Latest Internet & Cybersecurity News
Microsoft December Patch Tuesday fixes 57 vulnerabilities including active zero‑day
Microsoft released its December Patch Tuesday addressing 57 vulnerabilities, including one actively exploited zero‑day and two publicly disclosed flaws; the update covers privilege escalation, remote code execution and information disclosure issues and is rated critical for many environments.
Google patches another Chrome zero‑day; 2025 zero‑day count rises
Google issued an urgent Chrome update to fix an actively exploited V8/engine zero‑day — bringing Google's tally of 2025 exploited browser zero‑days to eight, prompting immediate update recommendations for Chrome users.
Fortinet fixes critical SAML/FortiCloud authentication bypasses
Fortinet released patches for two critical vulnerabilities (CVE‑2025‑59718 and CVE‑2025‑59719) that could allow FortiCloud SSO bypass via manipulated SAML messages, and additional fixes addressing credential reset and hash‑based authentication issues.
Active exploits of React2Shell (CVE‑2025‑55182) enabling botnets and crypto mining
Threat actors are actively exploiting the React2Shell vulnerability in React Server Components (CVE‑2025‑55182) to install backdoors that enable large‑scale botnet and crypto‑mining deployments; CISA has urged immediate patching of vulnerable systems.
Resurgence of ransomware and rise of AI‑driven attacks reported in 2025
Industry reports show ransomware returned in 2025 with 24% of organizations reporting incidents and attackers shifting toward credential theft and data‑integrity attacks, while CISOs flag AI‑driven phishing, deepfakes and identity abuse as top risks for 2026.
LockBit 5.0 infrastructure exposed as group reactivates
Researcher analysis identified LockBit 5.0 infrastructure (domain karma0.xyz and IP 205.185.116.233), confirming the group's reactivation and expanded capabilities across Windows, Linux and ESXi with faster encryption via XChaCha20; defenders are advised to block the domain/IP and monitor for related activity.
OWASP releases Top 10 for Agentic AI applications
OWASP published an inaugural Top 10 list addressing security risks for agentic (autonomous) AI applications, offering a framework to mitigate unique threats such as goal hijacking and tool misuse in automated agents.
Major web framework vulnerability and active exploitation prompts emergency patches
Security vendors and researchers reported active exploitation of a newly disclosed web framework flaw (affecting React server components and related libraries), prompting rapid patches and warnings that critical infrastructure and government sites are being targeted by state‑linked actors.
UK NHS trust Barts Health discloses ransomware data theft by Cl0p
Barts Health NHS Trust confirmed that patient and staff personal information was stolen in an August attack attributed to the Cl0p ransomware group and is seeking legal orders to prevent publication of the stolen data while assessing exposure.
Cloudflare outage highlights vendor overdependence risks
A significant Cloudflare service disruption in November caused widespread downstream availability issues across websites, APIs and SaaS platforms, underscoring operational and security risks from heavy dependence on single cloud/CDN providers despite no evidence of an attack.
CISA updates cybersecurity performance goals for critical infrastructure
CISA streamlined and supplemented its cybersecurity performance goals for critical infrastructure organizations to improve baseline resilience and clarify expectations for fundamentals like asset inventory, logging and vulnerability management.
Lawmakers revive satellite cybersecurity bill to protect commercial space systems
Legislators moved to revive a bill focused on satellite cybersecurity to shield commercial space systems from rising threats, reflecting growing concern about attacks on space assets and supply‑chain risk in the space sector.
Top exploited vulnerabilities of 2025: WSUS, Windows kernel, Chrome V8 among most targeted
Analyses of 2025 exploitation activity list CVE‑2025‑59287 (WSUS deserialization), CVE‑2025‑62215 (Windows kernel race condition) and CVE‑2025‑10585 (Chrome V8 type confusion) among the year's most exploited flaws, with rapid weaponization and widespread scanning observed.
Portugal amends cyber law to protect security researchers
Portugal updated its cybersecurity legislation to better protect bona fide security researchers, reducing legal barriers to vulnerability disclosure and fostering more responsible vulnerability research in the region.
Supply‑chain and corporate breaches continue: ASUS, Paramount and others affected
Multiple corporate incidents in December (including an ASUS breach claim and a Paramount-related compromise) reinforce that supply‑chain exposures and corporate account security remain critical enterprise risks as attackers exploit third‑party trust chains.