CSO Online

Patch Tuesday 2025 roundup: The biggest Microsoft vulnerabilities of the year

Every day has the potential to be a bad day for a CSO. However, the second Tuesday of each month – Patch Tuesday – is almost ...
GitHub

Metis: AI-Powered Security Code Review

Metis is an open-source, AI-driven tool for deep security code review, created by Arm's Product Security Team. It helps engineers detect subtle vulnerabilities, improve secure coding practices, and ...
IEEE

Leveraging Large Language Models for Security Patch Detection and CWE Classification

Abstract: Open-source software is critical for modern digital infrastructure, yet security vulnerabilities remain a significant concern as attackers exploit unpatched systems. Large Language Models ...
Bleeping Computer

New critical WatchGuard Firebox firewall flaw exploited in attacks

WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. Tracked as CVE-2025-14733, this security flaw affects ...
The Hacker News

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of ...
Android

Samsung Galaxy S24 Series Gains Dozens of Security Fixes in December 2025 Patch

Samsung has begun rolling out the December 2025 security patch to the Galaxy S24 lineup, starting in Korea and expanding to other regions soon. The ~450MB update delivers dozens of security fixes from ...
Tom's Guide

Google issues critical Chrome update to patch zero-day vulnerability

For the fastest way to join Tom's Guide Club enter your email below. We'll send you a confirmation and sign you up to our newsletter to keep you updated on all the latest news. By submitting your ...
Techlicious

Microsoft Security Update Patches Flaw Hackers Are Already Exploiting

If you use Windows, you've probably seen the update notification pop up over the last day or so. Don't ignore it. Microsoft just released its final security update of 2025, and it patches 56 security ...
Infosecurity-magazine.com

Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025

Microsoft patched an actively exploited zero-day vulnerability as part of its monthly security update cycle yesterday. CVE-2025-62221 is an elevation of privilege (EoP) bug in the Windows Cloud Files ...
SecurityWeek

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. Ivanti on Tuesday announced patches for four vulnerabilities in Endpoint Manager ...
SecurityWeek

SAP Patches Critical Vulnerabilities With December 2025 Security Updates

Enterprise software maker SAP on Tuesday announced the release of 14 new security notes as part of its December 2025 security patch day, including three that address critical-severity vulnerabilities.
The Hacker News

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet ...