Google has issued urgent updates to address another Chrome zero-day vulnerability that is actively being exploited in the wild, making it the eighth security flaw fixed since the beginning of the year.
Ivanti Endpoint Manager (EPM) Multiple Vulnerabilities (CVE-2025-10573, CVE-2025-13659, CVE-2025-13661, & CVE-2025-13662)
Ivanti released a security advisory to address three high-severity vulnerabilities and one critical-severity vulnerability impacting EPM core and remote consoles. Ivanti mentioned in their advisory that they are unaware of any customers being exploited by these vulnerabilities at the time of disclosure.
Fortinet Addresses Critical Vulnerabilities Impacting Multiple Fortinet Products (CVE-2025-59718 & CVE-2025-59719)
Fortinet releases fixes to address two critical vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Tracked as CVE-2025-59718 and CVE-2025-59719, both vulnerabilities have a CVSS score of 9.1. Successful exploitation of the vulnerabilities could lead to improper access control.
Microsoft Patch Tuesday, December 2025 Security Update Review
As the year winds down, Microsoft Patch Tuesday in December arrives with essential fixes and enhancements to close vulnerabilities and boost performance. Here’s a quick breakdown of what you need to know. This month’s release addresses 72 vulnerabilities, including three critical and 55 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed three zero-day vulnerabilities. One of them was exploited, and two were publicly disclosed. Microsoft has addressed 15 vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
React Server Components (RSC) Remote Code Execution Vulnerabilities
On December 3rd, 2025, React disclosed a critical remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE‑2025‑55182. Shortly after, a related vulnerability was confirmed in Next.js App Router, registered as CVE‑2025‑66478. Both issues were assigned a CVSS score of 10.0, indicating the highest severity level. CISA has acknowledged the vulnerability’s active … Continue reading “React Server Components (RSC) Remote Code Execution Vulnerabilities”
Shai-Hulud 2.0 Supply Chain Attack Compromised Major Packages
A renewed and intensified npm supply chain attack campaign linked to the original Shai-Hulud malware is making headlines. This campaign, active from November 21 to 23, 2025, comprises popular npm packages from major publishers, including Maven, Zapier, ENS Domains, PostHog, and Postman. The attackers insert malicious code that executes during the npm package preinstall phase, … Continue reading “Shai-Hulud 2.0 Supply Chain Attack Compromised Major Packages”
Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446)
Threat actors are exploiting a zero-day vulnerability, CVE-2025-64446, that has been discovered in Fortinet’s FortiWeb web application firewall product. Successful exploitation of this new vulnerability allows an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. FortiGuard mentioned in the advisory that they are aware of the active exploitation … Continue reading “Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446)”
Microsoft Patch Tuesday, November 2025 Security Update Review
Microsoft released its November Patch Tuesday Security Updates. Here’s a quick breakdown of what you need to know. This month’s release addresses 68 vulnerabilities, including five critical and 59 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed a zero-day vulnerability that was being exploited in the wild. Microsoft has addressed five vulnerabilities in Microsoft … Continue reading “Microsoft Patch Tuesday, November 2025 Security Update Review”
Cisco Addresses Remote Code Execution Vulnerabilities in Unified Contact Center Express (CVE-2025-20354 & CVE-2025-20358)
Cisco Unified CCX is vulnerable to two security vulnerabilities that could allow an unauthenticated, remote attacker to upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root. Tracked as CVE-2025-20354 & CVE-2025-20358, both vulnerabilities have critical severity ratings.
Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236)
Security experts from e-commerce security firm Sansec have discovered that threat attackers are actively exploiting a vulnerability in Adobe Commerce and Magento Open-Source platforms. Tracked as CVE-2025-54236, the vulnerability has a critical severity rating with a CVSS score of 9.1. The vulnerability originates from an improper input validation and could allow attackers to hijack customer accounts … Continue reading “Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236)”