Latest Internet & Cybersecurity News
CISA Adds Google Chromium Flaws to Known Exploited Vulnerabilities Catalog
The U.S. CISA added Google Chromium vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on December 13, 2025, indicating active exploitation. Google issued emergency updates for zero-day flaws targeting users. Organizations must patch immediately to mitigate risks.
Chrome Zero-Day Exploits Detected in the Wild
Chrome zero-day vulnerabilities are being exploited in real-world attacks, prompting urgent patches from Google. This affects millions of users and developers globally. Immediate updates are recommended to prevent compromise.
WinRAR Zero-Day Vulnerability Added to CISA KEV List
CISA added WinRAR path traversal flaw (CVE-2025-6218) to its KEV catalog due to active remote code execution exploits via malicious RAR files. Users should update to the latest version immediately. This poses risks to systems opening affected files.
Rhysida Data Breach Discovered on December 13, 2025
A significant data breach involving Rhysida was identified on December 13, 2025, compromising sensitive personal information. Unauthorized access highlighted vulnerabilities in data systems. Investigations are ongoing with potential class action lawsuits.
Massive Coupang Cyberattack Exposes 33.7 Million Customers' Data
South Korea's top retailer Coupang suffered a breach exposing names, emails, phones, and partial financial data of 33.7 million users. Attackers likely used weak access controls or insider threats. Risks include phishing and identity theft.
Windows Defender Firewall Service Flaw CVE-2025-62468 Disclosed
A vulnerability in Windows Defender Firewall Service (CVE-2025-62468) allows local attackers to read protected memory. It can chain with other exploits for escalation. Patch promptly to reduce risks.
CISA Adds Sierra Wireless AirLink ALEOS Flaws to KEV Catalog
U.S. CISA included Sierra Wireless AirLink ALEOS vulnerabilities in its KEV list on December 13, 2025, due to active exploitation. These affect industrial and enterprise devices. Vendors urge immediate updates.
16TB Unsecured Database Exposes 4.3 Billion Professional Records
An open 16TB MongoDB database exposed 4.3 billion professional records until researchers alerted the owner to secure it. This highlights risks of misconfigured cloud storage. No encryption amplified the breach impact.
Microsoft Patch Tuesday Addresses 57 Vulnerabilities Including Critical Flaws
Microsoft's December 2025 Patch Tuesday fixed 57 vulnerabilities, three critical, across Windows and related products. Some added to CISA KEV catalog. Apply updates to prevent exploitation.
Fortinet Patches 18 Flaws Including Authentication Bypass Bugs
Fortinet addressed 18 vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager, including two authentication bypass issues with FortiCloud SSO. Remote code execution possible. Update systems urgently.
NK-Linked Hackers Exploit React2Shell Flaw for EtherRAT Trojan
North Korea-linked actors are exploiting the React2Shell vulnerability to deploy EtherRAT remote access trojan. This targets organizations for espionage and data theft. Enhanced monitoring advised.