A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
Similar Posts
Masimo Manufacturing Facilities Hit by Cyberattack
Bys sEduard Kovacs reports: California-based health technology and consumer electronics company Masimo Corporation has been targeted in a cyberattack that impacted its manufacturing facilities. The company said in a filing with the SEC that it detected unauthorized access on its network on April 27. “As a result of the incident, certain of the Company’s manufacturing facilities…
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Bys sCybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below – chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Bys sPieter Arntz reports: Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it serious enough to issue a separate update of the stable……
Dutch Prosecution Service begins phased system reboot after cyberattack
Bys sNL Times reports: The Dutch Public Prosecution Service (Openbaar Ministerie, OM) has begun reconnecting its systems to the internet after a cyberattack last month forced a full digital shutdown. External experts have determined it is now safe to bring the systems back online gradually. According to the OM, no data was stolen or altered in the attack. The…
ENISA: Software vulnerability prevention initiatives
Bys sThe European Network and Information Security Agency, ENISA, has compiled a list of existing initiatives focused on finding and preventing software vulnerabilities.
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Bys sCybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a