News • Insights • Analysis
Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today’s list includes two publicly disclosed remote code vulnerabilities, and Read More …
SAP has released its December cumulative security update, through which it fixed 14 vulnerabilities found in different products. Among them are three critical-severity flaws which should be addressed without delay. The full list of addressed vulnerabilities can be found on Read More …
Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC) that was discovered late last week. To make matters worse, the crooks observed abusing the bug seem to be working for Read More …
Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator Read More …
eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances. Earlier this Read More …
In September, a new breed of malware distributed via compromised Node Package Manager (npm) packages made headlines. It was dubbed “Shai-Hulud”, and Kaspersky published an in-depth analysis of it in another post. Recently, a new version was discovered. Shai Hulud Read More …
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified Read More …
An investigation is under way into the cause of the breach. The leak raised concerns about phishing attempts targeting customers. Telecom, payments and crypto firms also reported recent breaches. A major data breach at South Korea’s biggest e-retailer has intensified concerns Read More …
Several public websites designed to allow courts across the United States and Canada to manage the personal information of potential jurors had a simple security flaw that easily exposed their sensitive data, including names and home addresses, TechCrunch has exclusively Read More …
CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix Read More …
