matlock.ca // THREAT INTELLIGENCE

111Articles

8Categories

2025-12-18Date

🐛

Microsoft warns MSMQ may fail after update, breaking apps

CSOONLINE.COM — 18 Dec 2025

🐛

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

KEVTHEHACKERNEWS.COM — 18 Dec 2025

🐛

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear

SECURITYWEEK.COM — 18 Dec 2025

🐛

Critical Node.js Library Flaw Lets Hackers Execute Remote Commands on Windows

GBHACKERS.COM — 18 Dec 2025

🐛

CVE-2025-37961 ipvs: fix uninit-value for saddr in do_output_route4

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-37968 iio: light: opt3001: fix deadlock due to concurrent flag access

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-37959 bpf: Scrub packet on bpf_redirect_peer

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38375 virtio-net: ensure the received length does not exceed allocated size

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-54567 hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38350 net/sched: Always pass notifications when child class becomes empty

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38097 espintcp: remove encap socket caching to avoid reference leak

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38334 x86/sgx: Prevent attempts to reclaim poisoned pages

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38362 drm/amd/display: Add null pointer check for get_first_active_display()

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38363 drm/tegra: Fix a possible null pointer dereference

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38335 Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-54566 hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38095 dma-buf: insert memory barrier before updating num_fences

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-38371 drm/v3d: Disable interrupts before resetting the GPU

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

New Reports Reveal WAFs Are Ineffective Against Latest React2Shell Exploit

GBHACKERS.COM — 18 Dec 2025

🐛

Hackers Actively Exploit SonicWall SMA1000 Zero-Day to Escalate Privileges

GBHACKERS.COM — 18 Dec 2025

🐛

Critical Apache Commons Text Flaw Lets Hackers Execute Remote Code

GBHACKERS.COM — 18 Dec 2025

🐛

CISA Warns of Exploited Flaw in Asus Update Tool

SECURITYWEEK.COM — 18 Dec 2025

🐛

HPE Patches Critical Flaw in IT Infrastructure Management Software

SECURITYWEEK.COM — 18 Dec 2025

🐛

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

THEHACKERNEWS.COM — 18 Dec 2025

🐛

CVE-2024-6531 Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

HPE OneView Vulnerability Allows Remote Code Execution Attacks

GBHACKERS.COM — 18 Dec 2025

🐛

Actively Exploited ASUS Vulnerability Added to CISA’s KEV List

KEVGBHACKERS.COM — 18 Dec 2025

🐛

CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

Chromium: CVE-2025-14766 Use after free in WebGPU

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

Chromium: CVE-2025-14765 Out of bounds read and write in V8

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-65041 Microsoft Partner Center Elevation of Privilege Vulnerability

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-65037 Azure Container Apps Remote Code Execution Vulnerability

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-64676 Microsoft Purview eDiscovery Remote Code Execution Vulnerability

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability

MSRC.MICROSOFT.COM — 18 Dec 2025

🐛

CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability

MSRC.MICROSOFT.COM — 18 Dec 2025

⚠️

‘Ink Dragon’ threat group targets IIS servers to build stealthy global network

CSOONLINE.COM — 18 Dec 2025

⚠️

Smashing Security podcast #448: The Kindle that got pwned

GRAHAMCLULEY.COM — 18 Dec 2025

⚠️

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

KEVTHEHACKERNEWS.COM — 18 Dec 2025

⚠️

Hackers Actively Target Cisco and Palo Alto VPN Gateways to Steal Login Credentials

GBHACKERS.COM — 18 Dec 2025

⚠️

Cybercriminals Registering Fake Shopping Domains to Target Users This Holiday Season

GBHACKERS.COM — 18 Dec 2025

⚠️

Cisco AsyncOS 0-Day Allows Remote Execution of System Commands

GBHACKERS.COM — 18 Dec 2025

⚠️

D&O liability protection rising for security leaders — unless you’re a midtier CISO

CSOONLINE.COM — 18 Dec 2025

⚠️

SonicWall Patches Exploited SMA 1000 Zero-Day

SECURITYWEEK.COM — 18 Dec 2025

⚠️

Cisco confirms zero-day exploitation of Secure Email products

CSOONLINE.COM — 18 Dec 2025

⚠️

HPE warns of maximum severity RCE flaw in OneView software

BLEEPINGCOMPUTER.COM — 18 Dec 2025

⚠️

Human-in-the-loop isn’t enough: New attack turns AI safeguards into exploits

CSOONLINE.COM — 18 Dec 2025

⚠️

The Case for Dynamic AI-SaaS Security as Copilots Scale

THEHACKERNEWS.COM — 18 Dec 2025

⚠️

Motors WordPress Vulnerability Exposes Sites to Takeover - Infosecurity Magazine

SH.ITJUST.WORKS — 18 Dec 2025

⚠️

Zeroday Cloud hacking event awards $320,0000 for 11 zero days

SH.ITJUST.WORKS — 18 Dec 2025

⚠️

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

THEHACKERNEWS.COM — 18 Dec 2025

⚠️

Cisco warns of unpatched AsyncOS zero-day exploited in attacks

SH.ITJUST.WORKS — 18 Dec 2025

⚠️

UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks

SECURITYWEEK.COM — 18 Dec 2025

⚠️

US seizes E-Note crypto exchange for laundering ransomware payments

BLEEPINGCOMPUTER.COM — 18 Dec 2025

⚠️

Someone Boarded a Plane at Heathrow Without a Ticket or Passport

SCHNEIER.COM — 2025-12-18

⚠️

WhatsApp accounts targeted in ‘GhostPairing’ attack

CSOONLINE.COM — 18 Dec 2025

⚠️

A Vulnerability in Cisco AsyncOS Could Allow for Remote Code Execution

CISECURITY.ORG — 18 Dec 2025

⚠️

FBI Shuts Down Crypto Exchange Linked to Criminal Money Laundering Operations

GBHACKERS.COM — 18 Dec 2025

⚠️

The innovative CISO’s bucket list: Human-led transformation at the core

CSOONLINE.COM — 18 Dec 2025

⚠️

With AI Nothing Is Safe - PSW #905

YOUTUBE.COM — 2025-12-18

⚠️

CISA Releases Nine Industrial Control Systems Advisories

CISA.GOV — Thu, 18 Dec 25 1

📋

Windows 10 OOB update released to fix Message Queuing (MSMQ) issues

BLEEPINGCOMPUTER.COM — 18 Dec 2025

📢

The Raspberry Pi wakeup call: Why enterprises must rethink physical security

CSOONLINE.COM — 18 Dec 2025

📢

Russlands Einfluss – Kritik an Lücken bei Cybersicherheit

CSOONLINE.COM — 18 Dec 2025

📢

NIS2 compliance: How to get passwords and MFA right

BLEEPINGCOMPUTER.COM — 18 Dec 2025

📢

Der Raspberry-Pi-Weckruf für CISOs

CSOONLINE.COM — 18 Dec 2025

📢

Mozilla security advisory (AV25-849)

CYBER.GC.CA — 2025-12-18

🔥

The Botting Network - 96,320 breached accounts

HAVEIBEENPWNED.COM — 18 Dec 2025

🔥

Microsoft 365 Outage Disrupts Teams, Outlook, and Copilot in Japan and China

GBHACKERS.COM — 18 Dec 2025

🔥

Kimwolf Android Botnet Compromises 1.8 Million Devices Worldwide

GBHACKERS.COM — 18 Dec 2025

🔥

AUTOSUR - 487,226 breached accounts

HAVEIBEENPWNED.COM — 18 Dec 2025

🔥

Chinese Ink Dragon Breaches European Government Networks, Affecting Asia and South America

GBHACKERS.COM — 18 Dec 2025

🔥

Phantom Stealer Targeting Users to Steal Sensitive Data

GBHACKERS.COM — 18 Dec 2025

🔥

France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry

SECURITYWEEK.COM — 18 Dec 2025

🔥

113,000 Impacted by Data Breach at Virginia Mental Health Authority

SECURITYWEEK.COM — 18 Dec 2025

🔥

Auto Parts Giant LKQ Confirms Oracle EBS Breach

SH.ITJUST.WORKS — 18 Dec 2025

🔥

Tech provider for NHS England confirms data breach

TECHCRUNCH.COM — 18 Dec 2025

🔥

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

THEHACKERNEWS.COM — 18 Dec 2025

🔥

I am not a robot: ClickFix used to deploy StealC and Qilin

SOPHOS.COM — 18 Dec 2025

🔥

University of Sydney suffers data breach exposing student and staff info

BLEEPINGCOMPUTER.COM — 18 Dec 2025

🔥

Clop ransomware targets Gladinet CentreStack in data theft attacks

BLEEPINGCOMPUTER.COM — 18 Dec 2025

🔥

RansomHouse RaaS Enhances Double Extortion with Data Theft and Encryption

GBHACKERS.COM — 18 Dec 2025

🔥

NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens

GBHACKERS.COM — 18 Dec 2025

🔥

Best Security Awareness Training Platforms For 2026

GBHACKERS.COM — 18 Dec 2025

🕵️

ISC Stormcast For Thursday, December 18th, 2025 https://isc.sans.edu/podcastdetail/9744, (Thu, Dec 18th)

ISC.SANS.EDU — 18 Dec 2025

🕵️

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

THEHACKERNEWS.COM — 18 Dec 2025

🕵️

IoT Security Firm Exein Raises €100 Million

SECURITYWEEK.COM — 18 Dec 2025

🕵️

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

THEHACKERNEWS.COM — 18 Dec 2025

🕵️

New “Lies-in-the-Loop” Attack Undermines AI Safety Dialogs - Infosecurity Magazine

SH.ITJUST.WORKS — 18 Dec 2025

🕵️

BlueDelta’s Persistent Campaign Against UKR.NET

SH.ITJUST.WORKS — 18 Dec 2025

🕵️

WeChat Phishing Attacks a Growing Threat Outside China

KNOWBE4.COM — 18 Dec 2025

🕵️

ShadyPanda: The Silent Browser Takeover Threat and How Qualys TruRisk Eliminate Helps You Stop It | Qualys

SH.ITJUST.WORKS — 18 Dec 2025

🕵️

Datenbank mit 4,3 Milliarden Datensätzen offen im Netz

CSOONLINE.COM — 18 Dec 2025

🕵️

From the Hill: The AI-Cybersecurity Imperative in Financial Services

PALOALTONETWORKS.COM — 18 Dec 2025

🕵️

Agent Mistakes: A Logistical Challenge

YOUTUBE.COM — 2025-12-18

🕵️

New Microsoft e-book: 3 reasons point solutions are holding you back

MICROSOFT.COM — 18 Dec 2025

🕵️

Unmasking the Deepfake Threat: A Game-Changer for Reducing Human Risk

KNOWBE4.COM — 18 Dec 2025

🕵️

New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes

GBHACKERS.COM — 18 Dec 2025

🕵️

Beware of Malicious Scripts in Weaponized PDF Purchase Orders

GBHACKERS.COM — 18 Dec 2025

🕵️

APT35 Leak Reveals Spreadsheets Containing Domains, Payments, and Server Information

GBHACKERS.COM — 18 Dec 2025

🕵️

GachiLoader Deploys Payloads Using Obfuscated Node.js Malware

GBHACKERS.COM — 18 Dec 2025

🕵️

Newer RISC-V CPUs Vulnerable To Spectre V1 - Linux Mitigation Patches Posted

INFOSEC.PUB — 18 Dec 2025

🕵️

Firmware's Expanding Attack Surface

YOUTUBE.COM — 2025-12-18

🕵️

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

WELIVESECURITY.COM — 18 Dec 2025

🌐

The Stealka stealer hijacks accounts and steals crypto while masquerading as pirated software | Kaspersky official blog

KASPERSKY.COM — 18 Dec 2025

🌐

France arrests Latvian for installing malware on Italian ferry

BLEEPINGCOMPUTER.COM — 18 Dec 2025

🌐

What Cyber Defenders Really Think About AI Risk

TRENDMICRO.COM — 18 Dec 2025

📡

Positive trends related to public IP ranges from the year 2025, (Thu, Dec 18th)

ISC.SANS.EDU — 18 Dec 2025

📡

Microsoft: Recent Windows updates break RemoteApp connections

BLEEPINGCOMPUTER.COM — 18 Dec 2025

📡

New password spraying attacks target Cisco, PAN VPN gateways

BLEEPINGCOMPUTER.COM — 18 Dec 2025