A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
Categories: X-ops
Tags: threat research, featured, Microsoft, Patch Tuesday, zero days
Similar Posts
Denmark says Russia was behind two ‘destructive and disruptive’ cyber-attacks
Bys sAssociated Press reports: Danish authorities say in a new assessment published this week that Russia carried out cyberattacks against infrastructure and websites in Denmark in 2024 and 2025, describing new cases which had not previously been reported. Denmark’s Defense Intelligence Service said in a statement Thursday that Moscow was responsible for “destructive and disruptive” cyberattacks……
Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
Bys sPremier Health Partners (“PHP”) in Ohio issued a press release this week and uploaded a substitute notice to its website. Why they first concluded an investigation into a breach they discovered on July 12, 2023 requires more explanation than they provide. Premier Health Partners (“Premier Health”) is providing notice of a cyber incident that may…
How a consultant and a concert pianist from the Netherlands were arrested on suspicion of aiding NoName057(16)
Bys sOfficials allege that WorkTitans and MIRhosting were used to facilitate pro-Russian hackers and evade EU sanctions. Huib Modderkolk and Henrik Moltke write: Youssef Z. may have seen trouble coming. The 57-year-old entrepreneur and organizational consultant from Amsterdam, arrested at his home in the early hours of Monday 18 May by agents of the Dutch fiscal investigation……
Cyberattack targets thousands of students, staff members at Baltimore City Public Schools
Bys sTolly Taylor reports: A cyberattack by the criminal group known as Cloak on Baltimore City Public Schools stole sensitive personal information of thousands of students and employees, 11 News Investigates has learned. City Schools told 11 News Investigates that the district notified law enforcement after becoming aware of an “IT system intrusion” on Feb. 13….
DOGE accused of copying entire Social Security database to insecure cloud system
Bys sJon Brodkin reports: A Social Security Administration (SSA) official alleged in a whistleblower disclosure that DOGE officials created “a live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” Chuck Borges, the SSA’s Chief Data Officer (CDO), “has become aware through reports to him of serious data security lapses, evidently……
The Ultimate MSP Guide to Structuring and Selling vCISO Services
Bys sThe growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges