Patch/Configuration Management

Apple's WebKit browser engine was found by Google's artificial intelligence-based cybersecurity agent Big Sleep to have been affected by five security bugs, which could be leveraged to crash browsers or corrupt memory, reports The Hacker News.

BleepingComputer reports that at least 210,000 WordPress sites could be hijacked in intrusions exploiting a critical security flaw in the Post SMTP plugin, tracked as CVE-2025-11833, which have been underway since the beginning of November.

The U.S. Cybersecurity and Infrastructure Security Agency has added two actively exploited vulnerabilities affecting Gladinet and Control Web Panel to its Known Exploited Vulnerabilities catalog.

Malicious actors could exploit a trio of already patched Windows Graphics Device Interface vulnerabilities, tracked as CVE-2025-30388, CVE-2025-47984, and CVE-2025-53766, to facilitate remote code execution and information disclosures, Infosecurity Magazine reports.

Teams need to build resilience into response efforts, improve detection and response, and update threat awareness.

CISA ends busy week where it also worked with NSA to release best practices guidance on Microsoft Exchange Server.

The document provides best practices for securing on-premises Exchange servers from attack.

Along with the CISA advisory, VulnCheck points out that a critical 9.8 XWiki flaw was actively exploited.