Security Affairs reports that the U.S. Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include flaws impacting Google Chromium and Sierra Wireless AirLink ALEOS, which must be remediated by federal civilian executive branch agencies by Jan. 2.
Infosecurity Magazine reports that 40 million Log4j instances, or 13% of all installations this year, remained susceptible to the maximum severity Log4Shell vulnerability four years after its emergence.
Ongoing attacks leveraging the high-severity WinRAR path traversal flaw, tracked as CVE-2025-6218, have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities list, reports The Hacker News.
Nearly 4.3 billion records seemingly gathered within the past two years have been inadvertently leaked by an unsecured MongoDB database, reports Cybernews.
Attacks exploiting the maximum severity React2Shell vulnerability in React Server Components, tracked as CVE-2025-55182, have enabled the deployment of several newly emergent malware payloads and cryptocurrency miners, according to The Hacker News.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
