VulnHub

Cisco has issued a warning regarding a serious zero-day vulnerability in its AsyncOS software that is currently being exploited in the wild. This flaw affects Cisco's Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances, leaving customers vulnerable to potential attacks. The zero-day has been classified with maximum severity, indicating the urgency for organizations using these products to take action. As of now, there are no patches available to address this vulnerability, which raises concerns about the security of email communications for affected users. Companies that rely on these Cisco products should closely monitor their systems and implement any available security measures to mitigate risks until a fix is released.

SonicWall has issued a warning regarding a newly discovered vulnerability in the SMA1000 Appliance Management Console (AMC) that is being exploited in zero-day attacks. This vulnerability allows attackers to escalate privileges, potentially giving them unauthorized access to sensitive systems. Organizations using SonicWall's SMA1000 appliances need to take immediate action to protect their networks. The company advises users to apply patches as soon as possible to mitigate the risk associated with this security flaw. The urgency of this situation is heightened by the fact that the vulnerability is currently being actively exploited in the wild, making prompt remediation essential for affected users.

SonicWall has issued a hotfix for a local privilege escalation vulnerability, identified as CVE-2025-40602, that affects its Secure Mobile Access (SMA) 1000 appliances. This flaw is currently being exploited by attackers, particularly in combination with another vulnerability, CVE-2025-23006, which allows for unauthenticated remote code execution with root privileges. Organizations using SMA 1000 appliances are at risk, as this could enable unauthorized access and control over their systems. SonicWall is urging all customers to apply the patch promptly to mitigate the risk of exploitation. The situation highlights the ongoing need for vigilance and timely updates in cybersecurity practices.

Apple has issued updates for macOS and iOS to address two zero-day vulnerabilities in WebKit that were found to be exploited in a highly sophisticated attack. These vulnerabilities could allow attackers to execute malicious code on affected devices, potentially compromising user data and privacy. The updates are crucial for users of Apple's platforms, as they help protect against active threats that exploit these flaws. Users are encouraged to install the latest updates to ensure their devices are secure. This incident also raises concerns about the interconnectedness of browser vulnerabilities, as these flaws are linked to a Chrome exploit, indicating that security issues can cross platform boundaries.

Apple has released emergency updates to address two zero-day vulnerabilities that were actively exploited in highly sophisticated attacks targeting specific individuals. These flaws could allow attackers to gain unauthorized access to devices, putting sensitive information at risk. Users of affected devices are urged to update their systems immediately to protect against potential exploitation. The vulnerabilities were significant enough to prompt Apple to act quickly, indicating the serious nature of these threats. This situation emphasizes the ongoing risk that zero-day vulnerabilities pose, particularly for individuals in sensitive positions.

A new zero-day vulnerability has been discovered in Windows that affects the Remote Access Connection Manager (RasMan) service, allowing attackers to crash it. This flaw could disrupt remote access services for users and organizations relying on Windows systems. Unofficial patches have been made available for users who want to mitigate the risk before an official fix is released. As this vulnerability is a zero-day, it is crucial for affected users to apply these patches promptly to avoid potential exploitation. The issue underscores the need for vigilance in maintaining system security, especially for those using Windows.

Hackers have taken advantage of a zero-day vulnerability in Gogs, a self-hosted Git service, leading to the compromise of approximately 700 servers that are accessible over the internet. This vulnerability allows attackers to execute code remotely, posing a significant risk to organizations and individuals using this platform to manage their Git repositories. Gogs, which is known for its lightweight and easy-to-deploy nature, is now under scrutiny as users scramble to secure their systems. The incident highlights the importance of promptly applying security updates and monitoring for unusual activity. Without swift action, affected servers could lead to data breaches or unauthorized access to sensitive information.

Researchers at Wiz have discovered a serious vulnerability in Gogs, a self-hosted Git service. This flaw allows attackers to bypass a previously reported remote code execution (RCE) vulnerability that was disclosed last year. Although the specifics of the exploitation have not been detailed, the revelation indicates that the vulnerability has been exploited for months without a patch available to fix it. This situation poses significant risks for organizations that rely on Gogs for their version control, as it could lead to unauthorized access and potentially severe security breaches. Users of Gogs need to stay vigilant and consider alternative security measures while waiting for a fix.

Hackers have taken advantage of a serious unpatched zero-day vulnerability in Gogs, a widely used self-hosted Git service, allowing them to execute remote code on exposed servers. This breach has impacted around 700 Internet-facing instances, putting sensitive data at risk and potentially leading to further attacks. The vulnerability is particularly concerning because it remains unpatched, leaving many servers vulnerable to exploitation. Users of Gogs should take immediate action to secure their systems, as the lack of a fix means attackers can easily compromise servers. This incident serves as a reminder for organizations to prioritize timely software updates and security measures to protect their infrastructure.

A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.

Google has addressed a zero-day vulnerability in its Chrome browser that was actively exploited in the wild. This vulnerability, which does not have a CVE identifier, remains shrouded in mystery, as details about its origin and the specific components it affects are unclear. The lack of a CVE means users and security experts have limited information regarding the potential risks involved. However, the fact that it has been exploited means users should update their Chrome browsers promptly to safeguard against potential attacks. Keeping software up to date is crucial in mitigating risks associated with such vulnerabilities.

On December 2025 Patch Tuesday, a total of 57 Common Vulnerabilities and Exposures (CVEs) were reported, including one critical zero-day vulnerability and two others that have been publicly disclosed. The zero-day is particularly concerning as it is actively exploited, meaning attackers may already be using it to compromise systems. Users and organizations running affected software should prioritize applying the latest patches to mitigate these risks. The vulnerabilities impact various products and systems, highlighting the ongoing need for vigilance in cybersecurity practices. Keeping software updated is essential to defend against potential exploitation.

Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.

Three critical zero-day vulnerabilities in PickleScan have been identified, impacting Python and PyTorch. These flaws enable undetected attacks on AI model supply chains, posing significant risks to data integrity and security.

CISA has identified a critical security vulnerability in Oracle Identity Manager, classified as CVE-2025-61757, which is actively being exploited. This vulnerability involves missing authentication for a critical function, posing significant security risks.