11.12.2025

CSO Online 11.12.2025 01:24
Admins using FortiCloud SSO (single sign on) to authenticate access to Fortinet products are urged to upgrade the software running some of the company’s gateway products as soon as possible, or risk their networks being compromised.
“Users of Fortinet appliances should, for now, disable SSO until they are able to patch the devices,” advised Johannes Ullrich, dean of research at the SANS Institute. “However, in the long run, this is not a reason to abandon SSO, and it should be re-enabled after the patch is applied.”

CSO Online 10.12.2025 15:35
Ivanti has patched a critical vulnerability in Endpoint Manager that enables attackers to hijack administrator sessions without authentication and potentially control thousands of enterprise devices.
The company released EPM version 2024 SU4 SR1 to address four vulnerabilities, including the critical flaw tracked as CVE-2025-10573, which carries a CVSS score of 9.6. Three additional high-severity flaws could also enable code execution but require user interaction, Ivanti said in its December security advisory on Tuesday.

Heise Security 10.12.2025 13:29
In Bitefender Free, Internet-, Total- und Endpoint-Security können lokale Angreifer durch eine Sicherheitslücke ihre Rechte ausweiten.

Heise Security 10.12.2025 12:17
Ein Update für Ivantis Endpoint Manager schließt unter anderem eine kritische Sicherheitslücke, durch die Angreifer Javascript einschleusen können.

The Hacker News 10.12.2025 11:54
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation

Heise Security 10.12.2025 09:48
Am Microsoft-Patchday sind wichtige Sicherheitsupdates erschienen. Mehrere Schwachstellen sind öffentlich bekannt. Es gibt bereits Attacken.

Infosecurity Magazine 10.12.2025 09:45
December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days

Heise Security 10.12.2025 09:24
Fortinet hat viele Sicherheitsupdates veröffentlicht. Besonders schwerwiegend ist eine Authentifizierungslücke in FortiOS & Co.

The Hacker News 10.12.2025 08:50
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.
Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the release. These include 29 privilege escalation, 18 remote code

Heise Security 10.12.2025 08:05
Adobe schützt mehrere Anwendungen vor möglichen Attacken. Es kann Schadcode auf Systeme gelangen.

Heise Security 10.12.2025 07:57
Der Updater des Open-Source-Editors Notepad++ hat Malware auf PCs installiert. Ein Update auf Notepad++ v8.8.9 korrigiert das.

CSO Online 10.12.2025 07:00
On Dec. 7, the House and Senate Homeland Security Committees released their compromise version of the 2026 National Defense and Authorization Act (NDAA), a nearly 3,100-page piece of legislation that contains a host of provisions to fund several Department of Defense cybersecurity efforts in fiscal year 2026.
Although cybersecurity is referenced hundreds of times across the NDAA, the legislation contains provisions that, once the law becomes effective, will mark significant shifts in how the US military manages major cybersecurity tasks, particularly in the timely arena of protecting mobile communications of top brass and AI deployments, as well as more understated, but potentially high-impact, infosec duties.