A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
Similar Posts
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
Bys sCybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs. “The new…
Hacker Conversations: David Kennedy – an Atypical Typical Hacker
Bys sDavid Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences. The post Hacker Conversations: David Kennedy – an Atypical Typical Hacker appeared first on SecurityWeek.
France Travail: At least 340,000 job seekers victims of new hack
Bys sThe following is a machine translation of an article that originally appeared in French by Sylvain Trinel: The public body that manages employment in France, as well as training and unemployment benefits, has been the victim of a “malicious act,” the third in less than two years. This is a new blow for France Travail…
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Bys sCybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is…
FTC Takes Action Against GoDaddy for Alleged Lax Data Security for Its Website Hosting Services
Bys sProposed order will prohibit GoDaddy from misleading customers about its security protections and require it to establish a robust information security program January 15, 2025 The Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its website-hosting services against…
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when