A big finish to 2025 in December’s Patch Tuesday
A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up
-
-
React2Shell flaw (CVE-2025-55182) exploited for remote code execution
The availability of exploit code will likely lead to more widespread opportunistic attacks
-
Village of Golf Manor considering paying ransom amid cyberattack
Giacomo Luca reports: The village of Golf Manor will consider paying a $10,000 ransom to unlock computer systems affected by a recent cyberattack. The ransomware attack infiltrated and encrypted the village’s computer systems and has made them inaccessible to administrators, village leaders said during a Nov. 24 council meeting. The malicious cyber actors have demanded a……
-
Sophos Tops G2 Winter 2026 Reports: #1 Overall in Endpoint, XDR, MDR and Firewall
#1 Ranked in 66 Global Reports
-
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber
-
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes. According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a
-
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life…
-
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix…
-
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat…
-
GOLD SALEM tradecraft for deploying Warlock ransomware
Analysis of the tradecraft evolution across 6 months and 11 incidents