A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
Similar Posts
#StopRansomware: Medusa Ransomware
Bys sRelease Date: March 12, 2025 Alert Code: AA25-071A Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect…
Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing
Bys sThe advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities. “Initial access is achieved through spear-phishing emails,” CYFIRMA said. “Linux BOSS environments are targeted via weaponized .desktop
PowerSchool Incident: A few resources for teachers, parents, and former students
Bys sDataBreaches is trying to keep up with updates from PowerSchool, but from the outset, DataBreaches has recommended districts, parents, and teachers assume the worst — i.e., assume that all of the data really weren’t deleted permanently. On the premise of better safe than sorry, and reminding people that PowerSchool’s attorney is not YOUR attorney, here…
BlackSuit ransomware site seized as part of Operation Checkmate
Bys sThe BlackSuit ransomware operation has been disrupted by coordinated international law enforcement. A splash screen appeared on their leak site this week: THIS DOMAIN HAS BEEN SEIZED This site has been seized by U.S. Homeland Security Investigations as part of a coordinated international law enforcement investigation. OPERATION CHECKMATE Numerous agencies were involved in Operation Checkmate,…
Automation Is Redefining Pentest Delivery
Bys sPentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn’t kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,
No need to hack when it’s leaking, Thursday edition: DM Clinical Research
Bys sAnother day, another massive leak. Researcher Jeremiah Fowler reports that he found unsecured data with 1,674,218 records belonging to DM Clinical Research. DM Clinical Research is a Texas-based network of more than 24 multi-therapeutic clinical trial sites involved in research on vaccines, internal medicine, pediatrics, gastroenterology, psychiatry, neurology, women’s health, and more. DM Clinical Research’s…