CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

The Hacker News•12/18/2025(today)•Updated today

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise

Source: This article was originally published on The Hacker News

Read full article on source →

Microsoft: Recent Windows updates break RemoteApp connections

Microsoft has confirmed that recent Windows updates trigger RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices in Azure Virtual Desktop environments. [...]

BleepingComputer• 12/18/2025

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco has alerted users of a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in...

The Hacker News• 12/18/2025

Zeroday Cloud hacking event awards $320,0000 for 11 zero days

The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. [...]

BleepingComputer• 12/17/2025

Critical Fortinet Flaws Under Active Attack

Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and other sensitive information.

Dark Reading• 12/17/2025

France arrests suspect tied to cyberattack on Interior Ministry

French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France's Ministry of the Interior earlier this month. [...]