71Articles
6Categories
2025-12-25Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 60[−]
25 DecCVE-2025-38393 NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAINInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38401 mtk-sd: Prevent memory corruption from DMA map failureInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38410 drm/msm: Fix a fence leak in submit error pathInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38406 wifi: ath6kl: remove WARN on bad firmware inputInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38425 i2c: tegra: check msg length in SMBUS block readInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-38409 drm/msm: Fix another leak in the submit error pathInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68357 iomap: allocate s_dio_done_wq for async reads as wellInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68366 nbd: defer config unlock in nbd_genl_connectInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68736 landlock: Fix handling of disconnected directoriesInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68745 scsi: qla2xxx: Clear cmds after chip resetInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68615 Net-SNMP snmptrapd crashInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68741 scsi: qla2xxx: Fix improper freeing of purex itemInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68732 gpu: host1x: Fix race in syncpt alloc/freeInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2023-54161 af_unix: Fix null-ptr-deref in unix_stream_sendpage().Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68746 spi: tegra210-quad: Fix timeout handlingInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68356 gfs2: Prevent recursive memory reclaimInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68365 fs/ntfs3: Initialize allocated memory before useInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68372 nbd: defer config put in recv_workInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2023-54082 af_unix: Fix null-ptr-deref in unix_stream_sendpage().Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68727 ntfs3: Fix uninit buffer allocated by __getname()Information published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68376 coresight: ETR: Fix ETR buffer use-after-free issueInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68380 wifi: ath11k: fix peer HE MCS assignmentInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68374 md: fix rcu protection in md_wakeup_threadInformation published.MSRC.MICROSOFT.COM
25 DecCVE-2025-68733 smack: fix bug: unprivileged task can create labelsInformation published.MSRC.MICROSOFT.COM
25 DecFortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass VulnerabilityFortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS th…THEHACKERNEWS.COM
25 Dec KEVCISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code ExecutionThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-202…THEHACKERNEWS.COM
25 DecCVE-2025-3001 PyTorch torch.lstm_cell memory corruptionInformation published.MSRC.MICROSOFT.COM
25 DecUnpatched FortiGate Security Flaw Allows Attackers to Bypass 2FA ControlsA critical authentication bypass vulnerability in FortiGate devices enables threat actors to circumvent two-factor authentication (2FA) protections through case-sensitive username manipulation. The flaw, tracked as CVE-2020-12812, affects organizations with specific LDAP integrat…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
25 DecCERN: how does the international research institution manage risk?There are few research institutions in the world with the size and scope of the European Organization for Nuclear Research, CERN. Founded in 1954 by 12 European countries, the European Laboratory for Elementary Particle Physics is located in the Swiss town of Meyrin, in the canto…CSOONLINE.COM
25 DecThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More StoriesIt’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a …THEHACKERNEWS.COM
25 Dec[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSLFreeBSD rtsold 15.x - Remote Code Execution via DNSSLEXPLOIT-DB.COM
📢 SECURITY ADVISORIES 1[−]
25 DecNavigating the Complexities of Privacy and Cybersecurity EvolutionPrivacy and cybersecurity have rapidly evolved, with regulations like GDPR and CCPA shaping data residency requirements. As non-human identities emerge, the complexity grows. How are you adapting to these changes? Subscribe to our podcasts: https://securityweekly.com/subscribe #P…YOUTUBE.COM
🔥 INCIDENT REPORTING 1[−]
25 DecLastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs FindsThe encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligen…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 2[−]
25 DecBuilding a Hacking Lab in 2025 - PSW #906The crew makes suggestions for building a hacking lab today! We will tackle: - What is recommended today to build a lab, given the latest advancements in tech - Hardware hacking devices and gadgets that are a must-have - Which operating systems should you learn - Virtualization t…YOUTUBE.COM
25 DecCloudflare Tunnels: No Cloud Server NeededUncover how Cloudflare Tunnels is reshaping secure access by removing the need for a public server. Experience the next level of Zero Trust and VPN innovations. 🚀 Subscribe to our podcasts: https://securityweekly.com/subscribe #TechTrends #Innovation #SecurityWeekly #Cybersecurit…YOUTUBE.COM
📡 INFOSEC NEWS 4[−]
25 DecGoogle will finally allow you to change your @gmail.com addressGoogle will finally allow you to change your @gmail address or create a new alias, according to a new support document. [...]BLEEPINGCOMPUTER.COM
25 DecChatGPT’s new formatting blocks make its UI look more like a task toolOpenAI has quietly rolled out 'formatting blocks,' which tweak GPT's layout to match the UI of the task it is supposed to execute. [...]BLEEPINGCOMPUTER.COM
25 Dec[webapps] WordPress Quiz Maker 6.7.0.56 - SQL InjectionWordPress Quiz Maker 6.7.0.56 - SQL InjectionEXPLOIT-DB.COM
25 Dec[webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via CookieChained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via CookieEXPLOIT-DB.COM