Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-09 16:00 PST
- Microsoft Patch Tuesday, December 2025 Edition
KrebsOnSecurity • 2025-12-09 15:18 • krebsonsecurity.com
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.
https://krebsonsecurity.com/2025/12/microsoft-patch-tuesday-december-2025-edition/ - SAP fixes three critical vulnerabilities across multiple products
BleepingComputer • 2025-12-09 14:41 • www.bleepingcomputer.com
SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. […]
https://www.bleepingcomputer.com/news/security/sap-fixes-three-critical-vulnerabilities-across-multiple-products/ - Windows PowerShell now warns when running Invoke-WebRequest scripts
BleepingComputer • 2025-12-09 12:45 • www.bleepingcomputer.com
Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. […]
https://www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/ - Microsoft Patch Tuesday December 2025, (Tue, Dec 9th)
SANS ISC Diary (full) • 2025-12-09 12:20 • isc.sans.eduThis release addresses 57 vulnerabilities. 3 of these vulnerabilities are rated critical. One vulnerability was already exploited, and two were publicly disclosed before the patch was released.
- Microsoft releases Windows 10 KB5071546 extended security update
BleepingComputer • 2025-12-09 11:54 • www.bleepingcomputer.com
Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/ - Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
BleepingComputer • 2025-12-09 10:38 • www.bleepingcomputer.com
Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/ - Fortinet warns of critical FortiCloud SSO login auth bypass flaws
BleepingComputer • 2025-12-09 10:36 • www.bleepingcomputer.com
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. […]
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/ - Windows 11 KB5072033 & KB5071417 cumulative updates released
BleepingComputer • 2025-12-09 10:31 • www.bleepingcomputer.com
Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/ - North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
The Hacker News • 2025-12-09 10:25 • thehackernews.com
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.
“EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and
https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
