Collecting Cyber-News from over 60 sources

Tag: update

Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say

Dec 19, 2025 7:19 PM

Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerability

Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say

Dec 19, 2025 7:19 PM

Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerability

Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
HPE tells customers to patch fast as OneView RCE bug scores a perfect 10

Dec 19, 2025 2:19 PM

Tags: rce, remote-code-execution, update

Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/hpe_oneview_rce_bug/
New critical WatchGuard Firebox firewall flaw exploited in attacks

Dec 19, 2025 12:19 PM

Tags: attack, exploit, firewall, flaw, remote-code-execution, update, vulnerability

WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/watchguard-warns-of-new-rce-flaw-in-firebox-firewalls-exploited-in-attacks/
Microsoft Patches MSMQ Flaw That Affects IIS Web Servers

Dec 19, 2025 10:19 AM

Tags: cyber, flaw, microsoft, update, vulnerability, windows

Microsoft has released an out-of-band security update to address a significant vulnerability in Message Queuing (MSMQ) functionality that impacts Windows 10 systems running IIS web servers and enterprise environments. The flaw, discovered and documented in the December 9, 2025 update (KB5071546), affects Windows 10 version 22H2 and version 21H2. The Vulnerability The MSMQ bug causes…
Roundcube Flaws Let Attackers Execute Malicious Scripts

Dec 19, 2025 10:19 AM

Tags: cyber, email, flaw, malicious, open-source, risk, software, update, vulnerability

Roundcube, the widely used open-source webmail software, has officially released critical security updates to address two significant vulnerabilities in its 1.6 and 1.5 LTS (Long-Term Support) versions. These flaws could allow attackers to execute malicious scripts or expose sensitive information, posing a risk to organizations and individuals relying on the platform for email communication. The…
Managing agentic AI risk: Lessons from the OWASP Top 10

Dec 19, 2025 8:19 AM

Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, update

Actionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
Managing agentic AI risk: Lessons from the OWASP Top 10

Dec 19, 2025 8:19 AM

Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, update

Actionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle

Dec 19, 2025 7:19 AM

Tags: browser, chrome, exploit, google, update, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle

Dec 19, 2025 7:19 AM

Tags: browser, chrome, exploit, google, update, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle

Dec 19, 2025 7:19 AM

Tags: browser, chrome, exploit, google, update, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies

Dec 19, 2025 5:19 AM

Tags: ai, api, attack, cloud, control, data, exploit, governance, guide, infrastructure, injection, LLM, malicious, risk, service, spam, threat, update, vulnerability

If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
React2Shell is the Log4j moment for front end development

Dec 19, 2025 5:19 AM

Tags: access, advisory, ai, antivirus, attack, backdoor, backup, control, crypto, detection, endpoint, exploit, malicious, network, powershell, ransomware, risk, technology, threat, update, vulnerability, windows, zero-day

What to look for: In an attack tracked by S-RM, immediately after the threat actor gained access to a targeted company’s network, they ran a hidden PowerShell command, establishing command and control (C2) by downloading a Cobalt Strike PowerShell stager, a tactic regularly used by red teamers, and installing a beacon to allow them to…
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies

Dec 19, 2025 5:19 AM

Tags: ai, api, attack, cloud, control, data, exploit, governance, guide, infrastructure, injection, LLM, malicious, risk, service, spam, threat, update, vulnerability

If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
React2Shell is the Log4j moment for front end development

Dec 19, 2025 5:19 AM

Tags: access, advisory, ai, antivirus, attack, backdoor, backup, control, crypto, detection, endpoint, exploit, malicious, network, powershell, ransomware, risk, technology, threat, update, vulnerability, windows, zero-day

What to look for: In an attack tracked by S-RM, immediately after the threat actor gained access to a targeted company’s network, they ran a hidden PowerShell command, establishing command and control (C2) by downloading a Cobalt Strike PowerShell stager, a tactic regularly used by red teamers, and installing a beacon to allow them to…
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies

Dec 19, 2025 5:19 AM

Tags: ai, api, attack, cloud, control, data, exploit, governance, guide, infrastructure, injection, LLM, malicious, risk, service, spam, threat, update, vulnerability

If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
Windows 10 OOB update released to fix Message Queuing (MSMQ) issues

Dec 19, 2025 5:19 AM

Tags: update, windows

This month’s extended security update for Windows 11 broke Message Queuing (MSMQ), which is typically used by enterprises to manage background tasks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-oob-update-released-to-fix-message-queuing-msmq-issues/
Cisco customers hit by fresh wave of zero-day attacks from China-linked APT

Dec 19, 2025 12:19 AM

Tags: apt, attack, china, cisco, exploit, update, vulnerability, zero-day

Cisco has yet to release a patch for the actively exploited vulnerability, and attacks have been underway since at least late November. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-zero-day-attacks-china-apt/
Actively Exploited ASUS Vulnerability Added to CISA’s KEV List

Dec 18, 2025 10:19 PM

Tags: attack, cisa, cve, cyber, cybersecurity, exploit, infrastructure, kev, malicious, software, supply-chain, update, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-59374 affects ASUS Live Update software and stems from a sophisticated supply chain compromise that embedded malicious code into legitimate software distributions. Supply Chain Attack Details The vulnerability involves…
Microsoft bestätigt: Windows-Update macht Remote-App-Verbindungen kaputt

Dec 18, 2025 2:19 PM

Tags: microsoft, update, windows

Einige Windows-Nutzer können seit Tagen keine Apps mehr von Azure Virtual Desktop streamen. Ein Fix ist in Arbeit. Aktuell helfen nur Workarounds. First seen on golem.de Jump to article: www.golem.de/news/microsoft-bestaetigt-windows-update-macht-remote-app-verbindungen-kaputt-2512-203402.html
Cisco confirms zero-day exploitation of Secure Email products

Dec 18, 2025 1:19 PM

Tags: business, cisco, control, email, exploit, firewall, infrastructure, risk, threat, update, zero-day

Rebuild guidance and operational tradeoffs: Cisco has said that wiping and rebuilding appliances is currently required in cases where compromise has been confirmed.”From a security standpoint, it is indeed the right call,” Tyagi said. “When there’s a risk that attackers have embedded themselves deep in a system, patching alone won’t solve the issue. Rebuilding is…
Microsoft December Update Breaks Critical IIS Servers

Dec 18, 2025 1:19 PM

Tags: microsoft, update, windows

The security updates delivered through KB5071546 have fundamentally broken Message Queuing (MSMQ) functionality across multiple Windows versions. The post Microsoft December Update Breaks Critical IIS Servers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-critical-iis-servers/
Backdoors eingeschleust: Chinesische Hacker kapern seit Wochen Cisco-Systeme

Dec 18, 2025 1:19 PM

Tags: backdoor, china, cisco, hacker, malware, update, zero-day

Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
Cisco confirms zero-day exploitation of Secure Email products

Dec 18, 2025 1:19 PM

Tags: business, cisco, control, email, exploit, firewall, infrastructure, risk, threat, update, zero-day

Rebuild guidance and operational tradeoffs: Cisco has said that wiping and rebuilding appliances is currently required in cases where compromise has been confirmed.”From a security standpoint, it is indeed the right call,” Tyagi said. “When there’s a risk that attackers have embedded themselves deep in a system, patching alone won’t solve the issue. Rebuilding is…
Recent Windows updates break RemoteApp connections

Dec 18, 2025 11:19 AM

Tags: microsoft, update, windows

Microsoft has confirmed that recent Windows updates trigger RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices in Azure Virtual Desktop environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-recent-updates-break-azure-virtual-desktop-remoteapp-sessions/
Ungepatchte Sicherheitslücke: Chinesische Hacker kapern seit Wochen Cisco-Systeme

Dec 18, 2025 11:19 AM

Tags: bug, china, cisco, hacker, malware, update, zero-day

Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
Ungepatchte Sicherheitslücke: Cisco-Systeme werden seit Wochen attackiert

Dec 18, 2025 10:19 AM

Tags: bug, china, cisco, malware, update, zero-day

Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

Dec 18, 2025 7:19 AM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, malicious, supply-chain, update, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an “embedded malicious code vulnerability” introduced by means of a supply chain compromise First…
Microsoft warns MSMQ may fail after update, breaking apps

Dec 18, 2025 5:20 AM

Tags: access, api, business, incident response, microsoft, remote-code-execution, service, update, vulnerability, windows

MSMQ becoming inactive;Internet Information Services (IIS) sites failing with “Insufficient resources to perform operation” errors;applications unable to write to queues;errors such as “The message file ‘C:\Windows\System32\msmq\storage*.mq’ cannot be created” when creating message files;misleading log entries such as “There is insufficient disk space or memory”, despite sufficient disk space and memory being available.Affected are servers running…
Attacks pummeling Cisco AsyncOS 0-day since late November

Dec 18, 2025 12:19 AM

Tags: attack, cisco, update, zero-day

No timeline for a patch First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/attacks_pummeling_cisco_0day/