Ivanti has disclosed a critical vulnerability in its Endpoint Manager (EPM) solution, tracked as CVE-2025-10573. This flaw allows remote, unauthenticated attackers to execute arbitrary JavaScript code through cross-site scripting attacks.

December's Patch Tuesday reveals several critical vulnerabilities, including a zero-day in Microsoft's Windows Cloud Files Mini Filter Driver, a critical Notepad++ bug, and vulnerabilities in Fortinet and Ivanti products.

A critical vulnerability has been identified in the Universal Boot Loader (U-Boot), affecting several Qualcomm chips. This vulnerability, CVE-2025-24857, allows improper access control for volatile memory containing boot code

Pro-Russia hacktivist groups, Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), and Sector16, are conducting opportunistic attacks against critical infrastructure sectors such as Water and Wastewater, Food and Agriculture, and Energy.

Microsoft has released the Windows 10 KB5071546 extended security update, addressing 57 security vulnerabilities, including three zero-day flaws. This update is mandatory and will automatically install, prompting a restart.

The FBI issued a warning about a new scam where criminals manipulate online photos to create fake "proof-of-life" images for virtual kidnapping scams. These involve criminals posing as kidnappers, demanding ransom, and using altered images.

The Europol's Operational Taskforce GRIMM has successfully dismantled a significant "violence-as-a-service" network, resulting in the arrest of 193 individuals. The operation involved law enforcement agencies from multiple European countries.

The cybersecurity landscape has witnessed a dramatic 700% increase in ransomware attacks targeting hypervisors, with their role in malicious encryption surging from 3% in the first half of the year to 25% in the second half.

Initial Access Brokers have become pivotal in the cybercrime ecosystem, facilitating the outsourcing of intrusion tasks to advanced adversaries. This commoditization of access to critical systems allows IABs to sell access to the highest bidder.

The FBI has issued a warning about a new scam where criminals harvest photos from social media platforms like Facebook, LinkedIn, and X to stage fake kidnappings. These photos are used as "proof-of-life" to extort ransom from the victim's family.