A critical vulnerability, known as "SOAPwn," has been identified in the .NET Framework, allowing attackers to achieve remote code execution by exploiting WSDL imports and HTTP client proxies.

A 0-day bug in Gogs, a self-hosted Git service, is being actively exploited. The vulnerability (CVE-2025-8110) affects Gogs servers with open-registration enabled. Over 700 instances have been compromised, with 1,400 exposed to the internet.

DroidLock is a newly discovered Android malware that locks devices and demands a ransom. It specifically targets Spanish-speaking users and is distributed through malicious websites promoting fake applications.

A new malware campaign has been identified, utilizing ClickFix social engineering tactics to deploy the CastleLoader malware family. This campaign employs a Python-based delivery chain, replacing earlier AutoIt droppers with a compact Python loader.

A WordPress backdoor has been discovered, disguised as a JavaScript data file, allowing attackers to automatically log into administrator accounts without credentials. This malware is hidden in a PHP file within the WordPress `wp-admin/js` directory.

Ivanti has disclosed a critical vulnerability in its Endpoint Manager (EPM) solution, tracked as CVE-2025-10573. This flaw allows remote, unauthenticated attackers to execute arbitrary JavaScript code through cross-site scripting attacks.

December's Patch Tuesday reveals several critical vulnerabilities, including a zero-day in Microsoft's Windows Cloud Files Mini Filter Driver, a critical Notepad++ bug, and vulnerabilities in Fortinet and Ivanti products.

A critical vulnerability has been identified in the Universal Boot Loader (U-Boot), affecting several Qualcomm chips. This vulnerability, CVE-2025-24857, allows improper access control for volatile memory containing boot code

Microsoft has released the Windows 10 KB5071546 extended security update, addressing 57 security vulnerabilities, including three zero-day flaws. This update is mandatory and will automatically install, prompting a restart.

The cybersecurity landscape has witnessed a dramatic 700% increase in ransomware attacks targeting hypervisors, with their role in malicious encryption surging from 3% in the first half of the year to 25% in the second half.