Microsoft released security fixes for 57 issues in its software, including an actively exploited 7.8-rated zero-day in the Windows Cloud Files Mini Filter Driver, as part of this month's Patch Tuesday, reports The Register.
Threat actors have been actively exploiting a critical remote code execution vulnerability in the Sneeit Framework plugin for WordPress, tracked as CVE-2025-6389, and a critical ICTBroadcast flaw, tracked as CVE-2025-2611, in separate attacks, according to The Hacker News.
10.0 RSC flaw actively exploited in the wild by China-based threat groups within hours of public disclosure leads the pack for December's Patch Tuesday.
Open source content analysis toolkit Apache Tika had its core, PDF, and parser modules impacted with a maximum severity vulnerability, tracked as CVE-2025-66516, which could be leveraged in XML external entity attacks, Security Affairs reports.
Attacks involving the critical React2Shell remote code execution vulnerability, tracked as CVE-2025-55182, were noted by Palo Alto Networks Unit 42 researchers to have compromised more than 30 organizations in various industries, reports BleepingComputer.
Interview with Danny Jenkins: How badly configured are your endpoints? Misconfigurations are one of the most overlooked areas in terms of security program quick wins. Everyone freaks out about vulnerabilities, patching, and exploits. Meanwhile, security tools are misconfigured. Thousands of unused software packages increase remediation effort and a...
