matlock.ca // THREAT INTELLIGENCE

124Articles

7Categories

2025-12-05Date

🚨

CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-55182 Meta React Server Components Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicio…

KEVCISA.GOV — Fri, 05 Dec 25 1

🐛

Shady Panda Hides For Years In Legitimate Browser Extensions: Cybersecurity Today

CYBERSECURITYTODAY.LIBSYN.COM — 05 Dec 2025

🐛

Chinese Hackers Exploiting React2Shell Vulnerability

SECURITYWEEK.COM — 05 Dec 2025

🐛

CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2023-53218 rxrpc: Make it so that a waiting process can be aborted

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2023-53221 bpf: Fix memleak due to fentry attach failure

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2023-53240 xsk: check IFF_UP earlier in Tx path

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2023-53247 btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-38709 loop: Avoid updating block size under exclusive owner

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2022-50316 orangefs: Fix kmemleak in orangefs_sysfs_init()

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2023-53248 drm/amdgpu: install stub fence into potential unused fence pointers

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2023-53254 cacheinfo: Fix shared_cpu_map to handle shared caches at different levels

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-11731 Libxslt: type confusion in exsltfuncresultcompfunction of libxslt

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-12970 CVE-2025-12970

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

React2Shell critical flaw actively exploited in China-linked attacks

KEVBLEEPINGCOMPUTER.COM — 05 Dec 2025

🐛

Cloudflare firewall reacts badly to React exploit mitigation

CSOONLINE.COM — 05 Dec 2025

🐛

Cacti Command Injection Flaw Allows Remote Execution of Malicious Code

GBHACKERS.COM — 05 Dec 2025

🐛

China-Nexus Hackers Exploiting React2Shell Vulnerability in Active Attacks

GBHACKERS.COM — 05 Dec 2025

🐛

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

THEHACKERNEWS.COM — 05 Dec 2025

🐛

Avast Antivirus Sandbox Vulnerabilities Allow Privilege Escalation

GBHACKERS.COM — 05 Dec 2025

🐛

Apache Tika Core Flaw Allows Attackers to Exploit Systems with Malicious PDF Uploads

GBHACKERS.COM — 05 Dec 2025

🐛

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

THEHACKERNEWS.COM — 05 Dec 2025

🐛

CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-13836 Excessive read buffering DoS in http.client

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-13837 Out-of-memory when loading Plist

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-66476 Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-40215 xfrm: delete x->tunnel as we delete x

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-40218 mm/damon/vaddr: do not repeat pte_offset_map_lock() until success

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-40217 pidfs: validate extensible ioctls

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-40220 fuse: fix livelock in synchronous file put from fuseblk workers

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-40219 PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

CVE-2025-34297 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc

MSRC.MICROSOFT.COM — 05 Dec 2025

🐛

Warning: React2Shell vulnerability already being exploited by threat actors

CSOONLINE.COM — 05 Dec 2025

🐛

Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know

TRENDMICRO.COM — 05 Dec 2025

⚠️

Coupang breach of 33.7 million accounts allegedly involved engineer insider

CSOONLINE.COM — 05 Dec 2025

⚠️

Das CISO-Paradoxon: Innovation ermöglichen und Risiken managen

CSOONLINE.COM — 05 Dec 2025

⚠️

New SVG Technique Enables Highly Interactive Clickjacking Attacks

GBHACKERS.COM — 05 Dec 2025

⚠️

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

KEVTHEHACKERNEWS.COM — 05 Dec 2025

⚠️

SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

CSOONLINE.COM — 05 Dec 2025

⚠️

15 years in, zero trust remains elusive — with AI rising to complicate the challenge

CSOONLINE.COM — 05 Dec 2025

⚠️

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

THEHACKERNEWS.COM — 05 Dec 2025

⚠️

To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab

SH.ITJUST.WORKS — 5 Dec 2025

⚠️

Hackers Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells

GBHACKERS.COM — 05 Dec 2025

⚠️

Hackers Abuse Microsoft Teams Notifications to Launch Callback Phishing Attacks

GBHACKERS.COM — 05 Dec 2025

⚠️

Microsoft ignores LNK vulnerability, 0patch steps in | Cybernews

SH.ITJUST.WORKS — 5 Dec 2025

⚠️

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells

SH.ITJUST.WORKS — 5 Dec 2025

⚠️

Cloudflare blames today's outage on emergency React2Shell patch

KEVBLEEPINGCOMPUTER.COM — 05 Dec 2025

⚠️

AI in CI/CD pipelines can be tricked into behaving badly

CSOONLINE.COM — 05 Dec 2025

⚠️

Avoiding the next technical debt: Building AI governance before it breaks

CSOONLINE.COM — 05 Dec 2025

⚠️

Cloudflare Outage Caused by React2Shell Mitigations

KEVSECURITYWEEK.COM — 05 Dec 2025

⚠️

Threat Actors Distribute CoinMiner Malware through USB Drives to Infect Workstations

GBHACKERS.COM — 05 Dec 2025

⚠️

In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor

SECURITYWEEK.COM — 05 Dec 2025

⚠️

Hardening browser security with zero-trust controls

CSOONLINE.COM — 05 Dec 2025

⚠️

Malicious AI Tools Assist in Phishing and Ransomware Attacks

KNOWBE4.COM — 05 Dec 2025

⚠️

Cloudflare blames today's outage on emergency React2Shell patch

SH.ITJUST.WORKS — 5 Dec 2025

⚠️

2025 ISC2 Cybersecurity Workforce Study

SH.ITJUST.WORKS — 5 Dec 2025

⚠️

Barts Health NHS discloses data breach after Oracle zero-day hack

BLEEPINGCOMPUTER.COM — 05 Dec 2025

⚠️

Chinese cyberspies target VMware vSphere for long-term persistence

CSOONLINE.COM — 05 Dec 2025

⚠️

Insecure use of Signal app part of wider Department of Defense problem, suggests Senate report

CSOONLINE.COM — 05 Dec 2025

⚠️

A Vulnerability in React Server Component (RSC) Could Allow for Remote Code Execution

CISECURITY.ORG — 05 Dec 2025

⚠️

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure

CISA.GOV — 05 Dec 2025

📢

Suspicious traffic could be testing CDN evasion, says expert

CSOONLINE.COM — 05 Dec 2025

📢

CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems

GBHACKERS.COM — 05 Dec 2025

📢

Anlagebetrüger ködern mit falscher Promi-Werbung

CSOONLINE.COM — 05 Dec 2025

📢

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

THEHACKERNEWS.COM — 05 Dec 2025

📢

NCSC Launches Proactive Notification Service to Alert System Owners of Vulnerabilities

GBHACKERS.COM — 05 Dec 2025

📢

KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius

KNOWBE4.COM — 05 Dec 2025

📢

HPE security advisory (AV25-809)

CYBER.GC.CA — 2025-12-05

📢

Microsoft Edge security advisory (AV25-810)

CYBER.GC.CA — 2025-12-05

📢

Canada, US warn of China’s BRICKSTORM malware after incident response efforts

INFOSEC.PUB — 5 Dec 2025

📢

Canada, US warn of China’s BRICKSTORM malware after incident response efforts

SH.ITJUST.WORKS — 5 Dec 2025

🔥

Weekly Update 481

TROYHUNT.COM — 05 Dec 2025

🔥

700Credit Reveals Data Breach - TechRepublic

SH.ITJUST.WORKS — 5 Dec 2025

🔥

LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

SH.ITJUST.WORKS — 5 Dec 2025

🔥

Pharma firm Inotiv discloses data breach after ransomware attack

BLEEPINGCOMPUTER.COM — 05 Dec 2025

🔥

Sharpening the knife: GOLD BLADE’s strategic evolution

SOPHOS.COM — 05 Dec 2025

🔥

Ransomware: Trotz besserer Abwehr hoher Anteil an Lösegeldzahlungen

CSOONLINE.COM — 05 Dec 2025

🔥

WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

SH.ITJUST.WORKS — 5 Dec 2025

🔥

Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM

GBHACKERS.COM — 05 Dec 2025

🔥

The Hidden Cascade: Why Law Firm Breaches Destroy More than Data

RECORDEDFUTURE.COM — 05 Dec 2025

🕵️

ISC Stormcast For Friday, December 5th, 2025 https://isc.sans.edu/podcastdetail/9726, (Fri, Dec 5th)

ISC.SANS.EDU — 05 Dec 2025

🕵️

New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer

GBHACKERS.COM — 05 Dec 2025

🕵️

AutoIT3 Compiled Scripts Dropping Shellcodes, (Fri, Dec 5th)

ISC.SANS.EDU — 05 Dec 2025

🕵️

New Anonymous Phone Service

SCHNEIER.COM — 2025-12-05

🕵️

Helmet Security Emerges From Stealth Mode With $9 Million in Funding

SECURITYWEEK.COM — 05 Dec 2025

🕵️

Aisuru Botnet Powers Record DDoS Attack Peaking at 29 Tbps

SECURITYWEEK.COM — 05 Dec 2025

🕵️

Lumia Security Raises $18 Million for AI Security and Governance

SECURITYWEEK.COM — 05 Dec 2025

🕵️

Cloudflare down, websites offline with 500 Internal Server Error

SH.ITJUST.WORKS — 5 Dec 2025

🕵️

Introducing Sophos Intelix for Microsoft 365 Copilot

SOPHOS.COM — 05 Dec 2025

🕵️

Introducing Sophos Intelix for Microsoft Security Copilot

SOPHOS.COM — 05 Dec 2025

🕵️

Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions

SH.ITJUST.WORKS — 5 Dec 2025

🕵️

Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access

GBHACKERS.COM — 05 Dec 2025

🕵️

Russian Hackers Imitate European Events in Coordinated Phishing Campaigns

GBHACKERS.COM — 05 Dec 2025

🕵️

Russian Calisto Hackers Target NATO Research with ClickFix Malware

GBHACKERS.COM — 05 Dec 2025

🕵️

Cloudflare Outage Triggers Widespread 500 Internal Server Errors

GBHACKERS.COM — 05 Dec 2025

🕵️

China-Nexus Hackers Target VMware vCenter Systems to Deploy Web Shells and Malware Implants

GBHACKERS.COM — 05 Dec 2025

🕵️

New GhostFrame Phishing Framework Hits Over One Million Attacks - Infosecurity Magazine

SH.ITJUST.WORKS — 5 Dec 2025

🕵️

US Organizations Warned of Chinese Malware Used for Long-Term Persistence

SECURITYWEEK.COM — 05 Dec 2025

🕵️

Imper.ai Emerges From Stealth Mode With $28 Million in Funding

SECURITYWEEK.COM — 05 Dec 2025

🕵️

MuddyWater Hackers Use UDPGangster Backdoor to Bypass Network Defenses on Windows

GBHACKERS.COM — 05 Dec 2025

🕵️

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

SH.ITJUST.WORKS — 5 Dec 2025

🕵️

AI in Penetration Testing

YOUTUBE.COM — 2025-12-05

🕵️

Crossing the Autonomy Threshold

PALOALTONETWORKS.COM — 05 Dec 2025

🕵️

NEW TECH Q&A: Start-up Indentient debuts reimagined AI copilots trained on experts’ insights

LASTWATCHDOG.COM — 05 Dec 2025

🕵️

Off-Topic Friday

INFOSEC.PUB — 5 Dec 2025

🕵️

Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security

MICROSOFT.COM — 05 Dec 2025

🕵️

Friday Squid Blogging: Vampire Squid Genome

SCHNEIER.COM — 2025-12-05

🕵️

Toilet Cams, N. Korea, Brickstorm, MCP, React2Shell, Proxmox, Metaverse, Josh Marpet - SWN #535

YOUTUBE.COM — 2025-12-05

🕵️

Smart Toilets: Health Insights or Data Concerns?

YOUTUBE.COM — 2025-12-05

🕵️

Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing

GBHACKERS.COM — 05 Dec 2025

📡

Cloudflare down, websites offline with 500 Internal Server Error

BLEEPINGCOMPUTER.COM — 05 Dec 2025

📡

"Getting to Yes": An Anti-Sales Guide for MSPs

THEHACKERNEWS.COM — 05 Dec 2025

📡

EU fines X $140 million over deceptive blue checkmarks

BLEEPINGCOMPUTER.COM — 05 Dec 2025

📡

Petco confirms security lapse exposed customers’ personal data

TECHCRUNCH.COM — 05 Dec 2025

📡

FBI warns of virtual kidnapping scams using altered social media photos

BLEEPINGCOMPUTER.COM — 05 Dec 2025

📡

A Practical Guide to Continuous Attack Surface Visibility

BLEEPINGCOMPUTER.COM — 05 Dec 2025

📡

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

THEHACKERNEWS.COM — 05 Dec 2025

📡

HashJack Attack Targets AI Browsers and Agentic AI Systems

F5.COM — 05 Dec 2025

📡

NCSWIC releases the “‘What is a PACE Plan” video

CISA.GOV — Fri, 05 Dec 25 1

📡

HashJack Attack Targets AI Browsers and Agentic AI Systems

F5.COM — 05 Dec 2025

📡

The Bug That Won't Die: 10 Years of the Same Mistake

RECORDEDFUTURE.COM — 05 Dec 2025