-
Fortinet’s FortiGate appliances face immediate threat from two critical authentication bypass vulnerabilities being actively exploited in production environments. Fortinet released advisories for CVE-2025-59718 and CVE-2025-59719 on December 9, 2…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released comprehensive guidance on CVE-2025-55182, a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and the Next.js framework. Assigned a maximum CVSS score of 10.0, this vulnerabil…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical local privilege escalation vulnerability in the JumpCloud Remote Assist for Windows agent allows any low-privileged user on a Windows system to gain NT AUTHORITY\SYSTEM privileges or crash the machine. Tracked as CVE-2025-34352, the flaw aff…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 190…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours by exploiting critical Next.js vulnerabilities. Security researchers discovered the large-scale operation while …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Keygraph has unveiled Shannon, a fully autonomous artificial intelligence pentester designed to discover and execute real exploits in web applications. Unlike conventional vulnerability scanners that generate false positives, Shannon bridges a critical…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
UK’s ICO fines LastPass £1.2M for the 2022 data breach that exposed 1.6 million users’ data. Learn how a flaw in an employee’s personal PC led to the massive security failure.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has provided unprecedented visibility into how North Korean threat actors from the Lazarus Group recruit and operate against Western companies. Researchers documented the complete attack cycle in real-time, capturing live footage of attackers using compromised systems. This breakthrough reveals the human side of […] The post Researchers Expose Lazarus Recruitment Pipeline Live on Camera Through Honeypot Operation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
