Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-12 02:00 PST
- CISA orders feds to patch actively exploited Geoserver flaw
BleepingComputer • 2025-12-12 01:48 • www.bleepingcomputer.com
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. […]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-geoserver-flaw/ - New React RSC Vulnerabilities Enable DoS and Source Code Exposure
The Hacker News • 2025-12-12 00:55 • thehackernews.com
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.
The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in
https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html - MITRE shares 2025's top 25 most dangerous software weaknesses
BleepingComputer • 2025-12-12 00:43 • www.bleepingcomputer.com
MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. […]
https://www.bleepingcomputer.com/news/security/mitre-shares-2025s-top-25-most-dangerous-software-weaknesses/ - React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
The Hacker News • 2025-12-12 00:41 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects the React Server Components (RSC) Flight protocol. The underlying cause of the issue is an unsafe deserialization
https://thehackernews.com/2025/12/react2shell-exploitation-escalates-into.html - Turn me on, turn me off: Zigbee assessment in industrial environments
Securelist • 2025-12-12 00:00 • securelist.com
Kaspersky expert describes the Zigbee wireless protocol and presents two application-level attack vectors that allow Zigbee endpoints to be turned on and off.
https://securelist.com/zigbee-protocol-security-assessment/118373/ - MKVCinemas streaming piracy service with 142M visits shuts down
BleepingComputer • 2025-12-11 23:14 • www.bleepingcomputer.com
An anti-piracy coalition has dismantled one of India’s most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. […]
https://www.bleepingcomputer.com/news/security/mkvcinemas-streaming-piracy-service-with-142m-visits-shuts-down/ - Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)
SANS ISC Diary (full) • 2025-12-11 21:08 • isc.sans.eduIn the Microsoft Windows ecosystem, DLLs (Dynamic Load Libraries) are PE files like regular programs. One of the main differences is that they export functions that can be called by programs that load them. By example, to call RegOpenKeyExA(), the program must first load the ADVAPI32.dll. A PE files has a lot of headers (metadata) that contain useful information used by the loader to prepare the execution in memory. One of them is the EntryPoint, it contains the (relative virtual) address where the program will start to execute.
- CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
The Hacker News • 2025-12-11 21:01 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to
https://thehackernews.com/2025/12/cisa-flags-actively-exploited-geoserver.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
