A big finish to 2025 in December’s Patch Tuesday

From the U.S. Department of Justice: Two Virginia men were arrested today for their roles in a conspiracy to destroy government databases hosted by a federal government contractor, among other crimes. According to court documents, brothers Muneeb and Sohaib Akhter, both 34, of Alexandria, Virginia, were indicted on Nov. 13 for conspiring to delete databases……

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even…

Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. “Insufficient policy enforcement…

Palo Alto Networks has released patches for multiple vulnerabilities in the Expedition migration tool, which was retired on December 31, 2024. The post Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool appeared first on SecurityWeek.

A year after our initial research on threat actors’ attitudes to generative AI, we revisit some underground forums and find that many cybercriminals are still skeptical – although there has been a slight shift

Zack Whittaker reports: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app’s full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from…