News - UZCERT xizmati

Computer Emergency
Response Team

News

Dangerous Vulnerabilities in Adobe Acrobat and Reader: Risk of Full System Compromise

December 2025 — Adobe has released emergency security updates for its Acrobat and Reader products. According to Security Bulletin APSB25-119, several vulnerabilities have been identified—some of which may allow attackers to execute arbitrary code remotely or without user interaction, while…

News

A Critical Vulnerability Discovered in Windows Defender Firewall

On December 9, 2025, Microsoft officially announced a significant vulnerability — CVE-2025-62468 — identified in the Windows Defender Firewall Service. This flaw allows a user with elevated privileges to read certain portions of system memory (heap memory) without authorization. The…

News

Critical SSO Flaw in the Fortinet Ecosystem: Unauthorized Administrator-Level Access via FortiCloud Identified

On December 9, 2025, Fortinet issued an emergency warning regarding a serious security vulnerability discovered in several of its products, including FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, and others. According to official information, the flaw allows attackers to bypass FortiCloud Single Sign-On…

News

A 0-Day Vulnerability in Windows Allowing SYSTEM Privilege Escalation Has Been Disclosed

On December 9, 2025, Microsoft released emergency security updates addressing a critical 0-day vulnerability — CVE-2025-62221 — discovered in Windows systems. The flaw was found in the Cloud Files Mini Filter Driver (cldflt.sys), a kernel-level driver, and allows attackers to…

News

Burp Suite Update: Added Ability to Detect React2Shell Vulnerabilities

PortSwigger has updated the ActiveScan++ extension for Burp Suite, and it can now automatically detect two critical vulnerabilities found in React applications, known as React2Shell — CVE-2025-55182 and CVE-2025-66478. These vulnerabilities allow attackers to send unauthorized requests to the server…

News

A Highly Critical XXE Vulnerability Discovered in Apache Tika: Immediate System Updates Required

A new and extremely dangerous vulnerability has been identified in the Apache Tika platform. Registered as CVE-2025-66516, this flaw has received the maximum CVSS score of 10.0. The vulnerability allows an attacker to infiltrate the system through a specially crafted…

News

A Google Play App with Over 50,000 Downloads Found Distributing the Anatsa Banking Trojan

Even the official Google Play Store can sometimes fall victim to cybercriminals’ tactics. Experts from Zscaler ThreatLabz recently discovered that an app called “Document Reader – File Manager”, which had been downloaded more than 50,000 times, was actually distributing the…

News

A Dangerous Vulnerability Found in React and Next.js: PoC Release Sparks Global Concern

Millions of websites and web applications around the world rely on React and Next.js. Therefore, the discovery of a new vulnerability — CVE-2025-55182 — has caused serious concern among developers. The flaw enables remote code execution (RCE) on the server…

News

CISA and NSA Warn of BRICKSTORM Malware Targeting VMware ESXi and Windows Systems

A new cyber threat that has drawn significant attention from the international cybersecurity community — a sophisticated malware known as BRICKSTORM — has been highlighted in a joint advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the…

News

Critical WordPress RCE Vulnerability: Wide-Scale Attacks Launched Through Sneeit Framework Plugin

The WordPress ecosystem is facing another serious security threat. In recent days, cybercriminals have begun actively exploiting a critical Remote Code Execution (RCE) vulnerability in the Sneeit Framework plugin. The flaw, identified as CVE-2025-6389 with a CVSS score of 9.8,…