Ho ho ho! December’s Patch Tuesday delivers three zero-days

It’s a holiday miracle with no critical Windows patches and an unusually low number of updates overall — but with three zero-days in the wild, patching can’t wait.

Criminal IP Reveals Global React2Shell RCE Exposure Across React Server Components

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ecosystem. With low exploitation complexity and publicly available PoCs, ...
SiliconANGLE

Microsoft broadens bug bounty scope to include any vulnerability impacting its services

Microsoft Corp. announced today that it is expanding its bug bounty program with a new policy that brings all of its online services, including those supported by third-party and open-source ...
Security Boulevard

Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products

Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft ...
Bleeping Computer

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three ...
The Hacker News

Search results for Microsoft vulnerabilities — Latest News, Reports & Analysis | The Hacker News

With the release of 12 Security Bulletins , Microsoft addresses a total of 56 vulnerabilities in its different products. The bulletins include five critical updates, out of which two address ...
Searchenginejournal.com

Server Security Scanner Vulnerability Affects Up To 56M Sites

A critical vulnerability was recently discovered in Imunify360 AV, a security scanner used by web hosting companies to protect over 56 million websites. An advisory by cybersecurity company Patchstack ...
Forbes

NSA Issues Microsoft Exchange Server ‘High-Risk Of Compromise’ Alert

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Thankfully, for such things, the document itself is relatively ...
The Hacker News

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden ...
Dark Reading

Microsoft Issues Emergency Patch for Critical Windows Server Bug

Microsoft on Thursday deployed a reworked update for a critical vulnerability in the Windows Server Update Service (WSUS) that has come under attack in the wild. CVE-2025-59287 is a remote code ...
Wired

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security ...