🐛 COMMON VULNERABILITIES AND EXPOSURES 23[−]
20 DecCVE-2025-38062 genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookieInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38040 serial: mctrl_gpio: split disable_ms into sync and no_sync APIsInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38148 net: phy: mscc: Fix memory leak when using one step timestampingInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38198 fbcon: Make sure modelist not set on unregistered consoleInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38215 fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_varInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38236 af_unix: Don't leave consecutive consumed OOB skbs.Information published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38251 atm: clip: prevent NULL deref in clip_push()Information published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38257 s390/pkey: Prevent overflow in size calculation for memdup_user()Information published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38262 tty: serial: uartlite: register uart driver in initInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38263 bcache: fix NULL pointer in cache_set_flush()Information published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38191 ksmbd: fix null pointer dereference in destroy_previous_sessionInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38225 media: imx-jpeg: Cleanup after an allocation errorInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38230 jfs: validate AG parameters in dbMount() to prevent crashesInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38245 atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().Information published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38249 ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()Information published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38259 ASoC: codecs: wcd9335: Fix missing free of regulator suppliesInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38275 phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bugInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38377 rose: fix dangling neighbour pointers in rose_rt_device_down()Information published.MSRC.MICROSOFT.COM
20 DecCVE-2025-38177 sch_hfsc: make hfsc_qlen_notify() idempotentInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed workInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or ThrottlingInformation published.MSRC.MICROSOFT.COM
20 DecCVE-2025-68384 Elasticsearch Allocation of Resources Without Limits or ThrottlingInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
20 Dec25,000+ FortiCloud SSO-Enabled Systems Vulnerable to Remote ExploitationThe Shadowserver Foundation has identified over 25,000 internet-facing Fortinet devices globally with FortiCloud Single Sign-On (SSO) functionality enabled, raising concerns about potential exposure to critical authentication bypass vulnerabilities. The non-profit security organi…GBHACKERS.COM
20 DecU.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus MalwareThe U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme. The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the…THEHACKERNEWS.COM
20 DecChina-linked hackers exploit insecure setting in Cisco security productssubmitted by tardigrade to cybersecurity 1 points | 0 comments https://www.cybersecuritydive.com/news/cisco-china-cyberattacks-asyncos-configuration/808258/ cross-posted from: scribe.disroot.org/post/6219559 Archived link China-linked hackers have been using misconfigured Cisco s…INFOSEC.PUB
20 DecChina-linked hackers exploit insecure setting in Cisco security productssubmitted by tardigrade to cybersecurity 1 points | 0 comments https://www.cybersecuritydive.com/news/cisco-china-cyberattacks-asyncos-configuration/808258/ Archived link China-linked hackers have been using misconfigured Cisco security products to deploy backdoors on target netw…SH.ITJUST.WORKS
20 DecPrimary time scale failure at NIST Boulder campus; significant impact on NTP servicessubmitted by vk6flab to cybersecurity 1 points | 0 comments https://groups.google.com/a/list.nist.gov/g/internet-time-service/c/o0dDDcr1a8I cross-posted from: lemmy.radio/post/10939156 Dear colleagues, In short, the atomic ensemble time scale at our Boulder campus has failed due …INFOSEC.PUB
20 DecPrimary time scale failure at NIST Boulder campus; significant impact on NTP servicessubmitted by vk6flab to cybersecurity 1 points | 0 comments https://groups.google.com/a/list.nist.gov/g/internet-time-service/c/o0dDDcr1a8I cross-posted from: lemmy.radio/post/10939156 Dear colleagues, In short, the atomic ensemble time scale at our Boulder campus has failed due …SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 3[−]
20 DecYear-End Review: The Highs and Lows of Cybersecurity in 2025Cybersecurity Today brings you a special year-end episode, featuring noteworthy guests Tammy Harper from Flare, Laura Payne from White Tuque, David Shipley from Beauceron Security, and John Pinard, co-host of Project Synapse. This episode delves into the pivotal cybersecurity sto…CYBERSECURITYTODAY.LIBSYN.COM
20 DecMicrosoft Teams Outage Causes Global Messaging Delays and Service InterruptionsMicrosoft Teams users worldwide experienced significant service disruptions on December 20, 2025, as the collaboration platform encountered widespread issues affecting messaging functionality and other critical service operations. The company has acknowledged the incident and is …GBHACKERS.COM
20 DecRansomHouse upgrades encryption with multi-layered data processingThe RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 4[−]
20 DecWeekly Update 483Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. Building out an IoT environment is a little like the old Maslow's Hierarchy of Needs. All the stuff on the top is only any good if all the stuff on the bottom is…TROYHUNT.COM
20 DecTrust Your Cats, Not AIAI might falter, but your cats will always be cats! 🐱 Delve into the humorous exploration of AI's quirks and the challenges it brings. Subscribe to our podcasts: https://securityweekly.com/subscribe #TechPitfalls #HumorInTech #SecurityWeekly #Cybersecurity #InformationSecurity #A…YOUTUBE.COM
20 DecNorth Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true locationsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.tomshardware.com/tech-industry/cyber-security/north-korean-infiltrator-caught-working-in-amazon-it-department-thanks-to-lag-110ms-keystroke-input-raises-red-flags-over-true-locationINFOSEC.PUB
20 DecBangladeshi Operator of Fake ID Marketplaces Charged in International Fraud CaseA 29-year-old Bangladeshi man has been indicted on federal charges for operating online marketplaces that sold fraudulent identity document templates to customers worldwide, U.S. authorities announced. Zahid Hasan of Dhaka, Bangladesh, faces nine federal counts, including six cou…GBHACKERS.COM