The Hacker News

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

CISA warns WinRAR CVE-2025-6218 is under active attack by multiple threat groups, requiring federal fixes by Dec. 30, 2025.
Security Boulevard

Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products

Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft ...
Dark Reading

Disclosure Drama Clouds CrushFTP Vulnerability Exploitation

A critical CrushFTP vulnerability now under exploitation in the wild has become mired in controversy and confusion. On March 31, the Shadowserver Foundation reported that exploitation activity was ...
Bleeping Computer

Fortinet FortiWeb flaw with public PoC exploited to create admin users

A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication. The issue is fixed in FortiWeb ...
The Register on MSN

Years-old bugs in open source tool left every major cloud open to disruption

Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab ...

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Microsoft' 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day ...

INE Reinforces Skill Dive’s Role in SMB Cyber Defense

The Skill Dive Vulnerabilities Lab gives small teams the practical, hands-on experience they need to understand and mitigate real-world threats, helping them react faster, respond smarter, and stay ...