95Articles
6Categories
2025-12-06Date
🚨 CISA KEV 1[−]
6 Dec KEVCritical React2Shell Flaw Added to CISA KEV After Confirmed Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability,…THEHACKERNEWS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 81[−]
6 DecCVE-2025-40262 Input: imx_sc_key - fix memory corruption on unloadInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40242 gfs2: Fix unlikely race in gdlm_put_lockInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()Information published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40223 most: usb: Fix use-after-free in hdm_disconnectInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40264 be2net: pass wrb_params in case of OS2BMCInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40247 drm/msm: Fix pgtable prealloc error pathInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40257 mptcp: fix a race in mptcp_pm_del_add_timer()Information published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40259 scsi: sg: Do not sleep in atomic contextInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40253 s390/ctcm: Fix double-kfreeInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-40263 Input: cros_ec_keyb - fix an invalid memory accessInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-12084 Quadratic complexity in node ID cache clearingInformation published.MSRC.MICROSOFT.COM
6 Dec2.15M Next.js Web Services Exposed Online, Active Attacks Reported – Update ImmediatelySecurity teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as “React2Shell.” The flaw affects React Server Components (RSC) and has a maximum CVSS score of 10, the highest possible rating, signaling c…GBHACKERS.COM
6 DecReact2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerableOver 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. [...]BLEEPINGCOMPUTER.COM
6 DecCVE-2025-9086 Out of bounds read for cookie pathInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2022-50303 drm/amdkfd: Fix double release compute pasidInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2023-53231 erofs: Fix detection of atomic contextInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2022-50304 mtd: core: fix possible resource leak in init_mtd()Information published.MSRC.MICROSOFT.COM
6 DecCVE-2023-53209 wifi: mac80211_hwsim: Fix possible NULL dereferenceInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leakInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leakInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leakInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2023-45229 Out-of-Bounds Read in EDK II Network PackageInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2023-45231 Out-of-Bounds Read in EDK II Network PackageInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2024-6485 XSS in Bootstrap button componentInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-8961 LibTIFF tiffcrop tiffcrop.c main memory corruptionInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2024-38796 Integer overflow in PeCoffLoaderRelocateImageInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2024-8354 Qemu-kvm: usb: assertion failure in usb_ep_get()Information published.MSRC.MICROSOFT.COM
6 DecCVE-2024-8612 Qemu-kvm: information leak in virtio devicesInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-10966 missing SFTP host verification with wolfSSHInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-64433 KubeVirt Arbitrary Container File ReadInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2025-10158 Rsync: Out of bounds array access via negative indexInformation published.MSRC.MICROSOFT.COM
6 DecCVE-2021-23445 Cross-site Scripting (XSS)Information published.MSRC.MICROSOFT.COM
6 DecCVE-2025-4435 Tarfile extracts filtered members when errorlevel=0Information published.MSRC.MICROSOFT.COM
6 DecCVE-2022-4304 Timing Oracle in RSA DecryptionInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
6 DecCybersecurity Today Month In Review - December 5th, 2025Cybersecurity Today: The Rise of Living Off the Land Strategies & More In this episode of Cybersecurity Today's Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss several pressing cybersecurity issues, …CYBERSECURITYTODAY.LIBSYN.COM
6 DecResearchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE AttacksOver 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security s…THEHACKERNEWS.COM
6 DecBarts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop RansomwareBarts Health NHS Trust has disclosed a significant data breach affecting patient and staff information after the Cl0p ransomware gang exploited a critical vulnerability in Oracle E-Business Suite software. The criminal syndicate stole files from an invoice database. It published …GBHACKERS.COM
6 DecTo Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spywaresubmitted by cm0002 to cybersecurity 1 points | 0 comments https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/INFOSEC.PUB
🔥 INCIDENT REPORTING 1[−]
6 DecKinoKong - 817,808 breached accountsIn March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 4[−]
6 DecFvncBot Android Malware Steals Keystrokes and Injects Harmful PayloadsA newly discovered Android banking trojan, FvncBot, has emerged as a sophisticated threat targeting mobile banking users in Poland. Researchers from Intel 471 first identified this malware on November 25, 2025, disguised as a security application from mBank, one of Poland’s…GBHACKERS.COM
6 DecMetaverse and Beyond: Understanding Your Threat VectorsIn today's digital landscape, third-party dependencies like VMware, Metaverse, and more are reshaping our threat models. As enterprises integrate these components, they face new cybersecurity challenges and potential vulnerabilities. Are you prepared to manage these hidden risks?…YOUTUBE.COM
6 DecSVG Filters - Clickjacking 2.0submitted by codeinabox to security 1 points | 0 comments https://lyra.horse/blog/2025/12/svg-clickjacking/PROGRAMMING.DEV
6 DecMalicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive DataA hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that impersonate popular Google tools. These fake packages, designed to trick busy devel…GBHACKERS.COM
📡 INFOSEC NEWS 2[−]
6 DecDrones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay MillA sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.KREBSONSECURITY.COM
6 DecNew wave of VPN login attempts targets Palo Alto GlobalProtect portalsA campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. [...]BLEEPINGCOMPUTER.COM