matlock.ca // THREAT INTELLIGENCE — 2025-12-10

89Articles

9Categories

2025-12-10Date

🚨

Hundreds of Ivanti EPM systems exposed online as critical flaw patchedIvanti has patched a critical vulnerability in Endpoint Manager that enables attackers to hijack administrator sessions without authentication and potentially control thousands of enterprise devices. The company released EPM version 2024 SU4 SR1 to address four vulnerabilities, i…

KEVCSOONLINE.COM — 10 Dec 2025

🐛

December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

KEVCSOONLINE.COM — 10 Dec 2025

🐛

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

THEHACKERNEWS.COM — 10 Dec 2025

🐛

CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation

TRENDMICRO.COM — 10 Dec 2025

🐛

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

KEVTHEHACKERNEWS.COM — 10 Dec 2025

🐛

High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking

GBHACKERS.COM — 10 Dec 2025

🐛

Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data

GBHACKERS.COM — 10 Dec 2025

🐛

PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling

GBHACKERS.COM — 10 Dec 2025

🐛

Microsoft Outlook Flaw Lets Attackers Execute Malicious Code Remotely

GBHACKERS.COM — 10 Dec 2025

🐛

Windows PowerShell 0-Day Lets Attackers Execute Arbitrary Code

GBHACKERS.COM — 10 Dec 2025

🐛

Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection), (Wed, Dec 10th)

ISC.SANS.EDU — 10 Dec 2025

⚠️

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

CSOONLINE.COM — 10 Dec 2025

⚠️

Tools, um MCP-Server abzusichern

CSOONLINE.COM — 10 Dec 2025

⚠️

Google Chrome's AI Safety Plan? More AI

CYBERSECURITYTODAY.LIBSYN.COM — 10 Dec 2025

⚠️

Polymorphic AI malware exists — but it’s not what you think

KEVCSOONLINE.COM — 10 Dec 2025

⚠️

Key cybersecurity takeaways from the 2026 NDAA

CSOONLINE.COM — 10 Dec 2025

⚠️

Intel, AMD Processors Affected by PCIe Vulnerabilities

SECURITYWEEK.COM — 10 Dec 2025

⚠️

Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

KEVTHEHACKERNEWS.COM — 10 Dec 2025

⚠️

Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks - Justin Hazard - BSW #425

YOUTUBE.COM — 2025-12-10

⚠️

SAP Patches Critical Vulnerabilities With December 2025 Security Updates

SECURITYWEEK.COM — 10 Dec 2025

⚠️

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

SECURITYWEEK.COM — 10 Dec 2025

⚠️

Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes

THEHACKERNEWS.COM — 10 Dec 2025

⚠️

KI-Browser gefährden Unternehmen

CSOONLINE.COM — 10 Dec 2025

⚠️

Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data

SECURITYWEEK.COM — 10 Dec 2025

⚠️

Cybercriminals Use Fake Game Updates on Itch.io and Patreon to Push Lumma Stealer

GBHACKERS.COM — 10 Dec 2025

⚠️

Gemini Zero-Click Flaw Let Attackers Access Gmail, Calendar, and Google Docs

GBHACKERS.COM — 10 Dec 2025

⚠️

Microsoft Releases New Guidance to Combat the Shai-Hulud 2.0 Supply Chain Threat

GBHACKERS.COM — 10 Dec 2025

⚠️

Quantum meets AI: The next cybersecurity battleground

CSOONLINE.COM — 10 Dec 2025

⚠️

Cursor lacks spending caps, researchers warn | Cybernews

SH.ITJUST.WORKS — 10 Dec 2025

⚠️

Report: Phishing Has Surged 400% Year-Over-Year

KNOWBE4.COM — 10 Dec 2025

⚠️

Microsoft Patches 57 Vulnerabilities, Three Zero-Days - SecurityWeek

SH.ITJUST.WORKS — 10 Dec 2025

⚠️

Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling

THEHACKERNEWS.COM — 10 Dec 2025

⚠️

Threat Actors Exploit ChatGPT and Grok Conversations to Deliver AMOS Stealer

GBHACKERS.COM — 10 Dec 2025

⚠️

Why a secure software development life cycle is critical for manufacturers

BLEEPINGCOMPUTER.COM — 10 Dec 2025

⚠️

Salesforce's Evolving Data Landscape

YOUTUBE.COM — 2025-12-10

⚠️

Vulnerability-Lookup 2.19.0

INFOSEC.PUB — 10 Dec 2025

⚠️

Behind the breaches: Case studies that reveal adversary motives and modus operandi

CSOONLINE.COM — 10 Dec 2025

⚠️

How can staff+ security engineers force-multiply their impact?

CSOONLINE.COM — 10 Dec 2025

⚠️

Ransomware may have extorted over $2.1 billion between 2022-2024, but it’s not all bad news, claims FinCEN report

FORTRA.COM — 10 Dec 2025

⚠️

HTTPS certificate industry phasing out less secure domain validation methods

SECURITY.GOOGLEBLOG.COM — 2025-12-10

⚠️

Salesforce Backups: A Hidden Risk?

YOUTUBE.COM — 2025-12-10

⚠️

Risky Business #818 -- React2Shell is a fun one

RISKY.BIZ — 10 Dec 2025

📋

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

SECURITYWEEK.COM — 10 Dec 2025

📢

CISA and FBI Warn of Pro-Russia Hacktivist Attacks on Critical Infrastructure Worldwide

GBHACKERS.COM — 10 Dec 2025

📢

Joint cyber security advisory on pro-Russia hacktivists conducting opportunistic attacks on global critical infrastructure

CYBER.GC.CA — 2025-12-10

📢

Multiple India-based CCTV Cameras | CISA

SH.ITJUST.WORKS — 10 Dec 2025

📢

Ivanti security advisory (AV25-824)

CYBER.GC.CA — 2025-12-10

📢

Adobe security advisory (AV25-823)

CYBER.GC.CA — 2025-12-10

📢

[Control systems] Schneider Electric security advisory (AV25-825)

CYBER.GC.CA — 2025-12-10

📢

Jenkins security advisory (AV25-826)

CYBER.GC.CA — 2025-12-10

📢

Microsoft Teams to warn of suspicious traffic with external domains

BLEEPINGCOMPUTER.COM — 10 Dec 2025

🔥

Four years later, Irish health service offers €750 to victims of ransomware attack

BITDEFENDER.COM — 10 Dec 2025

🔥

Ukrainian hacker charged with helping Russian hacktivist groups

BLEEPINGCOMPUTER.COM — 10 Dec 2025

🔥

FortiGuard Team Uncovers Stealth Forensic Data Within Windows Telemetry

GBHACKERS.COM — 10 Dec 2025

🔥

ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings – Hackread – Cybersecurity News, Data Breaches, AI, and More

SH.ITJUST.WORKS — 10 Dec 2025

🔥

Hackers claim Volkswagen dealer data is for sale | Cybernews

SH.ITJUST.WORKS — 10 Dec 2025

🔥

Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft – Hackread – Cybersecurity News, Data Breaches, AI, and More

SH.ITJUST.WORKS — 10 Dec 2025

🔥

Over 300,000 Individuals Impacted by Vitas Hospice Data Breach - SecurityWeek

SH.ITJUST.WORKS — 10 Dec 2025

🔥

CEO of South Korean retail giant Coupang resigns after massive data breach

TECHCRUNCH.COM — 10 Dec 2025

🕵️

ISC Stormcast For Wednesday, December 10th, 2025 https://isc.sans.edu/podcastdetail/9732, (Wed, Dec 10th)

ISC.SANS.EDU — 10 Dec 2025

🕵️

UK Sanctions Russian and Chinese Firms Suspected of Being ‘Malign Actors’ in Information Warfare

SECURITYWEEK.COM — 10 Dec 2025

🕵️

Personal Branding geht auch ohne Agentur

CSOONLINE.COM — 10 Dec 2025

🕵️

FBI Warns of Fake Video Scams

SCHNEIER.COM — 2025-12-10

🕵️

Poland arrests Ukrainians utilizing 'advanced' hacking equipment

SH.ITJUST.WORKS — 10 Dec 2025

🕵️

Fortinet Patches Critical Authentication Bypass Vulnerabilities

SECURITYWEEK.COM — 10 Dec 2025

🕵️

AI-Powered Analysis Exposes Massive 5,000-Domain Chinese Malware Operation

GBHACKERS.COM — 10 Dec 2025

🕵️

Notepad++ updater installed malware

SH.ITJUST.WORKS — 10 Dec 2025

🕵️

US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups

SECURITYWEEK.COM — 10 Dec 2025

🕵️

DocuSign phishing ranks as top inbox threat, analysis finds | SC Media

SH.ITJUST.WORKS — 10 Dec 2025

🕵️

Parrot 7.0 Beta Introduces Debian 13 and a Fully Redesigned Desktop

GBHACKERS.COM — 10 Dec 2025

🕵️

What are You Working on Wednesday

INFOSEC.PUB — 10 Dec 2025

🕵️

Virtual Event Today: Cyber AI & Automation Summit

SECURITYWEEK.COM — 10 Dec 2025

🕵️

Israeli Cybersecurity Funding Hits $4.4 Billion Record High

SECURITYWEEK.COM — 10 Dec 2025

🕵️

Clarity in complexity: New insights for transparent email security

MICROSOFT.COM — 10 Dec 2025

🕵️

Navigating the Risks of AI-Driven Browsers

YOUTUBE.COM — 2025-12-10

🕵️

From awareness to action: Building a security-first culture for the agentic AI era

MICROSOFT.COM — 10 Dec 2025

🕵️

Social Engineering Campaign Targets Microsoft Teams Users

KNOWBE4.COM — 10 Dec 2025

🕵️

Trend Vision One™ Stacks Up Against Scattered Spider and Mustang Panda in 2025 MITRE ATT&CK® Evaluations

TRENDMICRO.COM — 10 Dec 2025

🕵️

Malicious Apprentice | How Two Hackers Went From Cisco Academy to Cisco CVEs

SENTINELONE.COM — 10 Dec 2025

🌐

Petco takes down Vetco website after exposing customers’ personal information

TECHCRUNCH.COM — 10 Dec 2025

🌐

A stealer hiding in Blender 3D models | Kaspersky official blog

KASPERSKY.COM — 10 Dec 2025

🌐

New DroidLock malware locks Android devices and demands a ransom

BLEEPINGCOMPUTER.COM — 10 Dec 2025

🌐

Google ads for shared ChatGPT, Grok guides push macOS infostealer malware

BLEEPINGCOMPUTER.COM — 10 Dec 2025

📡

Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security

TRENDMICRO.COM — 10 Dec 2025

📡

New Spiderman phishing service targets dozens of European banks

BLEEPINGCOMPUTER.COM — 10 Dec 2025

📡

Sophos achieves its best-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation

SOPHOS.COM — 10 Dec 2025

📡

Over 10,000 Docker Hub images found leaking credentials, auth keys

BLEEPINGCOMPUTER.COM — 10 Dec 2025

📡

Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece

WELIVESECURITY.COM — 10 Dec 2025

📡

Implications of Russia-India-China Trilateral Cooperation

RECORDEDFUTURE.COM — 10 Dec 2025