Author: PulauWin

The Hacker News

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

December 17, 2025 add comment
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog,... Read more »
Help Net Security

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

December 17, 2025 add comment
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw... Read more »
Internet Security

GNV ferry fantastic under cyberattack probe amid remote hijack fears

December 17, 2025 add comment
French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry Fantastic,... Read more »
Help Net Security

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)

December 17, 2025 add comment
Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf... Read more »
Internet Security

Askul data breach exposed over 700,000 records after ransomware attack

December 17, 2025 add comment
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best known... Read more »
Internet Security

Russian state hackers targeted Western critical infrastructure for years, Amazon says

December 17, 2025 add comment
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical... Read more »
IT Security

ClickFix attacks that bypass cyber controls on the rise

December 17, 2025 add comment
NCC’s monthly threat report details the growing prevalence of ClickFix attacks in the wild Read more »
Help Net Security

Trellix advances NDR to close the OT-IT threat detection-to-response gap

December 17, 2025 add comment
Trellix announced Trellix NDR innovations, strengthening OT-IT security with integrated visibility across complex environments, enhanced detection capabilities, and automated investigation and response to reduce the threat detection-to-response gap. “We... Read more »
Internet Security

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

December 17, 2025 add comment
U.S. CISA adds a vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products Improper Verification of Cryptographic Signature... Read more »
Help Net Security

XM Cyber bridges external attack surface management with validated internal attack paths

December 17, 2025 add comment
XM Cyber announced an update to its platform that connects External Attack Surface Management with internal risk validation, closing the gap between what’s exposed outside and what exists inside.... Read more »
Subscribe to our Newsletter