Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges.
The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek.
Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyber Defense
Promotions across Microsoft’s security organization reinforce the company’s shift toward AI-driven defense and tighter operational oversight under Global CISO Igor Tsyganskiy.
The post Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyber Defense appeared first on SecurityWeek.
Microsoft releases Windows 10 KB5071546 extended security update
Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. […]
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. […]
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. […]
Windows 11 KB5072033 & KB5071417 cumulative updates released
Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.
“EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and
“EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and
Prime Security Raises $20 Million to Build Agentic Security Architect
Prime Security, which offers an AI-powered platform to help security teams detect, prioritize, and mitigate risks at the software design phase, today announced a $20M Series A funding round. Founded in 2023 and headquartered in New York with offices in Tel Aviv, the company has developed what it calls an “Agentic Security Architect” that autonomously conducts […]
The post Prime Security Raises $20 Million to Build Agentic Security Architect appeared first on SecurityWeek.
Ivanti warns of critical Endpoint Manager code execution flaw
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. […]
Maintaining enterprise IT hygiene using Wazuh SIEM/XDR
Poor IT hygiene, such as unused accounts, outdated software, and risky extensions, creates hidden exposure in your infrastructure. Wazuh, the open-source XDR and SIEM, shows how continuous inventory monitoring across endpoints helps teams spot drift and tighten security. […]