MATLOCK.CA
110Articles
9Categories
2025-12-11Date
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-58360 OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability  This type of vulnerability is a frequent …
KEVCISA.GOV — Thu, 11 Dec 25 1
πŸ›
Hidden .NET HTTP proxy behavior can open RCE flaws in apps β€” a security issue Microsoft won’t fix
CSOONLINE.COM — 11 Dec 2025
πŸ›
Fortinet admins urged to update software to close FortiCloud SSO holes
KEVCSOONLINE.COM — 11 Dec 2025
πŸ›
CVE-2025-40334 drm/amdgpu: validate userq buffer virtual address and size
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-62408 c-ares has a Use After Free vulnerability when connection is cleaned up after error
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-40336 drm/gpusvm: fix hmm_pfn_to_map_order() usage
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-40338 ASoC: Intel: avs: Do not share the name pointer between components
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-11934 Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
CVE-2025-11933 DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
THEHACKERNEWS.COM — 11 Dec 2025
πŸ›
Ivantis EPM-Systeme anfΓ€llig fΓΌr Angriffe
CSOONLINE.COM — 11 Dec 2025
πŸ›
High-Severity Jenkins Flaw Enables Unauthenticated DoS Through HTTP CLI
GBHACKERS.COM — 11 Dec 2025
πŸ›
React2Shell flaw (CVE-2025-55182) exploited for remote code execution
SOPHOS.COM — 11 Dec 2025
πŸ›
SAML authentication broken almost beyond repair
CSOONLINE.COM — 11 Dec 2025
πŸ›
2025 CWE Top 25 Most Dangerous Software Weaknesses
CISA.GOV — Thu, 11 Dec 25 1
πŸ›
CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
Chromium: CVE-2025-14373 Inappropriate implementation in Toolbar
MSRC.MICROSOFT.COM — 11 Dec 2025
πŸ›
Chromium: CVE-2025-14372 Use after free in Password Manager
MSRC.MICROSOFT.COM — 11 Dec 2025
⚠️
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
THEHACKERNEWS.COM — 11 Dec 2025
⚠️
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
THEHACKERNEWS.COM — 11 Dec 2025
⚠️
Security researchers given new boost
CSOONLINE.COM — 11 Dec 2025
⚠️
Smashing Security podcast #447: Grok the stalker, the Louvre heist, and Microsoft 365 mayhem
GRAHAMCLULEY.COM — 11 Dec 2025
⚠️
644K+ Websites at Risk Due to Critical React Server Components Flaw
GBHACKERS.COM — 11 Dec 2025
⚠️
Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution
KEVTHEHACKERNEWS.COM — 11 Dec 2025
⚠️
Google Patches Mysterious Chrome Zero-Day Exploited in the Wild
KEVSECURITYWEEK.COM — 11 Dec 2025
⚠️
700+ self-hosted Git instances battered in 0-day attacks (RCE in Gogs)
SH.ITJUST.WORKS — 11 Dec 2025
⚠️
Google fixes eighth Chrome zero-day exploited in attacks in 2025
KEVBLEEPINGCOMPUTER.COM — 11 Dec 2025
⚠️
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
THEHACKERNEWS.COM — 11 Dec 2025
⚠️
Wide Range of Malware Delivered in React2Shell Attacks
SECURITYWEEK.COM — 11 Dec 2025
⚠️
Unpatched Gogs Zero-Day Exploited for Months
SECURITYWEEK.COM — 11 Dec 2025
⚠️
Pierce County Library Data Breach Impacts 340,000
SECURITYWEEK.COM — 11 Dec 2025
⚠️
Hackers exploit unpatched Gogs zero-day to breach 700 servers
BLEEPINGCOMPUTER.COM — 11 Dec 2025
⚠️
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
THEHACKERNEWS.COM — 11 Dec 2025
⚠️
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
SH.ITJUST.WORKS — 11 Dec 2025
⚠️
Cybersecurity isn’t underfunded β€” It’s undermanaged
CSOONLINE.COM — 11 Dec 2025
⚠️
AIs Exploiting Smart Contracts
SCHNEIER.COM — 2025-12-11
⚠️
New ClickFix Attacks Exploit Official ChatGPT Website to Deliver macOS Infostealer
GBHACKERS.COM — 11 Dec 2025
⚠️
New β€œSOAPwn” .NET Flaws Expose Barracuda, Ivanti, and Microsoft Devices to RCE
GBHACKERS.COM — 11 Dec 2025
⚠️
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto
GBHACKERS.COM — 11 Dec 2025
⚠️
CISA Releases 12 Industrial Control Systems Advisories
CISA.GOV — Thu, 11 Dec 25 1
⚠️
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
BLEEPINGCOMPUTER.COM — 11 Dec 2025
⚠️
Wie im Netz gezielt manipuliert wird
CSOONLINE.COM — 11 Dec 2025
⚠️
DNS Spoofing for Firmware Updates
YOUTUBE.COM — 2025-12-11
⚠️
Adversarial Poetry and the Efficacy of AI Guardrails
F5.COM — 11 Dec 2025
⚠️
Adversarial Poetry and the Efficacy of AI Guardrails
F5.COM — 11 Dec 2025
⚠️
Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis
TRAILOFBITS.COM — 11 Dec 2025
πŸ“‹
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit β€” and 20 More Stories
THEHACKERNEWS.COM — 11 Dec 2025
πŸ“‹
A big finish to 2025 in December’s Patch Tuesday
SOPHOS.COM — 11 Dec 2025
πŸ“’
How to justify your security investments
CSOONLINE.COM — 11 Dec 2025
πŸ“’
CISA: Pro-Russia Hacktivists Target US Critical Infrastructure
SH.ITJUST.WORKS — 11 Dec 2025
πŸ“’
Just a moment...
SH.ITJUST.WORKS — 11 Dec 2025
πŸ“’
GitLab security advisory (AV25-827)
CYBER.GC.CA — 2025-12-11
πŸ“’
Google Chrome security advisory (AV25-829)
CYBER.GC.CA — 2025-12-11
πŸ“’
Drupal security advisory (AV25-828)
CYBER.GC.CA — 2025-12-11
πŸ”₯
GOLD SALEM tradecraft for deploying Warlock ransomware
SOPHOS.COM — 11 Dec 2025
πŸ”₯
Japanese Firms Suffer Long Tail of Ransomware Damage
SH.ITJUST.WORKS — 11 Dec 2025
πŸ”₯
AI is accelerating cyberattacks. Is your network prepared?
BLEEPINGCOMPUTER.COM — 11 Dec 2025
πŸ”₯
Breach of 120 000 IP cameras in South Korea: security tips | Kaspersky official blog
KASPERSKY.COM — 11 Dec 2025
πŸ”₯
UK fines LastPass over 2022 data breach impacting 1.6 million users
BLEEPINGCOMPUTER.COM — 11 Dec 2025
πŸ”₯
New DroidLock Malware Locks Android Devices and Demands Ransom Payment
GBHACKERS.COM — 11 Dec 2025
πŸ”₯
New 01Flip Ransomware Targets Both Windows and Linux Systems
GBHACKERS.COM — 11 Dec 2025
πŸ”₯
US banks scramble to assess data theft after hackers breach financial tech firm | TechCrunch
INFOSEC.PUB — 11 Dec 2025
πŸ”₯
Battering RAM hardware hack breaks secure CPU enclaves
CSOONLINE.COM — 11 Dec 2025
πŸ”₯
Notepad++ fixes flaw that let attackers push malicious update files
BLEEPINGCOMPUTER.COM — 11 Dec 2025
πŸ”₯
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
WELIVESECURITY.COM — 11 Dec 2025
πŸ•΅οΈ
GitLab discovers widespread npm supply chain attack
INFOSEC.PUB — 11 Dec 2025
πŸ•΅οΈ
ISC Stormcast For Thursday, December 11th, 2025 https://isc.sans.edu/podcastdetail/9734, (Thu, Dec 11th)
ISC.SANS.EDU — 11 Dec 2025
πŸ•΅οΈ
Using AI Gemma 3 Locally with a Single CPU , (Wed, Dec 10th)
ISC.SANS.EDU — 11 Dec 2025
πŸ•΅οΈ
Security Alert: 19 Fake PNG Extensions Found in VS Code Marketplace
GBHACKERS.COM — 11 Dec 2025
πŸ•΅οΈ
New β€œSpiderman” Phishing Kit Lets Hackers Build Fake Bank Login Pages Instantly
GBHACKERS.COM — 11 Dec 2025
πŸ•΅οΈ
LW ROUNDTABLE: Lessons from 2025 β€” Cyber risk got personal; accountability enters a new phase
LASTWATCHDOG.COM — 11 Dec 2025
πŸ•΅οΈ
IBM Patches Over 100 Vulnerabilities
SECURITYWEEK.COM — 11 Dec 2025
πŸ•΅οΈ
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
THEHACKERNEWS.COM — 11 Dec 2025
πŸ•΅οΈ
New DroidLock malware locks Android devices and demands a ransom
SH.ITJUST.WORKS — 11 Dec 2025
πŸ•΅οΈ
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
SH.ITJUST.WORKS — 11 Dec 2025
πŸ•΅οΈ
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations
SECURITYWEEK.COM — 11 Dec 2025
πŸ•΅οΈ
Former Accenture Employee Charged Over Cybersecurity Fraud
SECURITYWEEK.COM — 11 Dec 2025
πŸ•΅οΈ
Invisible IT is becoming the next workplace priority - Help Net Security
SH.ITJUST.WORKS — 11 Dec 2025
πŸ•΅οΈ
Over 10,000 Docker Hub images found leaking credentials, auth keys
SH.ITJUST.WORKS — 11 Dec 2025
πŸ•΅οΈ
AI Agents: The Next Big Challenge in Identity Management
YOUTUBE.COM — 2025-12-11
πŸ•΅οΈ
Virtual Event Today: Cyber AI & Automation Summit Day 2
SECURITYWEEK.COM — 11 Dec 2025
πŸ•΅οΈ
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
GBHACKERS.COM — 11 Dec 2025
πŸ•΅οΈ
INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps
GBHACKERS.COM — 11 Dec 2025
πŸ•΅οΈ
Charming Kitten Leak Reveals Key Operatives, Front Firms, and Massive Global Compromise
GBHACKERS.COM — 11 Dec 2025
πŸ•΅οΈ
ValleyRAT Malware Evades Windows 11 Security with Stealthy Driver Install
GBHACKERS.COM — 11 Dec 2025
πŸ•΅οΈ
Contractors with hacking records accused of wiping 96 govt databases
INFOSEC.PUB — 11 Dec 2025
πŸ•΅οΈ
Imposter for hire: How fake people can gain very real access
MICROSOFT.COM — 11 Dec 2025
πŸ•΅οΈ
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
SH.ITJUST.WORKS — 11 Dec 2025
πŸ•΅οΈ
Fresh CKS (and CKA) tips and takeaways
INFOSEC.PUB — 11 Dec 2025
πŸ•΅οΈ
New DroidLock malware locks Android devices and demands a ransom
INFOSEC.PUB — 11 Dec 2025
πŸ•΅οΈ
Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar
PALOALTONETWORKS.COM — 11 Dec 2025
πŸ•΅οΈ
Tech Segment: MITM Automation + Security News - Josh Bressers - PSW #904
YOUTUBE.COM — 2025-12-11
πŸ•΅οΈ
News alert: INE sees surge in Q4 budget shifts as enterprises embrace hands-on training for AI roles
LASTWATCHDOG.COM — 11 Dec 2025
🌐
Malicious VSCode Marketplace extensions hid trojan in fake PNG file
BLEEPINGCOMPUTER.COM — 11 Dec 2025
🌐
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
TRENDMICRO.COM — 11 Dec 2025
🌐
Palestine Action: Operations and Global Network
RECORDEDFUTURE.COM — 11 Dec 2025
πŸ“‘
Microsoft fixes Windows Explorer white flashes in dark mode
BLEEPINGCOMPUTER.COM — 11 Dec 2025
πŸ“‘
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
THEHACKERNEWS.COM — 11 Dec 2025
πŸ“‘
Security flaws in Freedom Chat app exposed users’ phone numbers and PINs
TECHCRUNCH.COM — 11 Dec 2025
πŸ“‘
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
BLEEPINGCOMPUTER.COM — 11 Dec 2025
πŸ“‘
Microsoft bounty program now includes any flaw impacting its services
BLEEPINGCOMPUTER.COM — 11 Dec 2025
πŸ“‘
A modern tale of blinkenlights
QUARKSLAB.COM — 2025-12-11
πŸ“‘
Sophos Tops G2 Winter 2026 Reports: #1 Overall in Endpoint, XDR, MDR and Firewall
SOPHOS.COM — 11 Dec 2025
πŸ“‘
Brave browser starts testing agentic AI mode for automated tasks
BLEEPINGCOMPUTER.COM — 11 Dec 2025
πŸ“‘
Locks, SOCs and a cat in a box: What SchrΓΆdinger can teach us about cybersecurity
WELIVESECURITY.COM — 11 Dec 2025