GrayBravo drives four CastleLoader threat clusters using phishing, malvertising, and Booking-themed lures across multiple sectors.
Get the latest international news and world events from around the world.
SAP fixes three critical vulnerabilities across multiple products
SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws.
The most severe (CVSS score: 9.9) of all the issues is CVE-2025–42880, a code injection problem impacting SAP Solution Manager ST 720.
“Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module,” reads the flaw’s description.
Windows PowerShell now warns when running Invoke-WebRequest scripts
Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing.
As Microsoft explains, this mitigates a high-severity PowerShell remote code execution vulnerability (CVE-2025–54100), which primarily affects enterprise or IT-managed environments that use PowerShell scripts for automation, since PowerShell scripts are not as commonly used outside such environments.
The warning has been added to Windows PowerShell 5.1, the PowerShell version installed by default on Windows 10 and Windows 11 systems, and is designed to add the same secure web parsing process available in PowerShell 7.
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
Microsoft releases Windows 10 KB5071546 extended security update.
https://www.bleepingcomputer.com/news/microsoft/microsoft-re…ty-update/
#
Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.
