This week's security landscape was dominated by critical vulnerabilities requiring immediate patching and significant breaches impacting major organizations. High-severity CVEs across widely used software underscore the persistent need for robust update cycles.
Top Security Stories
WatchGuard Patches Firebox Zero-Day Exploited in the Wild
The critical-severity bug in the Fireware OS’s iked process leads to unauthenticated remote code execution. The post WatchGuard Patches Firebox Zero-Day Exploited in the Wild appeared first on Securit...
Source: securityweek.com
Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices
With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks.
Source: darkreading.com
Ukrainian hacker admits affiliate role in Nefilim ransomware gang
A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. [...]
Source: bleepingcomputer.com
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt i...
Source: thehackernews.com
ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories
It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assi...
Source: thehackernews.com
WebRAT malware spread via fake vulnerability exploits on GitHub
The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. [...]
Source: bleepingcomputer.com
Ukrainian national pleads guilty to Nefilim ransomware attacks
The 35-year-old faces up to 10 years in jail and authorities announced an $11 million reward for information on his alleged co-conspirator who remains at large. The post Ukrainian national pleads guil...
Source: cyberscoop.com
Former incident responders plead guilty to ransomware attack spree
Ryan Goldberg and Kevin Martin were working at cybersecurity companies when they switched sides and hit five companies with ransomware attacks in 2023. The post Former incident responders plead guilty...
Source: cyberscoop.com
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The ...
Source: thehackernews.com
Critical RCE flaw impacts over 115,000 WatchGuard firewalls
Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. [...]
Source: bleepingcomputer.com
Trust Wallet Chrome extension hack tied to millions in losses
Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent respo...
Source: bleepingcomputer.com
Nissan Confirms Impact From Red Hat Data Breach
The personal information of 21,000 customers was stolen after hackers compromised Red Hat’s GitLab instances. The post Nissan Confirms Impact From Red Hat Data Breach appeared first on SecurityWeek.
Source: securityweek.com
Baker University says 2024 data breach impacts 53,000 people
Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. [...]
Source: bleepingcomputer.com
3.5 Million Affected by University of Phoenix Data Breach
The University of Phoenix is one of the many victims of the recent Oracle EBS hacking campaign attributed to the Cl0p ransomware group. The post 3.5 Million Affected by University of Phoenix Data Brea...
Source: securityweek.com
Nissan says thousands of customers exposed in Red Hat breach
Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September. [...]
Source: bleepingcomputer.com
Critical Vulnerabilities (CVEs)
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2025-14950 | 7.3 | A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php... |
| CVE-2025-14951 | 7.3 | A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /hom... |
| CVE-2025-14952 | 7.3 | A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_category.php. Perfor... |
| CVE-2025-14964 | 9.8 | A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipu... |
| CVE-2025-14967 | 7.3 | A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /... |
