This SmarterMail vulnerability allows remote code execution - here's what we know

SmarterMail patched CVE-2025-52691, a maximum-severity RCE flaw allowing unauthenticated arbitrary file uploads Exploitation ...

Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025

The backdooring of more than 500 e-commerce companies, including a $40 billion multinational company. The source of the ...

The guy who coined 'vibe coding' now says he's never felt more behind as a programmer

OpenAI alum Andrej Karpathy wrote on X that his failure to fully claim the 10x boost of new tools felt like a "skill issue." ...
Infosecurity Magazine

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
The Hacker News

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

CISA adds an actively exploited Digiever DS-2105 Pro NVR vulnerability to KEV, warning of botnet attacks and urging ...
Cybernews

Vincent AI phishing vulnerability found, 200K+ law firms at risk of credential and data theft

VLex's Vincent AI assistant, used by thousands of law firms worldwide, is vulnerable to AI phishing attacks that can steal ...
WeLiveSecurity

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

ESET researchers provide a comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of ...
CSO Online

WatchGuard fixes ‘critical’ zero-day allowing firewall takeover

Because it was under attack before a patch was made available by WatchGuard on December 18, this makes CVE-2025-14733 a bona ...
TechJuice

Cyber Threat Group Blind Eagle Launches Sophisticated Malware Attacks

Blind Eagle launches new multi-stage malware attacks via spear-phishing to compromise systems and deploy memory-resident ...
CyberWire

Daily Briefing for 12.18.25

HPE issues patch for maximum-severity OneView flaw. Chinese threat actor targets maximum-severity Cisco zero-day.

Multiple Firefox add-ons infected with 'GhostPoster' malware — how to stay safe

A newly discovered malware infected multiple Firefox browser add-ons with more than 50,000 downloads combined.