Alert

Microsoft’s last Patch Tuesday updates of 2025 on December fixed 56 vulnerabilities in Windows, Office, Exchange Server, and more. This update addresses 3 serious security issues: two remote code execution problems that have been made public and one vulnerability that allows attackers to gain elevated permissions. Several critical issues are …

More than 77,000 IP addresses online are at risk from the serious React2Shell remote code execution flaw (CVE-2025-55182). Researchers report that attackers have already breached over 30 organizations in various sectors. React2Shell is a vulnerability that allows unauthorized remote code execution with just one HTTP request. It affects all frameworks …

The Korean National Police arrested suspected four people for hacking over 120,000 IP cameras and selling the footage to a foreign adult website. Police are acting against the operators of the illegal content despite not revealing the suspects or websites, through international cooperation. “The National Office of Investigation announced that …

India’s Civil Aviation Minister K Rammohan Naidu informed the Rajya Sabha that some flights reported Positioning System- GPS spoofing in the vincinity of Indira Gandhi International Airport in New Delhi while using GPS-based landing procedures. In a written reply to a question on GPS spoofing, Mr Naidu told the House …

Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to protect their industrial control systems due to active exploitation. CVE-2021-26829, a vulnerability in OpenPLC ScadaBR, is now included in the KEV Catalog. This inclusion signals that threat actors are actively weaponizing this specific flaw to target operational technology (OT) …

National Cyber Emergency Response Team of Pakistan (National CERT) has warned government agencies, military organizations, and critical infrastructure about a significant security vulnerability in Oracle E-Business Suite (EBS). Hackers can fully control affected systems without needing a password. They can steal sensitive data and disrupt operations, causing significant damage. According …

CERT/CC has warned of unpatched command injection vulnerabilities in Tenda’s 4G03 Pro and N300 routers. These flaws allow attackers to execute root commands, and there are no fixes from the vendor, putting users at risk. According to the advisory, “A command injection vulnerability exists across multiple firmware versions that allows …

Researchers gathered 3.5 billion WhatsApp phone numbers and personal information by abusing a contact-discovery API without proper rate limiting. This study shows a common tactic used by threat actors to collect user information from unprotected public APIs, even though the researchers haven’t shared the data. Abusing WhatsApp API: The researchers …

CISA warns government agencies to patch Oracle Identity Manager (CVE-2025-61757) due to potential zero-day exploitation. CVE-2025-61757 is a pre-authentication remote code execution vulnerability in Oracle Identity Manager, found by Searchlight Cyber analysts Adam Kues and Shubham Shahflaw. The flaw stems from an authentication bypass in Oracle Identity Manager’s REST APIs, …

CERT-In warns that many homes, small offices, and service providers in India are at risk from a critical authentication flaw, CVE-2025-59367, found in popular Asus DSL-series WiFi routers. The national cybersecurity agency has issued a security alert regarding this vulnerability. The CERT-In Vulnerability Note CIVN-2025-0322 warns that remote attackers can …