All news with #patch tag

Google patches eighth Chrome zero-day exploited in 2025

🔔 Google has issued emergency updates for Chrome to address a zero-day tracked as Chromium bug 466192044 that is actively exploited in the wild. The vulnerability is a buffer overflow in the LibANGLE Metal renderer caused by improper buffer sizing and can lead to memory corruption, crashes, sensitive data leaks, or arbitrary code execution. Stable channel builds rolling out are Windows 143.0.7499.109, macOS 143.0.7499.110, and Linux 143.0.7499.109; users should update immediately or allow Chrome to install the update on restart.

Hard-coded Gladinet Keys Enable Active Exploitation

🔐 Huntress warns that hard-coded cryptographic keys in Gladinet CentreStack and Triofox allow attackers to decrypt or forge access tickets, exposing sensitive files such as web.config. The flaw stems from a function that returns the same 100-byte strings to derive persistent keys, enabling indefinite reuse of crafted URLs to download server configuration. Organisations should update to version 16.12.10420.56791 and rotate machine keys immediately.

Fortinet admins urged to patch FortiCloud SSO flaws

🔒 Fortinet has released patches for two critical cryptographic signature vulnerabilities, CVE-2025-59718 and CVE-2025-59719, that can allow an unauthenticated attacker to bypass FortiCloud SSO using a crafted SAML message on affected FortiOS, FortiWeb, FortiProxy and FortiSwitchManager devices. Administrators are advised to disable FortiCloud SSO immediately if it is enabled, apply vendor updates to non‑vulnerable versions, and then re-enable SSO only after verifying patches. Fortinet notes the feature is not enabled by factory default but can be activated during FortiCare registration; the company and responders recommend using the System -> Settings toggle or the CLI command sequence to disable login until patched.

React2Shell Exploitation Delivers Miners and Backdoors

⚠ Huntress reports widespread exploitation of the maximum-severity React Server Components flaw CVE-2025-55182, with attackers leveraging vulnerable Next.js instances to deploy cryptocurrency miners and multiple novel Linux malware families. Observed payloads include the PeerBlight backdoor, CowTunnel reverse proxy and ZinFoq post-exploitation implant, alongside droppers that fetch XMRig, Sliver C2 and Kaiji variants. Activity since early December 2025 has targeted many sectors — notably construction and entertainment — and shows signs of automated scanning and exploitation tools that sometimes deploy Linux payloads to Windows hosts. Organizations should update react-server-dom-webpack, react-server-dom-parcel and react-server-dom-turbopack immediately and hunt for indicators of compromise.

SOAPwn: WSDL/SOAP Flaw Enables File Writes in .NET

🛡️WatchTowr Labs has disclosed SOAPwn, an "invalid cast" vulnerability in the .NET Framework that lets attackers abuse WSDL imports and dynamically generated SOAP client proxies to write files and achieve remote code execution. The issue impacts products including Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. Barracuda addressed the flaw in Service Center RMM 2025.1.1 (CVE-2025-34392, CVSS 9.8) and Ivanti issued fixes in EPM 2024 SU4 SR1 (CVE-2025-13659, CVSS 8.8). Researchers presented the findings at Black Hat Europe after disclosures in March 2024 and July 2025.

Critical Ivanti EPM Flaw Patched; Immediate Updates Urged

🔒 Ivanti released EPM 2024 SU4 SR1 to address a critical stored XSS vulnerability (CVE-2025-10573) that lets unauthenticated attackers hijack administrator sessions by submitting malicious device scan data to the incoming API. The update also fixes three high-severity flaws that can enable code execution with user interaction and an issue that permits unauthorized file writes. Ivanti said reports came through its responsible disclosure program and it was not aware of active exploitation at disclosure. Organizations with internet-facing or high-privilege EPM instances should apply the patch immediately and isolate management interfaces until updated.

PCIe IDE Flaws in PCIe 5.0+ Allow Faulty Data Handling

⚠️ The PCI Special Interest Group (PCI-SIG) disclosed three vulnerabilities in the PCIe Integrity and Data Encryption (IDE) ECN that affect PCIe Base Specification Revision 5.0 and later, potentially allowing reordering, completion timeout redirection, and delayed posted redirection of encrypted PCIe traffic. The issues, tracked as CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614, could permit information disclosure, privilege escalation, or denial of service if an attacker gains local or low-level access. Intel and AMD products are listed as affected; vendors should provide firmware updates and users must apply patches and follow PCIe 6.0 Erratum #1 guidance.

Google Patches Zero-Click Gemini Enterprise Vulnerability

🔒 Google has patched a zero-click vulnerability in Gemini Enterprise and Vertex AI Search that could have allowed attackers to exfiltrate corporate data via hidden instructions embedded in shared Workspace content. Discovered by Noma Security in June 2025 and dubbed "GeminiJack," the flaw exploited Retrieval-Augmented Generation (RAG) retrieval to execute indirect prompt injection without any user interaction. Google updated how the systems interact, separated Vertex AI Search from Gemini Enterprise, and changed retrieval and indexing workflows to mitigate the issue.

WinRAR Path Traversal CVE-2025-6218 Under Active Attack

⚠️ CISA has added WinRAR path traversal CVE-2025-6218 (CVSS 7.8) to its Known Exploited Vulnerabilities list after reports of active exploitation. RARLAB patched the Windows-only flaw in WinRAR 7.12 (June 2025); attackers can place files in sensitive locations such as the Startup folder or Word’s global template to achieve code execution. Multiple groups — including GOFFEE, Bitter (APT‑C‑08/Manlinghua), and Gamaredon — have used the bug in phishing campaigns; organizations should deploy 7.12 or apply mitigations like blocking malicious archives, disabling macros, and monitoring for C2 activity.

Microsoft Patches Three Zero-Days Including Kernel EoP

⚠️ Microsoft has released patches for three zero-day vulnerabilities in its December update, including an actively exploited kernel elevation-of-privilege in the Windows Cloud Files Mini Filter Driver (CVE-2025-62221). Two additional zero-days—an RCE in PowerShell (CVE-2025-54100) and an RCE in GitHub Copilot for JetBrains (CVE-2025-64671)—were publicly disclosed but not observed in the wild. Security experts warn attackers could chain the kernel flaw with other exploits to achieve full system or domain compromise.

Microsoft Patches 56 Flaws Including Active Zero-Days

🛡️ Microsoft released December 2025 patches addressing 56 Windows vulnerabilities, three rated Critical and 53 Important. The update fixes 29 privilege-escalation flaws, 18 remote code execution bugs and other defects, and includes two zero-days and one actively exploited use-after-free (CVE-2025-62221) in the Cloud Files Mini Filter Driver. Administrators are urged to prioritize the KEV-listed fix and follow vendor guidance for mitigation and monitoring.

Fortinet, Ivanti, and SAP Release Emergency Patches

🔐 Fortinet, Ivanti, and SAP have released urgent patches to address high-severity authentication and code-execution flaws affecting FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, Ivanti Endpoint Manager, and multiple SAP products. Fortinet's issues (CVE-2025-59718, CVE-2025-59719; CVSS 9.8) can allow FortiCloud SSO bypass via crafted SAML messages when that feature is enabled. Ivanti patched a stored XSS (CVE-2025-10573; CVSS 9.6) and additional bugs that could lead to remote code execution, while SAP's update remedies three critical flaws including a 9.9 CVSS code injection. Administrators are urged to apply vendor updates or temporarily disable affected features until systems are patched.

December Patch Tuesday: Active Windows Cloud Files Zero Day

🚨 Microsoft’s December Patch Tuesday delivers 57 fixes, but an actively exploited zero-day in Windows Cloud Files Mini Filter Driver (CVE-2025-62221) requires immediate remediation. The flaw is a low-complexity use-after-free escalation-of-privilege that can enable a local foothold to become full system compromise. Security teams should prioritize this patch, enforce least-privilege controls, and enhance monitoring where rapid patching isn't possible.

Microsoft Patch Tuesday December 2025: 57 Vulnerabilities

🛡️ Microsoft released its December 2025 Patch Tuesday addressing 57 vulnerabilities, two labeled as critical and the remainder as important. Cisco Talos notes Microsoft assessed exploitation of the two critical issues as less likely, while several important flaws are considered more likely to be attacked. Talos published Snort and Snort 3 rules to detect exploitation attempts and recommends updating firewall SRUs and applying vendor patches promptly.

Microsoft Patch Tuesday — December 2025 Security Fixes

🛡️ Microsoft released its final Patch Tuesday of 2025, addressing 56 vulnerabilities including one actively exploited zero-day, CVE-2025-62221, and two publicly disclosed bugs. The zero-day is a privilege escalation in the Windows Cloud Files Mini Filter Driver, a core component used by cloud sync services such as OneDrive. Three flaws received Microsoft’s Critical rating, including two Office bugs exploitable via Outlook’s Preview Pane. Administrators should prioritize updates for the flagged privilege escalation issues and apply patches promptly.

SAP patches three critical vulnerabilities in December

🔒 SAP released December security updates fixing 14 vulnerabilities across multiple products, including three critical flaws that could enable remote code execution and full system compromise. The most severe, CVE-2025-42880 (CVSS 9.9), is a code-injection issue in SAP Solution Manager ST 720. A Tomcat-related bundle tracked as CVE-2025-55754 (CVSS 9.6) affects SAP Commerce Cloud, and CVE-2025-42928 (CVSS 9.1) is a deserialization bug in SAP jConnect. Administrators are urged to deploy the provided fixes without delay.

Windows PowerShell Warns When Invoke-WebRequest Runs

⚠ Windows PowerShell 5.1 now displays a security confirmation when using Invoke-WebRequest to fetch web pages, warning that scripts in a downloaded page might run during parsing. The change, delivered with update KB5074204, mitigates a high-severity RCE tracked as CVE-2025-54100 and brings safer parsing behavior from PowerShell 7. Microsoft recommends rerunning commands with the -UseBasicParsing switch or updating automation to include it. Note that the 'curl' alias maps to Invoke-WebRequest and will trigger the same prompt.

Microsoft issues KB5071546 ESU update for Windows 10

🔒 Microsoft has released the KB5071546 extended security update for Windows 10 Enterprise LTSC and systems enrolled in the ESU program, addressing 57 security vulnerabilities including three zero-days. The mandatory patch updates Windows 10 to build 19045.6691 (LTSC 2021 to 19044.6691) and installs automatically, requiring a restart. Notably, it fixes a remote code execution zero-day in PowerShell (CVE-2025-54100) by adding a confirmation prompt and guidance to use -UseBasicParsing with Invoke-WebRequest to avoid parsing embedded scripts.

Microsoft December 2025 Patch Tuesday: 57 Fixes, 3 Zero-Days

🔒 Microsoft's December 2025 Patch Tuesday delivers fixes for 57 vulnerabilities, including three zero-day flaws — one actively exploited and two publicly disclosed. The update addresses 19 remote code execution, 28 elevation of privilege, four information disclosure, three denial of service, and two spoofing issues across Windows, PowerShell, Office, Exchange Server and drivers. Administrators should prioritize the actively exploited CVE-2025-62221 and apply vendor patches promptly.

Fortinet warns of critical FortiCloud SSO bypass flaws

⚠️ Fortinet released patches for two critical FortiCloud SSO authentication bypass vulnerabilities (CVE-2025-59718, CVE-2025-59719) impacting FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb. Attackers can abuse improper cryptographic signature verification in crafted SAML messages to bypass FortiCloud SSO controls. Administrators should disable FortiCloud SSO until devices are patched — either via System -> Settings in the GUI or with the provided CLI command — and apply the vendor firmware updates promptly. Fortinet also fixed related credential and password-hash issues (CVE-2025-59808, CVE-2025-64471).