MATLOCK.CA
101Articles
8Categories
2025-12-08Date
🚨
CISA Adds Critical React2Shell Vulnerability to KEV Catalog After Active ExploitationThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Meta’s React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifier CVE-2025-55182, the security flaw dubbed …
KEVGBHACKERS.COM — 08 Dec 2025
🚨
CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2022-37055 D-Link Routers Buffer Overflow Vulnerability CVE-2025-66644 Array Networks ArrayOS AG OS Command Injection Vulnerability  Th…
KEVCISA.GOV — Mon, 08 Dec 25 1
πŸ›
Critical Cal.com Flaw Allows Attackers to Bypass Authentication Using Fake TOTP Codes
GBHACKERS.COM — 08 Dec 2025
πŸ›
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code
KEVGBHACKERS.COM — 08 Dec 2025
πŸ›
Exploitation of React2Shell Surges
SECURITYWEEK.COM — 08 Dec 2025
πŸ›
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
KEVTHEHACKERNEWS.COM — 08 Dec 2025
πŸ›
Apache Tika hit by critical vulnerability thought to be patched months ago
CSOONLINE.COM — 08 Dec 2025
πŸ›
CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40287 exfat: fix improper check of dentry.stream.valid_size
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40275 ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40285 smb/server: fix possible refcount leak in smb2_sess_setup()
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40273 NFSD: free copynotify stateid in nfs4_free_ol_stateid()
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self().
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40281 sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40269 ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40268 cifs: client: fix memory leak in smb3_fs_context_parse_param
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40272 mm/secretmem: fix use-after-free race in fault handler
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40288 drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40283 Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40286 smb/server: fix possible memory leak in smb2_read()
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40279 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
MSRC.MICROSOFT.COM — 08 Dec 2025
πŸ›
CVE-2025-40282 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
MSRC.MICROSOFT.COM — 08 Dec 2025
⚠️
DevelopmentTools May Allow Remote Compromise
CYBERSECURITYTODAY.LIBSYN.COM — 08 Dec 2025
⚠️
Indonesia’s Gambling Industry Reveals Clues of Nationwide Cyber Involvement
GBHACKERS.COM — 08 Dec 2025
⚠️
Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude, and Other AI Tools Affect Millions
GBHACKERS.COM — 08 Dec 2025
⚠️
Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission
CSOONLINE.COM — 08 Dec 2025
⚠️
Offensive security takes center stage in the AI era
CSOONLINE.COM — 08 Dec 2025
⚠️
Apache warns of critical vulnerability in Tika toolkit
SH.ITJUST.WORKS — 8 Dec 2025
⚠️
Fix your dumb misconfigurations, AI isn't people, and the weekly news - ESW #436
YOUTUBE.COM — 2025-12-08
⚠️
Critical Apache Tika Vulnerability Leads to XXE Injection
SECURITYWEEK.COM — 08 Dec 2025
⚠️
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
THEHACKERNEWS.COM — 08 Dec 2025
⚠️
LOLPROX Unveils Undetected Exploitation Routes for Stealthy Hypervisor Attacks
GBHACKERS.COM — 08 Dec 2025
⚠️
Next.js Releases Scanner to Detect and Fix Apps Affected by React2Shell Vulnerability
GBHACKERS.COM — 08 Dec 2025
⚠️
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
GBHACKERS.COM — 08 Dec 2025
⚠️
WatchGuard Firebox Vulnerabilities Let Hackers Skip Integrity Validation and Plant Malicious Code
GBHACKERS.COM — 08 Dec 2025
⚠️
⚑ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
THEHACKERNEWS.COM — 08 Dec 2025
⚠️
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
SH.ITJUST.WORKS — 8 Dec 2025
⚠️
KI schafft neue Sicherheitsrisiken fΓΌr OT-Netzwerke
CSOONLINE.COM — 08 Dec 2025
⚠️
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
SH.ITJUST.WORKS — 8 Dec 2025
⚠️
Hackers Exploit Multiple Ad Networks to Distribute Triada Malware to Android Users
GBHACKERS.COM — 08 Dec 2025
⚠️
US Contributes to 44% of Cyber Attacks; Public Administration Targeted for Financial Gains
GBHACKERS.COM — 08 Dec 2025
⚠️
Hackers Exploit Delivery Receipts in Messaging Apps to Steal Users’ Private Information
GBHACKERS.COM — 08 Dec 2025
⚠️
Agents at the Door: Vetting Non-Human Identities in External IAM - Rakesh Soni - CSP #219
YOUTUBE.COM — 2025-12-08
⚠️
When it comes to security resilience, cheaper isn’t always better
CSOONLINE.COM — 08 Dec 2025
⚠️
Keep AI browsers out of your enterprise, warns Gartner
CSOONLINE.COM — 08 Dec 2025
⚠️
Architecting Security for Agentic Capabilities in Chrome
SECURITY.GOOGLEBLOG.COM — 2025-12-08
⚠️
News alert: INE recognized in G2 Winter 2026 rankings for global strength in cyber and IT training
LASTWATCHDOG.COM — 08 Dec 2025
⚠️
FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024
BLEEPINGCOMPUTER.COM — 08 Dec 2025
⚠️
Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors
KEVRECORDEDFUTURE.COM — 08 Dec 2025
πŸ“’
IBM security advisory (AV25-811)
CYBER.GC.CA — 2025-12-08
πŸ“’
Ubuntu security advisory (AV25-813)
CYBER.GC.CA — 2025-12-08
πŸ“’
Dell security advisory (AV25-812)
CYBER.GC.CA — 2025-12-08
πŸ“’
Red Hat security advisory (AV25-814)
CYBER.GC.CA — 2025-12-08
πŸ“’
[Control systems] CISA ICS security advisories (AV25–815)
CYBER.GC.CA — 2025-12-08
πŸ“’
WatchGuard security advisory (AV25-816)
CYBER.GC.CA — 2025-12-08
πŸ”₯
Shanya EDR Killer: The New Favorite Tool for Ransomware Operators
GBHACKERS.COM — 08 Dec 2025
πŸ”₯
LockBit 5.0 Infrastructure Exposed as Hackers Leak Critical Server Data
GBHACKERS.COM — 08 Dec 2025
πŸ”₯
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
THEHACKERNEWS.COM — 08 Dec 2025
πŸ”₯
Ransomware Payments Surpassed $4.5 Billion: US Treasury
SECURITYWEEK.COM — 08 Dec 2025
πŸ”₯
LockBit 5.0 Infrastructure Exposed in New Server, IP and Domain Leak
SH.ITJUST.WORKS — 8 Dec 2025
πŸ”₯
Tri-Century Eye Care Data Breach Impacts 200,000 Individuals
SECURITYWEEK.COM — 08 Dec 2025
πŸ”₯
US military contractor breach expose employee data | Cybernews
SH.ITJUST.WORKS — 8 Dec 2025
πŸ”₯
Cl0p ransomware stole Barts Health's patient and staff invoice data, trust confirms | Cybernews
SH.ITJUST.WORKS — 8 Dec 2025
πŸ”₯
Operation Kitten: Hacktivist Groups Targeting Israel with Cyberattacks
GBHACKERS.COM — 08 Dec 2025
πŸ”₯
Asus supplier hacked by Everest gang, loses 1 TB of data β€’ The Register
SH.ITJUST.WORKS — 8 Dec 2025
πŸ”₯
Pharma firm Inotiv discloses data breach after ransomware attack
SH.ITJUST.WORKS — 8 Dec 2025
πŸ”₯
Stronger together: New Beazley collaboration enhances cyber resilience
MICROSOFT.COM — 08 Dec 2025
πŸ”₯
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
THEHACKERNEWS.COM — 08 Dec 2025
πŸ”₯
Ransomware gangs turn to Shanya EXE packer to hide EDR killers
BLEEPINGCOMPUTER.COM — 08 Dec 2025
πŸ•΅οΈ
ISC Stormcast For Monday, December 8th, 2025 https://isc.sans.edu/podcastdetail/9728, (Mon, Dec 8th)
ISC.SANS.EDU — 08 Dec 2025
πŸ•΅οΈ
Portugal updates cybercrime law to exempt security researchers
SH.ITJUST.WORKS — 8 Dec 2025
πŸ•΅οΈ
Porsche Cars Disabled After Major Failure in Installed Satellite Security System
GBHACKERS.COM — 08 Dec 2025
πŸ•΅οΈ
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
GBHACKERS.COM — 08 Dec 2025
πŸ•΅οΈ
Substitution Cipher Based on The Voynich Manuscript
SCHNEIER.COM — 2025-12-08
πŸ•΅οΈ
NVIDIA research shows how agentic AI fails under attack - Help Net Security
SH.ITJUST.WORKS — 8 Dec 2025
πŸ•΅οΈ
Notorious Cybercrime Group is Now Targeting Zendesk Users
KNOWBE4.COM — 08 Dec 2025
πŸ•΅οΈ
Exposing the Core Functionalities of QuasarRAT: Encrypted Configuration and Obfuscation Techniques
GBHACKERS.COM — 08 Dec 2025
πŸ•΅οΈ
NVIDIA and Lakera AI Propose Unified Framework for Agent Safety
GBHACKERS.COM — 08 Dec 2025
πŸ•΅οΈ
Apple, Google, and Samsung May Soon Activate Always-On GPS in India
GBHACKERS.COM — 08 Dec 2025
πŸ•΅οΈ
Resemble AI Raises $13 Million for AI Threat Detection
SECURITYWEEK.COM — 08 Dec 2025
πŸ•΅οΈ
CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary
SECURITYWEEK.COM — 08 Dec 2025
πŸ•΅οΈ
How Agentic BAS AI Turns Threat Headlines Into Defense Strategies
BLEEPINGCOMPUTER.COM — 08 Dec 2025
πŸ•΅οΈ
ThreatLocker: Zero Trust & Threat Detection
YOUTUBE.COM — 2025-12-08
πŸ•΅οΈ
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks
SECURITYWEEK.COM — 08 Dec 2025
πŸ•΅οΈ
New FvncBot Android banking trojan targets Poland
SH.ITJUST.WORKS — 8 Dec 2025
πŸ•΅οΈ
INE Earns G2 Winter 2026 Badges Across Global Markets
GBHACKERS.COM — 08 Dec 2025
πŸ•΅οΈ
When the Digital World Turns Physical: The Expanding Role of Threat Intelligence in Executive Protection
RECORDEDFUTURE.COM — 08 Dec 2025
🌐
AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
TRENDMICRO.COM — 08 Dec 2025
🌐
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
THEHACKERNEWS.COM — 08 Dec 2025
🌐
ShellShock Makes a Comeback and RondoDox Changes Tactics
F5.COM — 08 Dec 2025
🌐
Malicious VSCode extensions on Microsoft's registry drop infostealers
BLEEPINGCOMPUTER.COM — 08 Dec 2025
🌐
ShellShock Makes a Comeback and RondoDox Changes Tactics
F5.COM — 08 Dec 2025
πŸ“‘
Privacy concerns raised as Grok AI found to be a stalker’s best friend
BITDEFENDER.COM — 08 Dec 2025
πŸ“‘
Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more
TECHCRUNCH.COM — 08 Dec 2025
πŸ“‘
Google Chrome adds new security layer for Gemini AI agentic browsing
BLEEPINGCOMPUTER.COM — 08 Dec 2025
πŸ“‘
Poland arrests Ukrainians utilizing 'advanced' hacking equipment
BLEEPINGCOMPUTER.COM — 08 Dec 2025
πŸ“‘
FTC upholds ban on stalkerware founder Scott Zuckerman
TECHCRUNCH.COM — 08 Dec 2025
πŸ“‘
[webapps] Pluck 4.7.7-dev2 - PHP Code Execution
EXPLOIT-DB.COM — 08 Dec 2025