10.12.2025

The Hacker News 10.12.2025 04:50
Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.
The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and

CSO Online 10.12.2025 01:19
Microsoft is finishing 2025 by issuing only 57 patches for Windows and other products for December Patch Tuesday, but one vulnerability is already being exploited as a zero day and needs to be addressed fast.
It’s an escalation of privilege vulnerability in Windows Cloud Files Mini Filter Driver (CVE-2025-62221), described as a use-after-free problem in which a program tries to use a block of memory that has already been returned to system control. The attack complexity is low. The worst case scenario is that a threat actor could leverage it to escalate access privileges.

Krebs Security 09.12.2025 23:18
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

Heise Security 09.12.2025 08:09
Zum letzten Patchday des Jahres hat SAP 14 Sicherheitsnotizen veröffentlicht. Aktualisierungen dichten die zugehörigen Schwachstellen ab.