MATLOCK.CA
92Articles
8Categories
2025-12-12Date
🚨
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is …
KEVTHEHACKERNEWS.COM — 12 Dec 2025
🐛
CVE-2025-49178 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
MSRC.MICROSOFT.COM — 12 Dec 2025
🐛
CVE-2025-49175 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
MSRC.MICROSOFT.COM — 12 Dec 2025
🐛
CVE-2025-49176 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
MSRC.MICROSOFT.COM — 12 Dec 2025
🐛
CVE-2025-49177 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode
MSRC.MICROSOFT.COM — 12 Dec 2025
🐛
CVE-2025-49179 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
MSRC.MICROSOFT.COM — 12 Dec 2025
🐛
CVE-2025-49180 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
MSRC.MICROSOFT.COM — 12 Dec 2025
🐛
CVE-2023-45284 Incorrect detection of reserved device names on Windows in path/filepath
MSRC.MICROSOFT.COM — 12 Dec 2025
🐛
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
THEHACKERNEWS.COM — 12 Dec 2025
🐛
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
THEHACKERNEWS.COM — 12 Dec 2025
🐛
Gladinet servers file-sharing servers allow remote code execution
CSOONLINE.COM — 12 Dec 2025
🐛
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
KEVGBHACKERS.COM — 12 Dec 2025
🐛
MITRE Unveils 2025’s Top 25 Most Dangerous Software Weaknesses
GBHACKERS.COM — 12 Dec 2025
🐛
CISA Alerts on Active Exploitation of Windows Cloud Files Mini Filter 0-Day
GBHACKERS.COM — 12 Dec 2025
🐛
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)
CLOUD.GOOGLE.COM — 12 Dec 2025
⚠️
Meet ConsentFix, a new twist on the ClickFix phishing attack
CSOONLINE.COM — 12 Dec 2025
⚠️
OpenAI expands ‘defense in depth’ security to stop hackers using its AI models to launch cyberattacks
CSOONLINE.COM — 12 Dec 2025
⚠️
Porn Is Being Injected Into Government Websites Via Malicious PDFs
INFOSEC.PUB — 12 Dec 2025
⚠️
Gogs 0-Day Actively Exploited to Compromise Over 700 Servers
KEVGBHACKERS.COM — 12 Dec 2025
⚠️
Notepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy Malware
GBHACKERS.COM — 12 Dec 2025
⚠️
Severe Flaws in React Server Components Enable DoS Attacks and Code Exposure
GBHACKERS.COM — 12 Dec 2025
⚠️
How to simplify enterprise cybersecurity through effective identity management
CSOONLINE.COM — 12 Dec 2025
⚠️
$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits
SECURITYWEEK.COM — 12 Dec 2025
⚠️
MITRE shares 2025's top 25 most dangerous software weaknesses
BLEEPINGCOMPUTER.COM — 12 Dec 2025
⚠️
CISA orders feds to patch actively exploited Geoserver flaw
KEVBLEEPINGCOMPUTER.COM — 12 Dec 2025
⚠️
Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking
SECURITYWEEK.COM — 12 Dec 2025
⚠️
Microsoft Bug Bounty Program Expanded to Third-Party Code
SECURITYWEEK.COM — 12 Dec 2025
⚠️
New Windows RasMan zero-day flaw gets free, unofficial patches
BLEEPINGCOMPUTER.COM — 12 Dec 2025
⚠️
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
SECURITYWEEK.COM — 12 Dec 2025
⚠️
Building Trustworthy AI Agents
SCHNEIER.COM — 2025-12-12
⚠️
Recent GeoServer Vulnerability Exploited in Attacks
SECURITYWEEK.COM — 12 Dec 2025
⚠️
Gladinet CentreStack Flaw Exploited to Hack Organizations
SECURITYWEEK.COM — 12 Dec 2025
⚠️
Google Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazine
SH.ITJUST.WORKS — 12 Dec 2025
⚠️
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
THEHACKERNEWS.COM — 12 Dec 2025
⚠️
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
SH.ITJUST.WORKS — 12 Dec 2025
⚠️
Spiderman and Cybersecurity.
CYBERSECURITYTODAY.LIBSYN.COM — 12 Dec 2025
⚠️
Gogs Git service zero-day exploited since Dec. 1 | SC Media
SH.ITJUST.WORKS — 12 Dec 2025
⚠️
Home Depot exposed access to internal systems for a year, says researcher
TECHCRUNCH.COM — 12 Dec 2025
⚠️
Researchers Revive 2000s ‘Blinkenlights’ to Extract Smartwatch Firmware via Screen Pixels
GBHACKERS.COM — 12 Dec 2025
⚠️
10,000+ Docker Hub Images Exposed with Live Production Credentials from 100+ Firms
GBHACKERS.COM — 12 Dec 2025
⚠️
Google and Apple roll out emergency security updates after zero-day attacks
TECHCRUNCH.COM — 12 Dec 2025
⚠️
Processing 630 Million More Pwned Passwords, Courtesy of the FBI
TROYHUNT.COM — 12 Dec 2025
⚠️
Apple fixes two zero-day flaws exploited in 'sophisticated' attacks
BLEEPINGCOMPUTER.COM — 12 Dec 2025
⚠️
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 12 Dec 2025
⚠️
Catching malicious package releases using a transparency log
TRAILOFBITS.COM — 12 Dec 2025
📢
Trump Signs Executive Order to Block State AI Regulations
SECURITYWEEK.COM — 12 Dec 2025
📢
Atlassian security advisory (AV25-830)
CYBER.GC.CA — 2025-12-12
📢
FreePBX security advisory (AV25–831)
CYBER.GC.CA — 2025-12-12
📢
CISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise Devices
GBHACKERS.COM — 12 Dec 2025
🔥
Where does the data stolen in a phishing attack go? | Kaspersky official blog
KASPERSKY.COM — 12 Dec 2025
🔥
Fieldtex Data Breach Impacts 238,000
SECURITYWEEK.COM — 12 Dec 2025
🔥
UK fines LastPass over 2022 data breach impacting 1.6 million users
SH.ITJUST.WORKS — 12 Dec 2025
🔥
GOLD SALEM tradecraft for deploying Warlock ransomware – Sophos News
SH.ITJUST.WORKS — 12 Dec 2025
🔥
Cyber attack on govt networks surged seven times post Operation Sindoor: NICSI MD - The Economic Times
SH.ITJUST.WORKS — 12 Dec 2025
🔥
“Cyber Tax” Warning as Two-Fifths of SMBs Raise Prices After Breach - Infosecurity Magazine
SH.ITJUST.WORKS — 12 Dec 2025
🔥
In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy
SECURITYWEEK.COM — 12 Dec 2025
🔥
Data breach at credit check giant 700Credit affects at least 5.6 million
TECHCRUNCH.COM — 12 Dec 2025
🔥
Coupang data breach traced to ex-employee who retained system access
BLEEPINGCOMPUTER.COM — 12 Dec 2025
🔥
Risky Biz Soap Box: Graph the planet!
RISKY.BIZ — 12 Dec 2025
🕵️
ISC Stormcast For Friday, December 12th, 2025 https://isc.sans.edu/podcastdetail/9736, (Fri, Dec 12th)
ISC.SANS.EDU — 12 Dec 2025
🕵️
Ashen Lepus Hacker Group Targets Eastern Diplomatic Entities with AshTag Malware Attack
GBHACKERS.COM — 12 Dec 2025
🕵️
Cyberangriff auf Rathaus: Hacker veröffentlichen Daten im Darknet
CSOONLINE.COM — 12 Dec 2025
🕵️
Global agencies sound alarm as pro-Russia hacktivist groups intensify OT intrusions - Industrial Cyber
SH.ITJUST.WORKS — 12 Dec 2025
🕵️
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
SH.ITJUST.WORKS — 12 Dec 2025
🕵️
Fresh Content Updates from November 2025
KNOWBE4.COM — 12 Dec 2025
🕵️
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
SH.ITJUST.WORKS — 12 Dec 2025
🕵️
Zero-Trust-Umsetzung: Die richtige Kommunikation zählt
CSOONLINE.COM — 12 Dec 2025
🕵️
Notepad++ fixes flaw that let attackers push malicious update files
SH.ITJUST.WORKS — 12 Dec 2025
🕵️
AI Agent Creates Bash Script
YOUTUBE.COM — 2025-12-12
🕵️
Malicious VSCode Marketplace extensions hid trojan in fake PNG file
SH.ITJUST.WORKS — 12 Dec 2025
🕵️
Just a moment...
SH.ITJUST.WORKS — 12 Dec 2025
🕵️
Intel, AMD Processors Affected by PCIe Vulnerabilities - SecurityWeek
SH.ITJUST.WORKS — 12 Dec 2025
🕵️
New DroidLock malware locks Android devices and demands a ransom
INFOSEC.PUB — 12 Dec 2025
🕵️
New JSCEAL Infostealer Malware Targets Windows Systems to Steal Login Credentials
GBHACKERS.COM — 12 Dec 2025
🕵️
Research Findings on the Fate of Data Stolen in Phishing Attacks
GBHACKERS.COM — 12 Dec 2025
🕵️
New AiTM Attack Campaign Bypasses MFA to Target Microsoft 365 and Okta Users
GBHACKERS.COM — 12 Dec 2025
🕵️
ConsentFix Attack Lets Hackers Hijack Microsoft Accounts via Azure CLI Abuse
GBHACKERS.COM — 12 Dec 2025
🕵️
LW ROUNDTABLE Part 2: Mandates surge, guardrails lag — intel from the messy middle
LASTWATCHDOG.COM — 12 Dec 2025
🕵️
Off-Topic Friday
INFOSEC.PUB — 12 Dec 2025
🕵️
North Korean Job Invitation
KNOWBE4.COM — 12 Dec 2025
🕵️
Friday Squid Blogging: Giant Squid Eating a Diamondback Squid
SCHNEIER.COM — 2025-12-12
🕵️
Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet - SWN #537
YOUTUBE.COM — 2025-12-12
🕵️
Disney's $1B Sora Deal: What Could Go Wrong?
YOUTUBE.COM — 2025-12-12
🌐
Fake ‘One Battle After Another’ torrent hides malware in subtitles
BLEEPINGCOMPUTER.COM — 12 Dec 2025
📡
Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)
ISC.SANS.EDU — 12 Dec 2025
📡
MKVCinemas streaming piracy service with 142M visits shuts down
BLEEPINGCOMPUTER.COM — 12 Dec 2025
📡
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
THEHACKERNEWS.COM — 12 Dec 2025
📡
Gartner tells businesses to block AI browsers now
FORTRA.COM — 12 Dec 2025
📡
Kali Linux 2025.4 released with 3 new tools, desktop updates
BLEEPINGCOMPUTER.COM — 12 Dec 2025
📡
Shadow spreadsheets: The security gap your tools can’t see
BLEEPINGCOMPUTER.COM — 12 Dec 2025
📡
Flaw in photo booth maker’s website exposes customers’ pictures
TECHCRUNCH.COM — 12 Dec 2025
📡
Black Hat Europe 2025: Was that device designed to be on the internet at all?
WELIVESECURITY.COM — 12 Dec 2025