A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
Related
Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl
Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.
Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low…
UAT-8099 Hijacks Reputable Sites for SEO Fraud & Theft
A Chinese-language threat actor uses every part of the kill: infecting Web servers with malware, poisoning sites with SEO spam, and stealing organizational data for follow-on attacks.
Scammers Spread False Support Info Using Legitimate Websites
In a new wrinkle on the tech support scam front, these search parameter injection attacks dupe victims into believing they are receiving technical help when they are actually speaking to fraudsters.
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below – CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX…
Hardened Containers Look to Eliminate Common Source of Vulnerabilities
A kitchen-sink approach to building containers has loaded many with vulnerabilities. A handful of companies are trying to slim them down to address the issue.