Microsoft patched an actively exploited zero-day vulnerability in its monthly security update. CVE-2025-62221, an elevation of privilege bug in the Windows Cloud Files Mini Filter Driver, allows low-privileged users to achieve system-level code execution. Threat actors likely have the knowledge, and the real chaos begins when they chain it with other weaknesses.

Microsoft closed out 2025 by addressing 56 security flaws, including the actively exploited CVE-2025-62221 vulnerability. Of these, three are rated Critical. It’s been a busy year, with Microsoft patching over 1,000 vulnerabilities for the second consecutive year. Clearly, cybersecurity is less about “closing the windows” and more about patching them.

The U.S. Cybersecurity and Infrastructure Security Agency has added Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. If your computer is starting to feel like a sieve, it’s time to patch up those holes before cybercriminals start getting creative with your files!

Microsoft Patch Tuesday security updates for December 2025 tackle 57 vulnerabilities, including a zero-day flaw that’s been as welcome as a raccoon in the attic. Watch out for CVE-2025-62221, a sneaky Windows issue that could let attackers gain SYSTEM privileges. Remember, patching is caring!

Major hardware vendors are diving deep into the newly found PCIe vulnerabilities. These flaws, affecting PCIe Integrity and Data Encryption, have vendors scrambling to patch up faster than your Wi-Fi at a coffee shop. But fear not, the vulnerabilities are classified as low severity—just like your chances of finding a parking spot.

Portugal updates its cybercrime law, giving ethical hackers a ‘safe harbour’ from prosecution. This legal upgrade provides protection for cybersecurity researchers while ensuring strict guidelines to prevent misuse. It’s a significant step towards improved digital resilience, proving Portugal is not just about delicious pastries but also robust cyber laws.

Fortinet, Ivanti, and SAP tackle critical security flaws, like a cybersecurity game of whack-a-mole. Fortinet’s vulnerabilities in FortiOS and FortiWeb can lead to authentication bypass, while Ivanti’s Endpoint Manager bug might give an attacker an unwelcome seat at the admin table. Meanwhile, SAP squashes three critical bugs faster than you can say “patch, please!”

Britain announced sanctions against Russian media and ideas outlets to combat “Russian information warfare.” Foreign Secretary Yvette Cooper highlighted the need to counteract cyber threats and disinformation campaigns, which include fake websites and manipulated videos. These efforts aim to protect national interests and bolster Western support for Ukraine amid ongoing geopolitical tensions.

It’s Patch Tuesday, and the tech world is buzzing with excitement as Microsoft fixes a critical Notepad++ bug exploited by attackers from China. While sys-admins rush to update, don’t forget about the critical holes in Fortinet and Ivanti products. Because nothing says “holiday cheer” like a patched vulnerability!

Ivanti warns users of a new Endpoint Manager flaw, CVE-2025-10573, with a CVSS score of 9.6. This vulnerability allows remote code execution via stored XSS, letting attackers hijack admin sessions. Rapid7 researchers urge immediate patching to prevent becoming the accidental star of a cybersecurity horror-comedy.

Microsoft’s December update feels like a holiday miracle with just 57 vulnerabilities to patch, including the actively exploited zero-day bug, CVE-2025-62221. This vulnerability, affecting Windows Cloud Files Mini Filter Driver, should be at the top of your naughty list. Let’s give a round of applause for keeping us on our toes, Microsoft!

SAP’s December security updates are here, addressing 14 vulnerabilities across various products. The headliner? A code injection flaw in SAP Solution Manager with a CVSS score of 9.9—almost as severe as finding out your favorite snack is discontinued. Administrators, patch up before the hackers have a holiday party!

Spiderman, a new phishing kit, swings onto the dark web, making it easier for even tech novices to impersonate major European banks. This full-stack tool targets multiple countries, allowing attackers to mimic login pages and steal data in real-time. With 750 members in its community, the kit poses a serious threat to digital finance security.

As AI agents clock in at work, they’re bringing both productivity perks and identity access management headaches. With Okta’s Auth0 for AI Agents, you can keep those overzealous bots in check, ensuring they stay on task without raiding the company fridge. It’s the perfect remedy for sleepless CISOs everywhere.

The dark web fuels ad fraud with botnets, malware, and hijacked devices, draining billions from the UK ad market. Many marketers remain unaware as fake clicks blend with real data. Forensic PPC analysis is crucial to detect these hidden threats and protect advertising budgets.

PowerShell scripts now come with a side of security warnings! When using the Invoke-WebRequest cmdlet, be prepared for a pop-up asking if you’d like to risk unleashing rogue scripts from web pages. Press ‘Enter’ by mistake? No worries, PowerShell’s got your back with a friendly reminder to use -UseBasicParsing for safety!

Meet Shanya, a “packer-as-a-service” that’s more slippery than a bar of soap in a bathtub. It’s an EDR killer helping ransomware slip past security like a ninja in the night. With ransomware groups embracing Shanya, it seems this digital Houdini isn’t disappearing anytime soon.

Microsoft’s Global CISO Igor Tsyganskiy has shuffled the deck, promoting Geoff Belknap and Michael Srihari to Operating CISOs. Belknap’s new gig involves safeguarding Microsoft’s core infrastructure, while Srihari will focus on operations and compliance. These leadership updates aim to tackle ever-increasing threat actor activity and enhance Microsoft’s cyber defense strategies.

The KB5071546 update for Windows 10 fixes 57 security vulnerabilities, including three zero-day flaws. It also addresses a remote code execution vulnerability in PowerShell. No new features, just a security smorgasbord. Windows will automatically update, so you can sit back, relax, and let Microsoft do the heavy lifting—just don’t forget to reboot!

Fortinet has launched updates to fix two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. These flaws could allow attackers to bypass FortiCloud SSO authentication. So, unless you want cybercriminals gatecrashing your network like uninvited party guests, it’s best to disable FortiCloud SSO until you’ve updated.