Lmst

CVE Alert: CVE-2025-6218 - RARLAB - WinRAR - https://www.redpacketsecurity.com/cve-alert-cve-2025-6218-rarlab-winrar/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-6218 #rarlab #winrar

CVE Alert: CVE-2025-62221 - Microsoft - Windows 10 Version 1809 - https://www.redpacketsecurity.com/cve-alert-cve-2025-62221-microsoft-windows-10-version-1809/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-62221 #microsoft #windows-10-version-1809

👀 React2Shell attacker profiles fresh from GreyNoise telemetry: https://info.greynoise.io/hubfs/PDFs-Sales-Marketing/GreyNoise-React2Shell-Attacker-Profiles.pngAlso, don't miss the latest contribution from GreyNoise Labs on React2Shell: https://www.labs.greynoise.io/grimoire/2025-12-09-react2shell-meshcentral/

#React2Shell #Nextjs #CVE202555182 #CVE #GreyNoise

Graphic summarizing five React2Shell attacker profiles: Mass Scanners, VPN/Proxy Users, Cryptomining Operators, Malware Distribution Infrastructure, and Reconnaissance Specialists. Each group shows distinct characteristics, JA4+ signatures, and assessments ranging from benign scanning to organized cybercrime activity. GreyNoise notes customers receive full signatures in their intelligence brief.

CVE Alert: CVE-2025-48638 - Google - Android - https://www.redpacketsecurity.com/cve-alert-cve-2025-48638-google-android/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-48638 #google #android

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 18 CVEs across 28 images:
• 🔴 Critical: 0
• 🟠 High: 10
• 🟡 Medium: 7
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 New HIGH CVE detected in AWS Lambda 🚨
CVE-2025-13601 impacts glib2 in 28 Lambda base images.

Details: https://github.com/aws/aws-lambda-base-images/issues/360
More: https://lambdawatchdog.com/

#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 New HIGH CVE detected in AWS Lambda 🚨
CVE-2025-13601 impacts glib2 in 28 Lambda base images.

Details: https://github.com/aws/aws-lambda-base-images/issues/360
More: https://lambdawatchdog.com/

#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 New HIGH CVE detected in AWS Lambda 🚨
CVE-2025-13601 impacts glib2 in 28 Lambda base images.

Details: https://github.com/aws/aws-lambda-base-images/issues/360
More: https://lambdawatchdog.com/

#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 18 CVEs across 28 images:
• 🔴 Critical: 0
• 🟠 High: 10
• 🟡 Medium: 7
• 🔵 Low: 1

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

Find out if you are vulnerable to the React2Shell vulnerability, covering both official tracking IDs:

• React Server Component exposure – CVE-2025-55182
• Next.js App Router RCE chain – CVE-2025-66478

#secpoint #secpointpenetrator #nextrce #react2shell #cve #cybersecurity #vulnerabilityscanning #nextjs #react

CVE Alert: CVE-2025-48633 - Google - Android - https://www.redpacketsecurity.com/cve-alert-cve-2025-48633-google-android/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-48633 #google #android

CVE Alert: CVE-2025-48637 - Google - Android - https://www.redpacketsecurity.com/cve-alert-cve-2025-48637-google-android/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-48637 #google #android

FYI #CVE #linux #kernel #opensource

cc:Greg Kroah-Hartman

http://www.kroah.com/log/blog/2025/12/08/linux-cves-more-than-you-ever-wanted-to-know/

#OT #Advisory VDE-2025-071
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx firmware prior to version 3.50. Two of these (CVE-2025-41692 and CVE-2025-41696) enable an attacker to access the device's file system. Two other vulnerabilities (CVE-2025-41693 and CVE-2025-41694) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2025-41697) allows an unauthenticated physical attacker to access a login shell via an undocumented UART port. Furthermore, there are multiple vulnerabilities relating to reflected cross-site scripting in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.50.
#CVE CVE-2025-41752, CVE-2025-41751, CVE-2025-41750, CVE-2025-41749, CVE-2025-41748, CVE-2025-41747, CVE-2025-41746, CVE-2025-41745, CVE-2025-41695, CVE-2025-41697, CVE-2025-41692, CVE-2025-41694, CVE-2025-41696, CVE-2025-41693

https://certvde.com/en/advisories/vde-2025-071/

#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-071.json

December 2025 Patch Tuesday brings a moderate set of updates across Microsoft systems — including Windows 10 ESU, fixes for XAML-dependent app behavior, .LNK vulnerability handling, and Outlook–Excel attachment reliability.

Chrome, Firefox, and Adobe updates expected as well.

Source: https://www.helpnetsecurity.com/2025/12/08/december-2025-patch-tuesday-forecast-and-its-a-wrap/

What are you watching most closely this month?
Follow us for continued Patch Tuesday coverage.

#Cybersecurity #PatchTuesday #Infosec #Microsoft #CVE #VulnerabilityManagement #WindowsSecurity #SecOps #ThreatIntel #SecurityUpdates

December 2025 Patch Tuesday forecast: And it’s a wrap

📢 Vous connaissez sans doute déjà notre veille technique 🛠️. Découvrez maintenant le 1er numéro de notre seconde veille dite "sécuritaire" 🛡️ !
💡 Dans ces billets, nous communiquons les alertes sécurité (#CVE...) concernant les outils que nous intégrons.
🔗 https://www.arawa.fr/2025/12/05/veille-securitaire-collaboration-open-source-1/
🛜 Flux RSS (commun entre veilles techniques et sécuritaires) : https://www.arawa.fr/category/veille-technique/feed/
#️⃣ #OpenSource #LogicielsLibres #Nextcloud #CollaboraOnline #Collabora #OnlyOffice #BBB #BigBlueButton