04 Dec 2025

🕵️

Kohler’s Smart Toilet Camera Not Truly End-to-End Encrypted

GBHACKERS.COM — 04 Dec 2025

🌐

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

THEHACKERNEWS.COM — 04 Dec 2025

🌐

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

THEHACKERNEWS.COM — 04 Dec 2025

📡

Protecting LLM chats from the eavesdropping Whisper Leak attack | Kaspersky official blog

KASPERSKY.COM — 04 Dec 2025

📡

Microsoft 365 license check bug blocks desktop app downloads

BLEEPINGCOMPUTER.COM — 04 Dec 2025

📡

Public content provenance for organizations (ITSP.10.005)

CYBER.GC.CA — 2025-12-04

📡

Contractors with hacking records accused of wiping 96 govt databases

BLEEPINGCOMPUTER.COM — 04 Dec 2025

📡

Russia blocks FaceTime and Snapchat over use in terrorist attacks

BLEEPINGCOMPUTER.COM — 04 Dec 2025

📡

Why the record-breaking 30 Tbps DDoS attack should concern every business

FORTRA.COM — 04 Dec 2025

📡

Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture

WELIVESECURITY.COM — 04 Dec 2025

📡

Project View: A New Era of Prioritized and Actionable Cloud Security

TRENDMICRO.COM — 04 Dec 2025