A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
Similar Posts
Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
Bys sWith one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are
New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades
Bys sCybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. “The modifications seen in the TgToxic payloads reflect the actors’ ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the
CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows – ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate…
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
Bys sThe React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical…
Apex recovers stolen personal data after about 22K impacted in cyberattack: Town
Bys sWhen criminals store or host data on U.S. servers, victims may get lucky. This is one of those situations. Matthew Sockol reports that data from the town of Apex in North Carolina had been stolen in an attempted ransomware attack in July 2024. The data of approximately 22,000 residents had reportedly never appeared on the……
Exposure Assessment Platforms Signal a Shift in Focus
Bys sGartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to…