A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
Categories: X-ops
Tags: threat research, featured, Microsoft, Patch Tuesday, zero days
Similar Posts
Medusa Unveils Another 50TB of Stolen Data from HCRG Care Group, Giving Greater Insight Into the Scope of the Breach
Bys sAfter the Medusa gang reportedly demanded a $2 million ransom from UK healthcare and community services provider HCRG Care Group, HCRG confirmed they had a breach and said they were investigating. But they did not confirm that patient data and employee was affected and they did not confirm that files had been encrypted. On February…
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
Bys sMicrosoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the…
Almost two years later, Alpha Omega Winery notifies those affected by a data breach.
Bys sSome wines benefit from aging. Breach notification letters do not. On or about December 28, 2023, Alpha Omega Winery in California experienced what they report as a ransomware incident. According to their notification, the types of personal information may have included, and potentially were not limited to: name, date of birth, Social Security number, driver’s……
State to audit Ohio school districts’ cybersecurity plans
Bys sSiobhan Harms reports: The Ohio Auditor of State’s Office will begin evaluating school districts’ cybersecurity policies in July. As outlined by House Bill 96, districts had to implement a cybersecurity program that safeguards the district’s data, information technology and information technology resources to ensure availability, confidentiality and integrity. The law reads, “The program shall be……
Treasury agrees to block additional DOGE staff from accessing sensitive payment systems
Bys sSuzanne Smalley reports: The Treasury Department has agreed to temporarily block all but two members of the Trump administration’s Department of Government Efficiency (DOGE) team from accessing sensitive payment records and to limit their access to “read-only,” according to a Wednesday court filing. The DOGE workers allowed to continue accessing Treasury’s payment systems are Tom…
Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
Bys sBill Toulas reports: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide. The arrested individuals, two men and two women, are Europeans…