Microsoft warns MSMQ may fail after update, breaking apps

A security update issued on December Patch Tuesday changes the MSMQ security model, causing failures in programs ranging from ...
Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...

Ho ho ho! December’s Patch Tuesday delivers three zero-days

It’s a holiday miracle with no critical Windows patches and an unusually low number of updates overall — but with three zero-days in the wild, patching can’t wait.

Criminal IP Reveals Global React2Shell RCE Exposure Across React Server Components

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ecosystem. With low exploitation complexity and publicly available PoCs, ...
CSOonline

Microsoft flips security script: ‘In scope by default’ makes all vulnerabilities fair game for bug bounties

The company’s new approach is that anything touching Microsoft services is eligible for a bug bounty, regardless of its source. Today’s AI-enabled attackers are agnostic: They’re not limiting ...
SiliconANGLE

Microsoft broadens bug bounty scope to include any vulnerability impacting its services

Microsoft Corp. announced today that it is expanding its bug bounty program with a new policy that brings all of its online services, including those supported by third-party and open-source ...
Security Boulevard

Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products

Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft ...
Bleeping Computer

Microsoft bounty program now includes any flaw impacting its services

Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. This policy shift ...
The Hacker News

Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, ...
Bleeping Computer

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three ...
Krebs on Security

Microsoft Patch Tuesday, December 2025 Edition

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already ...