Latest Cybersecurity News and Articles
09 December 2025
Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.
The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and
09 December 2025
Britain and its allies face escalating “hybrid threats … designed to weaken critical national infrastructure, undermine our interests and interfere in our democracies.”
The post UK Sanctions Russian and Chinese Firms Suspected of Being ‘Malign Actors’ in Information Warfare appeared first on SecurityWeek.
09 December 2025
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.
09 December 2025
The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs.
The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek.
09 December 2025
Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges.
The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek.
09 December 2025
Promotions across Microsoft’s security organization reinforce the company’s shift toward AI-driven defense and tighter operational oversight under Global CISO Igor Tsyganskiy.
The post Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense appeared first on SecurityWeek.
09 December 2025
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.
"EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and
09 December 2025
The AI-powered platform autonomously conducts security design reviews and proactively identifies design flaws across development work.
The post Prime Security Raises $20 Million to Build Agentic Security Architect appeared first on SecurityWeek.
09 December 2025
Learn how GRC and SOC teams can turn shared threat intelligence into faster action, clearer communication, and stronger organizational resilience.
The post Webinar Today: Inside the First 72 hours of a Cyber Event appeared first on SecurityWeek.
09 December 2025
Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model.
The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future's Insikt Group, which was previously tracking it as TAG-150.
09 December 2025
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT.
The post React2Shell Attacks Linked to North Korean Hackers appeared first on SecurityWeek.
09 December 2025
The funding round was led by KKR, with participation from Sixth Street Growth, TenEleven, and Carrick Capital Partners.
The post Identity Security Firm Saviynt Raises $700 Million at $3 Billion Valuation appeared first on SecurityWeek.
09 December 2025
NCSC raises alert on “dangerous” misunderstanding of emergent class of vulnerability in generative artificial intelligence (AI) applications.
09 December 2025
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks.
"These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for
09 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 9, 2025 – Read the full story from Wiz Due to their cascading effect, supply chain attacks are costlier than most, with vendors and customers both bearing the brunt. Global costs of
The post Global Costs of Software Supply Chain Attacks On The Rise appeared first on Cybercrime Magazine.
09 December 2025
The US seeks information on the leader of Emennet Pasargad, Mohammad Bagher Shirinkar, and long-time employee Fatemeh Sedighian Kashi.
The post US Posts $10 Million Bounty for Iranian Hackers appeared first on SecurityWeek.
09 December 2025
Enterprise cybersecurity giant Proofpoint has completed the acquisition of Germany-based Microsoft 365 security solutions provider Hornetsecurity. Financial details were not officially disclosed when news of the transaction came to light, but it was reported that Proofpoint would be paying $1 billion for its European competitor. SecurityWeek learned at the time that the deal size well […]
The post Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity appeared first on SecurityWeek.
09 December 2025
The botnet attempts to steal credentials from infected TBK DVR devices, in addition to abusing them to launch DDoS attacks.
The post New ‘Broadside’ Botnet Poses Risk to Shipping Companies appeared first on SecurityWeek.
09 December 2025
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down.
The
09 December 2025
Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence (AI) capabilities to the web browser.
To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of exposure to untrusted web content and inflict harm.
Chief