SecurityWeek reports that mitigations for a high-severity Windows LNK flaw subjected to years-long exploitation have been silently provided by Microsoft as part of last month's security updates.
Numerous WordPress sites with the King Addons for Elementor plugin versions 24.12.92 to 51.1.14 could be compromised in attacks involving a recently addressed critical privilege escalation vulnerability, tracked as CVE-2025-8489, which have been underway since the end of October, Security Affairs reports.
Thirty-nine percent of cloud environments were noted by Wiz to have instances of the JavaScript library React and React-based frameworks, such as Next.js, that are vulnerable to the maximum severity unauthenticated remote code execution flaw, tracked as CVE-2025-55182, which could be subjected to widespread exploitation soon, reports The Register.
Ongoing attacks involving a pair of high-severity Android Framework flaws have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal civilian executive branch agencies urged to remediate both security weaknesses by Dec. 23, according to Security Affairs.
Older, unsupported Fortinet FortiWeb 6.x instances could also be compromised in attacks exploiting the operating system command injection flaw, tracked as CVE-2025-58034, and the relative path traversal vulnerability, tracked as CVE-2025-64446, which had been confirmed to affect multiple FortiWeb 7.x and 8.x versions, Cybersecurity Dive reports.
